View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003386||HTML & PERL||Bug Report - Interface||public||2019-10-15 01:47||2019-12-12 11:04|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Summary||0003386: DB entries lists: deleted users' lists unavailable, access denied error, but they're not personal data|
The lists of DB data points a user added, data points which is already open for all to see, are not personal data no matter how you spin it. Access to them is necessary for data moderation purposes and limited to the people who need them to begin with. The fact a given user was deleted is no reason to bar people who otherwise have the correct permissions from seeing those lists. A situation that lets users break an important moderation feature facilitates abuse (add a bunch of crap data all around, delete your account, see how happy everyone becomes about hunting your adds, it's super effective), and a needlessly broken feature is effectively a bug.
Example case: https://anidb.net/user/94967/contribution
|Tags||No tags attached.|