We should let people delete their own accounts. This is a basic feature expected on Websites nowadays. This will also remove the burden from webmasters team having to delete accounts manually.

Remaining tasks

  1. Enable 'delete own account' permission for authenticated users
  2. Update relevant docs to clarify how people can delete their account
  3. Setup Jenkins job to automatically clean up sub-site accounts for accounts deleted on D.o

Original report

For years, we've never deleted accounts, even when people requested it.

This is no longer tenable, I think. Even facebook offers a way to delete your data. And it is actually a legal requirement over here that you as website owner provide a possibility for users to delete their accounts.

That we don't have such a possibility atm is that we are concerned about loss of valuable content. We'd need to keep content when a user deletes the account.


WorldFallz’s picture

since this is a feature of core d7-- is it something that we need before d.o upgrades? If so, maybe it's possible to backport the d7 version of the feature #8: Let users cancel their accounts (omg that's node #8! lol)?

laura s’s picture

+1 on coming up with a solution. But how much deletion do we want to facilitate? Perhaps the backport makes sense, but I suggest let's first figure out what we need before we set scarce development resources on what could be a non-trivial implementation.

I think renaming the username to something generic, as in #1289604: Please delete account, is a fine solution. It anonymizes a former presence without losing content. I did not look in the bg of that account, but if we keep the email address unchanged and did not actually block the account, that would allow for change of heart later, in case someone wants to get back on and reclaim an account. (I have no idea how often that has happened, though.)

I am -1 on deleting a user's content, though, as that can result in unexpected and unhappy consequences, such as lost comments and replies. Anonymizing the username seems to be good.

If we were not to actually block the account, perhaps profile info should be scrubbed as well? It seems like a reasonable thing to do, if we're anonymizing otherwise, but with all the rabbit holes in d.o profiles, that could be a time-consuming process. Maybe users wanting deletion should be warned to do it themselves first, while they can?

To summarize:

Anonymize username: +1
Block account: undecided
Scrub profile: +1 (if not blocked, but I would favor a DIY recommendation before requesting deletion)
Remove content: -1

killes@www.drop.org’s picture

I'd like to keep the content too.

just anonymizing the account will not be sufficient, the email address will be kept in both the mail and init columns. We'd need to delete those too.

I am not after a quick solution, but we should keep this on our radar.

silverwing’s picture

Now that plans are under way to upgrade the site, seems like a good time for a gentle bump.

tvn’s picture

Assigned: Unassigned » tvn
Issue summary: View changes
Issue tags: +Drupal.org Content Working Group

Drupal.org Content Working Group is working on such a policy as a part of a general Drupal.org Terms of Service. We are currently working on a draft. As soon as it's ready, it'll be published for community review/feedback.

tvn’s picture

Drupal.org Terms of Service draft has been published:

This ToS includes the following section:

E. Cancellation

1. You can delete your account at any time. Upon deletion all private and personally identifying information from your profile will be deleted. The data will stay in backups on our servers for 2 weeks, after which it will be completely removed.

2. Public content you created, such as issues, forum posts, projects, documentation page revisions, etc. won’t be deleted. All this content will be attributed to ‘Anonymous’ user.

3. Once deleted, your account is gone and can not be restored.

Technical implementation:

We are planning to use Drupal 7 core account deletion feature. Users will be able to delete their accounts themselves at any time (webmasters won't have to do it manually anymore, hooray!). Once the account is deleted, all content will be attributed to 'Anonymous" user. The only problem with this approach is that core will only delete user account on Drupal.org and not on the sub-sites. To address this we will create regularly running Jenkins job, which will check for user accounts, deleted on Drupal.org since the last run, and delete corresponding accounts on the sub-sites.

skyredwang’s picture

@tvn , what about request for deleting spam account (blocked)? I lost my id @skyred on groups.drupal.org a few years ago when SSO took place, because at that time @skyred on drupal.org was a blocked spam account, and therefore, I was forced to use my @skyredwang

naveenvalecha’s picture

Hi Folks
I suggest we should not delete the user data. if a user suggested to delete his/her account then we just only block his account and keep the data in the database.
Regarding the feature of deleting own account : I am in the favour that user data should be kept in the system.

Naveen Valecha

tvn’s picture

Issue summary: View changes

Even though ToS is postponed, there is no reason not to let people delete their accounts. I've tested this functionality on a dev site, found 1 bug, which we already fixed #2329415: Deleting a user should delete them as a maintainer. I am going to enable this permission on Drupal.org. Neil is finishing up Jenkins job, people starting using this functionality will give him more data to test.

@skyredwang we might later consider deleting accounts, blocked long time ago. However this issue is specifically about users being able to delete their own accounts.

tvn’s picture

tvn’s picture

Issue summary: View changes

I've enabled the permission to delete own account for authenticated users. I also created new doc page here: https://www.drupal.org/node/2333505

From now on, for the new issues requesting account deletion we can let people know they can do it themselves.

naveenvalecha’s picture

Hi tvn,
I have read the 3rd point here https://www.drupal.org/node/2333505

Once deleted, your account is gone and CAN NOT be restored.

If someone email account got hacked by hacker then his/her account will be easily deleted. I am in the favour that drupal.org should keep users deleted data and displayed the "Anonymous" for the cancelled account.What do you reckon here ?

Naveen Valecha

Chi’s picture

Is there a way to confirm deleting own account with email? Maybe something of contributed modules?

tvn’s picture

naveenvalecha, some users legitimately want to delete all of their data from Drupal.org. They should be able to do so. We can't keep all the data only because someone might be deleted by hackers. In case this ever happens - someone's email gets hacked and their user account deleted - there is a short period of time, during which we might be able to restore account from the backups.

Chi, that's how Drupal core works by default. Users will need to confirm account deletion via email.

tvn’s picture

Status: Active » Fixed

Neil created http://localhost:8080/view/D.o/job/delete_users_on_subsites/, which now runs once a day. We can increase the frequency later a bit, want to watch how it works for a bit.

naveenvalecha’s picture


In case this ever happens - someone's email gets hacked and their user account deleted - there is a short period of time, during which we might be able to restore account from the backups.

Thanks for letting me know that its fine that we might recover the user data.

silverwing’s picture

Status: Fixed » Active

One more thing... :)

I disabled commenting on https://www.drupal.org/node/2333505 since we don't want people to request deleting their accounts there (you know they will) but we should have a place for people to go for questions/clarifications - either the Association or Webmaster queue. (My vote is for Association :)

tvn’s picture

silverwing, are you suggesting we add a note about help@d.o email address to that doc page? I am fine with that.

silverwing’s picture

@tvn - that would be great

tvn’s picture

Status: Active » Fixed

Added to the bottom.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.