Page 1 of 2

Deleting a user and its messages don't delete quotes

Posted: Thu Jan 30, 2020 8:25 pm
by njs
Hi

I've got a recent request from a user to delete his user and its posts, up to here all is good, I deleted everything, but now the user realised that the quotes to his posts are still present on the board and he is threatening with a GDPR complaint.

I know this doesn't have wings to fly and this guy is just being a PITA, but is there a way to remove the quotes ?

I think it can be solved by running something like:

Code: Select all

SELECT * FROM `phpbb_posts` WHERE post_text like "%<QUOTE author=\"USERNAME%"
and load it into a script that basically does:

Code: Select all

$new_post_text = preg_replace('#<QUOTE author=\"USERNAME*>.*?</QUOTE>#si', '', $post_text);
and put it back on to the DB.

But would I need to reparse the whole posts ? or would this be enough ?

Thanks in advance for all the help and support I can get.

Re: [GDPR Violation] Deleting a user and its messages don't delete quotes

Posted: Thu Jan 30, 2020 8:45 pm
by JoshyPHP
If you manage to preserve the validness of the XML, then you don't have to reparse. That's risky though (especially if you consider nested quotes) and I wouldn't recommend it unless you're comfortable fixing things.

You can use DOM manipulation rather than string manipulation so you don't accidentally make the XML invalid. The XPath query would be //QUOTE[@author="namegoeshere" or @user_id=123].

Re: [GDPR Violation] Deleting a user and its messages don't delete quotes

Posted: Thu Jan 30, 2020 8:50 pm
by njs
JoshyPHP wrote:
Thu Jan 30, 2020 8:45 pm
If you manage to preserve the validness of the XML, then you don't have to reparse. That's risky though (especially if you consider nested quotes) and I wouldn't recommend it unless you're comfortable fixing things.

You can use DOM manipulation rather than string manipulation so you don't accidentally make the XML invalid. The XPath query would be //QUOTE[@author="namegoeshere" or @user_id=123].
Thanks for your reply.

Will DOM manipulation work ? Are phpbb posts valid XML ? if so, Maybe that's the way to go and it's even easier.

Re: [GDPR Violation] Deleting a user and its messages don't delete quotes

Posted: Thu Jan 30, 2020 8:53 pm
by JoshyPHP
Any post created, edited, or reparsed on phpBB 3.2 or later will be valid XML, yes.

Re: [GDPR Violation] Deleting a user and its messages don't delete quotes

Posted: Thu Jan 30, 2020 8:55 pm
by njs
JoshyPHP wrote:
Thu Jan 30, 2020 8:53 pm
Any post created, edited, or reparsed on phpBB 3.2 or later will be valid XML, yes.
Awesome :) Thanks for your tip, I'll post my script once I get anything working.

Thanks

Re: [GDPR Violation] Deleting a user and its messages don't delete quotes

Posted: Fri Jan 31, 2020 5:07 pm
by stevemaury
There is no need to do this. Once a post is quoted, it is the quoter's post.

Re: [GDPR Violation] Deleting a user and its messages don't delete quotes

Posted: Fri Jan 31, 2020 5:42 pm
by njs
stevemaury wrote:
Fri Jan 31, 2020 5:07 pm
There is no need to do this. Once a post is quoted, it is the quoter's post.
I understand your point, but the content of the quoter's post might not be his, and that's where things go weird in terms of legislation, because it's quoting an original content from another user.

It's a grey area and no one knows for sure what's right and what's not, not even the legislators :D

Re: [GDPR Violation] Deleting a user and its messages don't delete quotes

Posted: Fri Jan 31, 2020 5:59 pm
by HiFiKabin
... but what are you going to do about the results that turn up in a Google Search?

The answer is of course nothing, which is where the pointlessness of this law is really shown up. For what its worth I have this as part of my GDPR agreement.
The only other information about you is that which you decide to post in the fora, whereupon it is considered to be “publicly available” as it will have been indexed by search engines as well as on-line archive sites.

Re: [GDPR Violation] Deleting a user and its messages don't delete quotes

Posted: Fri Jan 31, 2020 6:17 pm
by Lumpy Burgertushie
sometimes I think there should be a great big red sign at the entrance ramp to the internet;

"REMEMBER, EVERYTHING YOU PUT ONLINE WILL BE THERE FOREVER, IF YOU DON'T WANT IT TO BE THERE FOR THE WORLD TO SEE, DON'T PUT IT ONLINE!!!"


robert

Re: [GDPR Violation] Deleting a user and its messages don't delete quotes

Posted: Fri Jan 31, 2020 6:45 pm
by david63
Robert - I'm sure you have been told before to stop using common sense :roll: :roll:

Re: [GDPR Violation] Deleting a user and its messages don't delete quotes

Posted: Fri Jan 31, 2020 7:03 pm
by Lumpy Burgertushie
yeah, yeah, somtimes I just can't help myself.




robert

Re: [GDPR Violation] Deleting a user and its messages don't delete quotes

Posted: Fri Jan 31, 2020 8:13 pm
by Paul
njs wrote:
Fri Jan 31, 2020 5:42 pm
stevemaury wrote:
Fri Jan 31, 2020 5:07 pm
There is no need to do this. Once a post is quoted, it is the quoter's post.
I understand your point, but the content of the quoter's post might not be his, and that's where things go weird in terms of legislation, because it's quoting an original content from another user.

It's a grey area and no one knows for sure what's right and what's not, not even the legislators :D
But the gpdr is about personal information, not just a public post. I don't think you are even required to delete his normal . post (except if there is personal info in there.), let alone the quotes.
Copyright laws and gpdr is something completely different.

Re: [GDPR Violation] Deleting a user and its messages don't delete quotes

Posted: Fri Jan 31, 2020 9:04 pm
by njs
Paul wrote:
Fri Jan 31, 2020 8:13 pm
njs wrote:
Fri Jan 31, 2020 5:42 pm
stevemaury wrote:
Fri Jan 31, 2020 5:07 pm
There is no need to do this. Once a post is quoted, it is the quoter's post.
I understand your point, but the content of the quoter's post might not be his, and that's where things go weird in terms of legislation, because it's quoting an original content from another user.

It's a grey area and no one knows for sure what's right and what's not, not even the legislators :D
But the gpdr is about personal information, not just a public post. I don't think you are even required to delete his normal . post (except if there is personal info in there.), let alone the quotes.
Copyright laws and gpdr is something completely different.
I may be confusing both, copyright and GDPR, however GDPR also grants you the ability to request access and removal of all the information/content you provided to an entity. That's why I think that quotes not being removed are still a GDPR violation, but I'm hopeful that I can be proven wrong :)

Re: [GDPR Violation] Deleting a user and its messages don't delete quotes

Posted: Fri Jan 31, 2020 9:26 pm
by david63
njs wrote:
Fri Jan 31, 2020 9:04 pm
however GDPR also grants you the ability to request access and removal of all the information/content you provided to an entity.
That is not strictly true. You can request the removal of all personal data - the quoting of a post is not normally classified as personal.

Furthermore when GDPR came into effect you should have made all users of your board accept your Privacy Policy which set out what was/was not personal data. Anything that a user posts on a board voluntarily is not personal data and is not covered by GDPR.

This is not a phpBB issue anyway - phpBB only provide the software, how it is used and managed is a matter for site owners.

Re: [GDPR Violation] Deleting a user and its messages don't delete quotes

Posted: Fri Jan 31, 2020 9:29 pm
by Paul
Well, it might depend on the country, and also I am most definitely not a lawyer or a specialist about this. But, when I read this article (In Dutch, sorry) it appears that in specific cases the AVG law has an exempt specific cases like.public posts.
If you want to be sure about this, you should contact a lawyer who can actually answer you better as we can.