[openstreetmap/openstreetmap-website] User account self-deletion allows bad actors to delete and recreate the same account name to "lose" changeset discussion and block history (Issue #4018)

[Andy Allan]

I think this discussion jumped too quickly from discussing incidents and went straight to proposals, without explicitly stating the specifics of the underlying problems. From this issue and the discussion at #4313 I would say these are some of the problems:

* Deleted accounts are hard to report, because they are not linked from changesets, ways etc.
* Immediately reusing display_names is confusing, since user urls are not stable (see #482). This hinders discussion of events since people can't link to a specific account.
* It's near impossible to navigate through the list of all changesets created by deleted users.
* Also third-party tools are struggling with deleted users, and fail to analyze such changesets: https://github.com/mapbox/osmcha-frontend/issues/669.

Things that a cool-down period won't help with:
* Vandals can just abandon their account, and vandalise using a fresh account. They will need a fresh email address (which they currently don't have any problems with).
* Perfectly normal people could get frustrated with a cooldown period, and this may lead to additional support requests.

If anyone has any more of the problems (I'm not looking for example incidents, I mean the problems that this behaviour is causing for the people trying to deal with it) then I'd be very grateful to hear them.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/4018#issuecomment-1780953601
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/issues/4018/1780953601 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20231026/4f428284/attachment.htm>