[openstreetmap/openstreetmap-website] User account self-deletion allows bad actors to delete and recreate the same account name to "lose" changeset discussion and block history (Issue #4018)

[Mateusz Konieczny]

> But really none of it needs to be this hard. We had an excellent UI suggested about three hundred comments ago, we just need to get LWG to agree to it.

New proposed version of text to be send to LWG, taking into account https://github.com/openstreetmap/openstreetmap-website/issues/4018#issuecomment-1776938957 and replaces https://github.com/openstreetmap/openstreetmap-website/issues/4018#issuecomment-1776930560

(I am assuming that preparing this text is useful, let me know if it is not)

---------------------------------------------------------------------------------------------

Proposed text to send to LWG ( if you are maintainer of this repository - feel free to use it and send it to LWG in own name or tell me what needs to be changed or tell me that it is not useful to send as-is or tell me that it would be useful if I would send it, feedback is also appreciated from others ):

---------------------------------------------------------------------------------------------

questions:
Can we reject deletion requests for people who edited within last month?
Can we reject deletion requests of blocked accounts?

explanation:
At osm.org we are providing "delete your account" feature. It can be used at will by users and make their edits much harder to connect with former account, this also removes their username, hides diary comments and so on.

Unfortunately, at this moment it is primarily used by vandals and malicious people that make harder to revert their vandalism and reuse account usernames. Typical vandal strategy is to register, commit vandalism and immediately delete account.

Would we comply with GDPR and UK privacy regulations (etc) if we would block self-deletion and refuses deletion requests in cases like:
- user was active in last month 
- user was active in last 7 days
- user is blocked

Are we allowed to tell people who requested self-deletion via email to stop editing and use self-deletion feature in X days?

Proposed new interface would look like this: https://github.com/openstreetmap/openstreetmap-website/issues/4018#issuecomment-1775915884

triggered by:
https://github.com/openstreetmap/openstreetmap-website/issues/4018

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/4018#issuecomment-1777018449
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/issues/4018/1777018449 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20231024/f222e955/attachment.htm>