#[SOLVED] how to prevent deleted accounts from creating a new account

Hi, in my app we want to prevent users who have deleted their account from creating a new one. Other than keeping their phone number/email in the database (which is problematic from a privacy point of view...) and comparing every new user, is there a better way to do this?
Thank you🙏

Can you define "account" in this context?

Good question 🙂 Users need to create an account in the app. Apple requires that they have an in-app option to delete their account. The app is for research and their non identifiable data is retained even if htey delete the account, so ideally it's just a matter of their identifiable data, which is hte phone number used for authentication.
However, if we need to save the phone number anyway in order to prevent them from creating a new account, that's self defeating.

In our app we pay people to participate in scientific research. We don't want people to participate, delete their account, and participate again (receiving payment twice)

there are 2 ways for this -

1. Block the user instead of deleting which auto disables access to resources when correct permissions are set.
2. Create a separate collection and keep a list of numbers as document ids, on sign-up, cross check if the user existed earlier.

I think that may fall under the category where you are allowed to save certain data to identify the user in order to prevent abuse. You have to explictily state that tho. In general I would never delete an account in appwrite for security reason. Just override the email and password or delete that so they can't log back in.

I think you could potentially save the id of the transaction who recieved that

Because financial transaction have to be saved for a longer time anyways you can check if a certain user has received payment already

Thank you!

1. What does blocking the user mean? How do I do this? What permissions need to be set?
2. separate collection = different database or different table in the same database? if I keep the phone numbers in this database won't that defeat the purpose of not retaining identifiable data?

https://appwrite.io/docs/references/cloud/server-nodejs/users#updateStatus

Thank you @fathom parrot ! Delete what so they can't log back in? We have only SMS authentication.
Our payment is done via a 3rd party called GoGift, they do this using emails (we don't keep the emails). It is very easy to create another email account and get paid twice...

Block the user by using the endpoint above and then erase the "phone" value from the "user" object.

1. Block/Disable user from console or via API [link shared by Joshi].
2. Sure, hash them [credentials] instead so its not plain text. compare on sign-up maybe.

In order to prevent users from creating new accounts using same credentials, you'll need to keep that info, one way or the other.

I think the second option may still violate the GDPR law. GDPR is really tricky

Where are you from @quiet lion ? Are you considering serving EU citizens?

possibly. but then in a way, its not traceable to a user, nor identifiable.

It kinda is under GDPR law. Even if you hash the personal data it is pseudo personal information and that itself is not allowed to be saved

"If the user ID is unique, then the hashed user ID will be unique as well. Thus, the hashed ID will enable “singling out”, and would still count as identifying in the sense of the GDPR."

Yes, the app has to be GDPR compliant. However, we do have the participant's agreement to save their identifiable data for the length of the experiment, about 5 years, at which point we will delete all the phone numbers.

If we can identify the user this way then it is still a breach lmao

The hashing is an interesting option, I think it makes a difference if we can access their actual phone number or not, I will check

You are allowed to save their phone number?

Why do you not try to track the user via that way?

I think best option is still to prevent users based on their payment details

It's not like they can open back accounts or so

Uber EATS does it that way

Then I can block users instead, that is a great idea. I don't know if Apple has specific criteria for "delete account", and I doubt that they care that much if it's a blocked account or a deleted account, as long as the data is deleted at some point

You can delete the personal data yes, but do not delete the account

The reason is that the permissions in documents and files and whatever are still intact

A new user with the same userId can potentially abuse that

Just override all personal data and block the account

As you asked before, what does "account deletion" mean? I assumed it meant to remove the phone number, but this seems to be unfeasible.
We don't have payment details, this is done via go gift, they send an email with gift card options according to their country of residence. I can ask them regarding the actual payment details, that is also a great idea. However, they are paid at the end of the experiment (10 days). If they participate for 10 days and only then we will know if they already participated, that makes things complicated

lmao even better

The account is based on the phone number. How to delete personal data without deleting hte account in this case?

let them waste 10 days and then you do the validation check at the end

if they are invalid they can eat a bag of d*cks

i like this. but needs to be stated in the agreement beforehand 🤣

https://appwrite.io/docs/references/cloud/server-nodejs/users#updatePhone

set phone to ""

awesome! yes, this looks like it solves the problem. If a user tries with the original phoneNumber, it won't create a new account?

I'm surprised that the endpoint asks for a phone number (aka required)

It should be theoretically be possible to set it to null

Uh, yes it does.

Just save the phone number for at least 90 days after "official deletion"

Then how does that prevent a user with a deleted account from creating a new one...?

That sounds great 🙂

You are allowed to postphone the deletion if you have valid reason

You have to state it to the user that it is to prevent potentiall abuse

You have to acknowledge their deletion request within 30 days and I think you can delay it for several months. At least 3months I think

Thank you, I will check

When a user request their account to be deleted create a document in the collection"Mark for deletion" set the userId and deletionDate

Block their user account but do not delete their phone number for now

When you officially want to "delete" their account. You do erase any data the user ever had and delete their phone number but you should still not delete the account from appwrite

Excellent, thank you 🙏

I do it this way so it should work

Just asked ChatGPT and it seems to be right. "Under GDPR, you should delete user data "without undue delay" after receiving a valid deletion request. Generally, this is interpreted as within one month, though you can extend this to three months for complex cases if you inform the user. "

Why not delete the account?

Is there really a reason to do so?

That account does not contain any personal information anymore

Look at discord

When a user deletes their account they are called something like "user_deleted_<randomId>"

They just override it

If you delete the account the account will be able to sign-up at any point since the account has been deleted and not blocked

It is more about the userId

Blocking the account supposes saving account data

Since we will override the data of the user

But this is true also if I replace the phone number, correct?

Your permissions and all your documents where you set the userId will not magically disappear

Wdym?

They are still there associated with that specific userId

So if you delete user "XYZ"

You need to delete all the associated data of course according to GDPR

and then a user is created with the id "XYZ" it inherrits it from the previous user

If the user wants

The account is not traceable back to that user

That itself is sufficient

I work with a GDPR agency so I know that

I understood above that if I change the phone number in an account, the user can create a new account with the original phone number yes? The same as if I delete the account. But not if I block the account. Yes?

Yes that's correct

How else would the system know?

Even if the system would hash it that would not circumvent GDPR

How to make the account not traceable to the user and prevent them from creating a new account? Is that even possible?

You have to keep the phone number in the account for as long as needed. If you delete it within 3 months you are on the safer side

No

You can make use of deviceId blabla but that shit sucks ass and for some other technique u probably do not have the money for

Just keep the phone number my dude

And keep the transaction data

"We need to store the phone number for a prolonged amount of time to prevent potential abuse (2months) and after that all data will be erased that may identify the user (1month)" Ofc better worded

You can say for the latter part that it needs around 1 month before it is erased from all your system

Because of backup and stuff like that

GDPR requires you to save only enough data in order to fulfill your task

So delete their data like name or whatever and just keep their phone number

Basically any data that does not help you preventing abuse has to be deleted

in this case phone number seems to be enough

awesome, thank you very much!

That should only apply to users who has received a payment

That is not valid for users who have only registered

In their case you can do the procedure immediately

correct, good point 👍

Thank you all for your help!

[SOLVED] how to prevent deleted accounts from creating a new account