Ticket #678 (open enhancement)
Delete user account
- Created: 2012-05-28 15:21:17
- Reported by: Franz
- Assigned to: None
- Milestone: 2.0-beta1
- Component: usability
- Priority: normal
We should add a way for users to delete their own accounts.
This feature should also have an administration option to be turned off/on.
Newman 2012-05-28 17:12:43
This is the worst idea I have ever seen in my life
Studio384 2012-05-28 19:29:35
No, then you have a problem with posts.
Pierre 2012-05-28 20:06:19
Just to clarify: This feature is just to be able to remove the account data. Posts and threads should be kept.
Admins can already remove accounts, but the idea is to reduce their workload by letting the users do so directly.
Studio384 2012-05-28 20:18:46
Yes and that's the problem: a spammer create a account, post spam everywhere and delete the account, how you will clear that, post after post?
Pierre 2012-05-28 20:24:53
If he can create one account he could also create 1000 accounts. Same result.
Anyway, Franz already stated that if such a feature would be implemented it should be possible to disable. I am just saying that there might be reasons to have such a feature. I wouldn't implement it if it is too much hassle though.
i think what studio384 meant was that when the spammer is deleted, there is no way to delete his post at once ( if there is no tool like " delete all post by ip *** " )
adaur 2012-05-29 14:42:13
I strongly disagree with this idea: what happens if an account is compromised ? A potential hacker could delete a whole account and even if posts are not deleted, he could register his own account with the username hacked.
Franz 2012-05-29 14:51:32
@adaur: There is a whole slew of problems when an account gets promised, and our only responsibility is to help prevent that as good as possible.
That said, I agree we have to be very careful...
adaur 2012-05-29 15:42:17
Not only your responsability, the account owner's too. I think adding this option could just make the damages worse in case of account stealing.
PM/Emailing an admin when an user wants his account to be deleted seems enough for me.
Studio384 2012-05-29 16:33:30
Yes, i follow adaur.
I realy think this is a bad idea, so, dont do it.
@Pierre, than, it's easier to delete 1000 accounts than 1000 posts. Beside: you can blok the user to create more than 1 account. But you can't block he can create more than 1 post.
Franz 2012-05-29 20:49:09
Hmm, you guys have some valid points here.
Maybe we should have an extra "request account removal" thing (although could be abused just like the other features) or simply link to the mail form for the admin user!? Just make it a little clearer and easier to get the account deleted if you really want that...
Studio384 2012-05-29 20:54:53
Yes, that's a good idea. That makes it better, something the orginal idea didn't...
karol 2012-05-29 23:03:29
How would a "'request account removal' thing" make the process easier for the admins?
i don't know, as for the post you quote the method in place ( without modifying fluxbb to do it otherweise ) is asking an administrator ( by posting in a thread, sending an email, contacting him by any other way ), then the admin just :
- rename the user by editing profile ( this can also be done by a mod with permission to do it )
- delete the user by clicking on click on a button
Franz 2012-05-30 10:25:12
Exactly. I am not sure why karol thinks the actual process of renaming is difficult. It couldn't be easier, in fact: Go to the user's profile, edit the username, click on "Save". Done.
karol 2012-05-30 17:19:40
I'm not an admin and I have no idea how it's being done, I just quoted the justification given on the Arch Forums :-)
The post I quoted is 4 years old so at that time the procedure might have looked different.
There also may be other reasons why admins prefer people to keep using the same user name.
adaur 2012-05-31 13:29:32
@Franz: an e-mail to confirm account deletion seems like a good idea. However, I still think that this feature should not be included in the core or disabled by default.
coolhome 2013-07-29 01:13:00
I can see the potential for this feature. E-mail confirmation is a good idea.
For the possibility of a hacker deleting a user I would vote to do a soft-delete and after X amount of days the user row will actually be removed. Just an idea.
macadoum 2019-02-12 22:31:44
I just see there is no way in fluxbb for a user to easily suppress his own account. With GDPR and the evolution about online privacy, this ticket should be considered high priority.
JJones 2019-09-13 00:49:35
VERY easy to suppress account information ... the same way you suppress BANNED ACCOUNT information
Try adding a deactivation flag to the account information. Franz claims their is some type of temporary ban, it would be just as easy to add a variable for "DEACTIVATED".
The same way you should NOT be running quires against banned accounts, you would do the same skip for accounts that have the deactivated flag too ...
Allowing a user to deactivate their account then becomes a trivial concept .... It ONLY becomes a major problem if the account data is deleted.