Follow

Mastodon, privacy flaws, account deletion 1/4 

From a masto admin perspective, I recently noticed that accounts don't ever get fully deleted.
I repeat:

Accounts never get fully deleted from a Masto instance

TL;DR: Choose your mastodon instance wisely.
Never use your legal name as your nickname and associated email addresses.
VPN is advised too.

Mastodon, privacy flaws, account deletion 2/4 

There are two cases of account "removal":

1. If the user manually deletes their account. The nickname will still show up in the admin panel but the associated IP addresses and emails will be removed. This cannot be reverted, but I assume the nickname cannot be recycled for any new account.

2. The other case is when an account is suspended from an instance. The IP and email addresses are still associated with it. And it's impossible for the former owner of the account to sign in to remove the said account unless an admin lifts the suspension.

Mastodon, privacy flaws, account deletion 3/4 

So basically, your username will stay forever on the instance's userlist.
If you get suspended, no matter if the suspension is justified or not, your email and IP addresses will be saved forever on the userinfo in the admin panel.

The admins won't even be able to delete a suspended account except if they reset the account password, unsuspend it, login with it and then proceed to a removal.
(Note that we don't do this)

Mastodon, privacy flaws, account deletion 4/4 

Imagine a worst case scenario where cops seize a large instance, suspend everyone and then collect all the user's info without them being able to make an emergency account deletion.

Sounds bad, heh?

Mastodon, privacy flaws, account deletion 4/4 

@iantila yep... You can manually remove the user from the database, but it's a huge faff and not everyone has direct access to their dB or knows how to do it. From what I remember, mastodon keeps the entry in order to not mess up federation by creating another user with the same name/id. But I would hope there'd be a way around that...

Mastodon, privacy flaws, account deletion 4/4 

@dumpsterqueer @iantila keeping a hash of the account name would be plenty to avoid someone reusing the name. And regarding federation, serving 404's should be handled perfectly well by any decent federating server.

re: Mastodon, privacy flaws, account deletion 4/4 

@iantila i do not understand that worst case scenario
what would cops gain by suspending everyone? if they have seized the instance, they already have the data

ip addresses of accounts who have not logged in within a year (suspended or otherwise) are automatically deleted

before that, they are kept in order to detect people registering multiple accounts with the same address, etc.

currently, i believe emails to be kept forever, indeed

usernames are indeed kept to avoid someone “stealing” a username

re: Mastodon, privacy flaws, account deletion 2/4 

@iantila If an email is changed does the old email still show up or is it replaced with the new one?

re: Mastodon, privacy flaws, account deletion 2/4 

@photonicfae
It will be replaced by the new one in the panel.

But keep in mind that if your sign-up had to be manually confirmed, the mod team received an email notification containing the email address you signed up with.

re: Mastodon, privacy flaws, account deletion 2/4 

@iantila

Thank you for your answer :)

I use aliases anyway, so I can just delete the email address forever and still have the main hidden address.

I was just curious as to what happened if I or others changed them.

Mastodon, privacy flaws, account deletion 1/4 

@iantila from a masto admin perspective, as storage has a cost, how can I claim back the storage space occupied by deleted account wiping them for good?

Mastodon, privacy flaws, account deletion 1/4 

@gubi
When accounts are suspended/deleted, all the data the account created is cleaned (toots, medias etc.).

The persisting remnants of the accounts that I mentioned earlier are probably no larger than a couple of kilobytes.

Sign in to participate in the conversation
Rage.love

Generalist Hometown instance with a strong focus on community standards. No TERF, no SWERF, no Nazi, no Centrist.

<svg xmlns="http://www.w3.org/2000/svg" id="hometownlogo" x="0px" y="0px" viewBox="25 40 50 20" width="100%" height="100%"><g><path d="M55.9,53.9H35.3c-0.7,0-1.3,0.6-1.3,1.3s0.6,1.3,1.3,1.3h20.6c0.7,0,1.3-0.6,1.3-1.3S56.6,53.9,55.9,53.9z"/><path d="M55.9,58.2H35.3c-0.7,0-1.3,0.6-1.3,1.3s0.6,1.3,1.3,1.3h20.6c0.7,0,1.3-0.6,1.3-1.3S56.6,58.2,55.9,58.2z"/><path d="M55.9,62.6H35.3c-0.7,0-1.3,0.6-1.3,1.3s0.6,1.3,1.3,1.3h20.6c0.7,0,1.3-0.6,1.3-1.3S56.6,62.6,55.9,62.6z"/><path d="M64.8,53.9c-0.7,0-1.3,0.6-1.3,1.3v8.8c0,0.7,0.6,1.3,1.3,1.3s1.3-0.6,1.3-1.3v-8.8C66,54.4,65.4,53.9,64.8,53.9z"/><path d="M60.4,53.9c-0.7,0-1.3,0.6-1.3,1.3v8.8c0,0.7,0.6,1.3,1.3,1.3s1.3-0.6,1.3-1.3v-8.8C61.6,54.4,61.1,53.9,60.4,53.9z"/><path d="M63.7,48.3c1.3-0.7,2-2.5,2-5.6c0-3.6-0.9-7.8-3.3-7.8s-3.3,4.2-3.3,7.8c0,3.1,0.7,4.9,2,5.6v2.4c0,0.7,0.6,1.3,1.3,1.3 s1.3-0.6,1.3-1.3V48.3z M62.4,37.8c0.4,0.8,0.8,2.5,0.8,4.9c0,2.5-0.5,3.4-0.8,3.4s-0.8-0.9-0.8-3.4C61.7,40.3,62.1,38.6,62.4,37.8 z"/><path d="M57,42.7c0-0.1-0.1-0.1-0.1-0.2l-3.2-4.1c-0.2-0.3-0.6-0.5-1-0.5h-1.6v-1.9c0-0.7-0.6-1.3-1.3-1.3s-1.3,0.6-1.3,1.3V38 h-3.9h-1.1h-5.2c-0.4,0-0.7,0.2-1,0.5l-3.2,4.1c0,0.1-0.1,0.1-0.1,0.2c0,0-0.1,0.1-0.1,0.1C34,43,34,43.2,34,43.3v7.4 c0,0.7,0.6,1.3,1.3,1.3h5.2h7.4h8c0.7,0,1.3-0.6,1.3-1.3v-7.4c0-0.2,0-0.3-0.1-0.4C57,42.8,57,42.8,57,42.7z M41.7,49.5h-5.2v-4.9 h10.2v4.9H41.7z M48.5,42.1l-1.2-1.6h4.8l1.2,1.6H48.5z M44.1,40.5l1.2,1.6h-7.5l1.2-1.6H44.1z M49.2,44.6h5.5v4.9h-5.5V44.6z"/></g></svg>