Hi All,
I've had a look around the groups and tried using the search function with nothing coming back, so figured I'd ask here.
As we know end user privacy, end user records / content is important but I don't think there is anything built in to elgg to enable a user to seek the deletion of their own account?
Is there a current plugin, (SiteAccess?) that maybe could be expanded to give end users a "Delete Your Account", then deleting all their content / records in the system upon deletion request and action?
Just a thought people, if the above can't be accomplished, does anybody know of any other way around this issue.
Regards,
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
The user could delete their account in 0.9 but this was stopped (thank god) because it reduced a site to chaos - even more so when the account that is deleted is a prolific poster...
No I wouldn't recommend instituting this at all - far better to just change their password I think.
@ Jededitor - Thanks for the reply and your thoughts. I fail to see though how changing somebody's password, alleviates the fact of "User Privacy" that once they wish to leave a website, a high % will want their account deleting and content deleted.
Otherwise the internet is just too full with redundant information , as if in some cases it isn't already. Could you explain a little why up to v0.9 it created havoc? It then gives me a good angle on the fors / against knowing from people who have been around elgg for much longer than I. :)
Maybe I could create a simple "Contact Us To Delete Your Account", a simple email that requests them to state their real name, username and password in this email (The latter to stop people who aren't the true account owner seeking deletion for various dodgy reasons).
Then I would just check their emailed details against some elgg records / section, then just select "Delete" in Admin>Users for that users account. This leads me to a further question, when admins delete users in such a way, does it just delete the account or that users content, profile... in effect everything?
I was aware of the "Delete User" function but having never used it as yet, wanted to know if anybody had worked on or thought about giving the end user a simple "Delete My Account" function to add to the admin's ability.
I can't see why if admin can delete users accounts, why can't the end user be given an extended feature of this part of elgg, simply to send their request to delete to the elgg system and then it's actioned in someway / self automated in deleting the account, thus alleviating the admin time taken once a site grows in numebrs to have to do this themslves?
Again just some thoughts as I seem them.
Well as I said - it created chaos becuase all their contributions to blogs etc, replies images generally disappeared which tended to fragment things a bit and sometimes resulted in whole threads disappearing..
Personally I would never delete a user or allow a user to delete themselves who had contributed a lot to the site - it would probbably be safer to change their name & password then at least you would be still left with everything they contributed...
I think that this would depend in part on the nature of the site. It's one thing to delete the content from a profile, and quite another to delete all the content created by a user. In a discussion site, deleting comments owned by a user can reduce a thread to nonsense. If the user actually started the thread, then the whole thread would disappear along with all the other comments owned by other users.
I agree with jededitor, for most Elgg-like sites, deleting a user account is an extreme thing to do and usually you don't want to let users delete their own accounts as content is closely intertwined.
Hi Guys,
Right I get where you're coming from now explaining it in the above way, thanks. :)
It still leaves me to having to think on my feet, especially with the target audience being Businesses, Individual Business Persons, Organisations etc; I always try to think ahead and percieve any potential issues and put things in place ahead of those time.
So correct me if i'm wrong, if I was as Admin to simply "Delete" a user (The red text delete we have just below normal user profile links) does it just delete the user, but leaves all their comments, contributions etc OR does it actually delete everything from that user.
I only ask as you both kind of answer with a fear of the "Delete" word and I want to make sure I understand you correctly. :)
I think I need to try to put together a plausible, true and legal based FAQ entry for this very issue but based on why "We Can't Delete Your Contributions / Content" and then it stops future users asking this awkward question on my site.
However my only true fear of doing it this way, isn't that what FB for example was plastered all over the internet news and tv news programme's for, in effect keeping their users content once they had left / deleted their profile account?
Rob,
That is a great question. I hadn't thought of that one.
Yeah, I see both sides of the argument. As an admin, the groups and forum posts might look silly with people responding to things that aren't there anymore. So protecting the content is important.
But as a user, when I want to leave a site, I should be able to do so.
A good FAQ is definitely needed to explain this issue!
Lets put it another way for those who haven't quite got it yet - if you were the regular contributor to a letters page on a newspaper and you stopped getting that newspaper; would you expect the newspaper to go through all their back issues and delete all your letters?
On my own site the T&C states that we will retain all material posted on the site (where it isn't breaking the law) and all a user can do is delete any copies of it that they may have on their own computer. But what I usually do is set the profile information to private and change the username & password just in case they do decide to come back ( it has happened)
I have been following this thread and I think I might have something to contribute..
Firstly, we need to define the legal elements in this.. Before we go deleting or not deleting any content, the question is: who owns that content..? If the user owns the content, then they have the ultimate choice as to whether the the content is to remain or is to be deleted, so long, ofcourse, as the content is inline with the terms of use. If the content is owned by the site, then the site admin can delete this content.
Often, content that is published on social networks, including comments, notes, discussions is not owned by anyone, including the person who wrote them. This type of content is, for instance, not protected by copywright laws. Therefore, most websites' terms of use state that the administrators of the site may, and without giving reason, delete any content. This is not necessarily the case for photos, artwork, art in general icluding music, depection of one's self, unique literature like poems and academic papers are partially protected by copywright, in that a person, whether it be the site admin or any other user, may not carry, distribute, publish, copy or otherwise share this material without the consent of the producer, writer or image owner. More importantly, the owner has the right to have this material removed on request.
The term 'removed' applies to being removed from the public domain. Having someone's password changed does not remove the information from the public domain, it merely restricts access. The information will however remian published on the public domain. A good example of this, is a result produced by a search engine containing information and images relating to a former user, it may be a little comment on a forum with an avatar of their picture, and may even contain a link to their profile. The user in question, in these circumstances, may have grounds to initiate legal proceedings againt the site. I know that the majority of websites do not even take these matters into account, but that is only because there hasen't been a trend of action against websites for this kind of matters. In the end, a wise webmaster would protect themselves from this bullshit by putting in place a good set of terms and conditions, hence, we paid $8000 for our terms of use to a specialised lawyer.. (It is essential in our game because we deal with dating social networks).
I do agree with everyone who made a post on here and I can see all sides of the debate, which leads me to say that we probably all agree that there is no right or wrong so long as we are protected with solid terms of use.
-Carlos
But remember laws vary from country to country and your T&C should always include a line stating that the site is governed by the laws of the country it is based in.
IIRC some countries like Russia & China don't actually have copyright laws...
Jed.. Countries do not have their own copywright laws, the copywright law is part of international law, China and Russia are not signatories on that law.
You will find that copywright laws are uniform accross the entire world, the different laws you are referring to may be related to Trade Practices for websites with eCommerce, Privacy Laws, Freedom of Speech.. etc. The fact remains that even a Russian citizen can still sue an American website hosted in the United Kingdom for breach of Copywright, more interestingly, they can file their law suit in Denmark if they wish.. Or, an American Citizen can sue a Chinese website hosted in Hong Kong, the only difference is the matter cannot be heard at a Chinese court because the Chinese court wont have jurisdiction to hear the matter.
In the past, publishers, including websites were required to provide a copywright statement in order to enjoy protection, in the past few years this changed and copywright is now deemed a granted right regardless whether a statement is provided or not.
Which laws govern copywright on Facebook, Twitter or MySpace..?? What if Facebook move their business or servers to China..?............. No matter where they are, their users will always enjoy copywright protection based on International Law.
- Previous
- 1
- 2
- 3
- 4
- 5
- Next
You must log in to post replies.