What is the correct procedure to remove an account?

I’m currently unsure about how AP is designed to work with account removal activities. In Friendica we currently send the “Delete” activity with the deleted account as actor and object. I guess this is correct. But the question now is: Has the profile URL be instantaneously be replaced by a tombstone? Because when this would happen then the signature of the actor of the “Delete” activity could not be checked anymore.

For me deleting an account means; no trace left, like it didn’t exist before
therefore if a signature cannot be validated anymore I would remove it locally.

I would say replace it with a tombstone and add a logic for handling described cases.

It’s not that easy. I have to send a message about the deletion to - at least - the followers, but better to all known servers, so that they can remove the account there as well. When they receive the message, they have to check for validity. But when the account is removed, then they cannot check the signature anymore.

In Friendica we are transmitting this message and then after a grace period of some days (in which we assume that the message had been arrived at most places), we remove the account completely. But posssibly this is not the way that AP is meant to be.

exactly like I would do it as well.
I mean the only otherway I can think of is to leave the pubkey in the tombstone

{
  "type": "Tombstone",
  "formerType": "Person",
  "publicKey":{}
}

but then you cannot really delete an account. You have to store the user in your database. Not sure if that is ok with EU data protection regulations

Mastodon seems to create that Tombstone immediately. But I don’t want to do stuff just because Mastodon is doing so.

1 Like

On Friendica the deletion is done in two steps. We set the flag that the account is deleted. Then we do send the message out that this account is deleted. In parallel we start a background job that deletes all content except for some technical user data. And after a week we remove the remaining stuff. We need to keep some user data to be able to transmit the deletion messages.

Concerning the public key and the tombstone I had some thoughts. Normally the receiver should have stored the key on first contact. So when you had to fetch the key when receiving this message, then most likely you never had any contact with the sender - so you don’t need to do proceed anyway.

Exactly this :+1: I would expect any sane implementation to cache public keys of actors they have interacted with, for at least some time. Of course if someone doesn’t they wont be able to process the deletion, which could be problematic.

In Socialhome a deletion is permanent and done immediately after sending the payloads - there will be no Tombstone object available the the location of the deleted profile. Thus we wont be keeping the public key around either.

Do you answer with a “404” or “410” when someone is accessing this deleted profile?

404 because there is nothing there :slight_smile: