Deletion policy

fsflover · January 7, 2021, 6:02pm

I think the best practice is to allow editing for some short time, say, 10-30 minutes.

adw · January 8, 2021, 12:43am

As a master of typos, I greatly enjoy being able to edit my mistakes. (No matter how many times I proofread, I always seem to find at least one after posting or sending.)

If people can’t fix their mistakes, they’ll simply add another comment, e.g.

shrubbery*

And then we’ll end up with a bunch of clutter comments.

Sven · January 8, 2021, 3:01am

(No matter how many times I proofread, I always seem to find at least
one after posting or sending.)

Same here.

If people can’t fix their mistakes, they’ll simply add another
comment, e.g.

shrubbery*

And then we’ll end up with a bunch of clutter comments.

Don’t see that as a big problem. That’s how one would do it on the
mailing list and I don’t remember ever being annoyed at that.

@fsflover wrote:

I think the best practice is to allow editing for some short time,
say, 10-30 minutes.
That could be a good compromise to allow for the kind of edit you
describe, while mostly preventing the revisionist edit some of us loathe.

deeplow · January 9, 2021, 11:22am

Same here. Editing is great and avoid a mess. And I don’t think it has too much practical impact on the conversation.

deeplow · January 12, 2021, 9:38am

Add is not possible in discourse as far as I know. As far as compromise goes, I’d say the above is pretty reasonably.

We started off the thread due to a problem where users would delete their own threads / posts. 4 people seemed to be in favor of anti-deletionism (@Raphael_Balthazar @unman @Sven @adw), whereas only two in favor of allowing users to delete their posts (@deeplow @oijawyuh).

So it seems to me disabling the “delete button” should be implemented right away and thus close the thread and see how it pans out, leaving the edit policy as is.

My guess is that if we disable “deleting posts” while leaving the edit history as public, moderators will be frequently asked to change some bit or remove other bits. Just a feeling. So I would say to avoid that we should just hide it and see how things pan out.

deeplow · January 19, 2021, 7:50pm

On the topic Nvidia driver installation is related to this discussion. A user repeatedly deleted their posts (2 in total) replacing them with a new one with their current step. I guess this is just a matter of the user not being familiar with forum etiquette, but disabling the delete button would avoid this.

deeplow · January 27, 2021, 6:04pm

Since there hasn’t been any movement here. Given there was a majority movement towards not allowing people to delete their posts, I’ll go ahead with disabling deletion in a few days.

For now the edit history will be public (as has been). Let’s see how this goes and in there are no complaints. Otherwise we might need to review that policy.

deeplow · January 29, 2021, 8:29am

Implemented this today. Let’s see how it goes.

For the record, I changes the settings on the following image (in case in the future we need to revert it for some reason)

deeplow · January 29, 2021, 11:33am

Per someone’s suggestion, I’ve added a disclaimer that posts cannot be deleted. This will show up when the users start typing their fist two posts.

(reference: I’ve changed the “education.new-topic” string)

It should look like this for a new user:

Hopefully, it’s visible enough.

deeplow · January 30, 2021, 10:18am

Can't delete my posts?

Frequently Asked Questions (FAQ)

Doxed myself. What now?

This forum is a public place: google and others automatically index it and new posts are emailed to the forum email users. It’s just the way it works. However, under exceptional circumstances the moderators may remove it upon request for harm reduction (although limited).

Can moderators still delete?

Yes, they can. But this will only be used in exceptional circumstances such as Code of Conduct violations.

The problem I posted about turned out to be due to my mistake. Can I delete my post now?

Everyone makes mistakes. That’s no reason to delete your post. In fact, by deleting your post, you would be depriving others from learning from your experience. Keeping your post up helps other people who have similar problems.

Can I still edit the posts?

Yes, you can. However, (just like before) the post’s edit history is public. If you need to add new information, please consider following the forum etiquette of adding it at the bottom with “ Edit: [your new comment]”. Also consider posting it as a new reply.

A FAQ was added about the policy. Read it in full on the policy change announcement.

deeplow · March 8, 2021, 10:36am

This has broken the advanced discobot tutorial as the user would be guided to deleted the posts (something that is now impossible).

For this reason, I’ve changed the default text on the discourse string (for documentation purposes):

https://forum.qubes-os.org/admin/customize/site_texts/discourse_narrative_bot.advanced_user_narrative.delete.instructions?locale=en

It now reads:

On the forum we’ve collectively decided not to allow deletion of posts. You can always ask for your full account to be anonymised (understanding the consequences of that, of course).

Please skip this and the following step by typing two replies:

@discobot skip ← notice the space after ‘skip’

@discobot skip 2

The above is kind of a hack because discourse doesn’t like repeated replies.

JTeller3 · March 11, 2021, 12:22am

I encountered that myself during the tutorial and eventually figured out the workaround you suggested on my own @deeplow. Glad to see it was addressed sitewide now.

Since this thread has been revived, I might as well add my two cents to it: I oppose disabling deletion because I think that control over the status of one’s posts is a fundamental necessity derived from first principles such as privacy and autonomy. I do not consider the arguments provided here to be persuasive, especially when considering the surveillance ideology that I recognize in them. The only question that ultimately needs consideration on matters such as this is “Who controls my data?”, since the answer to that determines who determines its fate. By deciding to disable post deletion, the tacit answer here has become “Not me.”

I can expand upon this, such as by criticizing the insufficiency and false security of account “anonymization” as an alternative; or raising the specter of stylometric analysis to deanonymize users through their writeprints, which is now no longer possible to defend against for those who just now realize this attack vector and wish to scrub their text from this forum. But these attempt to explore practical considerations and specific consequences that a user-hostile decision like prohibiting post deletion will have on user privacy and autonomy, rather than addressing the root of this problem: data sovereignty.

This is not meant to appeal the decision or relitigate the discussion; it is just an addendum of my thoughts after the fact (my fault for missing this topic when the decision was still being discussed). While I understand the rationales involved and the apparent popularity of preventing post deletion in forums both here and elsewhere, they have never sat well with me for the reasons stated above.

Regards,
John

Sven · March 11, 2021, 1:10am

This is probably the core of our disagreement. Once you said something, it no longer belongs to you but to everyone who heard/read it. If you wish to take it back/correct or amend it you ought to do so explicitly instead of invoking a magic spell that pretends it never happened.

… and in case of accidental publication of private data, the mods here will jump in and remove that data as far as that is technically possible (exception is everyone who automatically received it by email).

The core problem from a purely technical perspective is this: with delete enabled forum users can remove threads which will be unknown to everyone who interacts by email. It happened more than once to me that I spend some time and effort to formulate an answer, only to get an automated answer back that the thread I am replying to does not exist.

JTeller3 · March 11, 2021, 6:06am

Hey @Sven,

Apologies in advance for the length, but there is much ground to cover and I have a bad habit of not being selective in what I am responding to. I hope that I have adequately addressed the points you raised, however verbosely.

To give the illusion of brevity, I will collapse the more abstract part of my reply. I think it directly responds to the underlying logic of comparing text and speech an the problems of doing so, but it ultimately does not address the immediate problem of the thread topic.

The reason why I have different standards for text is because, unlike speech, we actually can take it back at some level. Treating text as immutable and irrevocable as the spoken word, and attempting to emulate its form and conventions, is logocentric (or, more exactly, phonocentric): it seeks to to judge and shape text according to the logic and constraints of speech, rather than its own. “Difference” is different from “Differance”, after all.

But even within such a framework, a double standard of a different kind is being applied: whereas speech in fact ceases to exist the moment it is uttered, preserved only in the lossy memories of its witnesses, written and digital communication are afforded no similar fate. Why must text be forever preserved and archived, yet speech is not treated likewise? Our voices are not being constantly recorded for the sake of indefinite data retention (yet / as far as we know…), so it is actually strange that we expect differently when it comes to the words on our screens—at least now, in an age of screens. Is it just because it is easier to do so? Or perhaps because we have been conditioned as a society by a governing paradigm that privileges the spoken word yet expects its written form to be preserved?

Text has a permanence that is greater than speech, and so we should approach considerations about text with that in mind. I think that this logically entails recognizing that the erasure of text is an acceptable response to its permanence, which restores some degree of ephemerality already present in speech, and that this recognition is grounded in the understanding that different standards on things like “taking something back” are appropriate due to this different nature. This is especially so in the context of easily edited and erased digital communications.

So more precisely, the kernel of disagreement between us is on whether the different standards for text should accommodate its differences from speech, particularly in modern digital communication. Because different standards are being applied no matter what, whether it privileges one or neither, for otherwise you would have no objection to even setting burn-after-single-read-through-TTS expirations on posts in order to emulate the transience of speech. In that sense, our disagreement is about conflicting views in our philosophies of language and their application to digital-textual spaces, rather than with the problem itself. It probably also has to do with differing views on what counts as digital commons, on the extent to which public messaging/posting should constitute “publishing”, and perhaps even on personal autonomy in public spaces, too. These are all nonetheless relevant because they shape how we approach practical problems like this and what we consider to be acceptable solutions to them.

With that armchair philosophizing out of the way, the “technical” matter of post deletion being an annoyance and inconvenience remains. I understand that frustration and agree that it is unacceptable behavior. It should not happen and those who delete their posts without due consideration for how it affects others, and without a very good cause that outweighs those considerations (like privacy concerns or a double-post, unlike those above) are doing a disservice to the community and should stop.

However, I think the appropriate response to this poor “netiquette” should be to inform the problem user through a message or conversation or (at worst) temporary sanctions, not to disable post deletion entirely. A rule or guideline can be added that spells this out, so that it is clear what the expectation is and where we can point to when it is violated. The first approach acknowledges and attempts to address the problem while still respecting the fundamental autonomy and sovereignty of users, including the problem user, up to (but not including) the point of malicious disruption. The second just strips everyone of their power over the public availability of their own posts. Only one of them preserves freedom.

Of course it is more time-consuming and demands more effort than flipping a bit in an administrative panel, but so are many worthwhile things we do and laud in contrast to more repugnant alternatives, whether that be in relationships or parenting or even in governance. We prefer democracies because they respect our rights and enable our autonomy, not because they are easier to live in than an opaque dictatorship.

I do not think the “technical” problem here is ultimately separable from its social and political dimensions, as most technical problems are not, so I do not attempt to discuss this matter at a purely technical level. I also do not think this is really a technical problem, but a social problem that produces technically frustrating results. Therefore, I think the solution to the real problem—disruptive use of the deletion function (by a minority of users) where editing, additional posts, or nothing should be done instead—is not technical, but social, and involves how we deal with this problem as one of mutual consideration. Attempting a technical fix for an social problem is technocratic and brings along with it all the baggage and problems that technocratic regimes always do.

On the technical side however, our disagreement frankly may just stem from the fact that you typically use mailing-list mode (half of the “anti-deletionist” camp are either very frequent or exclusive email users), which lacks the mutability that forum software like Discourse provides. So, you want the posting standards on the forum to resemble the capabilities of email users rather than suffer the interoperability problems of using email to participate, of which replying to deleted topics and not seeing edits are among the biggest. That is basically what this problem is at a technical level, after all: the lack of features, rapid feedback, and editability of email mode.

While I do not think that email users should be relegated to a second-class status, I do not think that handicapping site users is the appropriate response either. This will also need to be negotiated at a social level, so that interoperability can be improved through social conventions (such as “no deletion abuse”) where technical “fixes” do not and may just privilege one group over another, reducing the feature set of the forum to the least feature-available users. Or not, in which case mere technical “fixes” will do just that.

So, if no one here has any interest in addressing this problem with a more interactive solution that allots the same mutual consideration and respect that such disruptive deletions violate, by approaching it at the same social level at which it is operating, then disabling the ability to delete posts is a heavy-handed alternative to that. I consider this to be a failure at the social level however, and there is no technical fix for that.

Respectfully,
John

P. S. I also disagree that account “anonymization” and administrator intervention are sufficient remedies to privacy concerns. For example, they do not address a desire to mitigate stylometric attacks after the fact, as I mentioned above. But I have already typed more than enough, so I will end this rant here.

fsflover · March 11, 2021, 8:46am

This is not a simple yes/no situation. When you post something, it gradually distributes over the Internet and is gradually read by readers and robots. If you try to delete what you said, it drastically depends on the timing. Doing it early results in low chance of it getting spread, which I think is good enough, as opposite to “it no longer belongs to you” as you are suggesting. AFAIK 99% of removals happen within 1 hour after posting.

Involving moderators automatically makes everything much longer and harms the goal of removing something from the Internet.

deeplow · March 11, 2021, 11:37am

I think this is the strongest pragmatic argument. The decision has now been made but I agree with @JTeller3 in principle (I’ve stated so in the beginning of this thread) but that has the assumption that information erasure is not dependent on time after posting – something which @fsflover’s point highlights. Anything other than this is just contributing to a false sense of security.

I’ll add the following from my moderation experience since this change went into effect.

If users regret their comment, they have a 5 minute grace period to edit it without the revisions being made public. I think these are even only sent to mailinglist subscribers after those 5 minutes in whatever state that is.

My experience is very anecdotal, but I’ve seen this happening (see here) and I think it’s perfectly fine. Email users will see only “deleted” and thus not reply in vain.

@JTeller3, looking forward to reading your dissertation on the subject (will do it later)

fsflover · March 11, 2021, 11:43am

5 minutes is pretty harsh though. I wish it could be 10-20 minutes at least (I personally was caught by this short time). And yes, 5 minutes period indeed works as you described.

deeplow · March 11, 2021, 12:00pm

Just checked on the settings and also from this discussion. The current settings are as follows:

editing grace period - 5 mins
For (n) minutes after posting, editing will not create a new version in the post history.
reply notifications - immediate (not actually a setting)
If on discourse’s web interface, a user will immediately see a notification for their reply.
send emails only after - 10 mins
Wait (n) minutes before sending any notification emails, to give users a chance to edit and finalize their posts. (personal messages have 20s delay only).

I could see us increasing the editing grace period to 10 mins.

JTeller3 · March 11, 2021, 6:10pm

After sleeping on it, I realize that I have inadvertently attempted to relitigate this topic, which I explicitly said was not my intention. I apologize to everyone for that.

I just feel strongly about this because I find this notion of textual permanence (especially publicly and online and outside of professional settings) to burden everyone with the dread and terror of having our words recorded, retained, and reused by strangers without our consent; this is something that average people do not expect with their every spoken word, and in fact consider it an affront to their persons. This threat looming over everyone’s online text chills our “speech” in exactly the same ways that mass surveillance does. This is because the indefinite retention of all text on the Internet is the modus operandi of mass surveillance, which weaponizes our communication against us through the increasingly necessary tools of our daily lives.

So as far as I am concerned, the popular “wisdom” that “when it’s online, it’s there forever” is as repugnant and false a logic as “I have nothing to hide”, and both derive from the same surveillance ideology. They are not true, and they should not be true, and we should be committed to fighting their realization, for otherwise they are proof that the Panopticon is real and we are all living in it.

But regardless, even if this decision were to be seriously reconsidered, it is no longer a matter of sitewide deletion policy, but of project-wide deletion policy. Any attempts at restoring user control over post availability will thus need to justify disaggregating it from the new unified project standard, which involves overcoming much more inertia than before the decision was made. I frankly don’t think that my philosophical musings are going to do that, if only because they are too long and abstract to be immediately persuasive.

There are also problems with all of the alternatives, some of which are not readily available due to the limitations of Discourse. So even if alternatives were considered, such as a conduct policy prohibiting deletion abuse or a stronger account “anonymization” feature that blanks the user’s posts as well (but not delete them), or limiting deletions to only being of replies and not topics, they will also need to be discussed and explored as adequate drop-in replacements for the current decision.

So practically speaking, the decision is likely here to stay unless we can somehow choose an alternative solution and come to a new agreement that project-wide user data retention should err on the side of user consent and data sovereignty, with data management being limited by the capabilities of the context and not by those of the least capable one (mailing lists), as opposed to the “unified” no-deletion policy we now have. (Technically even public mailing list archives can be modified and its entries expunged, but it’s rare.) I could argue that this would be a change back to a more “Qubic” direction, since it is context-based, user-controlled, and differentially limited in its access to user data (in contrast to the monolithic and system-controlled posture this decision establishes), but I think that is too unfair an appeal.

I have much more I can say on this topic, since it has been a thorn in my side for longer than I can remember, but I have already said more than enough. At least for the time being, it seems this decision will stay, at least so long as only a few are criticizing it.

It is disheartening, too, since I joined this forum with the comfort of knowing that I had the power to erase myself from here whenever I wished, something that distinguished it from the mailing lists, but that is no longer the case. That is a troubling change of tone for me, and causes me to be much more hesitant to post, since I now have no sovereignty over my own contributions. I can only wonder if others might quietly feel the same.

Regards,
John

JTeller3 · March 11, 2021, 7:02pm

I agree with @fsflover’s practical point on timing, though I do think that increased time only diminishes the returns, but does not foreclose any privacy or security benefit. A simple scenario illustrating this is scrubbing one’s content (including very old content) from the Internet in the hopes of frustrating future deanonymization attacks, based on the reasonable conclusion that eliminating searchable and public access can alone be sufficient for most threat scenarios. This is all the more salient for data indexed by search engines and those not yet preserved by an online archival service, both of which apply to threads on this forum.

So, a hypothetical political dissident who is setting up Qubes OS and comes here for help troubleshooting their installation and configuration, and who wishes to erase their existence from this forum to the extent they can afterward to avoid leaving a public trail that can become a liability used by future adversaries, has no actual recourse to do so because edits are public (which I think is generally good) and deletions are disabled (which I think is not). This is particularly relevant if they did not obfuscate their writeprint, which almost nobody does because the few tools that attempt to automate it (like Anonymouth) are technically complex and unmaintained, and trying to do it oneself by hand is likely a bad idea (and a slow, arduous process) for the same reasons one should not be used as a source of randomness during password generation. So, if stylometric attacks are in their threat model, or even if general deanonymization attacks from future adversaries through public online data are, their only safe option is to not even participate at all.

This is why the permanence of text can be a real and practical privacy and security threat regardless of its age: it’s much harder to find copies of data that have been scrubbed from the Internet than it is to find those indexed on Google. Naturally, @fsflover’s timing variable is what mainly determines the extent of the spread and duration of its indexing, but it does not determine its capacity to spread further or its survival as a copy; the deletion variable is what determines that.

Anyway, thank you for sharing your experiences and clarifying the technical status of this decision and its related settings, @deeplow. I appreciate your willingness to abide by a decision established through majority consensus despite your own reservations about it. Hopefully, these “dissertations” are not too disruptive.

All the best,
John