Back

how to prevent deleted accounts from creating a new account

  • 0
  • Flutter
  • Auth
  • Cloud
Joshi
14 Aug, 2024, 12:50

I think the second option may still violate the GDPR law. GDPR is really tricky

TL;DR
Developers discussed various methods to prevent deleted accounts from creating a new account. One solution shared was to update the user's status to "blocked" using the provided endpoint, and then delete the phone value from the user object. This method would restrict the user from accessing resources while still retaining necessary data for prevention purposes.
Joshi
14 Aug, 2024, 12:51

Where are you from @d_honig ? Are you considering serving EU citizens?

darShan
14 Aug, 2024, 12:51

possibly. but then in a way, its not traceable to a user, nor identifiable.

Joshi
14 Aug, 2024, 12:52

It kinda is under GDPR law. Even if you hash the personal data it is pseudo personal information and that itself is not allowed to be saved

Joshi
14 Aug, 2024, 12:54

"If the user ID is unique, then the hashed user ID will be unique as well. Thus, the hashed ID will enable “singling out”, and would still count as identifying in the sense of the GDPR."

d_honig
14 Aug, 2024, 12:54

Yes, the app has to be GDPR compliant. However, we do have the participant's agreement to save their identifiable data for the length of the experiment, about 5 years, at which point we will delete all the phone numbers.

Joshi
14 Aug, 2024, 12:54

If we can identify the user this way then it is still a breach lmao

d_honig
14 Aug, 2024, 12:54

The hashing is an interesting option, I think it makes a difference if we can access their actual phone number or not, I will check

Joshi
14 Aug, 2024, 12:54

You are allowed to save their phone number?

Joshi
14 Aug, 2024, 12:55

Why do you not try to track the user via that way?

Joshi
14 Aug, 2024, 12:55

I think best option is still to prevent users based on their payment details

Joshi
14 Aug, 2024, 12:55

It's not like they can open back accounts or so

Joshi
14 Aug, 2024, 12:56

Uber EATS does it that way

d_honig
14 Aug, 2024, 12:56

Then I can block users instead, that is a great idea. I don't know if Apple has specific criteria for "delete account", and I doubt that they care that much if it's a blocked account or a deleted account, as long as the data is deleted at some point

Joshi
14 Aug, 2024, 12:56

You can delete the personal data yes, but do not delete the account

Joshi
14 Aug, 2024, 12:56

The reason is that the permissions in documents and files and whatever are still intact

Joshi
14 Aug, 2024, 12:56

A new user with the same userId can potentially abuse that

Joshi
14 Aug, 2024, 12:57

Just override all personal data and block the account

d_honig
14 Aug, 2024, 12:58

As you asked before, what does "account deletion" mean? I assumed it meant to remove the phone number, but this seems to be unfeasible. We don't have payment details, this is done via go gift, they send an email with gift card options according to their country of residence. I can ask them regarding the actual payment details, that is also a great idea. However, they are paid at the end of the experiment (10 days). If they participate for 10 days and only then we will know if they already participated, that makes things complicated

Joshi
14 Aug, 2024, 12:58

lmao even better

d_honig
14 Aug, 2024, 12:59

The account is based on the phone number. How to delete personal data without deleting hte account in this case?

Joshi
14 Aug, 2024, 12:59

let them waste 10 days and then you do the validation check at the end

Joshi
14 Aug, 2024, 12:59

if they are invalid they can eat a bag of d*cks

darShan
14 Aug, 2024, 12:59

i like this. but needs to be stated in the agreement beforehand 🤣

Reply

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more