For some time now I have been trying to clean up my digital footprint by requesting deletion of accounts and associated data for unused accounts, and being critical about which accounts I actually benefit from keeping. This turned out to be far more time consuming than I imagined beforehand.
I’ve been using a password manager for about a decade, so I have a fairly good overview of a lot of the accounts I’ve opened over the years. However, while privacy has always been important to me, I was more concerned with increasing governmental surveillance rather than corporate surveillance for many years. So over the years I’ve signed up uncritically to a large number of services. Most of these do not have much data about me, but my username has generally been reused, along with e-mail and sometimes phone number and other more sensitive data. This of course doesn’t take into account all those minor services I’ve signed up for with e-mail + reused password. I have no control over those…
Now GDPR thankfully makes the job of cleaning up the accounts I do have control over a lot easier, because I doubt many of these services would even let me delete my account if not for it. However, it does not regulate enough how easy this process should be, and there are so many different ways companies implement this. From extremely convenient and easy ways of exporting all data and deleting the account, such as implemented by Strava (kudos to these companies!), to the worst offender of them all: British Airways… Until recently you would have to send an actual letter to their data protection offer with a copy of your passport (yeah right…). Sometime this year they’ve changed this, so now you just have to upload a picture of a letter to their document’s portal, but since that is borked, I can’t even access it to complete the deletion request. Apple also rejected my deletion request for an unknown reason, and I had to spend 45 minutes on the phone with them to understand that a cancelled, but still active subscription (a 1-year subscription that had not expired yet) from the app store, was blocking the deletion. Most are in between these two extremes, and either require that I actively follow up that I get a reply when I send an e-mail to their data protection officer with my request, or have processes that take up to a month to complete.
Of course, cleaning up 10-15 years of uncritical online presence would take a long time anyway, but companies making it hard on purpose to delete your account and data is infuriating, and a testament to a status quo that should burn in hell.
On the plus side: I no longer have accounts with Microsoft and Twitter, accounts with Apple and Amazon should soon be closed. My goal is to have completely phased out Meta and Google by the end of this year, although the communication lock-in of Meta and the fact that my primary e-mail was Gmail for 15 years (I’ve switched two years ago to Proton), makes these transitions a bit more difficult.
If nothing else, this process has made me very conscious about platform lock-in and the “joys” of ecosystems…
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
I agree that the it would’ve been best to never have gotten into the mess in the first place, but these are sins of the past that are not undone now. I, like many others, was for a long time ignorant of the extent of data collection, and did not have the knowledge to fully reflect on the potential consequences (I signed up for Facebook as a teenager). And it’s not like all these companies have been very transparent about how much they collect and where the data goes and is used for. The vast majority of netizens still do not fully understand the scope of this, and are also not in a place to be able to apply best practice infosec principles.
My rant is about how unnecessarily time consuming and difficult the process of cleanup is, when you already find yourself in this situation, despite regulations that gives you the right to have your data deleted. Most people would not want to spend this amount of time on this, and as such, the tactics applied by these corporations work.
I feel your pain. I’ve been trying to clean my digital life up and it is almost overwhelming. I’ve only been working on it for a month or so in my spare time but it’s a collosal PIA. I wish every site that had a create account button had an equally obvious and easy to click delete account button.