Tell HN: Hacker News will not delete my account – is that legal?

uberman · 2025-01-28T19:52:31 1738093951

The laws around deletion of data in CA and the EU seem to me to support the notion of maintaining the content but anonymizing the author. So it would seem to me that what they propose would be in compliance. IANAL

I personally think it is shady as hell to refuse to delete someone's posts (conceptually). However, given the hierarchical nature of comments and the point system, I can see why this might be a technical burden.

toomuchtodo · 2025-01-28T19:54:32 1738094072

Your position is understandable, and it is an important reminder when participating in this forum; your comments (and their contents) will be burned into the history of the site after the two hour edit window, followed by being ingested into various datasets and archives globally. What you make public is forever. In the US, I am unaware of any legal recourse you might have ("right to be forgotten"), and would suggest accepting the offer to rename/mothball the account. You might ask to have specific comments of yours with excessive personal information redacted or trimmed of certain information (versus deletion of all comments).

If people try to doxx you, report them to the police without hesitation for harassment (and enhancements, if your local jurisdiction specifically outlaws doxxing). I cannot stress this enough.

_dp9d · 2025-01-28T20:02:20 1738094540

> If people try to doxx you, report them to the police without hesitation for harassment (and enhancements, if your local jurisdiction specifically outlaws doxxing). I cannot stress this enough.

I don't know who these people are, but it's 99% certain they don't live in the same country as I do.

I can't see how reporting this to my local little police force will do anything.

elmerfud · 2025-01-28T19:56:51 1738094211

The problem is, it's not your account. Whenever you voluntarily give over something to someone else it stops being yours and you stop having the ability to control it, unless there was a specific agreement in place that allowed you to retain control and ownership. There are some sites that allow you to delete your account but I quite honestly don't believe it. They may say that it's deleted and maybe it's deleted and unrecoverable to you but I fully suspect that they still have it maybe he still have access to it it's definitely still available in their backups.

I don't even believe that as a matter of law this could be corrected. Because we have many laws on our books protecting our personal information that we have given over to companies in order to do business with them. Banking institutions collect personal information and there are stringent laws restricting what they can do with it, unless you agree that they can do more with it. Same thing with health care institutions very strong laws preventing the sharing of personal information from health care institutions, unless you agree that they are allowed to share it.

For both banks and health care institutions the problem is you must sign all kinds of agreements before they allow you to do business with them. So those protections enshrined into law mean absolutely nothing because the law does not say that these institutions must do business with you even if you don't agree to their privacy and sharing policies. Which I find rather strange just for two very core institutions to our society. The law protects us but when every bank and every health care place requires you to sign away those protections before they allow you to participate then what good were the protections to begin with?

So if we can't get this right for banking and healthcare what makes you think some little place on the interwebs where you can post quippy comments would be any better?

krapp · 2025-01-28T22:24:54 1738103094

Every other forum that I'm aware of, including Reddit, allows users to delete their posts and/or accounts.

And no one who signed up to HN did so having first agreed to terms of service which said their comments and account could never be deleted.

elmerfud · 2025-01-29T01:07:41 1738112861

Do you really think those are actually deleted from those forums? They might be hidden they might remove your name but it's unlikely they are actually deleted.

Also you failed to understand one basic thing, their terms of service wouldn't list something like your account can never be deleted. Because it's not your account it is their system their platform and what you call an account is simply a way for you to access it and post on their system. The terms of service would have to say something like you continue to remain in control of everything that you've written. It's simply doesn't do that and I don't know of any system that does that. Because it's not yours.

slau · 2025-01-28T22:29:36 1738103376

I would argue that renaming the whole account to another account is not, in fact, anonymising it.

If dang wants to keep the content but properly anonymise it, then every single post would have to be unlinked from a single account. Every post should be attached to an unrelated random account.

/. used to handle this by having “Anonymous Coward”. Reddit has this with <deleted>. Because this is not a concept on HN (or at least, not an oft used one) I feel the “random unique accounts that post a single comment” is better than marking your posts as coming from “AC” as that would still allow sift through the search results.

This being said… if people wanted to keep your comment history… wouldn’t they already have fetched it by now? Especially if you’re publicly indicating you’re trying to get your account deleted?

more_corn · 2025-01-28T19:53:08 1738093988

It seems that the CCPA requires companies to delete your data upon request. You could file a complaint to the California attorney general. They may investigate and fine the offending entity.

If you want to take matters into your own hands you can view your comments and selectively delete the ones you want down. Keep in mind that copies of hacker news content will have been scraped and archived elsewhere.

uberman · 2025-01-28T20:16:15 1738095375

The assertion that "CCPA requires companies to delete your data upon request" is not technically correct. What must be deleted is "personal information" and while I empathize with the notion that would include social media posts, I am not sure it actually does include them.

see: https://privacy.ca.gov/protect-your-personal-information/wha...

The closest thing mentioned is: "Contents of messages (e.g., emails, texts, chats)" but does that actually cover posts? I'm not sure and I can't find an authoritative answer that it does.

slau · 2025-01-28T22:21:34 1738102894

How do you interpret “messages” as not including posts? I am very clearly replying with a message to you.

uberman · 2025-01-28T22:37:22 1738103842

If your message was a DM to me then I think that would clearly be included, however, I can find no authoritative opinion that personal information includes public facing social media posts or comments. I would be happy to be wrong. Can you find a public statement by a law firm stating that under CCPA you have a legal right to have your comments deleted? I can't.

slau · 2025-01-29T07:09:53 1738134593

Reading the CCPA, I have to agree with you: it’s useless. It specifically excludes public information, and OP clearly made those posts publicly.

_dp9d · 2025-01-28T19:59:16 1738094356

> You could file a complaint to the California attorney general

Does it matter if I'm not in California? (or even the USA?)

altairprime · 2025-01-28T20:53:39 1738097619

If YC’s processing of information fails to comply with the laws governing YC, a business operating in California, then certainly a report of mishandling is presumably of interest to California functionaries. Whether or not that is the case is something you’d have to evaluate using California law and a direct knowledge of the PII or PII-alike in question.

elpocko · 2025-01-28T20:17:05 1738095425

>If you want to take matters into your own hands you can view your comments and selectively delete the ones you want down.

Nope. Everything older than 1 or 2 hours is stored permanently, with no way to edit or delete.

bell-cot · 2025-01-28T19:55:37 1738094137

IANAL, but on which forum-type web sites does "delete my account" mean "delete all the comments and submissions I've made"? Even at tiny scale, the latter can be pretty damaging to old discussions.

Are there some limited number of old comments, where selective 's/too much information/XXXX DELETED XXXX/' would accomplish your purpose?

moralestapia · 2025-01-28T20:06:10 1738094770

Hey, I follow you on Insta, it's a surprise to see you here.

I guess HN "rules" are not written in stone and it wouldn't hurt if they make an exception for your case. You've been polite and have a very valid reason behing such petition.

Hopefully @dang/HN would yield on this one.

retrac · 2025-01-28T19:49:33 1738093773

It is mentioned in the site FAQ that they don't delete accounts.

I feel that redacting the account name of someone who regrets some of their posts for privacy reasons, so at least individual comments cannot be linked together into a profile, would be kind.

But yes, this is a very public forum.

_dp9d · 2025-01-28T19:54:14 1738094054

> It is mentioned in the site FAQ that they don't delete accounts.

I found another post [1] where someone was asking about account deletion and the linked part of the FAQ says:

We try not to delete entire account histories because that would gut the threads the account had participated in. However, we care about protecting individual users and take care of privacy requests every day, so if we can help, please email hn@ycombinator.com. We don't want anyone to get in trouble from anything they posted to HN. More here (https://news.ycombinator.com/item?id=23623799)"

I think protecting my young family from DOXing is a pretty valid reason.

[1] https://news.ycombinator.com/item?id=30430789

altairprime · 2025-01-28T20:03:45 1738094625

Ycombinator is a California business, and may be subject to CCPA/CRPA laws or those like them, possibly conditional on whether the account-holder is a California resident or not. Similarly, if the account-holder is an EU resident, I would imagine they have certain rights that they could seek to have exercised. Notably, you may or may not have the right to demand wholesale deletion of user-generated content, which is necessarily distinct from YC-managed PII, which for example might include your account's private email address. In all of the above cases, YC is likely within their rights to require you provide your legal identity, legal address of residence, and/or proof of citizenship of the protected region applicable.

However, if you can highlight specific IRL information that is considered Protected under those laws even though you voluntarily submitted it as UGC, such as your legal name, then you should request having that specific Protected information redacted within a given comment, but you'll need to be specific about which characters in which comments need to be redacted – a regular expression / expectation of work shifted to YC is an incomplete request in that regard. Were you to make a complete and specific request of specific redactions to be made to specific comments — I recommend using a double-quoted tab-delimited file with three columns: comment ID, unmodified comment, all redactions fully applied comment, and plaintext human description of redaction(s) performed — then I expect your redaction request would be evaluated by the site administrators without requiring any invocation of legal counsel or threats. Note that this is not a suggestion that you "replace entire comment with ~~~", this is a suggestion that you "replace the specific characters of PII in your comment with ~~~, leaving the rest of your comment intact". Note that I reviewed your past ~40 days of public comments and I see zero instances of possibly-protected PII.

If at any point an attempt to exercise legally-permitted rights is refused, then your only recourse is to hire a lawyer or seek one be hired on your behalf by an organization such as the EFF. You should probably be seeking legal counsel rather than posting for free legal advice on an internet forum, and I expect the first thing a lawyer is going to think (whether they say it or not) when presented with your posts and comments is to wonder why on earth you did not seek legal counsel sooner.

I empathize with your concern, but having lived through Dejanews doing this twenty-five years ago to all of Usenet (look up "X-No-Archive: Yes" for how the community reacted) and then having to get my old posts purged from Google's dataset purchased from Dejanews, Your realization about what you should and should not share publicly is one that Usenet as a whole pieced together decades ago, but was forgotten in the current generation's rush to participate in social media. Welcome to the "all my words for all time are searchable and no one will purge them from their full-text search indexes" crisis of thirty years ago, metastasized into individual sites rather than one big Usenet conglomerate feed.

(I am not your lawyer, this is not legal advice. I am not associated with YC or HN.)

_dp9d · 2025-01-28T20:15:33 1738095333

Thanks for the detailed reply, I appreciate it

altairprime · 2025-01-28T20:49:16 1738097356

(There are certain complication with a TSV that, instead, a tarball of orig/comment_id.txt and redact/comment_id.txt files would be more likely to provide a rapid response; not the least of which because it doesn’t require any CSV or database software and because they can trivially export the same comment IDs and review diffs using any stock Unix-ish system.)