To @ildi's first question, I think this question really gets to the heart of what we're trying to do with Forem. Although having full access to our database would be the most transparent way (for a former member to prove the absence of their data after they request a deletion), we all recognize that the outcome of that would be giving everyone access to everyone's data. As far as personal privacy goes, that wouldn't be ok (and would definitely fall foul of GDPR laws!)
One of our reasons for being open source is to try to reach levels of transparency that just aren't possible without giving away other people's privacy. Here's the part of our codebase where data deletion begins after a deletion request. You can see that we have several functions built in here that determine what data belongs to the user, and ensures it doesn't unravel other interactions on the site. We don't rely on manual deletion, because this would be just too much to expect a Forem admin to process for each deletion request.
Without publicly-visible code, we could only speak to the way we manage our own communities and their data. By building the software in the open, and automating the deletion processes according to this logic, we hope Forem is a viable community platform that provides peace of mind, for both members and admins, that data is handled responsibly and cautiously.
If you ever want to test that your data is deleted after you request deletion, you could always create a new account using the same credentials. That would confirm that those credentials had been removed from the system upon deletion, otherwise you wouldn't be able to create a new account with them.
And to your second point, the email verification is required for members to switch their accounts over to email-only sign-in, if that's enabled on your Forem under /admin/customization/config > Authentication - hope this helps make sense of that one!
If you ever want to test that your data is deleted after you request deletion, you could always create a new account using the same credentials. That would confirm that those credentials had been removed from the system upon deletion, otherwise you wouldn't be able to create a new account with them.
I think being open-source and having the option to spin up your own Forem and test things out on your own is the transparency that im looking for, so this was a great explenation, thank you @ellativity!
And to your second point, the email verification is required for members to switch their accounts over to email-only sign-in, if that's enabled on your Forem under /admin/customization/config > Authentication - hope this helps make sense of that one!
As you know 1VIBE is currently invite-only but I had email and Twitter login enabled before. So im confused why all members (30+ users) shows up as "email not verified". Most members did sign up via email so shouldn't it say "verified" for them?
As you know 1VIBE is currently invite-only but I had email and Twitter login enabled before. So im confused why all members (30+ users) shows up as "email not verified". Most members did sign up via email so shouldn't it say "verified" for them?
You know what? I'm going to look into this further, because this doesn't make sense to me either...
For further actions, you may consider blocking this person and/or reporting abuse
Thanks for the reminder, @jennieocken!
To @ildi's first question, I think this question really gets to the heart of what we're trying to do with Forem. Although having full access to our database would be the most transparent way (for a former member to prove the absence of their data after they request a deletion), we all recognize that the outcome of that would be giving everyone access to everyone's data. As far as personal privacy goes, that wouldn't be ok (and would definitely fall foul of GDPR laws!)
One of our reasons for being open source is to try to reach levels of transparency that just aren't possible without giving away other people's privacy. Here's the part of our codebase where data deletion begins after a deletion request. You can see that we have several functions built in here that determine what data belongs to the user, and ensures it doesn't unravel other interactions on the site. We don't rely on manual deletion, because this would be just too much to expect a Forem admin to process for each deletion request.
Without publicly-visible code, we could only speak to the way we manage our own communities and their data. By building the software in the open, and automating the deletion processes according to this logic, we hope Forem is a viable community platform that provides peace of mind, for both members and admins, that data is handled responsibly and cautiously.
If you ever want to test that your data is deleted after you request deletion, you could always create a new account using the same credentials. That would confirm that those credentials had been removed from the system upon deletion, otherwise you wouldn't be able to create a new account with them.
And to your second point, the email verification is required for members to switch their accounts over to email-only sign-in, if that's enabled on your Forem under
/admin/customization/config> Authentication - hope this helps make sense of that one!I think being open-source and having the option to spin up your own Forem and test things out on your own is the transparency that im looking for, so this was a great explenation, thank you @ellativity!
As you know 1VIBE is currently invite-only but I had email and Twitter login enabled before. So im confused why all members (30+ users) shows up as "email not verified". Most members did sign up via email so shouldn't it say "verified" for them?
You know what? I'm going to look into this further, because this doesn't make sense to me either...