Suggestion Recycling Old Names

[Whiskey]

I don't know if this has been suggested before, and if it's not sensible then that's totally fine, but I was wondering if there has ever been any talk about freeing up old usernames to be taken by the current population of writers? Some really fun and interesting names are taken by people who haven't been seen on the site in five years, ten, more than that even. If you could mass delete accounts beyond a certain age (I don't know if that's possible) then it might open up some great possibilities for name changes.

I just think it's likely that those people aren't coming back. Or, if they did, they would come back with a different name rather than reviving their old account.

Just a thought!

 

[Prose]

We don't delete accounts at all. Our process is to withdraw them, due to deleting an account then deletes the member number (chronological) and that messes with the system a bit. It also alters our numbers. As an example, we'd go from 30k members to 15k due to a pruning method that just isn't necessary.

We don't have any rules, nor will we, on activity levels for our members, meaning that you do not have to remain active every 6 months or whatever to secure the name Whiskey.

Having said that, we will sometimes consider manual name changes for members in good standing (no reported content/rule breaks) who desire taken names that are from accounts that are inactive for the last 6+ years. This is also not automatic, meaning just because I said we can do it, that we will do it. We very much prefer not to do it, so getting an Admin to do it takes a lot of charm, a few pinches of the most rare form of potent pixie dust and a touch of whatever Lucifer does when he asks "What do you desire?" in that Netflix series of his. Without all of that, it isn't happening.

Happy writing.

 

[Whiskey]

Ohhh awesome, that all makes sense. Thanks for taking the time to explain it to me.

 

[Siph]

We don't delete accounts at all.

I'm not an expert on the topic, but how does that comply with the GDPR's right to be forgotten? Or is there a different method to have your personal information deleted?

 

[tsukasa]

I'm not only curious about the legal requirement of the GDPR and other similar laws, but also about what happens to the username if it's been mentioned via @ prior to another user taking it? Would that reference the same account despite the username belonging to a new one? As for the former question, it seems that anonymisation of the user's data is enough to comply with GDPR, which is how Discord approaches this situation.

 

[captain_bond]

whatever Lucifer does when he asks "What do you desire?" in that Netflix series of his.

Love the reference.

 

[Prose]

GDPR is EU law. We are under USA law and are not required to comply.

In short, if you don't want any IP out there, then don't put any IP out there. You can also go in and delete all of your content yourself, up to the point of your account creation, which we will not delete, but we will withdraw and make inaccessible.

 

[tsukasa]

GDPR is EU law. We are under USA law and are not required to comply.

What about the Californian CCPA? It's effectively the same thing in the US.

 

[Prose]

We are also not based in California.

 

[tsukasa]

We are also not based in California.

This is irrelevant. CCPA applies worldwide. This is verifiable by checking, yourself. If someone in California requests it, you are required to comply wherever you are based.

 

[Prose]

CCPA is a California law and it applies in California for California based operations and businesses. We're also not a business, nor are we operating out of California.

 

[Prose]

The CCPA applies to for-profit businesses that do business in California and meet any of the following: Have a gross annual revenue of over $25 million; Buy, sell, or share the personal information of 100,000 or more California residents, households, or devices; or Derive 50% or more of their annual revenue from selling California residents' personal information.

We are just under that dollar amount, sadly.

 

[tsukasa]

The CCPA applies to for-profit businesses that do business in California and meet any of the following: Have a gross annual revenue of over $25 million; Buy, sell, or share the personal information of 100,000 or more California residents, households, or devices; or Derive 50% or more of their annual revenue from selling California residents' personal information.

We are just under that dollar amount, sadly.

Well, since these numbers aren't shown anywhere on this site, we have the right to consider it worst-case basis. GDPR doesn't apply to this site since it's simply a "service provider" based outside the US, but CCPA isn't so forgiving in its terminology. Although unlikely, it's possible for this site to make an arbitrary amount of money, and we don't even know how donations are spent, from what I've seen on the site.

I don't really think trying to be sarcastic about the issue is fair to users; it shows that the issue isn't taken seriously.

 

[Prose]

In one breath you say that being sarcastic shows it isn't being taken seriously, but you also say that you can't be so sure that we're netting less than $25 million dollars? Which is it? You are throwing everything you can think of at us and hoping something sticks, without knowing the actual legal foundation. That is a problem in itself. Throwing EU law at us, throwing Cali law at us and then stating that what I've said is irrelevant bc Cali law is enforced world wide? You led us down this path and I've, as politely as I can, informed you that you are wrong. You persisted with the CCPA, I didn't. I only informed you why we don't fall under it's requirements.

 

[Siph]

GDPR is EU law. We are under USA law and are not required to comply.

That's not true; the GDPR applies to any organisation catering to EU citizens. Admittedly they're somewhat vague on whether an "organisation" must be a for-profit company, and there are exceptions for "organisations" with a small number of employees/users (and again, I'm not a lawyer), but you might want to read into the matter or ask a legal professional.

Not accusing you or anything, just concerned considering that some sites that don't comply opt to block EU citizens from accessing them altogether.

 

[Whiskey]

In the link you've sent, it does say:

The second exception is for organizations with fewer than 250 employees. Small- and medium-sized enterprises (SMEs) are not totally exempt from the GDPR, but the regulation does free them from record-keeping obligations in most cases (see Article 30.5).

I'm almost positive that BMR doesn't have over 250 employees. The first exception is for "purely personal or household activities" which I would argue the site also falls under. I don't think they're falling afoul of that law.

 

[Sync]

That's not true; the GDPR applies to any organisation catering to EU citizens. Admittedly they're somewhat vague on whether an "organisation" must be a for-profit company, and there are exceptions for "organisations" with a small number of employees/users (and again, I'm not a lawyer), but you might want to read into the matter or ask a legal professional.

Not accusing you or anything, just concerned considering that some sites that don't comply opt to block EU citizens from accessing them altogether.

From that article you linked:

The GDPR only applies to organizations engaged in "professional or commercial activity."

Pretty sure BMR doesn't fall into that category, so would likely be considered exempt.

The second exception is for organizations with fewer than 250 employees.

I'm gonna go out on a limb and suggest that BMR doesn't have any employees...and so is likely exempt. While I don't know that full nature of the staffing arrangements here, I'm reasonably certain that staff are engaged solely on a volunteer basis and are not financially compensated. Thus no employment.

Unlikely that BMR would be subject to the GDPR.

 

[Siph]

The GDPR only applies to organizations engaged in "professional or commercial activity."

Thanks, I somehow hadn't noticed that part. The 250-employee thing only seems to exempt companies from having to keep records on how data is handled, not from other parts of the GDPR on e.g. request for data deletion -- though that's kinda moot at this point.

what happens to the username if it's been mentioned via @ prior to another user taking it? Would that reference the same account despite the username belonging to a new one?

Judging by the BB code that's used whenever you quote someone, the @ part refers to the quoted user's member ID, not the username itself; I gather an @ without quote works the same way. Funnily enough that's how Discord handles @s too, which is why you can change your username (or role name, or channel name) without breaking every link anyone has ever pinged you with.

 

[tsukasa]

Judging by the BB code that's used whenever you quote someone, the @ part refers to the quoted user's member ID, not the username itself; I gather an @ without quote works the same way. Funnily enough that's how Discord handles @s too, which is why you can change your username (or role name, or channel name) without breaking every link anyone has ever pinged you with.

Yes, I was hoping it would work that way. I've worked with many back-end systems which work this way, and I was hoping XenForo had the same sense to do that. It should also mean changing the username of a current user keeps their pinned ID so the mentions automatically reference those new usernames.

 

[Praxis]

You can also go in and delete all of your content yourself, up to the point of your account creation.

Unless this has changed, any "deletion" of content, on site, is more of a removing it from view (it's unable to be seen, by non-staff members), but is still entirely accessible, and existent on site for anyone at Moderator level or higher.

Actual deletion of content (as gone as anything on the internet truly is) requires more direct interaction from someone other than the person who created it (used to be Administrator level interaction, not sure now).

It's a semantic difference, but in the theme of transparency (and factuality) saying that a user can delete their content, to the point of account creation, is untrue. If it's posted here, it stays here, unless specifically removed by someone with that ability.

 

[Prose]

Judging by the BB code that's used whenever you quote someone, the @ part refers to the quoted user's member ID, not the username itself; I gather an @ without quote works the same way. Funnily enough that's how Discord handles @s too, which is why you can change your username (or role name, or channel name) without breaking every link anyone has ever pinged you with.

This is correct, it is done via member number, not via the name itself. It is how people are able to name change and still have access to all of their content and lists, as it is bound by the account. Any @'ing will go to the account number, but it displays via their current name.