[openstreetmap/openstreetmap-website] User account self-deletion allows bad actors to delete and recreate the same account name to "lose" changeset discussion and block history (Issue #4018)

[Mateusz Konieczny]

> Now we certainly might want LWGs thoughts on the matter but there isn't an absolute right to always have things deleted.

Proposed text to send to LWG ( if you are maintainer of this repository - feel free to use it and send it to LWG in own name or tell me what needs to be changed or tell me that it is not useful to send as-is or tell me that it would be useful if I would send it, feedback is also appreciated from others ):

questions:
Can we disable self-deletion functionality for people who edited within last month?
Can we disable self-deletion of blocked accounts?

explanation:
At osm.org we are providing "delete your account" features. It can be used at will by users and make their edits much harder to connect with former account, this also removes their username, hides diary comments and so on.

Unfortunately, at this moment it is primarily used by vandals and malicious people that make harder to revert their vandalism and reuse account usernames. Typical vandal strategy is to register, commit vandalism and immediately delete account.

Would we comply with GDPR and UK privacy regulations (etc) if we would block self-deletion in cases
- user was active in last month 
- user was active in last 7 days
- user is blocked

As I understand (I am not a lawyer!):

We are not obligated to provide self-deletion button at all. We can also provide it allowing deletion at will (used primarily by vandals nowadays). We could also provide one that works only on odd-numbered days. Or only for people who have not edited for a long time.

Account-self deletion seems to exist to cut down on manually processed requests arriving via weird methods and exists for convenience ours and legitimate users.

Main risk of restricting self-deletion is that we could start getting more paper/mail based account deletion requests.
But it is entirely legal to restrict self-deletion.

triggered by:
https://github.com/openstreetmap/openstreetmap-website/issues/4018

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/4018#issuecomment-1776930560
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/issues/4018/1776930560 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20231024/ad7b4521/attachment.htm>