Renames, OpenID and deletion of external content
Thursday, July 29th, 2010 03:09 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
charmianRecently, LJ had been restricting openID usage of LJ accounts which had been renamed. The problems seem to have been resolved to some extent, but I'm not sure what they'll end up doing in the long run. Basically, the problem has to do with renames. If you delete your account, and I rename my account to take up your old username, I can use openID to login to sites where you have previously left data under the open ID identity oldusername.livejournal.com, view it, delete it, etc, and represent myself as oldusername.livejournal.com. Now, probably you can say that since you abandoned oldusername.livejournal.com, you implicitly consented to my assuming the identity; however, I'm worried about the privacy implications this has. Many users do not understand openID or how it works very well at all. If you understand how it works, it becomes immediately obvious the renamed LJ account would be technically indistinguishable from the prior LJ account, but many people don't understand openID and also, could have used it, but not remembered that they had.
However, in this situation, since the user voluntarily created an openID account, you could say that the onus of responsibility is on them to remember that they created one, and to go back and delete the data left by the openID accounts before they delete their LJ account and lose access to the openID login. IANAL, but I believe that legally the data still belongs to them, but if it can no longer be proved that it does, I am not sure what even a DMCA could do. How can a user who has deleted their account prove that they are the owner? Or, in reverse, how can someone who is NOT the original user be prevented from fraudulently asserting that they ARE the original user and getting content deleted?
Similar issues were the source of some conflict when DW introduced its importation feature. Comments left by LJ users in the journals of people importing their LJ journals to DW are imported as attributed to the openID forms of the LJ accounts. Many people were upset about this, but eventually it died down, and it was said that if the people who were upset were really THAT upset, they could log in with openID and delete the comments and comm posts (in the case of community import). However, this presents a problem if the user in question has deleted their journal. A user is not informed if an openID identity has been automatically created by them, or that comments by them have been imported. Therefore, a user may want to delete comments that they've made on LJ, and not know that they are mirrored on DW. Then, if the user then deletes their journal, they will never be able to delete those comments. In this situation, you can't argue that it's the user's responsibility to remember when and where they've left data using openID, because they had no idea that content attributed to their openID identity existed on external sites in the first place. I don't know what this means legally, but it goes against the way LJ works socially. On LJ you're assumed to know where your content is and be able to delete it.
Anyway, this problem becomes more serious with this potential change. If I read it correctly, in the future it may be possible for users who are deleting their accounts to also purge all external content: that is, comments and posts on communities. If this option exists, it may become normalized in LJ deletion behavior, and socially, people will expect that they have the ability to completely purge all of their external content. I don't think it's unreasonable for me to suppose that if these people see that their external content still exists on DW, that they might be rather put out.
Further thoughts:
1. When people delete their accounts, LJ (or DW) should include a message alerting users to the possibility that another person could rename their account to that account name, and if they had used that username for any openID authentication, that those openID authentications would also be controllable by the new user. This is very technically feasible, as it is simply a warning.
2. In an ideal world, whenever an openID identity is created for a user on DW, without the user's knowledge, the LJ (or whatever service it is) user would be alerted. Unfortunately, I have no idea how this could be put into practice.
3. DW should (ideally) also introduce mass deletion of external content, for both regular account holders and openID users, especially if this feature comes into being on LJ. I'm not sure how feasible this is, though.
However, in this situation, since the user voluntarily created an openID account, you could say that the onus of responsibility is on them to remember that they created one, and to go back and delete the data left by the openID accounts before they delete their LJ account and lose access to the openID login. IANAL, but I believe that legally the data still belongs to them, but if it can no longer be proved that it does, I am not sure what even a DMCA could do. How can a user who has deleted their account prove that they are the owner? Or, in reverse, how can someone who is NOT the original user be prevented from fraudulently asserting that they ARE the original user and getting content deleted?
Similar issues were the source of some conflict when DW introduced its importation feature. Comments left by LJ users in the journals of people importing their LJ journals to DW are imported as attributed to the openID forms of the LJ accounts. Many people were upset about this, but eventually it died down, and it was said that if the people who were upset were really THAT upset, they could log in with openID and delete the comments and comm posts (in the case of community import). However, this presents a problem if the user in question has deleted their journal. A user is not informed if an openID identity has been automatically created by them, or that comments by them have been imported. Therefore, a user may want to delete comments that they've made on LJ, and not know that they are mirrored on DW. Then, if the user then deletes their journal, they will never be able to delete those comments. In this situation, you can't argue that it's the user's responsibility to remember when and where they've left data using openID, because they had no idea that content attributed to their openID identity existed on external sites in the first place. I don't know what this means legally, but it goes against the way LJ works socially. On LJ you're assumed to know where your content is and be able to delete it.
Anyway, this problem becomes more serious with this potential change. If I read it correctly, in the future it may be possible for users who are deleting their accounts to also purge all external content: that is, comments and posts on communities. If this option exists, it may become normalized in LJ deletion behavior, and socially, people will expect that they have the ability to completely purge all of their external content. I don't think it's unreasonable for me to suppose that if these people see that their external content still exists on DW, that they might be rather put out.
Further thoughts:
1. When people delete their accounts, LJ (or DW) should include a message alerting users to the possibility that another person could rename their account to that account name, and if they had used that username for any openID authentication, that those openID authentications would also be controllable by the new user. This is very technically feasible, as it is simply a warning.
2. In an ideal world, whenever an openID identity is created for a user on DW, without the user's knowledge, the LJ (or whatever service it is) user would be alerted. Unfortunately, I have no idea how this could be put into practice.
3. DW should (ideally) also introduce mass deletion of external content, for both regular account holders and openID users, especially if this feature comes into being on LJ. I'm not sure how feasible this is, though.
