Show HN: Tech Companies That Won't Delete Your Information

Occasionally I go through my password manager to do a cleanup of accounts I no longer use. For the simple reason that if any one of those services get hacked, I don't want to lose credit card- or personal information, and have that end up in the hands of somebody who shouldn't have it.

In trying to delete a few accounts, some services outright refused to delete my info, without giving any reason. Therefore, I've decided in to create a naughty list of tech companies who don't respect your right to your own information.

There are already 261 sites in the list, but let me know if there are any other services you think I should add.

Uber needs to be on the list.

They have had employees tracking their Ex's whereabouts. They have publicly boasted of being able to identify "rides of shame" after your One-night stand. They collected location information beyond what was necessary to pick you up.

Plus, you know, being union-busting, misogynistic, democracy-undermining, corner-cutting and pedestrian-killing frat boys. But the reasons above seemed to be better tailored to the intent of your list.

This site - hackernews - will not delete your account - full stop.

I sent in a request asking what steps were necessary to have one's account deleted. I was told this was not possible. This is unreasonable.

And yes, I created this account specifically to post this comment.

I didn't see LinkedIn in this list?

A while ago I deleted my account, then recreated my account after a year, and requested a full backup history, this backup had my old contacts from the original Linkedin android app gathered from my old phone without my permission.

One company I would like to nominate as naughty is Newegg. I hadn't ordered from them in years, and asked to delete or disable my account. They can keep their old invoices in the system if they want for legal reasons but I didn't want to log on anymore -- other sellers have processed that request for me.

They repeatedly said "No, we will not disable your account."

And they keep the last address you ordered from in an uneditable field visible on the website, so you can't scramble it with fake address data. I haven't seen any other retailer do that.

Something's up with the site, at least for me. The table content doesn't load - I see the different options (email, etc.) but no entries. Firefox console tells me:

----

Loading failed for the <script> with source “https://secured.fyi/analytics/piwik.js”: naughtylist.html:1

The resource at “https://cdn-images.mailchimp.com/embedcode/horizontal-slim-1... was blocked because tracking protection is enabled: naughtylist.html

Source map error: request failed with status 404 Resource URL: https://secured.fyi/assets/style.css Source Map URL: bulma.css.map

----

What's wrong with a good ol'fashioned HTML table?

  code	403
  message	Requests from referer https://sheets.googleapis.com/v4/spreadsheets/1A3xz8NFWjebuMbGWvy2yUBKcnAmuZSs5JmKq9-JDss8/values/Email?key=AIzaSyCxiboNdLE5nSch2pdwI3blsfvfyss3Y0M are blocked.
  status	PERMISSION_DENIED

I don't understand why were some of the tech added to the list. The title says "Tech Companies That Won't Delete Your Information Services with the highest scores have the worst policies"

Tox is listed among them. But ToX does not need any information from you. You can create a random id without any of your personal information whatsoever, and share this id with your friends, who will also have a random id.

Tox is not a company.

A clarification is much needed.

In the communication lists it says that security wise is "Bad". Why?

In fact, it would be beneficial for all of us if these lists had some information on why were some of the stuff added to the list. Precisely why is Tox added to the list.

Similar to this discussion we can see that Retroshare is too listed. Again, why?

Please share some URL with reading material why are some of the companies and tech listed at all.

Please add reasons for each site why they have points they have and links that support those claims.

For example, you said that Facebook deletes data partially. What does it mean?

Elsevier (Mendeley)

TLDR: Claimed to have deleted everything on 2017-06-08, but they lied.

0. 2017-06-06: Mendeley <[email protected]> email me "Paul, important changes to your Mendeley account ..." I log on and 'delete' my account.

1. 2017-06-07: Mendeley <[email protected]> me "We have deleted your Mendeley profile and data, to delete your full Elsevier account, please email [email protected]"

2. 2017-06-07: I reply to Elsevier <[email protected]> "Please do that for me now - if you've created one for me delete my full Elsevier account from all databases and backups that you have on me, including cold storage."

3. 2017-06-07: Elsevier <[email protected]> email me a ticket number

4. 2017-06-08: ELS-Mendeley Support<[email protected]> email me "This email is to acknowledge the request and to confirm that we have already removed your email address from our database. We have cleared out all data associated with your account across all Mendeley servers. You shouldn’t be receiving any more emails from Mendeley moving forward. Apologies for any inconvenience this may have caused you."

5. 2017-06-11: Elsevier Customer Feedback <[email protected]> "According to our records you recently contacted <NAME REDACTED> in Elsevier Customer Support. The ID of the support query was 170607-010708. We want to improve the service we provide you. In order to evaluate our current service, we are conducting a brief (3-4 minute) survey. This asks a few questions about your most recent experience of contacting us. Your feedback would be very valuable. ..." I don't click on the link

6. 2017-06-15: Mendeley <[email protected]> email me "Paul, important changes to your Mendeley account" ...

7. 2017-11-11: Mendeley <[email protected]> email me "Paul, identify relevant funding opportunities Hi Paul, Have you logged into Mendeley lately? ..."

Edit: correct dates

Why isn't HN/YC on this list?

I can’t delete my Hacker News data, comments or profile.

Most companies will not "delete" your account. They will deactivate your account. It is hard to delete things in SQL databases that use FKs, and in many cases it is illegal or inadvisable to delete all customer data (e.g. if you need to keep invoices for accounting reasons, or if you are eligible for chargebacks). Small startups are often busy trying to keep everything working and go after their key metrics and don't have time to build a system robust enough to handle deletions.

GoDaddy will let you close your account, but you have to call customer service to do so. (After many years of having multiple domains with them, recently I decided to migrate all the domains I had with them over to other providers.)

One thing that is troubling is that if you have an expired domain with domain lock turned on, they will not delete your account until a year has passed from the non-renewal of the domain. The domain-lock feature cannot be turned off if that domain has been inactive for less than a year unless the domain is renewed. They told me they could not turn it off either so that the account could be closed, but I'm a bit skeptical on that, since it makes no sense that they cannot change the account settings with an authenticated customer making the request. Don't they control their own code? It strikes me as an excuse for them to leave the account open in case you change your mind.

In their favor, I was able to delete payment information immediately. Also, they have very friendly customer service representatives (though friendliness doesn't make up for powerlessness.)

Btw, this is an interesting and good service you are setting up. Thanks for your work!

The very first thing that shows is the companies that are the least naughty.

This is a naughty list is it not? Suggest to please sort by naughtiest first.

The list does not appear without allowing 3rd party javascript (and presumably tracking) by Google :/

I wonder about the ranking for the 'Communication' category. Somehow there are protocols, clients and services mixed up. To give an example of each:

- Service: Jabber.org

- Protocol: OMEMO

- Software: Gajim

Next, the score seems to be a similar mix up, not so much focused on security but more as a general recommendation as a trade off between number of features and overall security. To me that feels like a bad advise. That way, a very respectable and stable app like Conversations is listed below the protocol it uses (OMEMO) and even below Tox which is officially listed as experimental, just because conversations doesn't support audio or video telephony.

Other privacy related aspects, like the need to register a phone number to use the service, automatic contact list uploads or custom servers, are completely ignored.

Kayako. No direct account deletion, they need to poke engineer to do it after many requests. They require your personal information and CC to use free plan. No direct downgrade button to free plan if on trial.

Thanks, I appreciate the thought and effort.

There is too much special sauce on the page for me to see the actual list (perhaps one of your critical resources is already on my blacklist or too third partyish).

Thought you may be able to make use of http://backgroundchecks.org/justdeleteme/ to help with your checking. (no affiliation)

Plus it is great when a study like that is reproduced and vetted for drift.

Thanks again for you work.

This page doesn't make sense: you say Tech Companies That Won't Delete Your Information at the top, and then immediately list, e.g. "Outlook Mail: Delete Account? Yes".

This makes them sound like they do delete your account information. If there is something specific that they don't delete, it might be best to highlight that.

Also I am unsure what "Track" means.

And how can you Delete Account be unknown? Did you try? If not, how can you claim they are naughty?