Deletion policy

Hi @JTeller3,

I too feel strongly about this and do very much respect both your
arguments and your way of sharing them.

         We are in a forum having a discourse.

By giving the ability to each participant to alter or remove their
contribution to the shared conversation after others have read and
possibly responded creates a nightmarish scenario in which each
participant now needs to monitor this recorded conversation forever to
ensure that their own words are not twisted after the fact.

Claiming ones right to delete or edit after the fact automatically
infringes upon the rights of everyone else who shares this conversation.

Participating in this forum can be done anonymously.

It appears to me that – aside from the freedom fighter using her real
name for some reason – the need of the individual to remove a minor
embarrassment like a thoughtless question, a moody reply or maybe even
just a spelling mistake is being treated as more weighty than the needs
of all participants trusting their words will remain in context.

It would be wonderful if we could trust that everyone will edit only
when completely harmless (spelling) or delete when absolutely necessary
(harm to a person) and otherwise have the character, integrity and
respect for their fellow participants to correct their meaning in a
public reply. But how do we get there?

I am not a native speaker and not sure the above is correct grammar. In my mind “discourse” stands for “civilized discussion”, but it may be more correct to write:

     We discourse in a forum

This looks like the main disagreement between us. We don’t get there, we are there. I have to give Purism forums as example, again: You can edit you post at any time there, there is no edit history saved and the community thrives. You feel in power there, which encourages you to help other people without potentially revealing your typical unintentional mistakes or shameful beliefs of old. Nobody abuses that on Purism forums, because why would they do that? Most people are good people and you don’t need to restrict everything in the world to prevent abuse. If you really care to have the original/old version of the posts, this is your right to save them somewhere. Internet is not a frozen place and should not be.

There is a good parallel with airport security theater here. At some point in the history, you could just come to the flight 10 minutes before take off with you baggade, sit and fly. No checks and queues. Now, after the government spread the fear among people, we have to come to the airport 2 hours before the take off and spend almost all these two hours for infinite checks, where some people have huge power over you. There are (almost) no benefits in this security, this is security theater. Real terrorists still can bring to the plane bombs if they try. You can make a sizable explosion with a laptop battery.

If you continue the argument in the same way, you can come to the conclusion that encryption should be abolished, because terrorists and organized crime are using it and everyone would be more safe if no one had privacy or security. Everything giving some power ordinary people should be forbidden to save the society from abuse. This is of course wrong and by removing control and privacy from people you introduce chilling effects and remove incentive to be different from others and be innovative.

Hi @fsflover,

I am not sure what you seek to accomplish with this reply.

You haven’t addressed my argument but rather compare the non-deletion
policy to security theater and the assault on encryption – both of
which are ill-fitting to say the least.

It sounds like removing the ability to delete ones post is infringing on
civil freedom?

Consider this scenario: I see a question posted to the forum in my email
and spend 10 minutes writing a detailed reply. When sending it the
system replies to me that the topic does not exists. This happened,
multiple times.

So what if I now simply post my reply as a new topic quoting the post
that was deleted which might even contain the user or real name of the
original poster?

Can the original poster then request a moderator to delete my post?

What about this: the original post gets deleted after I posted a
reply… now the whole thread with all replies (mine and others) is
gone. So effectively that user had not only the power to delete their
own post but those of other as well.

I’m sorry if I was unclear. Let me try to explain how I addressed your arguments in my previous post and expand them.

It really doesn’t. Everyone can save all previous posts for themselves if they wish. Nobody owns you anything in the Internet. In other words:

Nobody can edit your own posts and it should be hard to twist your words by changing my words in the conversation, unless your words are ambiguous, which you should try to avoid anyway.

Anonymity is not a boolean (yes/no). The more you write, the less anonymous you are, even if you hide your personal data. This is because one could reveal a lot of details about you from your writing style, typical mistakes or used lexicon. Are you suggesting us to register a new account every week/month? This discourages people from contributing, because you loose all the advantages of Discourse forums (likes, statistics, trust levels (which you yourself are forcing people to have to get into certain kinds of conversations), notifications, badges and so on - everything which shows how trustful users are). This is why I make a parallel with social cooling, when surveillance discourages people from being different, i.e. from contributing to the society in non-trivial way. This is very much true for this forum as @JTeller3 mentioned earlier. In other words:

Again, this is not as much about removing embarrassments and mistakes as about trying to control what I am saying in the Internet while minimizing possible fingerprint which I leave (but removing embarassements is also nice!). Nobody is perfect and everyone makes mistakes; it’s often hard to notice them within 5-10 minutes after writing. I feel powerless here and it discourages me from contributing, because I do not want to reveal my identity. It’s dangerous to be an activist today, and by activism I mean anything which does not align with what (a chosen) government considers “safe for the people”. It’s not you who defines what activism is. This is exactly how social cooling works.

Now you are suggesting that we should not trust anyone by default as opposite to the other approach, when you trust a stranger until they loose your trust. Your approach is very pessimistic and often results in bad decisions for the society. Exactly like the decision to create current airport security, which is why I gave that example. You should trust people to create a friendly community. Lack of trust by default makes everyone have no trust, isn’t it logical? I recommend to play with the corresponding computer simulation indicating that: The Evolution of Trust. Purism forums example proves that it can work; it always works unless the community is too diverse and large, which is not the case for Qubes forums.

Yes, in the same way as having the ability to delete posts is infringing on your freedom to keep your conversation going without interruptions. It’s like two contradicting freedoms which should be carefully understood before deciding which one to remove. What is more important for the Qubes forum? Community where everyone trusts one another and feels confidence, or safety from (rare) abuse and keeping 100% precise history of every word?

I’m sorry for this situation and it indeed does not sound encouraging. As @deeplow mentioned, there is a delay before sending emails, which may be increased to avoid such problems. I don’t expect that even 1 hour delay would harm your participation or this forum’s users.

This really sounds like an essential difference between mailing lists and forums. On a forum, users have different expectations for privacy and possibilities of editing. I don’t know how to combine these two very different approaches to Internet communications into one thing;this forum is apparently trying to do that. Perhaps one hour delay would make it better. I would understand if I cannot edit/delete post after that, it’s long enough for me. Not sure about others though.

The whole thread should never be gone after removing just one post, even the first one. Is this really how Discourse forums work?

Another wild idea: Can we only allow only people with trust level 3 or 4 edit their posts? Not sure if it helps much…

Now, if you would edit your post instead making it more clear, you would help new readers a lot by saving their time. Don’t you find it helpful for the community to allow post editing from trusted users?

Thank you @fsflover for clarifying your points.

Maybe this discussion and the direction it is now taking was inevitable.

I agree that all my misgivings in this context come from the fact that a
forum works differently from a mailing list or a newsgroup. I personally
find forums far less attractive for this and many other reasons(*).

But this is clearly a question of personal preference and not a matter
of civil freedom (either way) as the Qubes OS project is open to many
different ways of communicating from qubes-user over the IRC channel to
this forum and other ways I wouldn’t touch with a stick (e.g. Facebook).

I will rest my case and hope that interacting with this forum via email
remains manageable. It certainly is today and I enjoy participating. And since I have taken on moderation for the new category I must use the web interface occasionally anyway.

(*)
- I hate allowing cookies and enabling JavaScript
- Did I mention that I don’t like posts changing after the fact?
- Usenet and mailing list are decentralized
- threading is far superior in the mail client, in the forum it’s
just one long stream
- I find all the fancy formatting, collapsing etc a distraction from
the content
- excessive mouse clicking

The standard behavior of discourse is to prevent users from deleting the first post if there are already replies. Only a moderator would be able to to that in this case.

By default (from here):

• trust level 2 users can “Edit their own posts for up to 30 days after posting”
• trust level 3 users can “Make their own posts wiki (that is, editable by any TL1+ users)” which can effectively be “exploited” to edit any of their posts at any time.

Although I would not advocate for mass deletion though edits. It is technically possible. But if this is used, please follow some netiquette and use it moderately…

Yes, the post edit is public, but I don’t think that is indexed through search engines and I’d bet only someone actively trying to target you would go through that effort.

So as you all can see, for long-term users, it is effectively possible to edit their posts for a long time… does this information help long-time users users feel a bit more empowered?

This is technically true except all history is kept, so effectively it is not an edit but just adding new information.

Absolutely. Actually, everything you do should follow some netiquette, not just edits.

Three-letter agencies are trying to target everyone, so I bet they do store all this information. This is cheap enough to do, no personal targeting is necessary.

I would say the opposite: it is effectively impossible to edit the posts for anyone, except for the first 5 minutes.

Given the above arguments, I’m afraid the answer is no…

Yes, but I think any edit (even if hidden) would ever prevent anything. It’s simply outside of the threat model of someone who wants to mitigate an edit.

If anything because they have access to the Amazon AWS back-end most likely. So the concern is mostly about public indexing, I think (please correct me if I am wrong).

Wow – Over 70 posts. I’m really late to the party… And probably too late for any comments to matter… But FWIW, since I also feel strongly about this, a few thoughts in case this ever gets resurrected:

• After reading through the whole thread over the weekend and then going back to the beginning, it seems the actions decided upon here are rather an over-reaction to the original concern, which was mostly about disappearing threads. Simply implementing the one universally-agreed change to prevent any user from deleting any other user’s posts would have been well beyond an 80-20 resolution to the original issue and would have been consistent with Qubes’ perspective as well as common sense. Nothing more should have been done.

• I have seen other forums with threads that are missing posts, including the original post. Is that annoying? Sure, but even without that post(s) there is often useful information remaining in the thread.

• It seems far more KISS and “cleaner” that users should always retain full control of their posts – edit them at will, delete them at will (including all edits), delete them all, delete their entire account (anonymize is not the same thing). Whatever mostly annoyances and sometimes real problems would arise from this would be more than made up for by supporting the individual (including their security & privacy), putting as much of the responsibility & maintenance burden as possible where it belongs, having a “neater”, uncluttered forum (wouldn’t maintain edit history either), minimizing running afoul of Powers That Be, etc.

• @JTeller3’s (& others’) perspectives of the users, tech vs. social issues, choice of tool means one lives with its limitations, confusing technology itself with the uses to which it’s put, privacy & security, etc. are more compelling than the other perspectives raised.

• On the other end, statements like @sven’s “Once you said something, it no longer belongs to you” are rather over the top, and, read verbatim and extrapolated, rather scary. Not to mention that ownership by “everyone” is a hugely destructive fallacy…

• Arguments that violate the rights of one to supposedly support the rights of others – or even worse, the rights of a group – are fallacious. Especially when “rights” gets misused…

• Similarly for arguments that claim we know better how people should behave – often more for our own benefit than anything else - and can make better people by using our power to reduce their freedom of choice; rather than working with them as equals so all make better choices on their own.

• And that there’s some “right” to have the context of one’s posts protected. There’s no such right. In fact, just the opposite – as @sven’s statement above proves even in that view of the world – if you no longer own what you said, then whoever does (or has the control, e.g., a Moderator) has full authority to re-context or twist it at will any way they want. As Qubes itself says – we don’t trust the infrastructure! So why would you give it more power? Especially at the expense of users! Rather than the false hope of some purported utopia where supposedly the context of your posts will always be protected and your words will never be twisted, all of course without any serious adverse consequences, instead accept that you in fact live in the Real World™ where you will often be taken out of context, sometimes accidentally, sometimes on purpose. Instead, build a better world by teaching everyone else that this is reality for all of us, and everyone therefore needs to take responsibility, think before posting, consume critically, and do their own due diligence before accepting, rejecting, or judging any post or person.

• There’s so much more that could be said, but probably best to quit here with this from https://www.qubes-os.org/intro/: “Qubes is designed with the understanding that people make mistakes, and it allows you to protect yourself from your own mistakes. It’s a place where you can click …, open …, plug …, and install … free from worry. It’s a place where you have control over your software, not the other way around”. And yet, here, mistakes are made permanent and control is taken away from the users… Surely a Qubes Forum can do better and be consistent with Qubes itself!

Denouement:

While I believe that everyone involved here is trying to do what they think is best for Qubes, and certainly appreciate all the volunteer efforts, the overreach of this meta New Normal and the precedent it sets are decidedly in the wrong direction – away from Qubes’ objectives of user sovereignty, privacy, and security.

Since I am now prevented, I request that the Moderators delete my account, all my prior posts, and everything else existing that relates to me in any way.

I also request that Forum members too honor this request, and not employ the “workaround” mentioned a few posts above.

This post, since it is made with knowledge of the new regime, may be maintained if you so desire, but if so I request that it be anonymized completely, including removing anything that could remotely now or in the future possibly be or contribute to PII, including IP, time of post, etc.

I will continue to be a Qubes user, but return to just lurking, as with the prior forum. Best wishes to all.

Remember a standard saying about security? Something like “you are as secure as a price to break your security”. Same thing is said about privacy: “You are as private as a price to deanonymize you”. There are never perfect security of privacy, just prices. By editing posts we make it harder to deanonymize us, because it would require storing all edits, having a direct access to Amazon AWS as you said and/or possibly breaking their ToS and GDPR for information storage (in case the access to Amazon AWS is not real-time but delayed). It would require more resources to perform all those actions and hopefully more expensive, even if just a bit. (Not sure if it’s worth the time, but it’s everyone’s own decision what to do with their own time.)

The corresponding treat model includes defense from the three-letter agencies by legal means and making deanonymization a little more expensive. However, as @QubicRoot explained, it’s not just defense against someone. It’s also a feeling of being in power of your own online world, the feeling of ownership over your words. Isn’t is the same as following standard copyright laws which assume by default that everyone owns their creations (including texts)? I did not see anything in the Privacy Policy of Qubes Forums about removing the copyright from the owners and I hope it will never be implemented. By the way, the Privacy Policy of this forum does not really exist despite being definitely very important to the users. Please consider making it clear and up to date as soon as possible.

@QubicRoot Thank you very much for explaining what I feel and showing a different side of it. I really hope that all your posts will not be deleted, since you really contributed a lot to this forum. Would you consider giving some time to us and to moderators to think it through and make the final decision before doing what you are asking?

https://forum.qubes-os.org/privacy

@deeplow As discussed in the thread which I linked, the Privacy Policy does not cover everything it should cover.

If you think something is missing, share that in the related thread.

I don’t see a problem with users being unable to delete their posts. If one is aware of the policy, can’t one plan accordingly? Most posts I see deleted in forums are just when people think they asked dumb questions and got embarrassed. But inevitably someone else will ask the question again and the process repeats. Admittedly I’m a novice in matters of security and privacy.

Amazon AWS […] It would require more resources to perform all those
actions and hopefully more expensive, even if just a bit.

To obtain a permanent record of all original unedited posts (minus the
first 5 minutes):

1. setup free GMail account or similar
2. register it as user in forum & enable mailing list mode
3. lean back and watch the data accumulate

feeling of being in power of your own online world, the feeling of
ownership over your words.

Isn’t that even more dangerous if you think you are in control - but
are not? Wouldn’t that make one less careful?

Hello @Sven,

Thank you for the thoughtful reply. I was concerned that I seemed too confrontational before, but you at least do not appear to have taken it that way. I only hope you can tolerate another endless scroll.

I agree that the ability to edit after the fact allows one to exercise that power maliciously, but that is a given of power as such. With great power comes great responsibility, as I learned from my years among comics. So while that is a problem, I do not think the solution therefore must be to divest everyone of that power for fear that it can be abused. Such a thesis on power is fundamentally hostile to the very concept of freedom.

But malicious activities like that are ultimately beyond the scope of the present issue, which was originally about otherwise innocent abuses of post deletion that inconvenienced some fellow members. They are also able to be handled without the need to restrict global user control, as well, since sanctions and restrictions can be applied to problem users who stray into malicious abuse.

Anyway, a technical solution to this very well may be appropriate (at least when it comes to edits), at least in that there can be a time limit on how long one can edit a given post, which prevents malicious changes long after the fact. Even this is likely unnecessary so long as edits remain public, however, since anyone attempting such an attack can be quickly exposed and sanctioned by simply seeing the post’s public changelog. Deletions are more difficult to address, but typically the flow of a conversation is such that any omission tends to be obvious unless it was so insignificant that no one else acknowledged that it even occurred.

But I object to the notion that editing and deleting posts infringes upon anyone else’s rights because it implies that I do not actually own my own contributions. Who owns this post? As far as I am concerned, I do, as do you own yours. Why do you have a “right” to access my creative works, which may constitute personally identifiable information (I consider writeprints to be PII), unless I consent to that? Why would I have a “right” to yours? I ask these questions as moral questions, not legal ones. By arguing against the modification of my own creative works as I see fit, at least in-so-far as my modifications do not malign others, you are effectively arguing that I do not own this post because my submission of it relinquishes its ownership to The Community.

The problem with this line of reasoning is that it institutionalizes the community and renders it institutionally adversarial to the interests of its own members. No longer are we fellow members who collectively decide our interests through discussion and aggregation, but rather mere members of a Community whose interests trump ours and which owns everything we create, not because we have collectively agreed upon that through discussion and aggregation but because we have alienated the system of our collectivity from its individual parts and assigned it an authority over its namesake. This alienation deforms what it means to be a community, to have community, and ultimately leads to the death of community through the rise of an estranged Other that governs for us. For whom is this community? Its members? Or itself?

Exemplary of this logic is the notion that preserving the context in its original state preserves the original intent of its members, even though it is the members who determine their intent and not the representations they have crafted. The context, and its content, is preserved only to the extent that its members wish it to be so. Anything more or other than that is a thesis that the members are not the owners of their own creations, having been supplanted by those creations through the abstraction of their relation to them.

Coming back down to earth, what I am saying here is that it is extremely dangerous to posit The Will of The Community separate from the concrete wills of its members, since doing so renders us superfluous to the system we have produced. This is why I ask who owns these posts, for if your answer is “the community” then that illuminates yet another schism between us—one in which I think the “freedom” you seek is the freedom of the only entity under discussion that is not real, namely the “community” as such.

I think freedom only means something if the freedom is real, and freedom is real only if the free are, too. I do not consider The Community to be real, at least not real like you or I are, and so I am not interested in its “freedom”. I am interested in my freedom, in your freedom, in our freedom, and I think that is not served by denying us power over our own contributions just so that The Community can be free to preserve them.

On the matter of having community members worthy of the responsibility and respect we wish them to have, this is only achievable if it is possible and right now it is not possible, at least not with respect to responsible use of deletion. Such character, of both individuals and the communities they form, is cultivated through the social efforts I have described before and demonstrated through their exercise. This cannot be done if there is no possible way to exercise that power and cultivate such standards through it. Of course there will be those who abuse their power, but part of our responsibility as members is to address those abuses with the same mutual consideration we seek to establish and preserve.

As I mentioned before, all of the actual cases described above appear to have been failures of “netiquette” or other frustrating but ultimately innocent breaches of norms. The malicious scenarios you have described can occur, of course, but have they? Even if they have, but especially if they have not, does that warrant limiting the freedom of all just on the chance that it may happen (again)?

On the specific experiences you mentioned here: As I said before, those are unfortunate and unacceptable and should not occur. But is such frustration at being unable to reply sufficient justification to eliminate an entire degree of freedom from all community members? Regarding quoting, should we as members not also have a responsibility to be careful and judicious in our quoting others, erring to omit when unnecessary and editing quotes to exclude potentially sensitive information? Yes, these edge-cases can be difficult to navigate and they are ripe opportunities for asynchronous decision-making resulting in frustrating outcomes. But if we allow these to dictate our basic freedom to participate here, especially at a technical level and not just a social or normative one, then we may just be sacrificing control over the very software we use just to satisfy hypothetical faux pas that rarely occur.

(For the record, I would be opposed to any deletion that deletes the original content of others without their express consent. This includes deleting topics and thus all its replies, but does not include deleting quoted text from within replies.)

You are talking to a pessimist here, Sven. I do not have a high opinion of humans or of the current state of humanity. So, I am not one to be polyannish about the noble character and great integrity of strangers, or very trusting of them either. Nonetheless, I do not think that the appropriate response to the threat of freedom should be to render us unfree.

I especially do not consider such a response to be acceptable when this did not even achieve consensus throughout the community, only a slim technical majority among the handful of original participants in this thread. Many of us were simply not informed of these decisions affecting us and relying on our vigilance to preserve our freedom is not how any society should operate, not even small online communities like this.

Some side points to show that I am not just being contrarian:

• I (too?) have an archivist/data historian impulse that mourns the loss of any information and desires the preservation of all human works as the collective legacy of our species, so coming to terms with how antithetical these romantic notions are to basic principles such as autonomy and privacy is still a struggle. Many days, I am still genuinely angry that we have lost some of the works of important thinkers from hundreds or even thousands of years ago, and I still find it tragic that almost none of the writings of every-day people have survived the centuries, yet here I am arguing for the permission to ensure precisely that within digital systems that were literally designed for indefinite data retention. We must always remember that while information does have a life of its own, its life is never as real as its author, whose interests should take precedent.
• Most of what I have learned over the years has also come from forums, message boards, mailing lists, Usenet posts, even chan threads if you give me enough bourbon to admit it. Their eventual loss is always a tragedy, in much the same way the loss of any information is, but we should not let our desire to preserve knowledge be a justification to disregard the lives of its creators.
• I hate the fact that Discourse requires cookies and JavaScript to function properly and consider this to be an entirely avoidable failure of the software. I also dislike its locally centralized architecture (compared to peer-to-peer networks), but at least Discourse permits many self-hosted instances, which is far better than can be said of most alternatives (including email for all but the technically inclined and motivated sysadmins among us). Some of the problems of Discourse aesthetically and spatially are also apparent to me, which I have seen others describe on other Discourse forums. My use of Discourse anyway is mainly because of the features it provides over email, though, and thus is despite these flaws. It is also easier to keep segregated from my work and personal life, since it’s not all flooding into the same mailbox.

Lastly, I think we can both agree that the original specific problem cases for which you created this topic are legitimate and real and really annoying and deserve a community response of some kind that halts their occurrence. You were right to raise the topic, of the particular deletion abuse you noticed; I only disagree with the conclusion that it is apt to restrict deletion capabilities altogether. So whatever happens, let us at least ensure that experiences like those you had are minimized.

Kind regards,
John

P. S. I am aware of the other thread that is currently ongoing. This essay (plus my complicated support request topic) has been enough Discourse for me today, so I will address that thread another time. Much of what I say here is relevant to that thread and may help explain my views on these subjects, but I chose to post it here anyway due to its focus on the thread topic. I hope you understand.

I do not know if you will read this, and I do not know if this post counts as relating to you in any way, but I nonetheless wish to say that your contributions here have been greatly valued and their loss truly would be a tragedy.

And I cannot help but feel responsible for this, since I reignited this thread when it was otherwise “solved”, which only furthers my regret. Had I continued to keep my thoughts to myself, this may have never happened.

I still maintain that even in the face of such loss, we must respect the dignity of the person, at least to the extent that we satisfy their requests and interests while preserving as much of their contributions as we can. There is good in preserving knowledge, even knowledge provided by those who wish to have it now destroyed, all while respecting their wishes; but it is difficult to do, and do well, and I have no good answer for how beyond rewriting in our own words the works of those soon to be lost.

John