As my previous post on closing my Last.fm account might indicate, I’m currently on something of an account-closing spree.
Closing online accounts seems to be a rarity these days, and more than once I’ve been asked why I bother. My reasons are pretty simple, so I suppose I care about them more than most people.
- The service knows my email address, which they can use to spam me about a product I no longer care about.
- The service knows my password in some form — if I’m lucky it’s suitably salted and hashed, but in many cases it won’t be. And like everyone else on the internet, I re-use passwords on several sites because I need my brain to remember more important things.
- In some cases, the service knows my credit card details, which I really don’t want falling into the wrong hands.
Closing a Last.fm account was pretty painless. Re-enter your password for security, click a couple of confirmation buttons, and you’re done — with the slightly odd proviso that it doesn’t delete forum posts in your name. Presumably this is so that the forum archives are still readable rather than being peppered with one-sided conversations, but it does suggest that after deleting your account, there is no longer any way of removing your forum posts at all.
Not the worst offender, though, by far.
Today I tried to close an account with an old web hosting provider, 34SP. There’s no obvious way to delete your account through their admin panel, so I contacted support and was told:
Unfortunately we cannot ‘delete’ your account. We keep accounts active for our records should any future changes need to be made.
What future changes? I am leaving your service.
This is far from the first time I’ve encountered this — the internet is littered with accounts of mine that still exist only because the service provider does not provide any means to close an account, often as an actual policy rather than just a programming oversight. It’s not exactly the hardest thing to program anyway, so there should be no excuses on that front. Here’s SuccessWhale’s account deletion dialog — enter your password, click a button, and everything you ever did is permanently erased.
I’m not sure when this practice came about, but it’s particularly frustrating to know that your email address and weakly-encrypted password are held by a company and there is nothing at all you can do to stop that being the case. Although the EU’s “Right to be Forgotten” by internet companies is largely unworkable and unlikely to make it anywhere near a book of law, it would be wonderful to see it demand that account deletion is actually possible.
In the mean time, I intend to stop by Terms of Service, Didn’t Read before signing up to any new online services, so I can make sure I only create accounts that I can one day choose to delete.
On TOS;DR, “No right to delete account” is a worryingly common sight.