Should you delete online accounts?
If you stop using an online account, should you delete that account or keep it? The question has no simple answer, as several factors play a role in the decision making process.
If you decide to delete the account, it may or may not be removed from the server of the company or individual operating the service. This is bad from a privacy perspective, as companies may still use the data associated with the account.
What's clear is that you won't be able to sign in to the account anymore and that you don't have access to it anymore. What may happen however is that deleted usernames may be distributed again after a period of time.
This can be problematic for a number of services including email, social media, messaging, or any other account type that may either reveal information about you, may be used to impersonate the previous owner, or may be used to gain access to other accounts.
PC World reported back in 2013 that Microsoft was recycling Outlook email accounts, and CNET that Yahoo did the same thing.. Microsoft is not the only company that does that. Twitch announced this year that it will begin to recycle accounts as well.
While the reusing of deleted or inactive accounts adds these usernames to the pool of available names again, it poses a security and privacy risk that users need to be aware of.
This may not be a problem for a throwaway account that you created to access a service or content. If you did not link any personal data to it, and don't need it anymore, you probably don't care what happens to that account.
If the account is linked to personal data however, or an email account that you may have used to sign up for other services, then you may not want to delete that account.
Your option
Instead of deleting accounts, you could remain in control by not deleting it. There are a couple of caveats however that you need to be aware of.
Some companies delete accounts if they are inactive for a certain period of time. You can avoid this happening to the account by checking in frequently, or by using services that automate that for you.
Have an old email account lying around that you don't want to lose but have no desire checking every now and then? Use a service like IFTTT to keep the account active, or integrate it in another service or program to sign in regularly this way.
Another thing to consider is that data that is associated with the account remains available. You may want to delete some of it, for instance posts on Facebook, or any other data that is either publicly or privately available as part of the service.
Ghacks reader STech suggests that you change the password to a very secure one. This is not necessary if the password is secure already, but if it is not, or if it is reused elsewhere, you may want to change the password to a unique secure password that no one can crack in a reasonable amount of time.
Now You: What do you do with accounts you don't need anymore?
Genuine discussion… Smart commenters… How do you maintain it, Martin, without even requiring sign-ups ? I’m amazed.
I dislike creating accounts, too. Unfortunately, having been laid off and now being severely underemployed, I am continually on the job hunt. A good majority of these companies require account creation to apply to their positions. The list of accounts I’ve had to create in the last 2.5 years since being laid off is too high for my taste but I’m not sure I have any other choice. And since no one’s hired me out of any of these, they’re all one and done accounts. I feel way too exposed looking for a job and I’ll definitely be changing my phone number once I find a decent position.
I create a lot of accounts (like 2-3 every month) simply because I have enough throw-away mailadresses and a passwordmanager to give everything long secure passwords.
I never delete them because you can never know for sure that the homepage owner also delets your stuff. Simply don’t post personal data. No problems with identity theft / unwanted recycling.
If they delete my account by themselves for inactivity, chances are high that they really deleted it for slimming down their databases.
What do you think about using Google OAUTH instead of creating separate accounts?
I’m fairly sure ebay recycles usernames too, but they allow you to change your username too so that probably shouldn’t be a surprise.
If you can’t delete account, make them useless. Just write in some useless data (Name, Nick, Mail etc)…
the answer is YES and NO, when your scared like Clinton selling secrets on your unauthorized pop3/smtp server then bleachbit might be in order yet keep the 123@mail.house.gov (that’s just a cool account any way you swing you want to keep that for your spy-ring), but if you signed up to google+ like General Petreus and tried to communicate using rough drafts then YES maybe delete before you get hit by the FOIA.
/sarc ?
I use a different set of email and password for each and every account, and everything goes into Kee Pass. Of course, information is fake unless true data is necessary. You can’t possibly delete all past accounts. Think of all the e-merchants you’ve once registered at, either to buy something or just to look up shipping charges. Plus all the forums. Plus all the newsletters.
Now strategic accounts are a different matter : Facebook, mail providers… I don’t use any social networks, so I limit the problem.
The problem with deleting accounts is that you lose access (and possibly implied rights) to the data. I expect Linkedin keeps all the edits as well as current data showing, so updating data isn’t deleting the old. I suggest sanitising Linkedin, for example, by deleting everything but a skeletal job history and som valid email. That way old contacts trying to find you again can (your benefit), but aggregators and analysts don’t get the interests/skills/likes data to harvest.
Of course it’s best to create as few possible accounts as possible, but in some situations creating an more-or-less permanent account (not a throwaway but one that you can return to) is hard to avoid.
In the ongoing battle against data harvesters, one thing to remember is that some data, once established, can be hard to change afterwards. In other words, the moment when you **create** such an account is crucial. So where possible, enter fake data (name, birthday, location) right at the moment when you **create** the account, not as an afterthought later. For the same reason, try to use a VPN (if workable, set to a different country altogether) during this process of **creating** the account.
One other small thing to remember is that fake data should not be too conspicuously fake. For quite some time in the past, when creating some new account, I routinely entered January 1, 1900 as my date of birth. I thought this was fun but actually this was rather stupid, as it would make me stand out in any age-sorted list! Entering a more plausible random date would have been much better.
Forum accounts are usually more problematic than regular service accounts as forum software traditionally hasn’t been written to facilitate account deletion, only banning, disabling and that sort of things.
For people who have been online for a while, the number of forum accounts is pretty substantial, and as far as i know almost no forum software allows you to delete an account. Some places you can ask a moderator to do “something”.
I have a question about sites that don’t let you delete your account…
In the past, I “deleted” some of these accounts by removing any personal information, changing the password and then changing (and later confirming) the e-mail address to a throwaway (like those from 10minutemail.com and others).
Considering that there’s no personal information there, aside from the username itself (and server logs, I guess), is this a bad approach?
Of course, these days I’m more conscious about that and, as others here, I avoid creating an account in the first place.
Wondering why so many sites require signing up for an account. But I assume they make money with the information provided.
As a matter of practice, I go to great lengths to avoid creating accounts in the first place, thus avoiding this issue. But when I do, if the account is no longer one I want, I delete it. Before I do so, though, I delete (or edit to become nonsense) all of the information inside it that I can.
I also make it a point to very seriously consider if I really need to open any new accounts and as it turns out I haven’t created a new one in 6-7 years. It seems that at some point everyone has been hacked so I just practice caution or maybe the correct term should be ‘avoidance’.
+1 ….Ditto !
+1 for not creating accounts in the first place. Also, avoiding sites that require account creation.
Yeah, I always liked that about Ghacks. No sign-up nonsense: just post a comment and be done with it.
I have an email account that I’ve used for years, only for online accounts, only to register on forums and websites and I don’t have any contacts associated with that email account. If by chance I want to close an account that for whatever reason I used a different email on I will first change the email to my ‘throwaway’ email account, wait a couple days then delete the unwanted online account.