This came up through an ex-user who complained that their account name was still visible on a remote pod. It turned out that everything had done properly, but their ID contains their real name.
Would it not be a good idea to replace the user_name part of the ID with something anonymous? It could be replaced with [closed account], possibly with the pod name appended, e.g. [closed account]@podname.tld.
There is, I assume, no need to retain any account-level information relating to a closed account in a post on which that account has commented, as there is nothing to link to (clicking on the account name gives a flag that the account has been closed). So why not just erase the account name so that it can’t be clicked on? And the guid/public key for that account can be deleted from the post and the pods holding the post, as there probably can’t be any need to refer back to the now closed account.
I don’t see this as a legal (e.g. GDPR) issue. If someone wants to be forgotten, they can go to the My activity stream and remove their interactions before closing their account. But unless there’s some good reason not to anonymise any remaining interactions after an account is closed, I think it would be a good idea to do so.
There is a feature for doing the “remove all my activities” I think which would obsolete this except for the possibility that the deletes don’t propagate. I don’t know the state of that feature either.
I agree it’d be good to do something like this but I have to think about the how of how I’d approach it if I were to try to address that. I’d be concerned about the duplicate name problem.
I think the pod name should not be preserved either. I don’t see any purpose in preserving it and it can be potentially deanonymizing (if someone used a personal pod, for example, or just a small pod and references to it can be potentially identifying).
Thinking about it more…since the account is closed shouldn’t we just not show any comments from the user even if the system has them? We can filter that at query or response building time.
Diaspora stores the diaspora ID to make sure an account can’t be created twice and somebody could steal the identity of the previous account. So deleting or changing it (in the database) isn’t an option.
It could maybe changed when displaying it, but I don’t recommend it, if we just display something random, it could happen that it’s something that’s exist (maybe somebody explicitly creates the account with the new display ID), or if we randomize every time, or if we just use [closed account]@podname.tld it would be really weird as soon as you have a conversation with multiple closed accounts.
Also we can’t change it everywhere and if it’s copy pasted in other comments (or if people copy pasted the name), then we can’t change that.
since the account is closed shouldn’t we just not show any comments from the user even if the system has them? We can filter that at query or response building time.
We keep comments to keep conversations complete and not have some comments missing in the middle, if we wouldn’t want to show them, we could just delete them, but comments are actually kept on purpose.
The only way how we probably can improve the situation is by deleting likes, as far as I know they are kept too, but I don’t know why they should be kept, because there is nothing missing if they were deleted.