Opinion: deleting online accounts should not be hard
The number of online accounts is growing for the majority of Internet users over time. Users sign-up for new services and may abandon others. Some services get sign-ups just for testing, others may be used for longer periods of time.
It is inevitable that some accounts won't be used anymore. Most users don't delete online accounts of services that they abandon, but let them sit idly instead.
There are several reasons for that, and one of the primary ones is that deleting online accounts can be painfully difficult. There is no standard procedure that users may follow; some sites may not even offer a quick delete option for user accounts. It may be necessary to contact support or even send them a Fax to get an account deleted. Even sites that make it less difficult may require some digging in the account settings or support pages to find out how the account can be deleted.
Some sites make it difficult on purpose, to retain user accounts. While investors do focus on metrics such as monthly active users or daily active users, having a large user base may still attract investors or advertisers.
Time may also play a part in the decision. The prospect of having to dig deep into a site just to find an option to delete an account, which may not exist, is often enough to deter users from even trying.
Reduce your digital footprint
Accounts leave a digital footprint, as most of them may be linked to an email address, phone number or other information that can be linked directly to a user.
While some Internet users may not care about the ever growing footprint of theirs, others do. Keeping old accounts around may also be problematic from a privacy and security point of view. Sites and services may get hacked, and data may fall into the hands of criminals who may be able to exploit it. Other parties may be interested in the data, and some of it may be outright embarrassing if it should leak.
Many Internet users use the same email address and password for their online accounts; a breach of one may result in a domino-like falling of other online accounts at the hand of the attacker.
There are also services that may be used to sign-in to others. Google, Facebook or Microsoft accounts may be used to sign-up for other services. The links need to be severed then not at the site a user signed-up for, but at the site that was used to complete the sign-up.
Closing Words
Online services and sites need to make it easier to close accounts. While some offer links to delete an account on their homepage, others make it harder as it should be. Right now, it may take days to delete a good number of old accounts on the Internet.
Now You: how do you handle old accounts? Keep or delete?
Martin, congratulations on raising this issue. It should be centre-stage in internet security discussions.
Last month I spent many, many frustrating hours trying to remove accounts that I no longer needed. It was an absolute nightmare.
* In no case could I remove the account online. I had to email them.
* Some websites no longer exist, with no explanation at the URL. What did they do with my personal data?
* Many orgs pretended that I was just trying to change my password, and when I insisted that I wanted the account removed and my data shredded, they just repeated the advice or wrote totally confusing replies.
* The further question about removing my personal details from their servers was almost never answered..
I think that in the end I managed the satisfactory removal of just two sites. I gave up.
This is surely a worldwide scandal on the internet. Strength to your arm in the battle.
I signed up for an account to an Android app a decade ago and recently got a newsletter update from that app.
I immediately looked into how to delete that account as I haven’t used it in so long. The only way to delete the account was to email customer support. This is incredibly annoying, so I completely agree with Martin here.
I also hate deactivate or close account. When I want to delete my account, don’t hold it hostage, let me F-ing delete it!
I remember about ten years ago, it was quite easy to cancel\delete accounts, when I was a teenager I was very curious and often registered different accounts to experience different services, but after a while I would cancel them, and then I rarely went to new sites, I wonder what the current situation is like? Has it become more difficult? But I rarely indulge in social networking after I passed my teenage years, and I have very few accounts on social platforms.
I use bugmenot.com which has logins that you can use/share. Saves having to create your own account on many sites.
Is it still around? The site was focused on logins for free news sites that force you to sign in just to read, not a substitute for logins in general.
Martin, another issue that is in a way related, that many miss, is what to do about accounts once one passes away.
Several social media sites have provisions that one can configure.
But, many don’t, and/or don’t have clear instructions on what the survivors can do about it.
Do we all want our accounts to go idle in perpetuity?
@BM You are right, this is a subject which needs attention.
At Flickr a beloved one of you can ask the Flickr staff your account to be kept active after you have deceased. After your death Flickr changes the name of your account in In Memoriam: followed by your user name.
That person must give proof of death (obituary, memorial card, death certificate etc.) and any additional information related to the request.
As far as I know this is forever. I know a account from someone who has passed away for 6 years.
Google accounts can be held active for 18 months or shorter.
You can make an inactivity plan yourself. There must be someone who you give consent to manage your accounts after you have gone.
33 mail and a long unique password generated by Keepass for all American and other dubious countries regarding privacy. No offense ment to the USA. In most of European countries aliases from my true e- mail account.
European websites are not inherently safer than American ones. They run the same risk of being hacked wholesale, which is the main way your email address gets in the hands of spammers.
If you have a 33 Mail account, use it everywhere. There’s even a case for using 33 Mail aliases for your friends and family, although that might seem weird : they may very well get their email account hacked, at which point your address becomes spam fodder, too.
This sounds like an opportunity for an enterprising developer to start a new service to delete accounts. Imagine being able to use a service to delete multiple accounts at once. I’ll bet it would have double digit growth for years if not decades to come. The only question would be how to make a profit. Still I would probably spend some money just for the convenience.
Depends on the type of site. If it’s dealing with non-public content like email or whatever, deleting it is all fine and good. If it’s a public forum though, account deletion should never be allowed. Randomize your private, personal information? Fine. You should not be able to push a button and remove foolish things you’ve said from history though. There is absolutely no good that comes from replacing personal responsibility and thinking before you speak with infinite do-overs.
Yours is a very extreme form of free speech denial.
Even the wokest and craziest leftists don’t argue for that : they want to erase and cancel all non-correct speech. You want it to stick for ever !
If someone regrets something he has posted online, of course he should be able to delete it.
This is only a problem if, like most morons these days, you use your real identity to comment online. Take this very site’s comment section – although we have colorful characters like Iron Heart, nobody knows who he actually is so what he says here isn’t going to matter to him years from now.
The stupidest thing to have happened was the shift of the internet from anonymous by default to your real identity all the time and mobile number mandatory signups by default, courtesy Facebook & Whatsapp.
No, he should be able to apologize for it or explain it, not wind back time and have never said it.
I don’t have a problem forgiving someone for saying stupid things when they’re a teenager, teenagers are *supposed to* not know their ass from a hole in the ground.
Likewise I’m perfectly willing to overlook the occasional drunken rant. I enjoy an adult beverage now and then myself and know full well that it’s not terribly uncommon to say things you later regret.
Hell, I’m even willing to take into account that people are just occasionally wrong about something. I have been once or twice myself. It doesn’t make them evil, just wrong. Hopefully temporarily.
Under no circumstances am I willing to pretend the truth is a lie to spare anyone’s feelings or reputation though. If you say something, you said it. Now and for all time. And no technical methods or amounts of regret will ever change that.
@ The Mighty Buzzard
You’re talking like you were the master of the universe. I’m sorry I need to tell you you don’t get to decide what people can say, not say, publish or unpublish.
As of today, even the most censorious of social networks, forums and the like allow users to delete their posts. Not Ghacks (which is a blog), funnily enough since we’re having this conversation here, but plenty of others.
Also, there’s this small detail of the law. There are plenty of them, in various countries, which give the author full control on his writings. For instance, some laws say that a writer, or even the heirs of a writer, can forbid the publication of some of his books. GDPR is another example.
I suppose if I was obnoxious enough, I could ask Martin to erase my comments off Ghacks on the grounds of GDPR, even though there isn’t an embedded command for commentators to do this (although I won’t request this, of course).
The Internet is not some sort of fantasy land sitting apart from the actual world.
Clairvaux: You could ask but US companies are under no obligation to even know what the GDPR is unless they explicitly set out to do business in Europe. Just happening to have some European users means nothing. You have to have either European servers/domains or make special efforts to accommodate payments or such from Europe.
And since you asked, I think I’m a guy who up until I quit last year I ran a news discussion site with tens of thousands of active registered users and hundreds of thousands of anonymous users.
I get it. You’re cowards who like mouthing off horrible things to others to signal your virtue and you never know when the political winds will change and your comments will suddenly qualify as politically or socially repugnant, so you want a way to have everyone pretend you never said them. Well, tough. Put on your big girl panties and stop saying things you might be ashamed of later.
The problem isn’t even that it’s hard. It’s that if you delete the account, then the company nukes all digital content that you purchased from them. Books, games, movies, everything!
It’s like if I were to phone up a local retail store, tell them I won’t be shopping there anymore, and then out of retaliation they sent goons to smash up all the stuff that I already bought from them.
Is that the case for Amazon, for instance ? Do you really lose all your books if you close your account ?
I have bought a Kobo reader recently, but I only download public domain books, precisely for this reason.
The general rule is that any and every service which utilizes DRM works this way, because literally the whole point of DRM is to make sure that you don’t own, and can’t keep the things you buy.
You don’t even have to break the rules or choose to close your account to lose your purchases, the company just has to arbitrarily decide that you shouldn’t be allowed to enjoy them anymore for whatever reason, and poof, they’re gone in an instant.
https://www.flatpanelshd.com/news.php?subaction=showfull&id=1657022591
I mostly don’t bother.
All my accounts are created using a password manager. Then :
– Unique email address provided by an alias provider such as Anonaddy or 33 Mail.
– Unique, long and random password.
– Fake information given to the site every time this is possible, and duly recorded in the password manager in case the site asks me. For instance : name, physical address, date of birth… It’s easy to know when the site asks for information it needs. You’ll obviously provide your true date of birth to a government site. An e-merchant does not need it.
Once those preventive measures are taken along the way, I find there’s no need to obsess about deleting accounts.
Especially since it often seems so difficult. Especially since the site may keep your data anyway, even after your account has been deleted.
Also, when checking old and unused accounts, I often find that access is impossible anyway. Sites may delete themselves unused free accounts, force you to a password change after a major website overhaul, which has the consequence of locking you out if you don’t do it before the cut-off date, sites and services disappear altogether, etc.
If you live in a GDPR country then often the easiest option is to sent them a Right to be Forgotten request. You could include a Data Subject Access Request a long with it too.
Then they have to do all the work of closing your account and deleting data. It’s often a lot less hassle (for you, for them it sucks).
@kuro68k, I’ve heard about this Right to be Forgotten request (within GDPR compliant countries is it?) but I’ve never known (or bothered to know) how to proceed. I’ll dig into that.
For those of us who have opened their account with a real email address, wish to close the account but wonder what will become of their email address, there is a workaround which possibly works :
Get yourself a disposable (temporary) email address. Log into your account. Change your true email to the disposable one you’ve previously created. Then the site will check or not the address. After that close your account and delete the disposable email address (make sure you’ve confirmed before email confirmation request if applicable). From there on ; has the account site replace your old email with the new one or did it keep both? No idea, but it’s worth a try I guess.
About Disposable email addresses (DEA) : we’re all aware that some sites refuse DEAs on the basis of their listings of such services (as with VPNs). This can lead to surrealistic situations : several years ago I had subscribed to a TV service called [molotov.tv] and provided then a DEA : the site refused it arguing a known email provider was required. OK. I proposed a fake GMail email address (highly unlikely existent given the esoteric name I had provided) . Because they’d send no email confirmation… they accepted the fake gmail address whilst the DEA was authentic, valid. Relevant of a company’s aberrations when they stick to the policy and forget common sense.
> I proposed a fake GMail email address.
Why ? Supply a real one. Only not your main Gmail address. One you will make up specifically for those cases.
It’s very risky to assume you can use an online account without the website being able to send you mail. Even if it does not require verification (most of them do), it might be very much in your interest to receive what they send you.
Example : the site policy changes. From that point, free accounts will be deleted unless you log into them every x months.
Or : unfortunately, our website has been hacked. You need to change your password as soon as possible.
Or : we’ve completely reprogrammed our site, and it is so much better. However, you now have to change your password before the end of next month, otherwise you’ll lose your account.
And so on and so forth.
@Clairvaux
> Why ? Supply a real one. Only not your main Gmail address. One you will make up specifically for those cases.
That’s what I had done as explained in my comment you refer to. The company had refused the true DEA which is why, with a smile, I initiated the fake Gmail address in order to check if a company that refuses a true DEA could at the same time accept a fake email provided by an institutional” email provider.
Note : Gmail but could have been another, in all cases I don’t want anyone being bothered by an invented (fake) email address which is why I invented an “esoteric” name to lower that risk.
Of course I was aware of the risk the site [molotov.tv] would verify this fake email address. I took the chance, Plan B being that if verification occurred and therefor failed I could always then rectify the address and provide a real, true one. It happened to work, but of course this scenario is not a proof of concept so to say, only a calculated risk which turned out with success. I must point out, and that will nourish your argument, that once [molotov.tv] had accepted the fake Gmail address I contacted them (via their contact form providing my valid DEA , not from the fake address of course!) to describe what I described above : they answered, agreed, and accepted my DEA.
The general idea was, is to use a Disposable Email Address specific to each account but to be aware that some sites may refuse an email address when they have the email provider listed by them as a disposable email provider and that they refuse such providers. This refusal is understandable because “disposable” is widely conceived as strictly temporary when in fact it may have its validity depend only on the user’s decision if the DEA provider of course includes such options.
Quote Keeping old accounts around may also be problematic from a privacy and security point of view. Sites and services may get hacked, and data may fall into the hands of criminals who may be able to exploit it.UNQUOTE
Leaked email etc info does not only come from sites that are hacked!!
In my opinion a lot of date is stolen and sold by employees. That is an easy dollar and no hacking effort is needed.
Even if you delete them on your end, who can tell if the data doesn’t still remain on their servers? Kinda like the shadow profiles where you may intentionally refuse to have an account on some websites, but regardless of that that website has already been building you a shadow profile.
One month ago I tried to delete an email account and it was so hard to find how to delete it that I spent hours over the internet to know how. It’s certainly amazing how difficult is to cancel a service. Thanks for the article! :]
As a software developer by occupation, when you say “delete an account”, this will often be a “soft delete”. Your details are not actually erased from the database (or, just as likely, databases, as your data may be spread over several of them), your account will just have a Deleted flag that is set to Yes.
Often this is because companies are obliged by law to keep your details. For example, in the UK accounting laws require records to be kept for at least six years.
As a software developer, this is because deleting one entry will break other entries as they are connected with each other(foreign key)
Are we really deleting accounts or simply deactivating them, with the site keeping any information we’ve entered?
For non essential accounts, I use temporary email addresses.
I’ve been using fictional information for practically all of my internet accounts ever since a string of data breaches and Have I Been Pwned alerts throughout the last 6 years.
Same here : temporary email and fake data when required (name, address etc.) for non-business and non-administrative accounts. Otherwise, a true email address alias for business. Finally, my main email address for administrative accounts.
I’ve never had to face an account deletion’s odyssey, fortunately. I must say I don’t open many accounts.
Some links which may be useful :
AccountKiller [https://www.accountkiller.com/en/]
Just Delete Me [https://justdelete.me/]
How to remove? Clean your computer! [https://www.how-to-remove.com/]
Permanently Delete Your Account on Popular Websites [https://www.smashingmagazine.com/2010/06/how-to-permanently-delete-your-account-on-popular-websites/]
What I have encountered once only is a paid subscription that continued to withdraw the annual fee from my bank account even though the account had been closed with email confirmation moreover from the company : always keep an account’s termination confirmation when closing an account, especially if there’s a renewal fee going on.
Excuse the off-topic.
Dear Tom Hawack,
I am relieved to see that the recent uproar about your topic has not dampened your enthusiasm for posting to gHacks.
At that time, you declared that you were going to “filtering by UBO” certain commentators submissions, and I was wondering if that measure might be too much in the interest of tolerance and diversity.
But surely repeated “FUD, Agitation, Self-righteous assertions, and Intolerant behavior” are just as harmful and unhelpful as a kind of “advertisement,” and I have decided to follow suit.
I look forward to more of your reflections, which are as refreshing as mountain spring water.
Best regards
Good morning owl,
– Ghacks, its admin, its articles, its guests and their comments is one thing, being upset by a specific user’s trolls is another. Mixing them all in order to provide to myself an “all enemies, all bad, out of my sight” package would be under a fetus’ brain capacities :)
– I read you loud and clear. I could have simply applied the uBO filters aiming removal of a Ghacks user’s comments without mentioning it. I admit that a slightly enhanced respect of education would have imposed a silent decision and that irritation and exasperation prevailed on a quiet solution.
Remains it is a personal decision free of whatever “appeal to the people” : I’ve never mistaken my decisions with considering them as a universal truth. Moreover IMO refusing further contact with someone is not related to a judgement in terms of morality and intelligence : I don’t judge, I just happen to be fed up and rather than loosing my time on a ring I choose to get a beer at the corner’s bar with those who don’t get me exasperated, which doesn’t mean with those who agree (nothing is worse than a wimpy consensus) but with those who are, IMO of course, intellectually honest.
I invite no one to follow my very personal decisions. After more than ten years on Ghacks I’ve read, learned, debated with great pleasure. Enthusiasm is not ready to vanish :)
Before opening an account, before buying a subscription, an interesting site review IMO is,
TrustPilot [https://www.trustpilot.com/]
I mentioned in my above comment this yearly paid subscription which had been closed with nevertheless the annual fee withdrawal from my bank account being maintained.
I don’t know if Martin will accept the following information which concerns the payment processor company which handled incorrectly (we’ll state it that way) my undue payments. I had tried to know if other users had encountered the same problem. The processor company was that chosen by an add-on available on AMO for extra features. I won’t say what add-on but maybe the following reviews of the processor company may illustrate the pertinence of users’ feedback before starting a payment (which I had omitted to check, unfortunately) :
TrustPilot – Paddle Reviews [https://www.trustpilot.com/review/paddle.net]
It appeared then that I wasn’t the only one to have encountered a company’s “mistakes”.
The add-on developer had no responsibility, he had just happened to choose the wrong payment processor company. I had emailed him, i’m convinced of his honesty, moreover given he had no benefit himself from the payment company’s “mistakes” (gosh, is that poorly written!).
So once gain let us inform ourselves before lightening our wallets :=) You guys must know that!
Thanks (merci) Tom for the sites.
Indeed. Thanks Tom.
https://backgroundchecks.org/justdeleteme/
Whenever I have to create an account on a site, first I check how easy it is to delete an account afterwards. Then biggest hurdle is how many details that account requires. That step has saved me hundreds of accounts which I then never created. If a service is essential there’s no choice but to create and those are the ones that are harder/impossible to delete. And those are the ones that need to have a deletion process.