Tell HN: Hacker News will not delete my account – is that legal?

The laws around deletion of data in CA and the EU seem to me to support the notion of maintaining the content but anonymizing the author. So it would seem to me that what they propose would be in compliance. IANAL

I personally think it is shady as hell to refuse to delete someone's posts (conceptually). However, given the hierarchical nature of comments and the point system, I can see why this might be a technical burden.

Your position is understandable, and it is an important reminder when participating in this forum; your comments (and their contents) will be burned into the history of the site after the two hour edit window, followed by being ingested into various datasets and archives globally. What you make public is forever. In the US, I am unaware of any legal recourse you might have ("right to be forgotten"), and would suggest accepting the offer to rename/mothball the account. You might ask to have specific comments of yours with excessive personal information redacted or trimmed of certain information (versus deletion of all comments).

If people try to doxx you, report them to the police without hesitation for harassment (and enhancements, if your local jurisdiction specifically outlaws doxxing). I cannot stress this enough.

The problem is, it's not your account. Whenever you voluntarily give over something to someone else it stops being yours and you stop having the ability to control it, unless there was a specific agreement in place that allowed you to retain control and ownership. There are some sites that allow you to delete your account but I quite honestly don't believe it. They may say that it's deleted and maybe it's deleted and unrecoverable to you but I fully suspect that they still have it maybe he still have access to it it's definitely still available in their backups.

I don't even believe that as a matter of law this could be corrected. Because we have many laws on our books protecting our personal information that we have given over to companies in order to do business with them. Banking institutions collect personal information and there are stringent laws restricting what they can do with it, unless you agree that they can do more with it. Same thing with health care institutions very strong laws preventing the sharing of personal information from health care institutions, unless you agree that they are allowed to share it.

For both banks and health care institutions the problem is you must sign all kinds of agreements before they allow you to do business with them. So those protections enshrined into law mean absolutely nothing because the law does not say that these institutions must do business with you even if you don't agree to their privacy and sharing policies. Which I find rather strange just for two very core institutions to our society. The law protects us but when every bank and every health care place requires you to sign away those protections before they allow you to participate then what good were the protections to begin with?

So if we can't get this right for banking and healthcare what makes you think some little place on the interwebs where you can post quippy comments would be any better?

I would argue that renaming the whole account to another account is not, in fact, anonymising it.

If dang wants to keep the content but properly anonymise it, then every single post would have to be unlinked from a single account. Every post should be attached to an unrelated random account.

/. used to handle this by having “Anonymous Coward”. Reddit has this with <deleted>. Because this is not a concept on HN (or at least, not an oft used one) I feel the “random unique accounts that post a single comment” is better than marking your posts as coming from “AC” as that would still allow sift through the search results.

This being said… if people wanted to keep your comment history… wouldn’t they already have fetched it by now? Especially if you’re publicly indicating you’re trying to get your account deleted?

It seems that the CCPA requires companies to delete your data upon request. You could file a complaint to the California attorney general. They may investigate and fine the offending entity.

If you want to take matters into your own hands you can view your comments and selectively delete the ones you want down. Keep in mind that copies of hacker news content will have been scraped and archived elsewhere.

IANAL, but on which forum-type web sites does "delete my account" mean "delete all the comments and submissions I've made"? Even at tiny scale, the latter can be pretty damaging to old discussions.

Are there some limited number of old comments, where selective 's/too much information/XXXX DELETED XXXX/' would accomplish your purpose?

Hey, I follow you on Insta, it's a surprise to see you here.

I guess HN "rules" are not written in stone and it wouldn't hurt if they make an exception for your case. You've been polite and have a very valid reason behing such petition.

Hopefully @dang/HN would yield on this one.

It is mentioned in the site FAQ that they don't delete accounts.

I feel that redacting the account name of someone who regrets some of their posts for privacy reasons, so at least individual comments cannot be linked together into a profile, would be kind.

But yes, this is a very public forum.

Ycombinator is a California business, and may be subject to CCPA/CRPA laws or those like them, possibly conditional on whether the account-holder is a California resident or not. Similarly, if the account-holder is an EU resident, I would imagine they have certain rights that they could seek to have exercised. Notably, you may or may not have the right to demand wholesale deletion of user-generated content, which is necessarily distinct from YC-managed PII, which for example might include your account's private email address. In all of the above cases, YC is likely within their rights to require you provide your legal identity, legal address of residence, and/or proof of citizenship of the protected region applicable.

However, if you can highlight specific IRL information that is considered Protected under those laws even though you voluntarily submitted it as UGC, such as your legal name, then you should request having that specific Protected information redacted within a given comment, but you'll need to be specific about which characters in which comments need to be redacted – a regular expression / expectation of work shifted to YC is an incomplete request in that regard. Were you to make a complete and specific request of specific redactions to be made to specific comments — I recommend using a double-quoted tab-delimited file with three columns: comment ID, unmodified comment, all redactions fully applied comment, and plaintext human description of redaction(s) performed — then I expect your redaction request would be evaluated by the site administrators without requiring any invocation of legal counsel or threats. Note that this is not a suggestion that you "replace entire comment with ~~~", this is a suggestion that you "replace the specific characters of PII in your comment with ~~~, leaving the rest of your comment intact". Note that I reviewed your past ~40 days of public comments and I see zero instances of possibly-protected PII.

If at any point an attempt to exercise legally-permitted rights is refused, then your only recourse is to hire a lawyer or seek one be hired on your behalf by an organization such as the EFF. You should probably be seeking legal counsel rather than posting for free legal advice on an internet forum, and I expect the first thing a lawyer is going to think (whether they say it or not) when presented with your posts and comments is to wonder why on earth you did not seek legal counsel sooner.

I empathize with your concern, but having lived through Dejanews doing this twenty-five years ago to all of Usenet (look up "X-No-Archive: Yes" for how the community reacted) and then having to get my old posts purged from Google's dataset purchased from Dejanews, Your realization about what you should and should not share publicly is one that Usenet as a whole pieced together decades ago, but was forgotten in the current generation's rush to participate in social media. Welcome to the "all my words for all time are searchable and no one will purge them from their full-text search indexes" crisis of thirty years ago, metastasized into individual sites rather than one big Usenet conglomerate feed.

(I am not your lawyer, this is not legal advice. I am not associated with YC or HN.)