I'm thinking about adding a new feature that would allow you to irreversibly delete almost all your account data - any beta testers ?
It will be somewhat labor intensive to test, but I'll do that. Actually, I wanted to discuss exactly what the feature would do, and how it would be accessible and stuff.
As you may know, we shouldn't actually delete the main account record with the username, because if we did, then another user might sign up with the same username, and then might get sensitive email messages intended for the previous holder of the username, and I just can't get caught up in that.
But it's another thing to delete all the Address records, the watchwords, the trusted senders, the eaten message log, etc., leaving only what's necessary to prevent a double sign-up.
Questions I have -
1. should the password data be left alone? It's one-way encrypted, of course, but it is a remnant of what the User did. It can't be blank, but it could be set to something random, provided that process was really good so that someone couldn't ever figure out what it was.
2. should the account be administratively disabled? That would sort of take care of the password problem, because even if someone else did manage to log in, the account would still never be able to pass any email through. But if the password is left alone and the account is not disabled, then the original user could come back and start using the account again, which might be a good idea.
2.5 I guess another approach would be to create a new table of retired usernames, and put the username in that table, then actually delete the User record, and modify the sign-up code to check the retired usernames table to prevent a double sign up. This would make it difficult if someone really really wanted to start using their account again, of course. And to me, that seems like a possibility - you remember a service you were using and now you're locked out, and if you could just get that one password reset email... you know.
3. should the user be forced to receive all the account information that's about to be deleted in XML form (as you can currently do by clicking on an obscure link in advanced mode)? Should this be optional?
4. I'm sort of clueless on the actual use case and expectations for how the user interface flows, with warnings, etc. It all has to be translated into all those languages, too, of course.
5. anything else? Is this even a good idea?