That's a common outlook to have if you've never run a site where users upload content.
In practice, if you give your users a way to damage or delete their own account, they'll do it without giving it any thought. Then they'll think about it. And they'll want to undo it.
When they don't find an "undelete" button, they'll write you an email. And if you don't have an easy switch you can flip to magically fix the problem they caused for themself, they'll get mad at you.
So you quickly learn to just set an IsActive bit to false instead of actually deleting things. And it's not in any way a big deal for a "twitpic" style site where people are uploading things to the internet with the intention of sharing them.
My privacy policy that explains this makes a point of telling you that "If you don't want the things you upload to be on the Internet, please don't upload them to the Internet". I still field plenty of "undelete my stuff" mails, and it's nice to know that it's a 30 second fix to fix it. (And I've never once gotten a mail from an angry user because I didn't actually delete the bits from the hard drive when he hit the delete button)
Oh please, do condescend to me about what sites I have run and which I have not, much less ones I have or have not written myself.
Look, I (and likely many others here) know what you're talking about, and it's not necessary. You can deactivate things, sure, but you can also say "This cannot be undone," and people will know what that means. Software has commonly operated this way for almost the entire GUI era (at least). These things aren't cut and dried nor required, and they are entirely the product of business rules and policies, which in your case sounds like a little bit of "blame the victim" ("well then you shouldn't have uploaded it"). Users know what a warning means in this context, though.
No condescension intended. Sorry if it came across that way.
I can only throw in my experience, which is that users of the sites I run have a history of not understanding what it means when they hit the delete button, regardless of how many warnings you give them.
As I said, it's a trade off. The upside for the site owner is less headache and angry users. The downside, at least in my experience, is nothing (apart from a red X on this website we're discussing today).
I basically agree with you that supporting undelete is a lot friendlier to 95% or more of the population. But you can get the best of both worlds by simply keeping it around for a fixed time (and letting the user know how long after they hit delete) and then hard deleting. You can even offer them a "if you didn't mean to do that, click here; if you would like to permanently delete this now, click here"
I don't think you are morally correct just because you haven't gotten any complaints.
In fact, until you make it possible for people to permanently delete things, you are not. The reason you haven't gotten any complaints is that the people who deleted things on purpose don't send you an email and don't know it can be undone.
In practice, if you give your users a way to damage or delete their own account, they'll do it without giving it any thought. Then they'll think about it. And they'll want to undo it.
When they don't find an "undelete" button, they'll write you an email. And if you don't have an easy switch you can flip to magically fix the problem they caused for themself, they'll get mad at you.
So you quickly learn to just set an IsActive bit to false instead of actually deleting things. And it's not in any way a big deal for a "twitpic" style site where people are uploading things to the internet with the intention of sharing them.
My privacy policy that explains this makes a point of telling you that "If you don't want the things you upload to be on the Internet, please don't upload them to the Internet". I still field plenty of "undelete my stuff" mails, and it's nice to know that it's a 30 second fix to fix it. (And I've never once gotten a mail from an angry user because I didn't actually delete the bits from the hard drive when he hit the delete button)