Ask HN: Can we delete our accounts?
I was checking out a post yesterday that used stylometry to group HN accounts, potentially doxxing the authors:
https://news.ycombinator.com/item?id=33755016
Honestly, it was pretty concerning to be able to locate an old account of mine. Given the potential danger of being doxxed, it would be very nice to be able to delete our accounts and old comments. I think HN is one of the only sites that doesn’t allow you to do that in an automated fashion. Can we request that feature be implemented? I worry that people are building tools to reverse engineering people’s true identities and it seems like an important feature to keep users safe from physical and commercial harm.
183 comments
[ 4.7 ms ] story [ 308 ms ] threadCalifornia law for those residents, Massachusetts law for them.
So request deletion before you leave CA.
The population of the EU is almost double the US, and the law encompasses all companies globally that store data of people living there. Seems sensible to follow it else you'll be paying GDPR fines out your nose. If India came out with some consumer-friendly law that Indians can ask Dang to delete their comments, and I'd bet a good percentage of HN are Indian, I'd agree it's something that should be included. This is part of the difficulty of a global website :)
Who is forcing you to pay the fine? The EU can't force you to pay the fine since you aren't in their jurisdiction.
The conflicts are a well known trouble. Between EU and US for example there is an ongoing dispute between US PATRIOT Act and GDPR, where (simplified) US say they got access to all data and GDPR forbids that. Different treaties which tried to allow some "safe harbor" between the regulations have been invalidated by courts so all operations crossing the atlantic is in a legally questionable state ...
Now for HN the question is if they target EU customers. There is no need for them to actively block Europeans, but the line is unclear. It'd be clear if they were selling swag with prices listed in € or would show europe-specific ads. In case of doubt it's the decision by a court.
Decision by a court then is the other dimension. A European court probably has a hard time to reach anybody for a fine or some other consequences. Companies like Facebook avoided that for a long while, but since they got stronger in their European ad business they are formally reachable by European courts in their subsidiary in Ireland. If a judge is really desperate they might try going via a European subsidiary to a company they invested in and put out arrest warrants against the managers in case they ever touch European ground ... but most judges will probably try to avoid that amount of work involved.
This isn't a matter of "the laws are making our life hard": by accepting user data you, as a service, are consenting to following all applicable laws. You have opted in, now you have obligations. Don't want to deal with GDPR? Ask users where they're from and go "sorry, can't let you create an account, we don't want to have to deal with GDPR".
Even if you pretended HN was a "for US only" website (which it of course very much isn't) you still have at least five state laws to comply with (California, Virginia, Colorado, Utah, and Connecticut), and that number's only going to go up.
If you handle data, the easiest way to deal with this whole "oh my god so many laws" is to know where your user data lives, not sell it on without express consent, and have data deletion built in from day one with a "delete all my data (including my account, obviously)" button that users can click themselves. And presto, without any further involvement from your side (unless you lie, and don't actually delete data) you suddenly comply with all data privacy laws, and users don't even need to fill in official request forms relating to specific laws that you then have to deal with within X days. You just have an FAQ entry going "Q: How do I delete my data? A: Go to your account page and click the "remove my account" button".
You don't need a hypothetical question for this:
"""The EU–US Privacy Shield was a legal framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States.[1] One of its purposes was to enable US companies to more easily receive personal data from EU entities under EU privacy laws meant to protect European Union citizens.[2] The EU–US Privacy Shield went into effect on 12 July 2016 following its approval by the European Commission. It was put in place to replace the International Safe Harbor Privacy Principles, which were declared invalid by the European Court of Justice in October 2015.[3] The ECJ declared the EU–US Privacy Shield invalid on 16 July 2020, in the case known as Schrems II.[4]""" - https://en.wikipedia.org/wiki/EU–US_Privacy_Shield
Also see https://en.wikipedia.org/wiki/Max_Schrems
Also, Microsoft had a specific problem with legal jurisdiction, because first the FBI then a US court ordered it to hand over data from a server in Ireland that EU/Irish law prohibited it from handing over: https://www.irishtimes.com/business/technology/microsoft-ire... and https://en.wikipedia.org/wiki/Microsoft_Corp._v._United_Stat...
Or else what?
https://cyberprotection-magazine.com/us-companies-face-hefty...
My question was, how would EU fine a company in the US? They have no jurisdiction there. The same way (referring to sibling comments) Cameroon has no power to fine anyone outside Cameroon.
The companies in your article all have presence in the EU.
The EU really wants you to believe this, but national sovereignty is a real thing and I’m not aware of any law under which any country will extradite their own nationals to the EU for violating EU law. In general, you are only subject to a country’s laws if you are in their jurisdiction.
If you run a website that serves EU users without following GDPR, and you’re not a business with a presence in the EU, what exactly is the EU going to do to you? Arrest you when you vacation in Europe, maybe, but if you don’t do that, it’s not like they have a China-style firewall.
It should
https://www.cookiebot.com/en/gdpr-usa/#:~:text=Does%20the%20....
I see that site makes the same assertions about jurisdiction that the comments here are making. However, it provides no explanation for why the EU can actually claim that jurisdiction, which is my whole point. Why are they obligated? How does the EU have such authority?
I say it doesn’t, for the simple reason given upthread, and you have provided no evidence to the contrary.
Personally, I still view GDPR more akin to regulatory capture than actual consumer protections; although, I do admit, more than anything, the Internet needs more consumer protection.
Although increasing the complexity of doxing is a worthwhile goal.
"Can I delete my account?
We try not to delete entire account histories because that would gut the threads the account had participated in. However, we care about protecting individual users and take care of privacy requests every day, so if we can help, please email hn@ycombinator.com. We don't want anyone to get in trouble from anything they posted to HN. More here [1]."
[0] https://news.ycombinator.com/newsfaq.html
[1] https://news.ycombinator.com/item?id=23623799
I consider my HN comments to be contributions to the HN community. I received some benefit in return for those comments, e.g. responses that improve my thinking.
I may retain copyright over those comments, but by posting them on a public forum I've given that forum licence to publish them.
“By uploading any User Content you hereby grant and will grant Y Combinator and its affiliated companies a nonexclusive, worldwide, royalty free, fully paid up, transferable, sublicensable, perpetual, irrevocable license to copy, display, upload, perform, distribute, store, modify and otherwise use your User Content for any Y Combinator-related purpose in any form, medium or technology now known or later developed.” [1]
[1] https://www.ycombinator.com/legal/
Exercising Your Rights: California residents can exercise the right to request deletion of Personal Information by contacting us at hn@ycombinator.com.
Under what threat model does it meaningfully increase the surface area? If you're worried about HN admins then I think email is the least of your concerns (I'm pretty sure they can see your IP address), and if you're worried about the general public then your email isn't being leaked to them so it shouldn't matter.
I had to email dang to change my username (quick response btw!).
I imagine if HN created an account with the username "DELETED" or similar, that a script could just change comment ownership from the account to be deleted to the special "deleted" account - that would be the easiest to implement as well as keep thread continuity.
(Don't delete the comment just delete the connection to the user.)
That's a fascinating stance that you've outlined and that others have parroted. A stance that HN has implied with the reply to OP.
But as the sibling post says... it doesn't solve anything.
(It does probably make those techniques more difficult since it would mix comments together from multiple authors under the "deleted" username, but it doesn't fully remove the danger.)
I think that is sufficient.
If I took a bunch of "minor" writing and mixed it together under one fake name name, but some of it was written by a famous author under a pen-name, then yes, in theory it could be possible to identify those.
Edit: Thank you for the clarification (reply), I was not aware of the term "dead-name" refering to that. I still am not exactly sure what you are asking though. If a replier wrote the original username in an old reply that was written before the name change? In that extremely rare case, it might cause some confusion if a third person reads the old thread, in which case perhaps the user initiating the name change could use the search function for any instances of that, and then email the HN admin?
Of course, all of that is hardly useful, since HN is very open and lots of people have copies of all comments.
It feels like we killed god and then re-invented him. And I think that if you don't want his gaze and judgement to fall on you, then your only option is not to participate in online discussion, and probably not even read it because you can probably learn a lot about someone just from passively tracking the things they follow online.
So yea, you'd probably end up with a pile of comments that are more likely linked to [account X], but many of them wouldn't actually be. It would add a ton of noise into the system.
Is that enough to define a "style" to determine the rest of my comments? Is it enough to doxx me from the comments where someone else names my nick?
That would be different if responses hardcoded mentions of the username.
That said, HN is being archived and mirrored in I-don't-know-how-many-places, and I'm not sure how feasible it is to track all those places down and get them to expunge your userid, too. And this is all assuming nobody comes up with a new de-anonymization technique that deals with it well. That is a rather big assumption considering new ones are being developed all the time.
I’m sure something like this is available to recruiters or other HR/business admin, I remember seeing browser extensions/SaaSes years ago that were trying to tie together social media identities.
If a user asks for their comment to be deleted, then the right thing to do is to delete them. Period.
Safety issues are a different matter of course
If people ask nicely, can confirm ownership/authorship of the record/data in question, then why would you be in a position to deny such a request?
The internet never forgets.
A lot of the stuff I wrote on old popular, public websites (that still exist) can no longer be found via search engine, and I did not take any action, it just disappeared on its own.
https://console.cloud.google.com/marketplace/details/y-combi... is updated daily.
Just because there happens to be a copy already, doesn't mean that the original can't be removed to prevent others from making copies in the future.
But the comments need to remained owned by the account that created them, so that we can consider the history of each commenter when reviewing their comments in the future. Merging them all into DELETED inappropriately coalesces those histories.
I feel for those who are just now realizing that they can be located by their stylistic tendencies. It’s Dejanews all over again.
DELETED_USER: I agree.
DELETED_USER: No, that's BS.
DELETED_USER: He has his point.
Better would be:
DELETED_USER_1: I agree.
DELETED_USER_2: No, that's BS.
DELETED_USER_3: He has his point.
GDPR allows individuals to request erasure verbally or in writing, and the data controller than has one month to respond.
However all organisations must be able to handle GDPR requests via any communication channel. Eg. They need to treat a data deletion request sent via twitter DM as a valid request if they have an official Twitter presence.
It is insufficient to require the customer fill out a special web form.
> The GDPR applies to: [...] > 2. a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.
Assuming account names or the content of comments constitute personal data within GDPR, I think YCombinator falls into this group.
Edit: I forgot HN collects an optional email address too, which is definitely personal data.
Details here: https://www.ycombinator.com/legal/#:~:text=Hacker%20News%20I...
Basically, HN will work with a requester to update the site to give the desired amount of anonymity whilst preserving history as much as possible with those limitations -- including editing past comments.
Full GDPR compatability would probably require to support complete removal of user name and comment/submission contents as written - but even that seems on the table in [1]. (DanG could simply summarise each comment worth multiple replies and delete all the ones without replies.)
Are they obliged to delete the comments according to laws like GDPR?
> A business that receives a verifiable consumer request from a consumer to delete the consumer’s personal information pursuant to subdivision (a) of this section shall delete the consumer’s personal information from its records
Is a comment personal information?
The courts or legislature are the ones to decide this. I believe they could side with my view.
> The CCPA definition of personal information can be best understood by analyzing separately each of the four closely intertwined building blocks embedded in it: (i) “information”; (ii) “that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked”; (iii) “directly or indirectly”; (iv) “with a particular consumer or household”.
A comment would likely not meet those tests.
A user login maybe - though that is already covered in the faqs - https://news.ycombinator.com/newsfaq.html
> Can I change my username?
> Yes. Email hn@ycombinator.com and we'll help.
Which could then dissociate you sufficiently to pass the tests ii through iv.
That might work for me (my user name is relatively unique and consistent) while throwaway123456 may have difficulty passing any of those tests.
The HN legal page ( linked at the footer of the site ) indicates that Y Combinator considers public submissions to HN (stories and comments) as a category of Personal Information.
https://old.reddit.com/r/Python/comments/6wfqsv/quick_script...
The only thing that ever helped me was setting my HN comment delay to a non-zero integer. That 1-5 minutes is usually when I want to delete something the most.
I think we are relearning some basics about the internet. HN cannot protect you from yourself. If you press the "reply" button, assume that under that button is a synchronous blocking call wherein your comment + username + timestamp go to a database owned by a 3rd party with questionable intentions.
It is a field in the settings.
Could be especially handy for journalists and law enforcers.
> This dataset contains all stories and comments from Hacker News from its launch in 2006 to present. Each story contains a story ID, the author that made the post, when it was written, and the number of points the story received.
> This public dataset is hosted in Google BigQuery and is included in BigQuery's 1TB/mo of free tier processing. This means that each user receives 1TB of free BigQuery processing every month, which can be used to run queries on this public dataset. Watch this short video to learn how to get started quickly using BigQuery to access public datasets.
If your threat model is people cancelling you for controversial statements - I don't think there's anything to worry about. If your concern is governments or stalkers coming after you - then deleting your account probably won't solve the issue because they'll be able to access archived versions. These actors don't need to "prove" you said something to anyone but themselves. In this case the solution is just not to post anything sensitive regardless of the name you publish under.
YC has multiple in-house lawyers. They're not going to risk their business over this. However, I'm unaware of any law that requires the process be completely automated.
In an email to hn@ycombinator.com, I wrote:
> ”I understand the user interface doesn't provide for comment removal, but with all due respect it's only a matter of time before that policy contributes to the imprisonment or even death of some of your users.”
> ”It's too late to be entirely safe from historical comments but we have no idea how much the threshold for what is truly dangerous to have said on the internet will change going forward. Even a small decrease in the personal risk going forward is important to me.”
HN’s response was no, because that would “gut the threads the account had participated in”. He then suggested there was upcoming an account renaming feature. Obviously, that feature would do nothing to alleviate the doxxing concerns brought up by the OP.
It was very disappointing.
YC literally put a higher value on maintaining old forum threads than reducing risk former users faced being detained, beaten or killed by religious or political organizations.
It may be more difficult to get them to remove a subset of the content on of every capture of https://web.archive.org/web/20220000000000*/https://news.yco...
That becomes even more difficult if you want to have them find (and remove) all comments from all captures on all pages for a particular user.
Noting that you don't have authoritative control over HN, archive may be a bit reluctant to have {random person} asking for all of the comments that {random account} made on all the captures to be removed.
If archive was able and willing to do that (remove content from a random account as requested by a random person), I believe that it would be abused much more than it was used.
obviously you are wrong.
Yes, there are permanent risks for past posts but that’s no reason to throw up your hands and give up on any and all attempts to mitigate them going forward.
I agree the website should have this feature but the "if you don't implement this feature you're potentially murdering future people" stuff is not a good argument.
To me, the possibility of my users facing serious physical harm would be a very compelling concern. If I worked on something of YC’s scale I’d take those kinds of ethical considerations very, very seriously.
The algorithms used are also not transparent.
Whether that's good or bad is a moot point to discuss while people are to stupid to even get the basics.
Let's talk about whether the cia could scape archive.org and use stylometry on single comments on a system we don't even get the basics on.
I participate at Flyertalk, and a good friend of mine had a major falling-out with them a few years ago.
As a leaving gift, he wrote a script to edit every single comment he'd ever made over the [many] years he'd been contributing, to remove his many many thousands of comments.
As a result, there are thousands of removed comments, and of course, many thousands of threads which are, well, gutted.
In our new GDPR-aware world, isn't that his right?
By preventing users from closing accounts, HN is deliberately blurring the lines of who is still active on the platform and who isn't.
Lastly, if it really turns out there is a reliable method to associate HN accounts with a real-world identity, HN will get in trouble with the GDPR.
Really guys, leave the comments up if you have to, but give people a way to remove their account from it.
rss feeds and easy site scraping has long leaked all your stylometry data which long ago was leached up.
What is the point of deleting your HN account, if multiple third party copies all ready exist?
I think there are many other archives such as one posted above hosted by Google's bigquery.
a better strategy would be to divert your writing to something new and different, defeating simple stylometry analysis.
HackerNews leadership have chosen to not allow anyone to delete content after a period.
Regardless, it would be pointless given how easy it is to scrape this website (on purpose).