Feb 20 2010

We've all used websites where a user account is required. What happens when you decide that you don't want an account on a certain site any more?

The number of sites who haven't thought about this problem and implemented a sensible account deletion policy is staggering. Yet I believe that sites can deal with this problem in a way that is easy to implement, will reduce support costs and increase goodwill among their (ex-)user base.

Read on, and see what you think. We're going to put this method to the test with Get Your Game On, and I'll post back here with the results once it's been in play for a while.

The User Perspective

The site that raised my ire today was Posterous. They offer a cool service, and I thought it might be a good way for my mother to keep a website about her Golden Retrievers, but it turned out Posterous wasn't a good fit for her (she was more interested in having lots of static pages and image galleries, so we went with Google Sites in the end).

This left me today hunting around in the Posterous UI for the "Delete my account" button - a hunt that ended in failure. It's not possible to delete a posterous account.

As it happens, you can do some clicking around and delete almost everything until you're left with one empty blog. But why can't an account be deleted? While we might not have any blog posts in the system any more, Posterous still holds my mother's e-mail address and other details, and in theory could decide to contact her in future - something that she clearly won't desire [1].

To my mind, this is the key point: Deleting an account is actually sending a message to the site saying I do not give you permission to use my data any more. Please do not display my data on your site, tell people that I am a user of your site, or contact me in any way about your site.

The Site Perspective

As a software engineer, I know it's possible to implement user account deletion. But I also know it's a lot harder than simply going through the site with a chainsaw, deleting anything remotely connected with the user. Here are a few considerations:

  • It's completely impractical to suggest that user data be deleted from site backups.
  • Any data the user added to the system which is displayed in the context of other users' data is nearly impossible to delete sensibly. For example, forum posts in a discussion forum - if we were to simply delete all posts by the user, we'd completely trash the meaning of the threads they were taking part in.
  • Some users delete their accounts accidentally, then frantically contact support asking to be undeleted!

Here are some things a site can do when a user account is deleted without too much bother:

  • Stop displaying any of the user's data that exists on its own - for example, a profile page.
  • Prevent anyone from logging in to the account
  • Don't count the user in any user lists or reports about active/existing users

Most sites realise soon enough that it doesn't matter how cool they are - people are going to want to delete their accounts. This is an operation that has no inherent financial value for them, therefore they want to minimise the time spent dealing with it. This includes support time - a constant stream of people requesting account deletion is a support headache and a source of friction a growing site doesn't need.

Website needs, User needs

Having seen both sides, we can now make a list of the things users and sites want regarding user account deletion:

  • Users do not want to be associated with the site any more.
  • However, users do sometimes want to be able to undelete their account.
  • Users would like as much of their data deleted as possible.
  • Sites don't want to waste time trying to implement impossible and undesired things like removing user forum posts.
  • Sites don't want to deal with a constant stream of requests for accounts to be deleted

I believe all of these objectives can be achieved with a little bit of thought on the part of the site.

A Working Implementation

Let's call this the "Disassociation Method" of account deletion:

The site should provied an account deletion button. It doesn't have to be prominent, or referenced in any documentation if that is not desired (and let's be honest, what site really wants to highlight this?) - but there should be such a button available to all users.

If the user clicks this button and confirms their action, then from their point of view their account should appear to be deleted. In the Posterous case, visiting my Mother's blog should result in a 404. If they were sending her any e-mails, those e-mails should cease immediately.

An important note here is that the site probably shouldn't tell the user that their account can be undeleted at any time, even though this is possible. The site is looking to reassure the user that deleting means the user won't be associated with the site.

After some time, if the user decides that they want to un-delete their account, they can contact support and ask for this to be done. It's at the site's discretion whether to undelete the account or not, but at least the site is able to make that choice.

Ethics

"Whoa!", you might be saying, "You just redefined delete!".

Ethically, I agree that you have a point. From a practical perspective, you could try using words like "disassociate", and try explain to users that you're keeping their data to save them from themselves, but I'm not sure if that's going to help do anything other than soothe your consience. Perhaps you might be better off with explaining the details of how account deletion works in your terms and conditions.

Practicalities

"We've tried implementing account undeletion before, and it's too hard!".

Rubbish. Go read this article about how you messed up your schema, then go do it properly.

Summing Up

Account deletion is currently done poorly by most sites. With a little thought however, sites can largely neutralise any problems it causes without spending much of their precious time.

[1]Yes yes I know that we could fudge her details, turn off notifications, maybe change the e-mail address if that's allowed - although it seems posterous requires you always have a valid e-mail account on file with them - but this is all beside the point. Posterous still thinks my mother is a user. Deleting an account shouldn't require playing games with the system.

Like this post? Subscribe to my RSS feed and follow me on twitter to hear about new posts early.

Want to share this post?

blog comments powered by Disqus