[jacquesm]

If it isn't it is pretty close. No JS includes, they use Cloudflare which has gone out of their way to be GDPR compliant, you have full control over your profile and the moderators have so far complied with any reasonable request I have ever made. On top of that there is an easy way to export your data through several services.

What specifically would trigger you to wonder?

[krapp]

You don't have full control over your profile. You can't download a copy of your entire posting history, You can't can't edit or delete comments after a certain window, You can't edit your username, and you can't delete your account. Full control over your profile would allow you to do all of those things without needing to contact a moderator or use a third party service.

[jacquesm]

> You don't have full control over your profile.

Well, I do.

> You can't download a copy of your entire posting history

Yes you can.

http://hn.algolia.com/api/v1/search?query=author_:krapp

> You can't can't edit or delete comments after a certain window

Yes you can, just not automated. You could mail the moderators with a request.

> You can't edit your username

Why would you, that's your HN identity, not your identity in real life. You ascribe more power to the GDPR than it has.

> you can't delete your account

Have you tried mailing the moderators to ask them to delete your account?

> Full control over your profile would allow you to do all of those things without needing to contact a moderator or use a third party service.

No, the GDPR does not say anything about the company having to automate these things, only that there should be some way to do them. On HN the moderators are in charge of those things. So if you really want to delete your account feel free to contact the moderators. And the GDPR also does not forbid for the company to engage a third party to export the data (though, funny enough, that third party would have to have a DPA with the company).

[krapp]

>> You can't download a copy of your entire posting history >Yes you can.

Fair enough - I wasn't aware of that.

>> You can't can't edit or delete comments after a certain window >Yes you can, just not automated. You could mail the moderators with a request.

So... no, you can't. they can, if they decide to honor your request when you ask them, or they might not.

>> You can't edit your username >Why would you, that's your HN identity, not your identity in real life. You ascribe more power to the GDPR than it has.

Some people's usernames are their real names, which makes them personally identifiable information. Other people's usernames appear to be the result of them banging on the keyboard, or a 'throwaway_X' account that they've been using for several years, or a contextual reference for a specific thread that no longer applies to anything. Why should users be forced to keep that arbitrary string in place if everything else can be edited or deleted?

I can change my public facing email, I can change the profile text, I can even change the color of the top bar, I can ask to have comments deleted, why can't I change my username?

>No, the GDPR does not say anything about the company having to automate these things, only that there should be some way to do them.

Fair enough. I think they should be automated, though..

[jacquesm]

> I think they should be automated, though..

I agree. But that's mostly a convenience, and if the number of requests is low enough then you could do it by hand.

With reocities.com I did a hybrid approach, I did allow people to make the deletion requests in an automated way but then I still manually reviewed them. The reason is that there the link between the accounts and the users did not make it when we backed-up as much of Geocities as we could, so to avoid people requesting the deletion of other people's data or pranksters that would request 1000's of accounts to be deleted we needed an extra step for verification.

[rovr138]

I get that it's a reply to the 'full control of your profile'. Just double checking, in regards to OP's question, is this a requirement of GDPR?