Handling "410 Gone" when retrieving an actor

julian

Sometimes when NodeBB attempts to retrieve a remote user, it will encounter the HTTP status code 410 Gone, which I take to mean that the user has been deleted from the origin server.

I mostly see it from spam accounts that were deleted, but I could potentially see that returned if users manually delete their own accounts.

The easy way forward here would be to see this and immediately delete all content I have locally for that user... all posts we have cached, the local profile, etc.

Downside is it could mean good conversations could suddenly have a hole in them when the account is deleted. We actually circumvent this in NodeBB by not allowing the user to one-click purge all of their content; an administrator is usually involved in the process.

But as always, different implementers might mean different things with 410 Gone, so I hesitate and wonder whether the simple path is the right path...

trwnh@socialhub.activitypub.rocks

You could do what Reddit does and just leave the posts up but pointing to a tombstone user. If you've ever seen a post attributed to [deleted] then you know what I'm talking about.

The problem with that is it possibly (probably¿) violates social expectations around what an account deletion does. Arguably this could be solved by an extension property or type like "DeleteAllCreatedObjects" or whatever. But some implementations might not be able to do that because they don't keep track of objects by who created them. The other option is to support deleting multiple objects at a time? This stuff is best-effort, though, so it might fail for some of the objects.

beaware@social.beaware.live

@julian in my opinion, even if it's interesting conversations or useful information, it's not "yours" to keep.‍️

I'd say if it was requested to be deleted, the honorable thing would be to honor that request.

julian

@[email protected] well, the funny thing about that is... if I request the user and get a 410 Gone, it doesn't mean they requested their account be deleted. It just means the account is no longer there; literally "Gone". It is a safe assumption, but the usual expectation would be I receive a Delete(Note) on all of their content and then Delete(User).

Whole thing could be a nothingburger, because I think almost all of the times I encounter a 410, the remote user never actually existed on my instance to begin with.

julian

@[email protected] said in Handling "410 Gone" when retrieving an actor:

You could do what Reddit does and just leave the posts up but pointing to a tombstone user. If you've ever seen a post attributed to [deleted] then you know what I'm talking about.

Yes, this makes sense. It's coming into clearer focus why account and content deletions are so noisy in ActivityPub, since each deletion of a user's content needs to be federated before the account can be deleted.

In absence of anything more explicit (like your aforementioned DeleteAllCreatedObjects), that's all we have to explicitly signal full account and content deletion.

I think we'll go ahead with that. NodeBB already does display something like [deleted] (we show "A Former User"), and we also save the old user id as a reference in case it needs to be cleaned up.

That'll work, thank you for your input a!