[openstreetmap/openstreetmap-website] User account self-deletion allows bad actors to delete and recreate the same account name to "lose" changeset discussion and block history (Issue #4018)

[Schorsch]

So, there is something to allow users self-delete and something else to delete all their data. 

So it is possible to:

1. Allow self-deletion after 7 days of non-editing. If the user edited in the last 7 days, grey out the button with a information besides it, for example. 
2. Allow coming back with a "Your Account will be available for you for another 90 days if you decide to come back."
3. While these stuff is happening no username-change is allowed
4. after the 90 days the username is changed to "deleted12345" with random number plus deletion of the profile-information (or just make it invisible?)
5. A possibility to allow deletion like mnalis said above "Email the Data Protection Officer with your GDPR deletion request". I don't think this will happen often at all. 

This is all possible and i think would be good to restrict vandalism while allowing users to self-delete their account. Although i think some stuff might be harder to implement than others. But all in all i think it would be good for OSM. 

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/4018#issuecomment-1776653335
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/issues/4018/1776653335 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20231024/3007d9bb/attachment.htm>