Opened 19 months ago
Last modified 19 months ago
#6796 new enhancement
Data Erasure: Update @mentions
Reported by: | dd32 | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Component: | WordPress.org Site | Keywords: | |
Cc: |
Description
When an account undergoes data erasure we rename the user from @username
to @anonymized-$userID
. This changes the public ownership of any created resources (Forum threads/replies, Trac tickets/comments, Make.w.org comments, etc) from @username
to @anonymized-$userID
.
We do this as it allows us to comply with the erasure guidelines while also retaining the non-personally-identifying publicly created content.
We can also do that without leaving a public edit log containing the accounts previous username (for Trac and the forums).
However, a pain point that often comes up is that this doesn't remove the @mentions
of that username from other authors in other posts. This is fairly common with both Forum threads and Trac tickets.
I believe it would be worthwhile to extend the erasure/anonymization process to also replace @username
mentions with @anonymized-1234
in locations where the user has created content - for example, if a user has interacted with a Forum thread as a responder, the other replies in the thread would be affected, and same for Trac, other comments on any ticket interacted with by the user would be processed.
For performance reasons, this would only be for threads/tickets interacted with by the user, not global on all content.
Change History (2)
#2
in reply to:
↑ 1
@
19 months ago
Replying to Otto42:
Editing other people's content seems like a high risk thing to do.
I kind of agree, and there's a reason it doesn't already happen. This is one reason that a lot of other @mention
systems store the mention in a different format, such as the user ID and insert the username on display.
The problem is that the current process causes a level of complaints from erased accounts who believe erasure should've removed content not created by them, but mentions them.
I don't see something like $content = str_ireplace( '@username', '@anonymized...', $content );
as a high risk operation though. If it were replacing username
yes, but a direct @username
mention of the username in question is much lower risk.
Editing other people's content seems like a high risk thing to do. Not to mention slow, although that is greatly improved by only limiting it to interactions.