View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 6140 | Composr | core_cns | public | 2025-01-21 01:49 | 2025-01-21 01:56 |
| Reporter | PDStig | Assigned To | Guest | ||
| Priority | normal | Severity | feature | ||
| Status | new | Resolution | open | ||
| Summary | 6140: Nix the 'Delete own member account' privilege | ||||
| Description | Data protection legislation facilitates that users have the right to be forgotten. This means in many jurisdictions such as the EU, it is required that a site provide a method for members to delete their account. As such, I feel this privilege is inappropriate. All members should always have the ability to delete their account at any time. However, to address the issues outlined in the tutorial, as part of this feature request, we should also implement a config option allowing the specification of a "delayed deletion". This means, if set, a member who "deletes" their account does not actually get deleted until the specified number of days elapse. And the member can cancel the process simply by logging in again before the days elapse. | ||||
| Additional Information | I do have a version 11 non-bundled addon which is not published (but could be) which will blocklist members who delete their account. This can prevent moderation loopholes. E.g. when an account is deleted, another one cannot be created under the same username, e-mail address, or IP address, if the account had any formal warnings or punitive actions on it. Right now, these are logged in plain-text, but I could take the same approach as data/unsubscribe.php and hash the stored values with the site salt. | ||||
| Tags | Roadmap: Over the horizon | ||||
| Attach Tags | |||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
