#6140 - Nix the 'Delete own member account' privilege
-
By PDStig
- Added
- 2 views
| Identifier | #6140 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Nix the 'Delete own member account' privilege |
| Status | Open |
| Tags |
Roadmap: Over the horizon (custom) |
| Handling member | Deleted |
| Addon | core_cns |
| Description | Data protection legislation facilitates that users have the right to be forgotten. This means in many jurisdictions such as the EU, it is required that a site provide a method for members to delete their account.
As such, I feel this privilege is inappropriate. All members should always have the ability to delete their account at any time. However, to address the issues outlined in the tutorial, as part of this feature request, we should also implement a config option allowing the specification of a "delayed deletion". This means, if set, a member who "deletes" their account does not actually get deleted until the specified number of days elapse. And the member can cancel the process simply by logging in again before the days elapse. |
| Steps to reproduce | |
| Additional information | I do have a version 11 non-bundled addon which is not published (but could be) which will blocklist members who delete their account. This can prevent moderation loopholes.
E.g. when an account is deleted, another one cannot be created under the same username, e-mail address, or IP address, if the account had any formal warnings or punitive actions on it. Right now, these are logged in plain-text, but I could take the same approach as data/unsubscribe.php and hash the stored values with the site salt. |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
There have been no comments yet