Hacker News new | past | comments | ask | show | jobs | submit login
Can I delete my Skype account? (skype.com)
178 points by Splendor on April 5, 2014 | hide | past | favorite | 78 comments

As far as I know this is about the same process for HN?


Nearly all forums do this or some form of this.

Your account and personal information may be deleted, but all of your comments, submissions, conversations, threads or whatever you call the collected bulk of user generated content will remain.

The reason for this is that a forum is a collaborative effort, a collective work, and the contributions of other people's content might only make sense in the context of yours.

The general stance is that a conversation is an audited history, and to change the historical record affects other people's content too by redefining the context.

Taking this very conversation as an example if you deleted your account and your comment, mine now makes far less sense.

Most forum admins agree that you have the right to edit your content, but not to modify/affect someone else's. Changing the historical record affects the content of others.

Thus, most forums will ask for the right to reproduce your user content even after your account has been deleted. This preserves the context of other people's content.

Beyond that... account deletion. The internals of most forum software is based on foreign keys or data structures that presume integrity of the data. To delete a user account whilst retaining the content created by the account breaks their software.

So for a lot of forums deleting a user actually means keeping the user record but scrubbing it of identifiable information. The problem then comes that whilst the account may no longer exist in a meaningful sense, the content might still have personal identifiable information and will now be orphaned and detached from any meaningful record of ownership. Liability just became a nightmare for the forum admin.

The question of how to handle work contributed to a collective work that is a forum is a sticky one. But ultimately the value of the forum to the people who will continue to use it is based on the collective work remaining intact. The content will always survive, and then it's just implementation that dictates what deletion of an account really means for the given piece of software.

The tension between owning your own words and building a discussion collaboratively has been debated a long time. The first time I saw this was in 1997 about events on The WELL in 1992:


Search for "mass scribble".

reddit doesn't do this You can delete your account and all your associated comments if you want to.

Yeah... And it makes a lot of older threads nearly unreadable...

Works with Google+ too.

I believe users should always be in control of their data (and since it's been produced by them, it their data). Also, if their software breaks after deleting an account the problem is entirely on their part.

> I believe users should always be in control of their data

Total control?

Does the person who made this submission have the right to delete it even though by doing so they delete your data?

Do other users have the right to delete your data?

Total control for you means denying someone else the right to delete this conversation.

Do other users have the right to redefine your data by changing the context surrounding it?

If you posted "I vote for this too" to some very sound proposal to allow changing of usernames, and then the original author changed the proposal to "Bestiality should be legal", thus suggesting to the world you support such a thing... did the other user have right through the control of their data to substantial modify the context of your data? To the point that the other person could create a personal liability for you?

Where do the lines start and end, if your content can stand alone then the issues are not there. Almost everything in a forum is a discussion, conversation, argument, debate, an interaction depending on the context of other people's content. The minutes of those things are a record of fact, that someone said something and someone else replied and said something else. Content on a forum is never detached from the content of others.

I agree you have the right to your data, but disagree someone has the right to modify those minutes, those records of fact, to impact the data of other people in any way.

A forum is a collective work, and the rules for a collective work are different to the rules of a personal work.

Reddit gives users near total control over their comments and submissions. Comments can be manually edited or deleted months or years after submission. Self-posts can also be edited at any time. Posted submissions can be deleted, which replaces the submitter's name with [deleted] and prevents the submission from showing up in any public list of posts (it will still show up at the submission permalink). The only concession is that posts edited at any time beyond a few minutes from their posting appear with an asterisk.

Deleting an account on Reddit doesn't delete every comment and submission, but it does replace the username on every comment and submission with [deleted]. This isn't perfect from the user's perspective, but it's a lot better than most forums. It anonymizes any post or submission that doesn't directly leak personally identifying information by itself, which for most users will a large majority or even 100% of submissions.

I think allowing users to delete accounts and have their usernames replaced with [deleted] on every comment and submission is a decent compromise between respecting privacy for the user and maintaining the integrity of discussion for the community. I would feel much more comfortable using HN if it had such a system, although my revealed preference is that I care more about posting to HN than I do about the ability to retroactive delete my data.

> Reddit gives users near total control over their comments and submissions. Comments can be manually edited or deleted months or years after submission. Self-posts can also be edited at any time. Posted submissions can be deleted, which replaces the submitter's name with [deleted] and prevents the submission from showing up in any public list of posts (it will still show up at the submission permalink). The only concession is that posts edited at any time beyond a few minutes from their posting appear with an asterisk.

Has reddit not had users who flounced and programmatically nuked every submission they've ever made?

Whilst this wouldn't affect Reddit as a whole, it could lay waste to a subreddit if the person was one of the top posters within a very small area.

This is largely why most forums operate a "edit within a reasonable time" policy. Though obviously there are benefits to being able to cache long-term too.

Can you imagine the impact on HN if patio11 went through a bout of depression and decided to nuke every comment he'd ever made? The impact to the collective work would be substantial.

I agree that posts shouldn't be deleted. But should the user be able to anonymize his posts when he deletes his account? Such that the username 'JohnDoe' is replaced with 'DeletedUser20140405.42'. IMO that doesn't destroy the readability of the conversation.

That's where we're going with Microcosm.

Deleting a user will nuke the account itself, and assign all content owned by that account to an anonymous/deleted account.

The context is preserved and no-one else's data is affected, but we've removed all Googleable trace of the original account (the username and profile).

The only remaining issue is whether a person made posts containing personal information (defined as being the same as personal data according to EU Data Protection laws... name, phone number, email, etc). But for that we'll always honour take-down requests even when the information is orphaned from an ownership record.

PS: To the downvoters, I'd love to understand what part is objectionable.

> PS: To the downvoters, I'd love to understand what part is objectionable.

I didn't downvote you before, but just did it now.I automatically downvote all comments complaining about downvotes unless the discussion topic is about downvoting and upvoting. I just think that it dilutes discussion.

Replacing the name with a unique id is not enough to anonymize the data. For example, the "anonymized" AOL search data release:


I don't see the point of that since other people often respond to posters with their name/username.

Since when has "readability" been a fatal flaw in any discussion medium? It simply doesn't matter, and there's no reason to apply distinct IDs over a collector or a simple piece of text like Reddit does.

I see that sometimes in reddit, the pseudo says [deleted] but the text is still there. Sometimes the text is shown as [deleted] as well. I don't understand when and how the first occurrence happens.

Account marked deleted but not the post means the user account has been deleted.

Both marked deleted means that specific post has been deleted (but not the user account).

Deleting a post doesn't mean the whole conversation should be deleted (reddit works this way), and the meaning of following posts can be extrapolated from the context.

a) You have copyright on your work. That means you own and retain the right to distribute it or not, and importantly this includes a notion of moral rights.

b) A forum is not a collective work; it is a privately owned publishing vehicle which may be selectively edited or change hands at any point.

c) You sign terms of service granting rights to the publishing vehicle.

good point, though I believe publishing contracts need limited terms to be enforceable and that you don't grant reproduction/distribution rights in perpetuity

Hmm. If someone says something embarrassing in a newspaper interview, should they be allowed to recall and censor all printed issues of that newspaper? Once you knowingly and deliberately enter something in the public record, I'm not so sure you should have the right to unilaterally delete it.

This becomes difficult when you are dealing with distributed systems.

Let's use email as an example - I can close my Gmail account, and Google can delete all of my data off of their systems. There is nothing that either Google or I can do, however, to ensure that everyone I ever sent an email to will delete those messages as well. The messages are now on their computers, out of my reach.

This becomes more evident when it's not a 1:1 message, but a 1:many message, such as Usenet (or Tavern)

Like Gmail, you can delete your account locally, but there's nothing anyone can do that would force other servers to delete the messages they received. Once it's gone, it's gone.

Another example where you might see this is XMPP->XMPP. My AIM client can keep a log of your messages, and even if you delete your AIM account, my logs will remain.

I can entirely understand where you are coming from, but with some classes of systems, I don't know that it's possible to ensure that your data can be entirely erased.

It's not an all-or-nothing scenario, you should let users delete everything they can and let the rest be.

> and since it's been produced by them, it their data

I've never understood this definition of property, especially since it necessitates so much giving-away of property in order to make society function.

Even so, my guess is Microsoft is keeping the connection between your previous name and the new one, so it's completely pointless to do it like this from the user's perspective.

That's a good point, I wouldn't want that.

I'll look at our own systems and will consider scrubbing all IP addresses/logs and anything that could identify a deleted user after the user has been deleted.

> The reason for this is that a forum is a collaborative effort, a collective work, and the contributions of other people's content might only make sense in the context of yours.

Sure, but what about posts that have no replies? And what about a cascade, that is, poster B replies to poster A, poster A deletes their account, the post remains, poster B deletes their account, both posts disappear?

I don't care about HN or Skype as much, but when I get my commenting system done I will look into doing something like that. I do believe in letting people and their content go. It's like making a party: yes, if people start leaving the party will be less fun, but it's more fun that way for the people leaving, and the rest ought to cope; considering one day they might want to leave as well. And while link rot sucks, so does everything just growing and only growing all the time. Let the web be a jungle, a living thing, and let things die, too? In the tiny part of this garden I attend to, that's how it's going to be. If in doubt, it's a zen thing ^^

At any rate, I don't really see the "liability nightmare", since it's already a fact that if you post something on a forum for 5 seconds, someone could take a screenshot and reproduce it until the end of time -- liability remains with the people posting stuff in the first place. It's just a matter of politeness to reduce this as much as you can on your end for anyone who wants to take something back, to do your part, without that implying any promises -- the way I see it, you loose some content, but you gain other content, because people know it's not necessarily etched in stone, and can try themselves out.

Again, I'm not complaining about how any site handles this, and I'm happy to post on HN. But Plutarch said the mind is a fire to be kindled, not a vessel to be filled, right? Likewise, I believe in the process of the web much more than any heap of "content" it might produce. And at least for what little own content I have on my site, I intend to curate it every now and then, check for broken or obsolete things. I'm not even above editing year old blog posts, the whole point is that should I die, I will leave the best of what I made and thought, not just an endless "log" like toilet paper. If in 10 years some of what you wrote today doesn't strike you as silly and outright false, what did you do in those 10 years?

Public spaces like HN and reddit and slashdot I feel are different from that -- you get a lot out of them, and for that you give up "exclusive ownership" for what you said. This is fine, but I could see that a private or small community might feel similarly like I feel about private things; they don't exist for the sake of historians or lurkers, but for what they have with each other. When that ends, there is no need to keep it around. What does it profit a person if they gain all the content of the world, but lose their ability to reinvent themselves, right? Not everything is a wiki, not everything has to be revision controlled, not every conversation is about timeless facts, or facts at all.

I would be happy if they just added a feature to change your username. It's not too difficult to decipher my real identity from my HN username and I'd like to use something more anonymous. And fwiw a couple of years back I tried emailing the addresses mentioned in that link with no luck.

That should be possible, but again... technology.

If it wasn't thought about when the software was designed then it can cause very nasty issues and be hard to rectify.

One of the forums I run on vBulletin has over 4m posts, 2m private messages, 45k users.

vBulletin is MySQL and tries to reduce database load through denormalisation of the data. The posts table has the username repeated every time a post was made, and the private message table has a horrible PHP serialized array containing the username in the "To:" column for a private message.

Changing a username on vBulletin involves an UPDATE statement on the post table, which is fine... but it involves iterating through every private message, de-serialising the To information, modifying and putting back.

And vBulletin is MySQL, and the search is full_text, which means MyISAM tables, and the update of the private message table locks for the duration, and for a large number of private messages the table is locked for 15 minutes on that particular server... which is enough time to cause a domino effect of query waits that PHP runs out of memory and one by one my frontend servers fail and the site goes offline.

Yup, vBulletin will crash and take the site offline if you have a large number of private messages and want to change a username.

You can see the fun of explaining this to the users of one forum over here: https://www.lfgss.com/thread95475.html

This is one of the very many annoyances that has led me to create http://microco.sm/ to fix this (and many other) pain points for admins and users. The software design is stopping users doing things they want to do (change their username).

HN isn't running vBulletin. But the logic is much the same. If it wasn't thought about on day one the data structures likely do not permit an efficient changing of username.

HN is under substantially more load than the forums I run, and dang likely deals with far more performance related issues. I'm sure he can reveal HNs specific design flaw that prevents username changes.

Or perhaps it's just the idea that it's a social problem and that if patio11 changed to patm that it would break the context for all previous mentions of him. Again... software should have solved this, but only if it was thought about early enough. The lack of avatars does mean that the username on HN is a far more critical identifier.

> vBulletin is MySQL and tries to reduce database load through denormalisation of the data. The posts table has the username repeated every time a post was made

Just in case an unexperienced developer reads that. Don't do it. If you expect high read loads, better invest your time in learning/thinking about caching, fragment caching, russian doll caching and invalidating these caches. Memcached or Redis come to my mind.

Skype makes it hard to leave/unsubscribe just to inflate their user base (aka "value"). It's pretty common when there's a economical incentive to do so.

On HN it's hard/impossible to delete a user without breaking and/or destroying core functionality (ie submissions and discussion).

So what's you point?

This makes all the other pro data contention arguments moot, I agree with woof. Whatever company, ideology or other room anomaly disturbs the views of people who think that that data (aka content) should be undeletable "because", is hereby just devalued in the argumentative value.

Skype as software has a lot of issues. Before they were bought by Microsoft the software worked quite well; on my Mac I'm still running an ancient version. Why ? - it got replaced by a version that takes up half your screen, I think they were trying to make a single version for desktop and iPad. After a public outcry they reduced the size somewhat. The latest version has about 3 extra options about the amount of data you will be sharing with Microsoft/associate companies. What ? I want a phone service, I don't want my personal info datamined. OK, they give you the option to disable this but it doesn't fill me with confidence.

If you want to use Windows 8 Metro version you must "link" to a Microsoft account and change your login to use that method. It's the first thing that it does, but the UI is very subtle about it. IIRC, it even wants to change your desktop login settings. Phone software should not be changing system settings. Also the latest version removes the option to hide the fact that you have a webcam. With Skype you absolutely must read all the fine print and dialogues.

Exactly, ever since Microsoft took over Skype definitely went downhill.

Another "feature" they've recently added is that it's impossible to actually logout of Skype [1]. Even if you close Skype on all your devices, logout everywhere, your friends will still see you online. I even uninstalled the client from all my machines but was still online after that.

The official response is that it's how it should work, that Skype is like a phone and people should be able to send you messages and call you at any time. Of course ignoring the fact that people get upset when they see you online and you're not answering their messages and calls.

Since November last years, there have been quite a few complaints about this but nothing has changed so far.

[1] http://community.skype.com/t5/Mac/I-show-up-as-Online-when-I...

Thanks, I hadn't seen the new option "Allow Microsoft to use your Skype profile information to show you more relevant ads in this application". I'm kind of pissed that there wasn't a message when I upgraded to tell me that this new option appeared and was checked by default.

after the acquisition I started having problem on Mac that would freeze everything when failing on skype. I thought it was probably a coincidence but it's seems to continue to get worse. I belive they fixed whatever bug was causing my freezing issues after over a year. by that time a basically gave up on skype.

Are there any open source solutions that support both Mac OS X and linux?

Here's a question, would actually deleting the account lead to the possibility of someone later impersonating the original account holder? Especially since the "buddy" lists appear to be independent?

The way a lot of other sites do it is to disallow new accounts to be created with the same username as a deleted account. Reddit does it like this.

What then happens when the site ages significantly? Pulling a Yahoo is pretty scary in my mind. I'm still curious about how those with common, re-purposed emails have fared since yahoo reset all their unused accounts.

If you contact Skype's support, they can actually delete your account directly, but before they do that, they ask you to replace your profile information with gibberish.

And I bet if you search that gibberish, it still shows up. And I bet if you recover account on that, it'll still work. Likely, all they're doing is changing the password.

I would never trust any of the "data-hoovering" companies to actually really delete all of your data, even if they say so.

(And in the case of Skype, it's terribly obvious that they want to prevent you from deleting data. In the age of NSA mass surveillance, this absolutely makes sense.)

This is extremely relevant:


It's a great service, I just added Lobsters. Adding a service takes 2 minutes, using the online editor from github that automatically creates a pull request etc.

Edit: and already merged & deployed less than an hour later. Contributing is fun :)

You caught me on a good day for merging pull requests ;) thanks for the contribution, always appreciated :)

I don't know, is this a problem? In some sense, it seems more honest to me than having a delete button that simply sets a "deleted" flag on you in a database.

It's representative of the values they hold as a company. If you can't be bothered allowing your users' control over their own data, it says a lot about their deeper intentions.

Most companies give you less control though. Setting a deleted flag is worse, isn't it?

There is a certain accountability that is assumed after I delete my account for that account not to show up again somewhere some time. If all they do is set a flag in a database maybe that's good enough. But if they wanted to go further maybe they could scrub the data associated with it too. But that shouldn't be my domain, that should be their domain to take these measures. I should simply have to state my intention.

It's a problem for me because people have created four Skype accounts with my email address so far and there's no way to delete them.

This is completely insane. How can a company with so many developers think this is anything other than completely unacceptable.

I think they find it acceptable because, well, people seem to be accepting it. The majority doesn't seem to be interested in deleting any accounts but simply abandon them. I do wonder why Microsoft/Skype prefers accounts not be deleted, though? Message history perhaps? When designing databases, this is a matter that's important: do you delete objects or do you flag them deleted to prevent holes in the related data? Obviously I've no idea if that's what is going on at all, but who knows. :)

Developers are not allowed to think about it ;-)

and none of that is to actually delete the account. the closest thing is to remove your name from the directory...

You never put information online, delete stuff, use anonymous accounts and VPNs, yet everyone is a victim of device fingerprinting tecnhiques. That's one way the governments finds "anonymous" TOR users.

Check the online test https://panopticlick.eff.org/ and the paper https://panopticlick.eff.org/browser-uniqueness.pdf for a good read.

The question I'm more interested in is why a sane delete option isn't built into the service. On the other hand, it's at least clear that your account exists forever, although it would be better if people were aware of that during sign up. Twitter claims to have deleted my account, but I cannot verify it.

As a side note, amazon affiliate accounts are equally bad.

Presumably if you have an account JohnSmith, that will be held locally on the computers of all your contacts, if the account was deleted and someone else registered a new JohnSmith account then your old contacts could end up calling a complete stranger.

Microsoft could have some process that records dead accounts and automatically deletes them from the contact lists of the billions of computers running skype, but imagine the problems when someone deletes their account by mistake (or has it hijacked and deleted by a third party) and wants it restored.

Now the better approach might be to associate each JohnSmith account with a unique ID that never gets recycled and then reject calls unless the account_IDs match. But that's probably a lot of re-engineering that they don't want to do.

I don't think the reason is to prevent accidental/destructive deletion. There are better ways to do that such as providing a grace period; allowing users to download their account data for a future re-signup; and two-factor authentication.

It's more likely that the revenue earned by the service is heavily dependent on building a social profile. A properly deleted (without a trace) account reduces the profile accuracy. I also wouldn't rule out the almost too obvious government surveillance requirement.

Mandatory Dilbert http://dilbert.com/2013-11-06/

(hint: even closing the thing is not straight-forward)

Maybe this is because of the way they store the data. It might be an expensive query (in their case) to search all contact lists with your skypeID, and remove it.

That just means, that they are too lazy to implement a delete queue or something. What's more likely is, that they audit and persist profile changes to gather data even if you "deleted" your account.

I like what GitHub does with a deleted account:


I recently deleted my Linkedin account. But their junk emails continue to dirty my email even now. Next in the line is Skype, and then probably Facebook.

Thankfully, I never shared my genuine data with Facebook or opened an a/c on Instagram or Whatsapp ever so I'm good at a certain level when it comes to Facebook.

In my opinion Twitter is the only option that is sane at the moment.

I've never even had a Linkedin account and they dirty my email with requests and reminders.

I tried many times to uncheck all the checkboxes to convince LinkedIn not to send me email, but they ignore them or create new ones, so now I just mark them as spam.

I briefly enabled Google+ for one of my accounts. It has been disabled since at least 6+ months.

My colleagues are still getting emails that seem to be coming from me about sharing stuff on Google+.

username+whatever@gmail.com is delivered to username@gmail.com, so if you add the service name when you sign up it's very easy to block unwanted traffic. It also tells you which service sold your email to spammers.

Also, if you run your own sendmail you can just add the following completely readable snippet to your sendmail.mc:

  Kplus regex -d+ -s1,2 ^([^._]+)[._](.+)$
  R$* <@ $=w > $* $: $(plus $1 $) <@$2> $3
That allows you to use "username.whatever@example.com" or "username_whatever@example.com" as well as the "+".

A lot of web sites' idiot email validator regexes won't allow "+" in emails. But every single one allows "." and "_".

Unless the spammers simply run remove the extra part from the address. A better way is to get your own domain and use a different alias for each service.

I've been doing the + thing for more than 10 years now. My observation is that spammers simply don't remove it (it's just not worth their time).

More importantly, legit services that are on the spammy side (or have broken unsubscribe links) will absolutely never remove it.

Back a few years when Ameritrade had a bunch of its user's emails sold to spammers, I just changed my email on the ameritrade website and started blocking my +ameritrade address. It worked like a charm.

I use a subdomain and forward *@subdomain.domain.com -- if you put a catchall on the root you will get spam.

Funny you say that, I've been constantly getting spammy emails from Twitter.

In all fairness to them though, they've been much better about that recently.

Very professional

I guess Betteridge's law of headlines could have saved me from reading this: http://en.wikipedia.org/wiki/Betteridge's_law_of_headlines

And as a result you'd have missed out on Skype's tap dancing and sidestepping around the issue. This submission also promotes a key issue: your Skype account is for life, or at least until Skype becomes passé and irrelevant, and shuts down.

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact