John Grey 10:11am, 26 December 2007
There seem to have been a lot of these problems recently where accounts seem to have been deleted by non-owners because of phishing or whatever.
Perhaps it is time for Flickr to implement a system where accounts can initially only be made innaccessible rather than deleted, and then be deleted, say, a month later after further e-mailed warnings.
If this is a problem with people's right to remove images from a site at any time then add an option to allow members to set their accounts to be undeletable immediately in this way.
πρώρα (Prora) 11 years ago
I see no case for spamming accounts or porno accounts (especially when they post to groups where there are specific rules against nudity) being given a second chance. In many cases, even when they are deleted by Flickr they come back repeatedly with a new ID.
John Grey 11 years ago
No - I'd agree - I wouldn't give those deleted by Flickr another chance - just those (apparently) deleted by the account holder
theichibun 11 years ago
Like with an email confirmation required as well?
phishing is unlikely to stop, for one. additionally, it's really up to the member to be aware of that possibility in all their online activities. flickr is not unique in that way.

self-deletion should perhaps involve an additional step, such as providing a "secret" word you selected when joining flickr, with a hint protocol via email if you forget. that would stymie most such malicious 3d party deletions.
Vox Sciurorum 11 years ago
Hiding an account before truly deleting the data has been suggested before and is a good idea.
jakerome 11 years ago
Agree with John Grey.
werewegian 11 years ago
I disagree. Second chances will just make people more lazy. It is important that all internet users (no matter how naive or new) are aware of the risks of sharing passwords or of not paying attention to where and how they are logging into an account. A Flickr account deleted is bad enough but to learn the same lesson over a bank or shopping account? Painful.
John Grey 11 years ago
If the restoring the account from hidden process was slow and not straightforward (a request to flickr and low priority queue) people might still learn the lesson. Though I guess it is much more likley to happen to their bank than Flickr in any case.
jakerome 11 years ago
It's not just laziness werewegian. Anyone who's ever used Flickr from a public computer or a friend's computer is vulnerable to something like this, www.securityfocus.com/news/6447 . Chalking it up to people being "lazy" is, well, lazy.

I certainly don't want my bank account broken into, but they use 2-factor authentication methods to prevent this. And if someone hijacked my Amazon, it would be more of an annoyance than anything. For credit cards, it would be no more than an annoyance which is largely prevented by the use of 2-factor authentication methods.

Besides having my bank account compromised, I can't think of a worse online fate than having my Flickr account deleted.
werewegian 11 years ago
Then don't use a public computer or a friend's computer to log into your account. You can't blame flickr for bad decisions you've made.
benrobertsabq 11 years ago
I don't agree with having a reinstatement period if your account is deleted by Flickr Staff for violating the Community Guidelines.

If your account has been compromised and deleted by someone posing as you, a "holding period" before deletion might sound like a good idea.

But you'd have to have some form of validation that they couldn't get access to from your Flickr/Yahoo account in the first place anyway in order to reinstate it.

Otherwise the person could just change the validation information since they have access to your account, and the idea of restoring would be irrelevant, because the "real" you wouldn't be able to verify your identity anyway.

So you coould have some additional "identity" validation, but that's another layer of security that would have to be maintained outside the Flickr/Yahoo interface and managed somehow.

Doesn't seem like a bad idea on the face of it, however...

Fine. Now the person who compromised your account knows that if they delete it, you can get it back. So what if they just delete all the photos? Or puts offensive descriptions of all of them? Or uploads new ones? Or makes 500 hateful comments on all your contacts'
photos? Or sends 500 hateful Flickr mails to people?

The problem with a compromised account is that it's compromised, not that someone can delete it and you can't get it back.

The issue is the same either way - don't allow your account to be compromised. Make whatever decisions you need to in order to avoid this.
Vox Sciurorum 11 years ago
The issue is the same either way - don't allow your account to be compromised. Make whatever decisions you need to in order to avoid this.

Here's a suggestion. When an account is created the user gets a one time choice. You would check the box that reads "I'm a brilliant Internet user, far too smart to ever make a mistake or be hacked, and I don't want Flickr to give me any second chances." The rest of us would check the box saying "Preserve account information for 30 days in case of accidental deletion."
werewegian 11 years ago
But how would you reactivate it?
I'm mostly aware of the various forms of phishing and take great care in not revealing such things as passwords or usernames to ANYONE via email or other means without some sort of verification of the legitimacy of the party asking the question. However are there any other forms of phishing I should be more aware of?
John Grey Posted 11 years ago. Edited by John Grey (member) 11 years ago
@werewegian: You could contact Flickr and they would invite you to prove it was your account - perhaps by producing originals of images in your photostream (which by now are inaccessible) or by producing an image with the same camera as used in your stream (identified by exif data) or perhaps by asking for (some of) the card details used to pay for the account.
jakerome 11 years ago
@PayPaul: Malicious sites could install a key logger on your computer. Or you could log in via a friend's computer which has a key logger installed. Or you could sign up for a different account somewhere else & use the exact same username & password that you have on Yahoo! The site may be fully functioning and appear completely legit, but it may in fact just be a trap. There's a lot you can do to avoid being fished, but there's no way to guarantee your account won't be hacked even if you do everything right.
etherflyer 11 years ago
If you are travelling, say, and uploading pictures as you go, you often have no choice but to use public or borrowed computers. When I was in China in the summer, in one place the only email I had access to was Flickr (Google, Yahoo, and my ISP's remote login were all blocked somewhere).

Possibly what is needed is a two-stage login: a "full" login for your secure home computer, and a "travelling" login for less secure computers, that would have less power. Say, it could upload pictures and add tags, but not delete things (or deleted things got "held" until confirmed by the "full" login).

My bank has procedures to clue them in that someone has hacked by accounts, like massive currency movement. Someone deleting their account, or deleting all the pictures in their account, is probably a pretty rare event, especially for pro accounts. Maybe Flickr could trigger on these events and cache the pictures, pending confirmation.

Hell, as a pro user with thousands of pictures, I'd be willing to pay a service charge to get my pictures back, if anyone deleted them.
oh, for cryin' out loud: just like banking sites, and such... a "secret password" is all that is needed to confirm a deletion request. if the phisher has it, then it's likely your own fault. if not, your acct is safe.

easy-peasy fix, existing technology, user-settable before anything happens. done.
birdfarm 9 years ago
This is coming up in the news again - malicious account deletion by third parties.

Clearly it is a very simple fix: just email the user to confirm an apparent attempt to delete one's own account.

The only reason not to implement it appears to be a self-righteous attitude, as expressed by @werewegian? Nice.

Is werewegian a Flickr spokesperson? Are these the official reasons? If so I am disappointed in Flickr. Flickr purports to be all user-friendly and fun ("Flickr is getting a massage" har de har), but really, it's staffed by people with nothing but contempt for users? Is this true?

Regardless of your personal condescension toward users who are not as savvy as you, @werewegian, it would be user-friendly, customer-service-oriented, and all those things Flickr purports to be, to just implement this itty-bitty fix to save an undetermined number of people a lot of misery.

Is there any GOOD reason not to do it?
werewegian 9 years ago
No, there isn't, but there is a GOOD reason for not getting personal in your posts, @birdfarm. We don't allow it in this group.
Patrick Costello 9 years ago
>>Clearly it is a very simple fix: just email the user to confirm an apparent attempt to delete one's own account.

If the account has been phished, there's every chance the phisher has control of the owner's mail too. If you use the Yahoo mail account, then it's a given.
And if they can't delete the account, the phisher can just batch delete all the images instead. Or do you think every delete action should need independent confirmation? I suggest that would be VERY unpopular.
Flet©h 9 years ago
It seems to me there is no really good solution to this issue other than be more careful.

Email confirmation: A lot of flickr users use their Yahoo mail as their email address for flickr since sign in requires a Yahoo ID. Hack one, you have both so thats no good.

Back up deleted files: "But I deleted them for a reason, why do you still have coppies?"

Secret word: Que the help forum threads: "Help Me...
I've forgotten my secret word I set 3 years ago but I really want to delete my account. Can flickr staff help?" When would this be asked for? If only to delete an account what is to stop the hacker deleting all pictures/contacts/faves/fmail etc.

The only thing that would make sense would be to make the initail log in more secure. That is a Yahoo idea, not a flickr idea.
Patrick Costello 9 years ago
Technically, the idea of a holding pen also has merit. Deleted content could have a flag set that simply hides it. The actual delete could be deferred by 24 hours, or a week. You'd then need a procedure for reversing the flag. In the case of a deleted account that would need staff intervention. For individual images, you could have a user control that rolls back to the last actual delete point.
Flickr could add something to the TOS, stating that deleted content may be held on their servers for the appropriate period of time. However, I think the problem is that Data Privacy laws in some countries are being made ever more stringent, such that a TOS statement may not be sufficient to satisfy the requirement of some of those laws.
As says, it only takes one member to complain that Flickr are holding copies of their content against their expressed desire, and the whole system would have to be scrapped.
Fort Photo 9 years ago
I like the idea of a holding pen but if you are on a cross-country trip and only have a week or so to respond you could be SOL. Confirmation emails and secret words also have merit. Banking websites certainly deal with far more issues than this in the same vein. Perhaps flickr should reach out to their programmers and solicit ideas? Bottom line is that the day someone like _rebekka's account gets nuked maliciously it's going to be a very embarrassing day for flickr and yahoo. And it likely will even hit revenue.
Fort Photo 9 years ago
Also for accounts that flickr/yahoo deletes due to abuse, they have no reason to not just hide the account from public view for a bit before doing the actual deletion, giving time to send out an email and create an appeal process before nuking. And even then, due to humans being great at making mistakes they still need an undue function for any account they initiate the deletion on.
jakerome 9 years ago
Last we heard it was a low priority. Instead of fixing it, Flickr has given oxygen to the scream-at-Flickr crowd and have lost dozens or hundreds of customers because of inadvertent or unjust account deletion, and many more than that due to fear of the same.

I rarely recommend Flickr anymore, and this is the single biggest reason.
RubyMae 8 years ago
Since this is getting bandied about in the Help Forum again (with regards to the revised Community Guidelines), I thought I'd bring it back for more discussion.

This still seems an idea that Flickr needs to implement.
Wil C. Fry 8 years ago
On the one hand, a "recycle bin" of sorts might be a good idea, not just for accounts, but for images people delete, etc. It would come in handy for the 0.000001% of account deletions that were by mistake.

On the other hand, I'm never in favor of relaxing the rules anytime a rulebreaker complains about how strict the rules are.
Jef Poskanzer 8 years ago
Apparently flickr can't afford backups, so when an account gets deleted for whatever reason, it's gone for good. An intermediate "deletion pending" stage would be a good idea.

Another idea: do backups for Pro users.
kitby Posted 8 years ago. Edited by kitby (member) 8 years ago
A relevant post by staff in the Help Forum:
We've been working on the ability to restore accounts for a while and hope to have it completed early this year.
observant record [deleted] 8 years ago
Who ever heard of a business not backing up user data! This is a lame excuse. In case of a system failure, they will have backups to beable to restore all user accounts, or they risk loosing many customers in one go.
andyscamera 8 years ago
[https://www.flickr.com/photos/stephanl/] They do have backups to restore the whole system. But your data is scattered over many different servers in different locations -- they don't currently have a method to restore an individual member's data without affecting other members' more recent data.
observant record [deleted] 8 years ago
I see, thanks for the clarification.
MOD
Lú_ Posted 8 years ago. Edited by Lú_ (moderator) 8 years ago
Thanks, kitby, for the link! FYI for anyone checking now, head up from here a few posts for a link to a staff statement that this is in development in the form of an undelete ability for staff.
*mydiverdown* 8 years ago
Well I guess it has been implemented in one high profile case so it should be operational.
www.observer.com/2011/tech/flickr-restores-mirco-wilhelms...
MOD
Lú_ 8 years ago
Flickr has now implemented a 90-day holding period for deleted accounts.

Check the blog post here: blog.flickr.net/en/2011/05/26/your-photos-and-data-on-fli...

The FAQ here, including info on accounts deleted by Flickr: www.flickr.com/help/account/#82

Questions are welcomed in the Help Forum: www.flickr.com/help/forum/en-us/72157626687307655/#reply7...
Hairlover 8 years ago
\o/
Yaaaa!
ratsj 8 years ago
Well done flickr!
Groups Beta