[openstreetmap/openstreetmap-website] User account self-deletion allows bad actors to delete and recreate the same account name to "lose" changeset discussion and block history (Issue #4018)
Schorsch
notifications at github.com
Fri Jun 16 13:48:51 UTC 2023
> I really don't think that's going to work - we remove the names because they often contain personal data so we don't really have any option.
>
> Besides which it will just leads to loads of people asking why they can't have a name which appears to be unused and anything which gives me more support mails to answer is definitely not on.
I would love to see the following:
If a user deletes his account, change the username to a random string like `deleted_234234` and remove the profile-content. This way the profile itself remains clickable and the history and comments can be found and traced but the user-data is gone.
Save the user-name in a database and block it for 6 months (arbitrary now) before it gets released again.
Additionally restrict name-changes to once a year, for example. The name-changes of one individual user drove me nuts and everybody as well because he tried to avoid getting found again. But this leave still the possiblity to switch up the name if you want it for some reason. (will search if there is an issue for this)
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/4018#issuecomment-1594707209
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/4018/1594707209 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20230616/2d65c8c6/attachment.htm>
More information about the rails-dev
mailing list