Hacker News new | ask | show | jobs
by mikeryan 5385 days ago
We know they don't actually delete messages or things you delete on FB, they just mark them "deleted". With that attitude to "deleting" things, what does it even matter?

I've never written a web app that actually deletes data.

The argument they use it to prevent "spam and phishing attacks" also seems dubious to me. How does that work? And the cookie that's kept contains just your facebook ID, so wouldn't that be trivial for spammers and phishers to work around?

Actually its an attempt to make life easier on users. When you log in from another machine they sometimes use enhanced measures to confirm your identity. By keeping the cookie they get more confirmation that you are you.

I'm not justifying it. There's ways to prevent this that weren't taken. But I can see what they're trying to do.
1 comments
rhizome 5385 days ago
I've never written a web app that actually deletes data.

Sure, but that's just a business decision, right?

link
pilif 5385 days ago
The big webapp I'm working on moved from deleting data to adding delete flags over the 7 years of its existence. There are two reasons for this, none of it involves tracking users.

For one, a lot of the data is synchronized to offline applications.

If you just delete the data on the server, it's gone and it becomes impossible to tell clients that they have to remove their copy. In this case, I could keep a second list of deleted items around and synch only that of course, but that would mean additional work and it wouldn't help for the other case:

Many times, end users wanted us to restore some data for them that they accidentally deleted. Back in the days that meant restoring the backup, and merging the backup with the current live data. A risky, complicated and thus expensive process.

Nowadays, I just set the delete flag to false and the problem is solved.

On the other hand, the data we are dealing with isn't nearly as sensitive as Facebooks and it's never shared between users.

link
jquery 5385 days ago
It's often a performance, scalability, and safety decision as well. The optimal way for a web app to truly delete data is during an asynchronous garbage collection process. It's a lot easier to just mark the object as deleted.
link
rhizome 5385 days ago
I don't think the poster was allowing for GC, either.
link