Renames, OpenID and deletion of external content
Thursday, July 29th, 2010 03:09 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
charmianRecently, LJ had been restricting openID usage of LJ accounts which had been renamed. The problems seem to have been resolved to some extent, but I'm not sure what they'll end up doing in the long run. Basically, the problem has to do with renames. If you delete your account, and I rename my account to take up your old username, I can use openID to login to sites where you have previously left data under the open ID identity oldusername.livejournal.com, view it, delete it, etc, and represent myself as oldusername.livejournal.com. Now, probably you can say that since you abandoned oldusername.livejournal.com, you implicitly consented to my assuming the identity; however, I'm worried about the privacy implications this has. Many users do not understand openID or how it works very well at all. If you understand how it works, it becomes immediately obvious the renamed LJ account would be technically indistinguishable from the prior LJ account, but many people don't understand openID and also, could have used it, but not remembered that they had.
However, in this situation, since the user voluntarily created an openID account, you could say that the onus of responsibility is on them to remember that they created one, and to go back and delete the data left by the openID accounts before they delete their LJ account and lose access to the openID login. IANAL, but I believe that legally the data still belongs to them, but if it can no longer be proved that it does, I am not sure what even a DMCA could do. How can a user who has deleted their account prove that they are the owner? Or, in reverse, how can someone who is NOT the original user be prevented from fraudulently asserting that they ARE the original user and getting content deleted?
Similar issues were the source of some conflict when DW introduced its importation feature. Comments left by LJ users in the journals of people importing their LJ journals to DW are imported as attributed to the openID forms of the LJ accounts. Many people were upset about this, but eventually it died down, and it was said that if the people who were upset were really THAT upset, they could log in with openID and delete the comments and comm posts (in the case of community import). However, this presents a problem if the user in question has deleted their journal. A user is not informed if an openID identity has been automatically created by them, or that comments by them have been imported. Therefore, a user may want to delete comments that they've made on LJ, and not know that they are mirrored on DW. Then, if the user then deletes their journal, they will never be able to delete those comments. In this situation, you can't argue that it's the user's responsibility to remember when and where they've left data using openID, because they had no idea that content attributed to their openID identity existed on external sites in the first place. I don't know what this means legally, but it goes against the way LJ works socially. On LJ you're assumed to know where your content is and be able to delete it.
Anyway, this problem becomes more serious with this potential change. If I read it correctly, in the future it may be possible for users who are deleting their accounts to also purge all external content: that is, comments and posts on communities. If this option exists, it may become normalized in LJ deletion behavior, and socially, people will expect that they have the ability to completely purge all of their external content. I don't think it's unreasonable for me to suppose that if these people see that their external content still exists on DW, that they might be rather put out.
Further thoughts:
1. When people delete their accounts, LJ (or DW) should include a message alerting users to the possibility that another person could rename their account to that account name, and if they had used that username for any openID authentication, that those openID authentications would also be controllable by the new user. This is very technically feasible, as it is simply a warning.
2. In an ideal world, whenever an openID identity is created for a user on DW, without the user's knowledge, the LJ (or whatever service it is) user would be alerted. Unfortunately, I have no idea how this could be put into practice.
3. DW should (ideally) also introduce mass deletion of external content, for both regular account holders and openID users, especially if this feature comes into being on LJ. I'm not sure how feasible this is, though.
However, in this situation, since the user voluntarily created an openID account, you could say that the onus of responsibility is on them to remember that they created one, and to go back and delete the data left by the openID accounts before they delete their LJ account and lose access to the openID login. IANAL, but I believe that legally the data still belongs to them, but if it can no longer be proved that it does, I am not sure what even a DMCA could do. How can a user who has deleted their account prove that they are the owner? Or, in reverse, how can someone who is NOT the original user be prevented from fraudulently asserting that they ARE the original user and getting content deleted?
Similar issues were the source of some conflict when DW introduced its importation feature. Comments left by LJ users in the journals of people importing their LJ journals to DW are imported as attributed to the openID forms of the LJ accounts. Many people were upset about this, but eventually it died down, and it was said that if the people who were upset were really THAT upset, they could log in with openID and delete the comments and comm posts (in the case of community import). However, this presents a problem if the user in question has deleted their journal. A user is not informed if an openID identity has been automatically created by them, or that comments by them have been imported. Therefore, a user may want to delete comments that they've made on LJ, and not know that they are mirrored on DW. Then, if the user then deletes their journal, they will never be able to delete those comments. In this situation, you can't argue that it's the user's responsibility to remember when and where they've left data using openID, because they had no idea that content attributed to their openID identity existed on external sites in the first place. I don't know what this means legally, but it goes against the way LJ works socially. On LJ you're assumed to know where your content is and be able to delete it.
Anyway, this problem becomes more serious with this potential change. If I read it correctly, in the future it may be possible for users who are deleting their accounts to also purge all external content: that is, comments and posts on communities. If this option exists, it may become normalized in LJ deletion behavior, and socially, people will expect that they have the ability to completely purge all of their external content. I don't think it's unreasonable for me to suppose that if these people see that their external content still exists on DW, that they might be rather put out.
Further thoughts:
1. When people delete their accounts, LJ (or DW) should include a message alerting users to the possibility that another person could rename their account to that account name, and if they had used that username for any openID authentication, that those openID authentications would also be controllable by the new user. This is very technically feasible, as it is simply a warning.
2. In an ideal world, whenever an openID identity is created for a user on DW, without the user's knowledge, the LJ (or whatever service it is) user would be alerted. Unfortunately, I have no idea how this could be put into practice.
3. DW should (ideally) also introduce mass deletion of external content, for both regular account holders and openID users, especially if this feature comes into being on LJ. I'm not sure how feasible this is, though.
no subject
Date: 2010-07-30 04:48 am (UTC)Which would be completely impractical--manually delete thousands of comments across the internet? Including in places I might not even have access to (e.g. DW imports of people I haven't been LJ friends with in years).
All I can say is YIKES.
As much as I'd like to delete LJ accounts someday, I guess this effectively means I never will.
no subject
Date: 2010-07-30 04:53 am (UTC)no subject
Date: 2010-07-30 01:28 pm (UTC)Until DW started up, I regularly backed everything on my LJ, including comments received, onto a Wordpress.com account, where all the comments to my journal were displayed.
LJ is unusual in that it assigns perpetual ownership of your comments to you, most other platforms assign them to the blog you're commenting on, which has always my attitude.
By commenting here, I'm giving Charmian control over some of my words. I'm not assigning copyright to her, but I am giving her control.
If I export or backup my journal off site, I want to keep all its content, including the conversations. I've been able to do that with LJ Archive and Wordpress.com for years. DW makes it easier, and suddenly it's a problem? I think not.
There is a problem with people assuming identities previously in use, but to me it's not the problem of the former owner of the username, it's the problem of those that former owner trusted.
There's very little posted locked on my journal, but that which is isn't something I want random unknown person to see; that's the concern I have, I can't see how having my comments assigned to someoen else, or even someone new picking up comments made by someone else is a massive problem.
I can see how someone else getting access to locked stuff is a problem.
no subject
Date: 2010-07-30 05:46 pm (UTC)On LJ, people have the expectation that they 'own' their comment, and have a right to delete it when they feel like it. Basically this mentality was formed by the technology. Now that the technology has changed, this has upset the applecart, because before it was not known that LJ comments could be exported (well, to the ordinary LJ user), as it wasn't common for people to backup their blogs to WP. People didn't realize it was possible, so they didn't include exporting in the set of things they 'trusted' the LJ users to do. So for many LJ users, they had no idea what LJ archive was, and no idea you could export to WP, so they didn't make the comments with the assumption you could.
....And damn, that's ANOTHER big one. Automated access-listing of openID accounts. That is actually huge. Holy tadpoles. Thanks for pointing that out to me. I totally overlooked that. It's heck, even worth another post.
no subject
Date: 2010-07-31 12:07 am (UTC)2) Your argument sounds awfully close to "if you want control over your data, don't use the internet," which removes all ethical responsibility from companies and site hosts. I'm not particularly interested in that debate.
(Incidentally, I did not and do not object to comment importing.)
If no sites made it possible for the commenter (not site administrator) to delete or edit comments left by OpenID after a certain period of time, I don't think I'd have any extra concern here.
no subject
Date: 2010-07-30 05:48 am (UTC)But yeah, I had considered the implications of comment importing, but never considering the situation of account deletion/purgation.
no subject
Date: 2010-07-31 12:05 am (UTC)used openID to say, comment under their LJ identity via Intensedebate or
Disqus, and actually commenting themselves vs. the DW import. So that's
what I meant by 'onus of responsibility,' because those are usually in
public, discoverable places, and they would have actually personally
commented there (also, w/ Disqus you might be able to get a record of the
comments you've left. I'm not sure if it works for openID, but it works
for Disqus login)
Sure, but it can still be a hugely impractical burden if the site does not offer a way to mass-delete comments. I don't really have a problem with granting "ownership" of my comments to a site or blog, but I do have a problem with the possibility of someone else--NOT the site owner--coming along and deleting (or worse, editing) my comments.
I'm also not super-fussed about the prospect of confusion--non-authenticated comments are still so common that on many sites, someone could comment as "holyschist", no problem.
no subject
Date: 2010-07-31 12:19 am (UTC)That is a potential security and privacy risk. :/ It becomes much like the situation of recycled hotmail addresses which were then used by hackers to erase people's LJs (because the owner had never deauthorized the dead hotmail address, which could be used to get the password mailed to them).
Thinking of solutions:
Could ban renaming (LJ would have to do this)
Could allow users to delete journals while disallowing renames
Could turn off openID for all renamed journals (LJ currently doing this for renamed journals made post 7/15/10)
no subject
Date: 2010-07-31 12:23 am (UTC)That is a potential security and privacy risk. :/ It becomes much like the situation of recycled hotmail addresses which were then used by hackers to erase people's LJs (because the owner had never deauthorized the dead hotmail address, which could be used to get the password mailed to them).
This.
no subject
Date: 2010-07-31 12:33 am (UTC)Yeah... In that situation, I think users intuitively understand why they ought to keep an email address alive, because they have passwords mailed to it. But the situation w/ openID and DW (with regards to the imported comments) is kind of like if I didn't know that my data was hosted on a site where I could have used my email address to control it, and then I deleted my email address and a hacker took it over.
Thankfully, at least with respect to LJ, the security risk will be minimized in the future. Not sure about IJ, though. I do wonder if DW intends to do anything about renaming and openID.
no subject
Date: 2010-07-31 12:38 am (UTC)In that situation, I think users intuitively understand why they ought to keep an email address alive, because they have passwords mailed to it.
Even so--if I'd started an LJ using my undergrad college email address, which was closed when I graduated--the college could have theoretically reassigned that to another student. Less likely, but still...there are possibilities.
no subject
Date: 2010-07-31 12:43 am (UTC)Yes, it occurs, however, you can go into LJ and delete your college email address from the list of official emails. You can't really do that in openID, IIRC.
no subject
Date: 2010-07-31 12:58 am (UTC)I would have thought so. I dunno--I like the theory of openID, but so far I've been pretty unthrilled by the execution.
Yes, it occurs, however, you can go into LJ and delete your college email address from the list of official emails. You can't really do that in openID, IIRC.
True.
no subject
Date: 2010-07-31 12:59 am (UTC)no subject
Date: 2010-07-31 02:01 am (UTC)The many weaknesses of OPENID
Date: 2010-07-31 09:47 am (UTC)I've written a longer response to this post. To save your comments box and summarise:
Re: The many weaknesses of OPENID
Date: 2010-08-02 02:51 am (UTC)Oh, I also found out that OpenID 2.0 does, however, go some way towards resolving the rename problem, but unfortunately, LJ does not use openID 2.0.