Discord will not delete your chat messages

[cloudrac3r]

Messages you send are extremely personal information, but on Discord they will not be deleted when you delete your account. Every message you have sent will remain, though will be "anonymised" by changing the display name on the message to "Deleted User [Identifier]".

There is no way to mass delete your messages at all.

I don't think this is good enough for a 100% rating in this category. I'm not sure how I should edit the information on the page to reflect that.

https://github.com/Politiwatch/privacyspy/blob/088702d2141d926dc44dd9f7b9edfab0d564bc4d/products/discord.toml#L36

[privacyspy-bot[bot]]

Thanks for submitting this issue. @milesmcc has been assigned to determine next steps.

To learn about the PrivacySpy contribution process, check out the contribution guide.

[milesmcc]

Hmm, this is tough. It's unclear whether this is a violation of the current selection ("yes, using an automated mechanism") or not. We could change this to no, but then we'd have to reckon with whether we'd need to change Wikipedia's scores as well (after all, there's no way to 'delete' a user's edits). @ibarakaiev what do you think?

[cloudrac3r]

That's a fair point. I think on discord it's more of a problem than on wikipedia since direct messages you send to your friends are likely to be much more personal than factual edits on wikipedia about some specific topic.

[ibarakaiev]

@milesmcc I'd say we should stick with the current selection for Discord, because messages are user-generated content that is shared with many other users (not just with Discord as a company). Perhaps we should modify the rubric to say that data deletion only applies to personally identifiable data?

[cloudrac3r]

Depending on what the person used discord for, there's every chance that their messages contain personally identifiable data.

[QuickWrite]

The problem is that you can still access files even if the message has been deleted. This can be done simply via a link. These files are also not protected, which means that anyone can access them if he has the link (which is very unlikely, because you have to do this via bruteforce and this would take an immensely long time).

Everything that is sent to Discord stays on Discord and people who may have accidentally sent the wrong thing will have a hard time getting rid of it (you'll probably have to write to Discord themselves).

[Deivedux]

Calling Discord messages as "extremely private" is a bit of an exaggeration, in my opinion. Given that Discord's primary message storage are from community servers, the fact that every content hosted on a CDN is easily accessible via a URL, and that the messages themselves are never encrypted suggests that your messages on Discord were never private to begin with, which makes it rather easy to argue that the said data cannot be anything more than just "user-generated content", and whether users want to use this method of content generation for actual private communication is entirely up to them, not to the platform.

[doamatto]

It's been a few years, so I'd like to re-visit this and get the rubric updated.

Recap of above

- `clodurac3r` (correctly) reports that Discord doesn't delete messages when you delete your account, instead psuedoanonymising them with your user being replaced with "Deleted User [UUID]" - Miles mentions that a score change here would need to have a score change on services that have histories that can't be removed or wouldn't be removed automatically (like Wikipedia, Git services, et al.) - `QuickWrite` says that files uploaded can't be deleted ever, except at Discord's discretion

I think a solid move would be adding a new score, making rubric.data-deletion have the following possible values :

• no @ 0% — You can't delete your data at all. Alternatively, the process is akin to deleting all of your messages on Discord ever (basically impossible)
• yes-contact-slow @ 50% (new criteria / lower score) — You can delete most everything that doesn't have to be withheld by law (such as financial reportings) by sending something in the post. Sending a fax might be an option, but given its ever shrinking prevalance, it should be as good as not being possible. It's better than nothing, but I feel it should still be penalised for not "getting with the times", so to speak.
• yes-contact @ 60% (criteria change) — You can delete most everything that doesn't have to be withheld by law (such as financial reportings) by writing an e-mail or making a phone call.
• yes-automated @ 100% (no change) — You can delete most everything that doesn't have to be withheld by law (such as financial reportings) yourself with a reasonable length of waiting (Facebook iirc has 30 days, pixiv is more or less instant) and with more or less one-click (a delete button, maybe clicking a link in your e-mail, et al.)
• na @ 100% (no change) — You can't delete anything because there's nothing to delete.

Additionally, a new rubric criteria, say rubric.data-deleted, having the following possible values :

• none @ 0% — You can't delete your data or, if you can, nothing actually gets deleted. I can't think of a single place where this is the case, but you never know !
• anonymised @ 40% — You can delete your account and most of your data, but some information will stay around. Your username on a platform will be randomised with only the messages you sent to people directly or the messages in a public place (such as public chat servers, edit logs, et al.) will persist.
• anonymised-public @ 60% — You can delete your account and most of your data, but some information, such as an edit log or Git history, will likely stay around. This is mostly meant so as to not penalise services like Wikipedia too much given the importance of the edit logs.
• all @ 100% — You can delete everything that doesn't have to be withheld by law (such as financial reportings)

I'm flexible on both of these, but I'd like to hear thoughts where possible, especially @milesmcc and @ibarakaiev.