In the last days I spent a disproportionate amount deleting old accounts I found in my password manager, and mostly because so many companies - despite the GDPR - have rudimentary, manually when not completely nonexistent processes to delete your data.

In this post I describe my process going through about 100 old accounts and trying to delete them all, including a top 10 for the weirdest, funniest or most interesting cases I encountered while doing so.

  • obvs@lemmy.worldEnglish
    9·
    2 days ago

    I’ve been doing this.

    I also realized the importance of not just using a different (strong) password on each site, but using a different email, and using a different username.

    I had quite a few accounts to modify/delete, and I realized if I did 5-10 per day that I could accomplish it in less than a few months, with very little stress.

    Well, good news. I finished last week.

    • loudwhisper@infosec.pubOPEnglish
      4·
      2 days ago

      Congratulations on completing this!

      I have indeed moved most accounts to individual aliases. I used to use the same username and similar emails (perhaps grouped like shops@mydomain), but I got no benefit and the username allowed unnecessary correlations.

      So alias + random username and I will have much much less trouble in the future. Hopefully!

  • nimble@lemmy.blahaj.zoneEnglish
    5·
    2 days ago

    The “development team” literally replaced my username with “DELETED”, supposedly in a literal interpretation of “can you delete this user?” request, and that’s it.

    Should’ve asked "can you admin this user? 😅

    • loudwhisper@infosec.pubOPEnglish
      1·
      2 days ago

      Eh, the thing is I made the formal request using data deletion module, but I just assumed that’s what the support person asked the development person (“team”), assuming it was not the same person for both!

  • Cherry@piefed.socialEnglish
    4·
    2 days ago

    Great read thanks. It’s a quest I have stated here and there but you methods an awareness gives inspiration to the tedious task. Would you be willing to share the email template you used?

      • Cherry@piefed.socialEnglish
        1·
        7 hours ago

        Did you enquire with any if they had sold/shared your data. I suppose it could be an endless quest trying to trace and delete everything. I know that wasn’t your aim. Just curious as I am starting to do this. We can’t trust online with anything anymore so time to start wiping my footprints of what I still can. And my account list is a good place to start.

        • loudwhisper@infosec.pubOPEnglish
          1·
          6 hours ago

          Hey, I haven’t, but to be honest, the answers I got from most companies showed me that the processes were handled by people who barely understood the legal and technical aspects around data collection (e.g., often support agents were on the other side of privacy@), which means I wouldn’t trust them with their answer anyway AND I doubt many of these companies will have effective way to even check that.

          From the data being sold point of view, I think unfortunately it’s way more effective reaching out to the few big data brokers to request cancelations or pay one of the companies who offer such service…

  • Higgs boson@dubvee.orgEnglish
    3·
    2 days ago

    I’ve been thinking about this topic this week as well for some reason, so this is timely for me. Thanks for posting.