this post was submitted on 20 Apr 2026
46 points (97.9% liked)

Privacy

9793 readers
295 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 2 years ago
MODERATORS
iopq@lemmy.world
46
deleteduser.com - a $15 Personally Identifiable Information (PII) Magnet (mike-sheward.medium.com)
submitted 3 weeks ago by artwork@lemmy.world to c/privacy@lemmy.world
12 comments fedilink hide all child comments
 

...deleting records could cause big problems. Referential integrity across database tables simply wouldn’t allow it... it would cause a resonance cascade.

So, to get around the problem, a lot of places simply "overwrite" records when they are deleting them. They replace certain fields with garbage so the structure of the data remains, but the human elements are no longer present. At the heart of those "certain fields" are email addresses, the most widely used identifiers on all the web. And that, dear reader, is how we got to this cursed discovery.

I saw a discussion on the internet where someone mentioned that they deleted users in their app by overwriting their email addresses with $somethingRandom@deleteduser.com. Mmm, I thought - I wonder how common of a thought process that is? I bet whoever owns deleteduser.com gets loads of emails!

I decided to check it out, but to my genuine surprise - no one owned deleteduser.com, so now I do.

Source [web-archive]

you are viewing a single comment's thread
view the rest of the comments
[–] recklessengagement@lemmy.world 13 points 3 weeks ago (1 children)

These companies sure have an interesting interpretation of what "deleting” means.

[–] Mihies@programming.dev 7 points 3 weeks ago (2 children)

This is a common practice in databases, you just mark record as deleted and make data unidentifiable.

[–] 87Six@lemmy.zip 5 points 3 weeks ago (2 children)

Idk man in our databases delete is literally an SQL delete most of the time (or becomes that at some point). Though I guess we're not the data-hoarder type company...

[–] LwL@lemmy.world 6 points 3 weeks ago

We aren't the data hoarder type either and doing this would break half the functionality. It's old systems not built with data deletion in mind that rely on there for example always being a customer associated with a transaction. That customer might not have anything other than an ID anymore, but it needs the ID. And you're usually not legally allowed to just delete financial transactions.

[–] Mihies@programming.dev 1 points 3 weeks ago (1 children)

Let's say your deleted customer paid for some goods and you delete this data, how do you know what was sold, to what number of customers and for how much etc?

[–] Ensign_Crab@lemmy.world 2 points 3 weeks ago (1 children)

It's true! We have to keep massive amounts of sensitive customer data that keeps getting leaked! Commerce is impossible without it! SQL predates money!

[–] Mihies@programming.dev 2 points 3 weeks ago (1 children)

Once more, the customer identification data is striped out, there is nothing to leak, unless you have retain mandatory data. And yes, you have to have financial records for your company or how do you think it works?

[–] Ensign_Crab@lemmy.world 2 points 3 weeks ago

Once more, the customer identification data is striped out, there is nothing to leak

Well, at least you solved leaks by pretending they never happen.

And yes, you have to have financial records for your company or how do you think it works?

How do you suppose it worked before databases?

Do you think that ledgers stored customer data for everyone who bought anything?

[–] recklessengagement@lemmy.world 4 points 3 weeks ago (1 children)

Considering he's getting emails with full addresses and other PII, I wouldn't say they're making it "unidentifiable".

[–] Mihies@programming.dev 2 points 3 weeks ago

We're not talking this specific case, we are talking in general. In that case the data was obviously not replaced properly.