Apply Name Change to quotes & user mentions (GDPR)

[Alpha1]

The EU GDPR forces a right to be forgotten which means that we need to be able to remove the name of person from our site. Currently this is not fully possible, except manually. Because user mentions and quotes still include the name. For big boards its not feasible to manually edit all posts. I have 2 million posts on my site and just 2 admins.

For example: at the current time I have 5600 posts here on XF.com If I would request a name change, then there's probably around 1k quotes and tags with my name in it. Its not feasible to manually edit that.

So please add a function that scans the database for quotes and user mentions for the user and replaces the name of the user.

 

[Slavik]

The argument is flawed because it premises an absolute right which does not exist.

But if you want to rename every quote, then power to you, if someone asks me to do that on my site, the response will not be friendly to be brutally honest.

 

[TeflonDon]

An other non-permanent option is to censor the name (or change it to other) with the already build in function.

Would that be Options>>Censoring>> then add their name on the left and what you want it to be on the right? Would that work for quotes too?

Can't you just use a wordfilter (profanity filter) in most cases? I once had a company send a lawyer to bother me because a user chose the same name as their company trademark. The user had already been banned so I just renamed the user and then used a wordfilter to change his username mentions into something else.

Did that work for quotes too? What add-on is that?

 

[dutchbb]

Would that be Options>>Censoring>> then add their name on the left and what you want it to be on the right? Would that work for quotes too?

Yes, works for all words in posts.

 

[TeflonDon]

Yes, works for all words in posts.

Thanks. The bolded is what i'm trying to change in a quote. I put the persons name on the left and something else on the right and it didn't change. Maybe there's a cron that has to run?

 

[dutchbb]

Thanks. The bolded is what i'm trying to change in a quote. I put the persons name on the left and something else on the right and it didn't change. Maybe there's a cron that has to run?

Should work at once.

 

[TeflonDon]

Should work at once.

Hmmm, doesnt seem to work for me. Old quotes from 3 years ago are still showing "Old username said:" instead of what i put to replace it...

 

[Paul B]

Any further discussion/support on censoring should be posted in the relevant customer forum, not this suggestion thread.

 

[JoyFreak]

I’m all for this suggestion!

 

[trapped_soul]

I’m all for this suggestion!

Aye been a long time coming this one and it's something that I still agree with @Alfa1 with. It's messy when we delete members and their posts are everywhere...

 

[420]

It's confusing why the names cannot be changed, when the replies themselves are actually calling the member ID number and not the name.

How is this not considered a major bug to fix, seems pretty straight forward to me?

 

[Max Fridman]

Can this be implemented in a future Xenforo version? We have continue request to remove quoted nicknames and nicknames falls under "personal data" if the user uses the same nickname on Instagram, Steam, Facebook, Twitch etc. and doesn't want to be associated to an identity in our forum.

@Kier thanks for the reply.

 

[Feanor]

How feasible would a feature like this before for a large forum with multiple millions of posts? I assume this is one thing that would need to be considered. Would it have to slowly scan through millions of posts in search of the username?

 

[zappaDPJ]

I don't get why there's so much pushback on the this suggestion. The UK's ICO is quite clear on what constitutes 'identifiability' and that clearly includes usernames.

Example

An individual’s social media ‘handle’ or username, which may seem anonymous or nonsensical, is still sufficient to identify them as it uniquely identifies that individual. The username is personal data if it distinguishes one individual from another regardless of whether it is possible to link the ‘online’ identity with a ‘real world’ named individual.

What are identifiers and related factors?

ico.org.uk

Surely a username is a username wherever it appears? In my view the argument that a member chose to put PII on the Internet does not absolve the platform owner of their obligations under GDPR no matter how ridiculous we may think they are.

 

[StarArmy]

Yeah. My stopgap is to use word censors and find-and-replace.

 

[cdub]

Oh yes this is a major PITA whenever anyone changes their name. Great idea.

 

[PhineasD]

+1

 

[GrnEyedDvl]

The argument is flawed because it premises an absolute right which does not exist.

But if you want to rename every quote, then power to you, if someone asks me to do that on my site, the response will not be friendly to be brutally honest.

I happen to agree with the sentiment, and I have actually had this discussion with the London police back in 2016 over some idiot kid that decided for whatever reason to send nude pics via PM on a mod site for games. He sent them to what he assumed was someone his own age, turns out not so much. It was a 50some year old guy who then pretended to die and had his "brother" join the site and posted about his death.

I am actually the one that contacted the London police in the first place, when this kid told me what he had done and then saw his own pics on some other site someplace. I did give them copies of private messages and stuff like that, if it was relevant. Then this turned into huge mess with them threatening me with legal action if I did not turn over years worth of server logs, not just on the IPs involved, but they wanted every log of every page view in the site history and every private message these two had ever sent to anyone, whether they had been deleted or not.

I don't know how everyone else does it, but I rarely keep more than 30 days worth of logs. If I am troubleshooting a particularly weird problem I might swap logrotate rules for a bit, but I certainly have no use for what page little Johnny viewed in 2003. And I especially have no use for a private message that you deleted 5 years ago from your own account. Eventually they got told to try coming to Denver to arrest me. We will see how that goes.

If you are going to administer a big board, then get familiar with or have someone write some custom queries for either command line or phpmyadmin or whatever. I have a bunch of predefined ones for vbulletin and now that we are moving to XenForo I will change those. Then you can just paste in a user_id or user_name and have at it.

The idiots that write these laws, in any country, assume we all have the resources of Google. And they will ty to bully you if they think they can. Do some stuff so that you can prove you made a good faith effort, but that is as much as they can reasonably expect and they know it.