I replied via email to you as well, but it's worth stating the same publicly for the record, and so others know.
There are really two cases we need to handle here when a user wants to delete his/her account:
1) the user knows his/her Inky user id and password
2) the user doesn't know one or the other of these
In the first case, we can give users the ability to permanently delete their accounts by adding a control in the settings panel. We haven't done this yet, simply because it's dangerous, and we want to make sure we get it right (both in implementation and design) so users don't accidentally delete their accounts — or worse, introduce bugs where Inky corrupts our database and deletes or damages some else's account. We'll put this capability in at some point; we just haven't done it yet. (We were not really intending to launch yet; that sort of happened without our expecting it, because we got a bunch of press that we weren't looking for yet — which is good in some ways, but bad for things like this where we frankly aren't quite ready.)
The second case is trickier. If the user doesn't know his/her Inky user id or password, we have the security issue of needing to verify the person's identity when they ask us to delete the account. Ultimately we'd like to use two-factor authentication for this, but that costs money (for the associated text messages to/from the user's phone) and involves some implementation work as well.
In either case, we could try to manually modify our database and remove the user's account. But we don't have a process around this yet, and my worry is that it could potentially damage the database when someone makes a mistake.
What we're telling users now is that if you remove all your email accounts, you leave a shell Inky account that has no sensitive information left in. Our hope is that this is sufficient until we figure out the right long term solutions here. (Note, too, that we can't reset your account password if you forget it, because it's encrypted with your Inky login password, which, by design, we can't get access to.)
We know this isn't ideal, and we're going to work on fixing it. But we're really not trying to be nefarious here. In fact, unlike virtually all other companies offering consumer internet communications tools, we've made privacy and security one of our three primary principles — it's part of the "safe" in our "smart, simple, safe" motto.
I replied via email to you as well, but it's worth stating the same publicly for the record, and so others know.
There are really two cases we need to handle here when a user wants to delete his/her account:
1) the user knows his/her Inky user id and password 2) the user doesn't know one or the other of these
In the first case, we can give users the ability to permanently delete their accounts by adding a control in the settings panel. We haven't done this yet, simply because it's dangerous, and we want to make sure we get it right (both in implementation and design) so users don't accidentally delete their accounts — or worse, introduce bugs where Inky corrupts our database and deletes or damages some else's account. We'll put this capability in at some point; we just haven't done it yet. (We were not really intending to launch yet; that sort of happened without our expecting it, because we got a bunch of press that we weren't looking for yet — which is good in some ways, but bad for things like this where we frankly aren't quite ready.)
The second case is trickier. If the user doesn't know his/her Inky user id or password, we have the security issue of needing to verify the person's identity when they ask us to delete the account. Ultimately we'd like to use two-factor authentication for this, but that costs money (for the associated text messages to/from the user's phone) and involves some implementation work as well.
In either case, we could try to manually modify our database and remove the user's account. But we don't have a process around this yet, and my worry is that it could potentially damage the database when someone makes a mistake.
What we're telling users now is that if you remove all your email accounts, you leave a shell Inky account that has no sensitive information left in. Our hope is that this is sufficient until we figure out the right long term solutions here. (Note, too, that we can't reset your account password if you forget it, because it's encrypted with your Inky login password, which, by design, we can't get access to.)
We know this isn't ideal, and we're going to work on fixing it. But we're really not trying to be nefarious here. In fact, unlike virtually all other companies offering consumer internet communications tools, we've made privacy and security one of our three primary principles — it's part of the "safe" in our "smart, simple, safe" motto.
EDIT: we'll make this a FAQ on our site as well.