Discussions (17684)

You searched for delete and account.

[Implemented] deleted accounts [holding area]

view profile

John Grey says:

There seem to have been a lot of these problems recently where accounts seem to have been deleted by non-owners because of phishing or whatever.
Perhaps it is time for Flickr to implement a system where accounts can initially only be made innaccessible rather than deleted, and then be deleted, say, a month later after further e-mailed warnings.
If this is a problem with people's right to remove images from a site at any time then add an option to allow members to set their accounts to be undeletable immediately in this way.
Originally posted at 2:11AM, 26 December 2007 PST (permalink)
Lú_ edited this topic 103 months ago.

view photostream

In Memoriam: πρώρα (Prora) says:

I see no case for spamming accounts or porno accounts (especially when they post to groups where there are specific rules against nudity) being given a second chance. In many cases, even when they are deleted by Flickr they come back repeatedly with a new ID.
ages ago (permalink)

view photostream

John Grey says:

No - I'd agree - I wouldn't give those deleted by Flickr another chance - just those (apparently) deleted by the account holder
ages ago (permalink)

view photostream

theichibun says:

Like with an email confirmation required as well?
ages ago (permalink)

view photostream

Rippie: Contra Censura! says:

phishing is unlikely to stop, for one. additionally, it's really up to the member to be aware of that possibility in all their online activities. flickr is not unique in that way.

self-deletion should perhaps involve an additional step, such as providing a "secret" word you selected when joining flickr, with a hint protocol via email if you forget. that would stymie most such malicious 3d party deletions.
ages ago (permalink)

view photostream

Vox Sciurorum says:

Hiding an account before truly deleting the data has been suggested before and is a good idea.
ages ago (permalink)

view photostream

jakerome says:

Agree with John Grey.
ages ago (permalink)

view photostream

werewegian says:

I disagree. Second chances will just make people more lazy. It is important that all internet users (no matter how naive or new) are aware of the risks of sharing passwords or of not paying attention to where and how they are logging into an account. A Flickr account deleted is bad enough but to learn the same lesson over a bank or shopping account? Painful.
ages ago (permalink)

view photostream

John Grey says:

If the restoring the account from hidden process was slow and not straightforward (a request to flickr and low priority queue) people might still learn the lesson. Though I guess it is much more likley to happen to their bank than Flickr in any case.
ages ago (permalink)

view photostream

jakerome says:

It's not just laziness werewegian. Anyone who's ever used Flickr from a public computer or a friend's computer is vulnerable to something like this, www.securityfocus.com/news/6447 . Chalking it up to people being "lazy" is, well, lazy.

I certainly don't want my bank account broken into, but they use 2-factor authentication methods to prevent this. And if someone hijacked my Amazon, it would be more of an annoyance than anything. For credit cards, it would be no more than an annoyance which is largely prevented by the use of 2-factor authentication methods.

Besides having my bank account compromised, I can't think of a worse online fate than having my Flickr account deleted.
ages ago (permalink)

view photostream

werewegian says:

Then don't use a public computer or a friend's computer to log into your account. You can't blame flickr for bad decisions you've made.
ages ago (permalink)

view photostream

benrobertsabq says:

I don't agree with having a reinstatement period if your account is deleted by Flickr Staff for violating the Community Guidelines.

If your account has been compromised and deleted by someone posing as you, a "holding period" before deletion might sound like a good idea.

But you'd have to have some form of validation that they couldn't get access to from your Flickr/Yahoo account in the first place anyway in order to reinstate it.

Otherwise the person could just change the validation information since they have access to your account, and the idea of restoring would be irrelevant, because the "real" you wouldn't be able to verify your identity anyway.

So you coould have some additional "identity" validation, but that's another layer of security that would have to be maintained outside the Flickr/Yahoo interface and managed somehow.

Doesn't seem like a bad idea on the face of it, however...

Fine. Now the person who compromised your account knows that if they delete it, you can get it back. So what if they just delete all the photos? Or puts offensive descriptions of all of them? Or uploads new ones? Or makes 500 hateful comments on all your contacts'
photos? Or sends 500 hateful Flickr mails to people?

The problem with a compromised account is that it's compromised, not that someone can delete it and you can't get it back.

The issue is the same either way - don't allow your account to be compromised. Make whatever decisions you need to in order to avoid this.
ages ago (permalink)

view photostream

Vox Sciurorum says:

The issue is the same either way - don't allow your account to be compromised. Make whatever decisions you need to in order to avoid this.

Here's a suggestion. When an account is created the user gets a one time choice. You would check the box that reads "I'm a brilliant Internet user, far too smart to ever make a mistake or be hacked, and I don't want Flickr to give me any second chances." The rest of us would check the box saying "Preserve account information for 30 days in case of accidental deletion."
ages ago (permalink)

view photostream

werewegian says:

But how would you reactivate it?
ages ago (permalink)

view photostream

ⓅⒶⓎⓅⒶⓊⓁ says:

I'm mostly aware of the various forms of phishing and take great care in not revealing such things as passwords or usernames to ANYONE via email or other means without some sort of verification of the legitimacy of the party asking the question. However are there any other forms of phishing I should be more aware of?
ages ago (permalink)

view photostream

John Grey says:

@werewegian: You could contact Flickr and they would invite you to prove it was your account - perhaps by producing originals of images in your photostream (which by now are inaccessible) or by producing an image with the same camera as used in your stream (identified by exif data) or perhaps by asking for (some of) the card details used to pay for the account.
Originally posted ages ago. (permalink)
John Grey edited this topic ages ago.

view photostream

jakerome says:

@PayPaul: Malicious sites could install a key logger on your computer. Or you could log in via a friend's computer which has a key logger installed. Or you could sign up for a different account somewhere else & use the exact same username & password that you have on Yahoo! The site may be fully functioning and appear completely legit, but it may in fact just be a trap. There's a lot you can do to avoid being fished, but there's no way to guarantee your account won't be hacked even if you do everything right.
ages ago (permalink)

view photostream

etherflyer says:

If you are travelling, say, and uploading pictures as you go, you often have no choice but to use public or borrowed computers. When I was in China in the summer, in one place the only email I had access to was Flickr (Google, Yahoo, and my ISP's remote login were all blocked somewhere).

Possibly what is needed is a two-stage login: a "full" login for your secure home computer, and a "travelling" login for less secure computers, that would have less power. Say, it could upload pictures and add tags, but not delete things (or deleted things got "held" until confirmed by the "full" login).

My bank has procedures to clue them in that someone has hacked by accounts, like massive currency movement. Someone deleting their account, or deleting all the pictures in their account, is probably a pretty rare event, especially for pro accounts. Maybe Flickr could trigger on these events and cache the pictures, pending confirmation.

Hell, as a pro user with thousands of pictures, I'd be willing to pay a service charge to get my pictures back, if anyone deleted them.
ages ago (permalink)

view photostream

Rippie: Contra Censura! says:

oh, for cryin' out loud: just like banking sites, and such... a "secret password" is all that is needed to confirm a deletion request. if the phisher has it, then it's likely your own fault. if not, your acct is safe.

easy-peasy fix, existing technology, user-settable before anything happens. done.
ages ago (permalink)

view photostream

birdfarm says:

This is coming up in the news again - malicious account deletion by third parties.

Clearly it is a very simple fix: just email the user to confirm an apparent attempt to delete one's own account.

The only reason not to implement it appears to be a self-righteous attitude, as expressed by @werewegian? Nice.

Is werewegian a Flickr spokesperson? Are these the official reasons? If so I am disappointed in Flickr. Flickr purports to be all user-friendly and fun ("Flickr is getting a massage" har de har), but really, it's staffed by people with nothing but contempt for users? Is this true?

Regardless of your personal condescension toward users who are not as savvy as you, @werewegian, it would be user-friendly, customer-service-oriented, and all those things Flickr purports to be, to just implement this itty-bitty fix to save an undetermined number of people a lot of misery.

Is there any GOOD reason not to do it?
ages ago (permalink)

view photostream

werewegian says:

No, there isn't, but there is a GOOD reason for not getting personal in your posts, @birdfarm. We don't allow it in this group.
ages ago (permalink)

view photostream

Patrick Costello says:

>>Clearly it is a very simple fix: just email the user to confirm an apparent attempt to delete one's own account.

If the account has been phished, there's every chance the phisher has control of the owner's mail too. If you use the Yahoo mail account, then it's a given.
And if they can't delete the account, the phisher can just batch delete all the images instead. Or do you think every delete action should need independent confirmation? I suggest that would be VERY unpopular.
ages ago (permalink)

view photostream

Flet©h says:

It seems to me there is no really good solution to this issue other than be more careful.

Email confirmation: A lot of flickr users use their Yahoo mail as their email address for flickr since sign in requires a Yahoo ID. Hack one, you have both so thats no good.

Back up deleted files: "But I deleted them for a reason, why do you still have coppies?"

Secret word: Que the help forum threads: "Help Me...
I've forgotten my secret word I set 3 years ago but I really want to delete my account. Can flickr staff help?" When would this be asked for? If only to delete an account what is to stop the hacker deleting all pictures/contacts/faves/fmail etc.

The only thing that would make sense would be to make the initail log in more secure. That is a Yahoo idea, not a flickr idea.
ages ago (permalink)

view photostream

Patrick Costello says:

Technically, the idea of a holding pen also has merit. Deleted content could have a flag set that simply hides it. The actual delete could be deferred by 24 hours, or a week. You'd then need a procedure for reversing the flag. In the case of a deleted account that would need staff intervention. For individual images, you could have a user control that rolls back to the last actual delete point.
Flickr could add something to the TOS, stating that deleted content may be held on their servers for the appropriate period of time. However, I think the problem is that Data Privacy laws in some countries are being made ever more stringent, such that a TOS statement may not be sufficient to satisfy the requirement of some of those laws.
As says, it only takes one member to complain that Flickr are holding copies of their content against their expressed desire, and the whole system would have to be scrapped.
ages ago (permalink)

view photostream

Fort Photo says:

I like the idea of a holding pen but if you are on a cross-country trip and only have a week or so to respond you could be SOL. Confirmation emails and secret words also have merit. Banking websites certainly deal with far more issues than this in the same vein. Perhaps flickr should reach out to their programmers and solicit ideas? Bottom line is that the day someone like _rebekka's account gets nuked maliciously it's going to be a very embarrassing day for flickr and yahoo. And it likely will even hit revenue.
ages ago (permalink)

view photostream

Fort Photo says:

Also for accounts that flickr/yahoo deletes due to abuse, they have no reason to not just hide the account from public view for a bit before doing the actual deletion, giving time to send out an email and create an appeal process before nuking. And even then, due to humans being great at making mistakes they still need an undue function for any account they initiate the deletion on.
ages ago (permalink)

view photostream

jakerome says:

Last we heard it was a low priority. Instead of fixing it, Flickr has given oxygen to the scream-at-Flickr crowd and have lost dozens or hundreds of customers because of inadvertent or unjust account deletion, and many more than that due to fear of the same.

I rarely recommend Flickr anymore, and this is the single biggest reason.
ages ago (permalink)

view photostream

RubyMae says:

Since this is getting bandied about in the Help Forum again (with regards to the revised Community Guidelines), I thought I'd bring it back for more discussion.

This still seems an idea that Flickr needs to implement.
107 months ago (permalink)

view photostream

Wil C. Fry says:

On the one hand, a "recycle bin" of sorts might be a good idea, not just for accounts, but for images people delete, etc. It would come in handy for the 0.000001% of account deletions that were by mistake.

On the other hand, I'm never in favor of relaxing the rules anytime a rulebreaker complains about how strict the rules are.
107 months ago (permalink)

view photostream

Jef Poskanzer says:

Apparently flickr can't afford backups, so when an account gets deleted for whatever reason, it's gone for good. An intermediate "deletion pending" stage would be a good idea.

Another idea: do backups for Pro users.
107 months ago (permalink)

view photostream

kitby says:

A relevant post by staff in the Help Forum:

We've been working on the ability to restore accounts for a while and hope to have it completed early this year.

Originally posted 107 months ago. (permalink)
kitby edited this topic 107 months ago.

observant record [deleted] says:

Who ever heard of a business not backing up user data! This is a lame excuse. In case of a system failure, they will have backups to beable to restore all user accounts, or they risk loosing many customers in one go.
107 months ago (permalink)

view photostream

andyscamera says:

[https://www.flickr.com/photos/stephanl/] They do have backups to restore the whole system. But your data is scattered over many different servers in different locations -- they don't currently have a method to restore an individual member's data without affecting other members' more recent data.
107 months ago (permalink)

observant record [deleted] says:

I see, thanks for the clarification.
107 months ago (permalink)

view photostream

Lú_ is a group moderator Lú_ says:

Thanks, kitby, for the link! FYI for anyone checking now, head up from here a few posts for a link to a staff statement that this is in development in the form of an undelete ability for staff.
Originally posted 107 months ago. (permalink)
Lú_ edited this topic 107 months ago.

view photostream

*mydiverdown* says:

Well I guess it has been implemented in one high profile case so it should be operational.
www.observer.com/2011/tech/flickr-restores-mirco-wilhelms...
107 months ago (permalink)

view photostream

Lú_ is a group moderator Lú_ says:

Flickr has now implemented a 90-day holding period for deleted accounts.

Check the blog post here: blog.flickr.net/en/2011/05/26/your-photos-and-data-on-fli...

The FAQ here, including info on accounts deleted by Flickr: www.flickr.com/help/account/#82

Questions are welcomed in the Help Forum: www.flickr.com/help/forum/en-us/72157626687307655/#reply7...
103 months ago (permalink)

view photostream

Hairlover says:

\o/
Yaaaa!
103 months ago (permalink)

view photostream

ratsj says:

Well done flickr!
103 months ago (permalink)

Would you like to comment?

Sign up for a free account, or sign in (if you're already a member).