Account Deletion

[Guest]

I too would like my account deleted due to my leaked information on the dark web.

PHP Freaks: In October 2015, the PHP discussion board PHP Freaks was hacked and 173k user accounts were publicly leaked. The breach included multiple personal data attributes as well as salted and hashed passwords.

Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity

I am trying to cut loose ends and since I forgot that I was a member here and I probably will not use the phpfreaks forum, I would like my account deleted please.

This info I shared about the hack came from me running my email address on a search engine that searched the dark web and pointed out that my info came from this site. If it didn't show me php freaks result, I would not of remembered that I was a member here. 

Because I don't feel like my account is secure on this site, therefore I would like my account deleted. Can you please delete my account?

[requinix]

Given that you haven't posted anything besides this, I've anonymized your account.

[craftmanoj]

How do we even delete an account?
I just can not understand why we can not delete our account, or at-least I can not find a way.

It is such horrific UX!

Sorry, if i am being rude. I came back here after a long time just to delete my account turns out i cant find a way.

[requinix]

6 hours ago, craftmanoj said:

How do we even delete an account?

It's not available to users.

6 hours ago, craftmanoj said:

I just can not understand why we can not delete our account, or at-least I can not find a way.

Because it's part of our policy of not deleting content.

[gizmola]

On 9/29/2018 at 10:11 PM, Guest said:

I too would like my account deleted due to my leaked information on the dark web.

PHP Freaks: In October 2015, the PHP discussion board PHP Freaks was hacked and 173k user accounts were publicly leaked. The breach included multiple personal data attributes as well as salted and hashed passwords.

Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity

I am trying to cut loose ends and since I forgot that I was a member here and I probably will not use the phpfreaks forum, I would like my account deleted please.

This info I shared about the hack came from me running my email address on a search engine that searched the dark web and pointed out that my info came from this site. If it didn't show me php freaks result, I would not of remembered that I was a member here. 

Because I don't feel like my account is secure on this site, therefore I would like my account deleted. Can you please delete my account?

 

I want to clarify a few things in regards to the supposition of this post. 

I know that the people who run phpfreaks as volunteers felt really bad about the breach and disclosed everything we knew within reason, as well as recommendations on how to deal with the issue when it happened 3 years ago.  To be fair that incident is part of the distant past when you are dealing with the internet.

Just to be clear, there is NOTHING that might have been disclosed that a user didn't provide themselves, and the fact of the matter is that the system has never required a birthdate, real name, address or any information that might identify someone.    Very few users provide anything other than a registration email and a username/password combination, since that is all we require to make an account.  Furthermore, throughout the years, the staff members have PROACTIVELY helped many hundreds of people who in the process of seeking aid and advice,  provided url's, system and database account names and passwords, and other information we saw was problematic.    The staff has gone in and edited these posts to anonymize them hopefully before they were used by others. 

I have a hard time taking seriously anyone who posts some 3 year old information from a "Dark web search"  that is written in a way to make it seem like there were vast amounts of valuable personal information found out, when that is far from accurate.  Any reasonable person would know what they provided when they signed up and whether or not there was any reason for them to be concerned.  Requesting us to take actions in regards to your accounts 3 years later is a waste of time.  Whatever was in the database record for your user was retrieved.  Deleting an account you don't use does nothing for you or anyone else.  

Email addresses are not private information when you use them for sending email.   The internet email system was not designed with security, privacy or anonymity in mind.  The reality is, and we see this every day, that making a new email account can be done in seconds in scores of public web email systems like gmail, yahoo & microsoft.  As far as "website" activity is concerned, the only website activity (other than private messaging) is the actual public content of Topics and posts.  Usernames are public information in our system, as without them there is no way for conversations to occur.

IP addresses are again, not private information -- your browsing activity intrinsically provides your IP address every step of the way to your destination.  Systems can choose to store IP's or not.   If you posted something on phpfreaks 3 or 5 or 7 years ago, and someone looking at a database can see that when you made the post you did so from a particular IP address,  you need to figure out for yourself, exactly what value that information has, and how you are exposed.  I can tell you that anyone with a legitimate concern, explained with clarity and understanding of the issue, would be received by our staff with nothing but respect.

Phpfreaks uses forum software that was not properly maintained for a period of time, and the person or person(s) who gained access to the forum database utilized a vulnerability in it that allowed them to extract information from the forum database at that point in time.   Many things were changed after this occurred, not the least of which was reinstallation of current maintained versions of the forum software.  The attackers were only able to get what minimal information the forum database contained.  PHPFreaks has not ever enhanced or added to that information in the way that many commercial enterprises do.

IF you don't use the same password on multiple websites, OR you didn't provide information in your profile that might identify you, then you have absolutely nothing to worry about in regards to what happened.  Once upon a time, I used the same password on numerous sites, but eventually I bit the bullet and took it upon myself to use a password manager, with random passwords I create and update for every account I own.  In many cases I've taken advantage of the addition of 2 factor authentication when these accounts are particularly important.

The goal of phpfreaks as a free public community for php developers and students was clearly explained in our Terms of service.   Our reasons for our policies have everything to do with giving back to the public at large.  There is nothing to be gained by the people who answer most of the questions on this site other than to give back to the PHP community.  Many people fail to understand that the forum is public so that it can be indexed by search engines, and not unlike other forums or communities with a similar reason for existence, to answer the questions of future visitors, many of whom will never make an account.  We answer questions to give back to the community, and when you ask questions here, whether you like it or not, you may also be giving back to the community in terms of having your questions and responses available to others.

We have had very few requests like this one, because the vast majority of users were savvy enough to understand their basic exposure in regards to their activity on phpfreaks.  Long before the breach, we routinely received requests to delete activity, and more often than not, it is because the people who came and partook of the community are now embarrassed to have a history that might expose them as having at one time, had a question or even many questions.  They demand that we do the very thing we disclose to every user when they sign up, and that is to delete their history and activity here.    They got free advice, mentoring and instruction in many cases, and yet they can't understand why we won't bend over backwards to do the very thing we said we don't do.

Last but not least, there is no such thing as the "Dark Web."  That is a silly meaningless moniker probably invented by some tech journalists who barely understand the beat they cover, in order to scare the vast majority of internet users who have little understanding of the technology they use every day.  Again, the internet was not designed with anonymity or privacy in mind, but it also wasn't designed with intrinsic identification.  Throughout the history of mankind there have always been individuals who transgress the norms of society and the laws of a particular jurisdiction.  People commit heinous and violent acts, or rob, cheat and steal.  The internet did not invent that.  This is not a personal attack on the original poster, but it doesn't help people to deal in hyperbole, gossip or the spread of misinformation, however unintentional that might be.   Searching a "database" on a "Dark web search" site adds a lot of meaningless mystery to something that was never a mystery to begin with.

 

[geekgirl101]

I would like to know how to change my password on the actual site since it appears the site has a different username/password to the forums and it has been compromised.

[requinix]

12 hours ago, geekgirl101 said:

I would like to know how to change my password on the actual site since ... it has been compromised.

It was? When did that happen?

[craftmanoj]

@requinix I understand the concern behind deletion of contents. But i being a user i should have control over my account. It's like my account, my data but none in my control. Let us delete our account but do not delete the posts/contents. Just show something like 'user not active' or something.

I understand how important the created contents on site. I don't know what are other important reason behind not letting to delete. Just saying it is a 'site policy' does not make any one much happier.

If i created the account it me who decide weather do I really need it or not, not the platform; unless i violate any rules.

[requinix]

22 minutes ago, craftmanoj said:

@requinix I understand the concern behind deletion of contents. But i being a user i should have control over my account. It's like my account, my data but none in my control.

Sure you have control. You can change all the profile information you have entered (if any), you can change the email address, and I believe you can change the display name if not the actual username (though it may have a minimum post requirement). The only thing you cannot do is delete your account.

22 minutes ago, craftmanoj said:

Just saying it is a 'site policy' does not make any one much happier.

Not all communities allow deleting accounts. We're one of them.

22 minutes ago, craftmanoj said:

If i created the account it me who decide weather do I really need it or not, not the platform

Neither we nor the platform are deciding whether you "need" the account. What we are deciding is that the account exists in our database and therefore should continue to exist. There have been exceptions, but "if the user asks for it" is not one of them.

If you decide you don't want it then don't use it. If you're worried about personal information being exposed then don't give us your personal information. It's that simple.

[Jacebenson]

Okay. So the solution I'm reading is.  Goto some 10 minute mail provider;

Generate a email.

Update account with 10 minute mail address.

Remove or change all other details and no longer use the site.  Right?  I mean, That's what the policy does allow.

[Jacebenson]

Quote

Sure you have control. You can change all the profile information you have entered (if any), you can change the email address, and I believe you can change the display name if not the actual username (though it may have a minimum post requirement).

It's not clear how to change your username though.

[requinix]

Yes, you're free to edit the information in your account however you'd like. Our policy about not deleting stuff restricts us.

I think changing the display name is limited by post count. You can ask us to change your name - that's not something we're too picky about as long as there's a good reason for it.