Hacker News new | past | comments | ask | show | jobs | submit login
Ask PG: Why don't you allow users to delete HN accounts?
110 points by _kwmj on Feb 22, 2015 | hide | past | favorite | 93 comments
At least allow people to replace it with something like [deleted] or [deleted-account] text instead of the user-name after a user has decided to delete the account, if you would want some kind of indication to remain, or sth random, whatever pleases or suits you.

Or at least give an option to disable/lock the account. I mean it should be like a basic right on the Net to have your account deleted.

(1) I don't think PG is the right person to ask, he passed the mantle a while ago.

(2) It may seem like it should be a basic right to have your account deleted, but in practice that only works as long as you don't interact with others, if you interact with others and then your portion of the conversation gets removed you effectively ruin the record. Unless everybody starts quoting everybody else to make sure that deletions don't leave the comment threads unintelligible.

(3) having your account replaced with 'deleted' is a useful suggestion

(4) in the meantime, say stuff that you're prepared to stand by and pretend that 'online' is just like 'offline', you don't get to make up the terms unless you go through the trouble of making your own website.

(5) You're volunteering all this stuff, nobody forces you to.

The rules of HN and other internet fora are pretty clear, what you write gets associated with your username and it will likely never go away entirely (google cache, wayback machine, users caching, search engines and replications of the db elsewhere). Choose your username and comment accordingly.

If you regret something specific that you wrote you can ask hn@ycombinator.com to remove it for you (they'll likely oblige if the request is reasonable), but if you can avoid tasking the moderators with more work than they already have I'm sure that would be appreciated.

> (4) in the meantime, say stuff that you're prepared to stand by and pretend that 'online' is just like 'offline'.

Online is not just like offline. At all. Simply put, human beings are not made to have their beliefs set in stone. Also, anything you write can (and if you're famous, will) be used against you. It's an extremely stressful environment.

I've been harassed by a troll in a forum where I had my personal information spelled out. In 50 years, people will still have access to me trying to put some sense into a crazy user. I will never treat online like offline again and I suggest everyone not to be so naive.

Instead, I fully agree with point 3.

Offline as in: the written word, offline.

The dutch have a proverb (they have proverbs for everything) 'who writes, stays'.

Of course what's said offline is vastly different from what's written online. But it would be good to take into account that that does not only go for public fora: it also goes for email, IM, skype chats, IRC and so on. Basically anything that you enter on a keyboard can come back to haunt you one day.

Dejanews took a lot of people by surprise, things that were said on Usenet, no one ever expected to become part of their permanent record. That is why it is so important that the EU is able to enforce the "right to be forgotten" on Google et al.

"The right to be forgotten" is one of the most asinine things I have ever of. It really should be called "The right to supress history".

That it can and will be abused does not mean that it does not have excellent use cases.

It's broken implementations and guidelines that are the problem, not the basic idea.

My Canadian lawyer once told me an interesting story. He had gone to research his 'roots' on the assumption that he'd find that he descended from English or French nobility, and wouldn't it be nice to have a coat of arms.

Instead, he ended up finding out that his great-great-grandfather had been given the choice of the gallows or the boat.

Of course that was many years ago, but somehow his great-great-grandfather had found a way to start afresh without his past misdeeds following him in too visible a way. And he had done very well for himself. In todays world that man would not have stood a chance of starting over, no matter how far he went from the place of his birth because Google will happily follow you anywhere short of changing your name.

Especially for convicted criminals being google-able can take away their chance to starting again with a clean slate.

Now, you could argue that this is right and that's how it is supposed to work, screw the criminals they should think before they commit their deeds and so on. But there is an element of permanence here that stops those that are capable of changing themselves for the better from being able to outrun their own shadow and in that specific example that is a net-loss to society.

Not that there aren't scenarios where the 'right to be forgotten' isn't a net loss to society, it's just that it is not as clear cut and simple as you make it.

Also there is the issue of recidivism; permanently branding someone drastically reduces the chances of rehabilitation. For many crimes a life sentence of shame is not appropriate; criminals should be given the chance to change for the better, especially as no one is perfect.

And not to forget that people get branded for things they didn't do or were misinterpreted or for one-time mistakes. Should these people have to live with that forever?

In situations like that, much like in real life, it's prudent to have evidence (comments, emails, server logs, whatever) to protect your reputation and show the facts, but that isn't necessarily the same as having these things aired publicly.

I find it a bit odd that this view is as prevalent as it seems on HN.

"The right to be forgotten" is nothing more or less than the right to have some control over your identity, and over the ability of third parties to leverage that identity for their own ends. To argue that governments and companies should be forced or obligated to maintain long-term, fine grained surveillance for the sake of "history" is kind of absurd.

In any other context, HN would be up in arms over the same, with many going out of their way to exercise exactly that "right" through the use of anonymizing tools or proxies.

The people objecting to "right to be forgotten" are not saying that companies should be forced or obligated to maintain long term surveillance. That's quite the non sequitar.

Many do seem to be insisting that search results and online information be preserved as a record of 'truthfulness' in case they need to be used against someone legally or in the court of public opinion (like a politician or a celebrity who wants a scandal 'erased' or who wants to redact some statement or opinion of theirs.)

By definition, this assumes the ability to correlate this data with real life identities (otherwise the whole argument is pointless) for as long as it's relevant.

That seems to me like an implied obligation to maintain a surveillance system (or state) in all but name.

Imagine that there's a middle ground between "forced to delete" and "forced to preserve". Let's call it "not forced to do anything".

"The right to be forgotten" is nothing more or less than the right to have some control over your identity, and over the ability of third parties to leverage that identity for their own ends.

It's the power to dictate what others can't say about you. Regardless of whether what's being said is true.

"The right to be forgotten" has no effect on what others can or cannot say about you as it in no way forces people to take down the sites targeted.

One of the plus sides to all the NSA/GCHQ surveillance is that it should end up being an excellent resource for historians, centuries in the future.

That is, assuming that they have access to the data, and novel methods of interpreting it in bulk. It'll be like a more honest, raw version of the Twitter archives.

GCHQ will never make this data available to researchers. Partly this is because of the way it's stored, a big FIFO cache not permanent stores; and partly because of (weirdly enough) English data protection law; and partly because they just keep stuff secret.

It took them seventy years to release a couple of Turing papers. http://m.bbc.co.uk/news/technology-17771962

It is unrealistic to expect the kind of control over your public image that allows you to delete or rewrite the past to better suit the present.

And it is dangerous to take this dangling carrot and then keep quiet about judicial abuses like the british super-injuction orders that protect the rich from having their affairs exposed to the public.

It's much more sane to reject the "right to be forgotten" concept in its totality and start thinking seriously about the persistence of data in the digital age.

It's sometimes used to supress an incorrect version of history being aggressively pushed by a single person with a fixation.

Protection from stalkers is a good thing and that part of RTBF needs to be upheld.

And let's not forget that Google isn't doing this for "history". They'll happily ruin someone's chances of getting a new job, just for a few dollars of ad revenue.

Nonsense. Not even that long ago a person could get a fresh start by moving to another town, or even just by waiting a few years for the memory of whatever thing they did that they regret, to fade in most peoples minds. Now it can follow you forever. How is that right? We expunge criminal records even - but not anymore if it shows up top hit on Google.

How do you propose that would be enacted in this case? How to force google to forget the contents of your comments but not the rest of the page?

I'm all for the 'right to be forgotten', it seems a useful counterbalance to the ease with which data is vacuumed up and re-packaged for easy consumption by seeker and stalker alike but I fear there will be a lot of practical problems implementing this.

One thing I have a lot with reocities is people asking to have specific guest book entries deleted from geobook pages. This is a ton of work to do right and even then it doesn't really help due to the enormous amount of data copying that has happened. It's pretty double because I get at least as many requests from people that want to retrieve stuff that is irreparably lost.

Digitally forgetting something is hard to get right, almost harder than keeping it in the first place.

Allow users to delete their account. Then display "[deleted]" for the username in the comment threads. If you want the names to ensure they stay unique in a given thread you could generate a new token for the user and show something like "[deleted-xS72d]".

This would allow users to disassociate their comments with their online handle but not screw up the old threads by deleting the actual content.

Although then someone might set up a mapping file saying "deleted-xS72d equals ptaipale" and 10000 similar records. It might be illegal in EU countries, but that doesn't stop it from happening somewhere in the US, or China, or South America, or whatever.

I've faced similar requests on a small board that I maintain, and there's no very good solution that wouldn't break the right of others to keep their own submissions intact and meaningful.

Could make the deleted-suffix unique for every thread of comments, this would be a reasonable balance between allowing the interplay of conversation participants to be left unscathed, and preventing tracking/correlation of comments across the entire site.

Reddit keeps the submissions and comments and mark the author as "deleted". Seems to work for them.

As a matter of fact reddit also allows you to delete your post history (last 1000 on the profile page itself) - the content. You can delete the rest too if you can find it.

This should be in the FAQ.

1) Users who are trying to delete their account may assume that it's doable but that they just can't figure out how to do it. Putting this in the FAQ would prevent that.

2) Users who know that you can't delete accounts probably want to know why.

It should probably be on the account creation page as well.

Thanks for the detailed reply.

No, it's not about any regret. It's not about not treating "online" like "offline" either - I think my account has pretty much been clean (I have seen fair share of my own "angry" and impatient days on the Net, the latter is still present, but in residual proportions).

It's just that I believe "deleting an account" should be an option to users. Yes, I agree I volunteered to open an account on this forum and then start contributing, that is why I am asking a question from the person who started it and, I am sure, still has the final say regarding this site when it comes to it - and not demanding it as a "right", so to speak. Yes, he might have passed the day to day operations to other people, but he still "owns" it, if I may say so.

So yeah I mean it just doesn't feel right.

Great post.

There is really no such thing as deleting your trail in the internet, except maybe superficially. This is why privacy is so important and losing it exterts an undoable damage. A one-way currency of sorts.

If you are not carefully keeping your internet persona (Japanese "tatemae" of sorts) by all means keep STRICTLY pseudonymous and never link your internet persona with your real one.

> There is really no such thing as deleting your trail in the internet [...]

Deleting accounts is a thing though.

That causes a lot more harm than good. You fuck up a site just because you didn't care to read the Universal small print of the interwebs, and you do so for barely no practical advantage.

Changing a name to "deleted" (or something similar) is, however, a somewhat meaningful workaround to alleviate the problem from end-user point of view.

But even that carries an administrational cost so I don't think sysadmins should be forced to do that just at the whim of other people. (Particularly when we are talking of things that are offered more or less as a public, free service).

Still puzzles participants in conversations and gives them an incentive to spider and backup whole threads.

It's probably an acceptable workaround but I believe it's best to always remember than the Internet simply doesn't forget. Even if some level of exposure can be minimised, nothing you can remotely call "protection". It can even be argued that this feature promotes irresponsible behaviour ("I can always delete it later" - no, you really can't).

You can take many approaches between not deleting at all and delete from your servers (obviously you can't "delete" from the collective internet memory). All of them with pros and cons.

>> "I believe it's best to always remember than the Internet simply doesn't forget"

Let's also not forget that the internet is still a very new thing. Not everyone understands the consequences of posting and that that content may never fully go away. We can't force them to learn this lesson when it's too late. It seems like we should have some measures in place so people who didn't understand the risks at the time have a solution. Deleting your account may not be truly permanent but it will help someone who wants content disassociated with them in most cases. We can keep the content available under a different name ('deleted' or a random string) and then the conversation doesn't get destroyed.

> That causes a lot more harm than good. [...] and you do so for barely no practical advantage.

That's highly subjective.

As far as fucking up a site goes, I really don't care. It's my account after all. (Or is it?)

> just because you didn't care to read the Universal small print of the interwebs



That nothing is forgotten. That precisely malicious private info traffickers will have your info, plus big corps, plus some government agencies. You basically protect yourself against random strangers who don't give a fuck about you and maybe your ex-girlfriend (if she doesn't care enough to pay the right people).

So Instagram shouldn't allow you to delete one of your pictures simply because I could have already grabbed a copy of it? That's ridiculous. I'm not protecting myself against anything, I just like to be in charge of my data.

By the way: This whole "nothing is forgotten" thing is a straw man anyway. Not being able to fully prevent something doesn't justify not trying. Murder comes to mind.

As I said before, I appreciate that all approaches regarding this have their pros and cons. That means I accept there are reasonable pros too.

However, from my PoV, anything that can give the false illusion to the mass that their data is truly deleted when a server stops showing it (or even internally deletes it to the best of their ability) it's an overall negative. General rule of thumb as far as I'm concerned. You are more likely to trigger the attention of malicious crawlers by deleting your stuff than you are of protecting almost anything.

>> "Unless everybody starts quoting everybody else to make sure that deletions don't leave the comment threads unintelligible."

This seems to be standard practice for most people anyway from what I've seen.

I read an argument that if you know you'll never be able to delete your account and posts, you'll be more careful about what you say. I don't think this is something I'd be considering when writing posts. We change as we get older and recognize that things we may have said in the past were stupid, but now we're stuck with them for life because they're on an interet forum with our name next to them.

This is why I now only post anonymously.

>> "if you know you'll never be able to delete your account and posts, you'll be more careful about what you say."

Most people probably don't know they can't delete their account until they attempt to delete their account.

The sad truth is, the users who want to act nasty won't care.

I mean it should be like a basic right on the Net to have your account deleted.

No, it shouldn't. Most forums don't allow account deletion including post deletion, because it would destroy many threads and make it extremely hard for later visitors to follow the conversation.

Since HN doesn't require you to put any personal details, you can just throw out your email address and your account will remain as an empty hull holding the strings of your past conversations.

Seconding this. I have browsed forums where important users threw temper tantrums and deleted all of their posts, making it downright impossible to follow years worth of valuable dialogs.

I am a staunch proponent of anonymity and privacy (hence why I post here under a pseudonym), but you need to make the decision about the level of privacy you want before you post. Changing your mind 1. screws over the community and 2. won't save you from the determined taking a trip through the wayback machine anyway.

Ever played Genesis Shadowrun?

A little bit, chummer. Not enough to catch your drift, though.

You are perhaps not as anonymous as you might think.

I am pseudonymous, though. I don't really care if you can e-stalk ANTSANTS to find that they posted in X forum or played Y game, as long as it stays separate from my real identity.

However, if you're gonna be creepy about it, maybe I should be more proactive.

I think OP wants to allow posters to disassociate their username from the comments retroactively rather than delete the comments themselves.

It is still pretty difficult to follow who is responding to whom if a bunch of users have deleted their accounts, making reply threads confusing.

Arguably, you don't need actual usernames to follow a thread, just a way to differentiate one user from another. Imageboards get by with extremely weak identity and referencing other posts rather than users, although, imageboards aren't exactly concerned with long-term quality conversations either. Still, it's possible to follow a thread without any identities at all.

This would mean something a bit smarter than just replacing usernames with [deleted] though. Perhaps [deleted #nnn] or some other token.

Edit: and if you really wanted to get paranoid about ambiguity, generate a new token per thread rather than per user, making it all but impossible to correlate the entire posting history for a deleted account.

Also arguably, a thread for which a majority of users have deleted their accounts might not be worth following anyway.

Fair point, I was mostly considering [deleted] since I think I've seen it in an HN thread that I came across while searching an old article. Numbers would work just as well.

I wouldn't really consider the deleted accounts to have worse comments. Especially for old threads... some users just retire their accounts, but the comments are still valuable when stumbled upon in the future.

This is not true, look at how Stack Exchange handles deleting users: Generate a random user with a specific pattern.

I'd rather be able to change my username personally. This one is tied to a domain I used to run in the late 2000's and it's not the least bit relevant.

This is something I've wanted for a long time too. I emailed HN a couple of times but got no reply. I understand preventing people deleting accounts as it would destroy past discussions but changing the username shouldn't be an issue.

Same here. This would also allow one to "delete" the user by changing the username to something non-identifying.

Colinbartlet: you have been hellbanned. You might want to email hn to be unbanned.

I also have wanted this for a while. Many months back, I had a troll from Hacker News plaguing me in the real world and it was frightening. At the time, I really wanted a way to disassociate my posts from my real name but I understand there is no mechanism.

Trivially changing your username? What do you think HN is, a forum that uses a database to decouple data from code? It's doubtless far too clever for that.

Well, it does use a database, actually. One of the first to ever exist. It uses the file system.

More seriously, though, I wish someone would build a database-based file system already. It would be so much easier to build an application that focused on data if it were in the OS.

There's another side to this issue. Someone could create an account with your name (claiming to be you) and write horrible/offensive/illegal things from that account.

Anyone can write anything on Internet forums and can claim to be whoever they like. Sites will store this data forever. Something needs to be done to limit or prevent that sort of abuse.

Attribution can be difficult. https://keybase.io/ is a nice way to establish identity on social sites.

Juts suppose that HN let you delete your account and comments.

Google and Bing have a copy of them. You still need to convince them to delete them. Perhaps you can convince them to hide them, but I'm not sure if they really delete them ever. And I forgot Archive, they also have a copy. (Do Facebook scrap the web and has an internal copy for some future project? Yahoo?)

There are a few HN-with-another-UI that also have copies of everything. Some of them add tags, filters, another sort order, more search capabilities, a nice UI with gradients of a flatter UI if that is possible. Algolia has the official search engine, but I'm not sure what happened to the copy of the data of the Octopart engine. Recently there was one submission of one that allows you explicitly to see deleted comments. (I don't like this, I consider this bad manner, but I don't see any way to prevent it.) You must convince all of them to delete their copy. (And some people have private copies to run statistics for curiosity sake.)

Yesterday, there was another submission of a company that scraps the web and classifies the information to identify account. They sell that information to police officers in case of children kidnapping or sex slavery or something similar, I don't remember the details. That looks like a noble goal, but the same technology could be used for evil purpose by another company. And the shadiest companies are probably more difficult to locate.

And you still have to contact the 29 agencies of this list http://en.wikipedia.org/wiki/Category:Signals_intelligence_a... (or perhaps http://en.wikipedia.org/wiki/List_of_intelligence_agencies ).

I operate a small forum and somewhat solved the issue of being scanned by the bots by letting the users to decide whether their posts/threads are visible to unauthenticated users, or users with less karma than some threshold. They can either be completely hidden to them or hide their names and let just the post be visible.

The fact(?) that you can't delete this data from these 30 other places does not imply that you shouldn't be able to delete it from the source.

And honestly, if you remove it from the source, many of the crawlers will lose the data the next time they crawl, and the rest will be unable to justify archiving everything, forever. Your biggest "adversary" in this space would be the Internet Archive, though they respond positively to requests to remove content.

> Google and Bing have a copy of them. You still need to convince them to delete them.

Search engines will re-index the URL over time, so you won't won't need to convince them to delete their archives.

> I mean it should be like a basic right on the Net to have your account deleted.

For sites like these, I would agree. You should know, however, that some regulated markets like Internet gambling sites and the like have a requirement NOT to delete information about your account or your transactions, so this "basic right" is actually legislated against in some areas.

I allow profile deletion on Microco.sm forums.

The way this works, is that we have a profile called 'deleted' and everything a person has contributed is reassigned to that profile. Then we really do delete the profile of the user in question.

We do warn, in advance, that once done the author loses all right to their content forever. As we could never know who the author is. But then... this shouldn't affect HN as you already lose the ability to edit your content after some short amount of time... the effect is much the same as permanently losing ownership of your content.

The 'deleted' account is the accumulation of all content created by profiles now deleted. Here's the deleted account on one of my larger forums: https://www.lfgss.com/profiles/47687/

This method of profile deletion means that none of the conversations that have occurred lose their meaning, or are otherwise broken up or left 'gappy'.

BTW, I've always found it a bit strange that HN doesn't seem to have legal documents, user agreement or privacy policy.

Are you guys still going? Thought you had wound up the ops?

Everything is open-sourced, Matt and I have positions elsewhere (GDS and CloudFlare respectively), but the platform is open-sourced and being used.

To my knowledge, there are 3 major instances of the platform, on the instance I run there are nearly 300 forums and just over 50k users. Another instance is presently being setup as I'm helping advise them on it.

I emailed hn@ycombinator.com and they replied that they "don't technically have the ability to change usernames." They also "feel that it would be against the spirit of the site" because "threads really belong to the community."

I don't think it's a basic right, but it would be really nice if your past didn't always follow you. People change their opinions and generally grow up. Also, it may be a basic right if you're below the age of 13 due to COPPA:

  "the parent can review the child's personal information, ask to have it deleted and refuse to allow any further collection or use of the child's information. The notice also must state the procedures for the parent to follow."

As an aside, I'd love to be able to rename my account to have a unique handle across websites...

Is there a difference between locking your account and just removing the email and keying in a random password? Once you've logged out, your account should be effectively locked permanently.

The difference is if you've posted anything that you regret and the account can be somehow linked to you, that old content still is attached to you, you just can't write any more of it...

It would make a lot more sense - and probably be easier - to fix social norms to recognize that people change, and that old comments from the person you used to be aren't from the person you are now.

I would assume that this will happen on it's own, as people grow up with exposure to their own permanent record and notice that they don't recognize their old selves.

I mean it should be like a basic right on the Net to have your account deleted.

No, it shouldn't.

Setting the expectation that individuals have the responsibility to clean up after themselves, means that anything they don't clean up still matches their current beliefs.

Which will cause problems when there are a few sites that you don't remember being part of, or have lost your login info for.

dang, if you're reading: HN at one point had support for openid. You couldn't convert openid accounts made to regular password accounts, so after openid died, there's a bunch of loners on the HN accounts system.

I'd love it if there was some way for those of us who used openid to have our openid accounts merged back with the accounts we use now.

The WeLL[1] has a long experience with this concept[2]. They allow users to remove all their comments with a placeholder being put in its place.

1) http://www.well.com

2) http://www.well.com/yoyow.html http://www.well.com/conf/guidelines.html http://www.sscnet.ucla.edu/soc/csoc/papers/voices/Voices.htm

Ok, got it, down votes for pointing out other community solutions - perhaps I see why people want to delete their accounts

Is there a copyright angle here?

Do we own the copyright of our comments, and in theory could we legally be able to demand sites that have our comments to remove them?

That's why sites always put "perpetual license" in their TOS, they don't want to deal with copyright claims from their users.

Please email hn@ycombinator.com with questions or requests related to HN.

> Or at least give an option to disable/lock the account.

Change your password to a random string, add HN on your email systems spam list, so you don't feel any cravings to reset it by mailing yourself a new password.

"I mean it should be like a basic right on the Net"? Oh good Lord.

What does it matter? Don't use it. Or are you trying to send your past comments down the memory hole? If we are suggesting changes to HN I think a mobile style sheet should be at the top of the list.

Woah thats some Illuminati stuff

I swear I had no hand in it :-)

You'll get the keyboard warrior effect even moreso if you allow account deletion.

The HN community is pretty well behaved, IMO. People just want disassociation, in order to have their current selves be separate from perhaps a younger, less intelligent, past self.

Lazy development. Any hurf blurf you hear about right of others to trace you or readability of the forums or responsibility for your comments or futility of local deletion is just a smoke screen for a bunch of developers that really don't want to re-engineer their products to support deletion months to years after they wrote the spec that forgot to include it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact