15 minutes in 2008

Spring 2008 is when I read a Wired article about the walled garden Facebook was setting up, and about how despite their claims, absolutely everything that social network offered was already available elsewhere on the net, for less hassle, with no walls and better flexibility.

I had joined Facebook in 2007, but never cared for it. I found I spent far more time trying to navigate the opaque user interface than actually enjoying content, and I discovered to my horror that real-life friends who seemed more than reasonable in person spent a lot of time on-line sending each other "quizzes" designed to suck personal information from you.

Instead, I followed the suggestions in the Wired article and joined Twitter (for status updates), and started a blog (for "wall" postings). Actually, I started two blogs, the one you're reading now and the one for all things DIY.

Part of starting the blogs was researching which blogging platform to go with. I checked out WordPress, which meant signing up for an account, but ultimately decided to go with Blogspot.

Okay, done and dusted. Life moves on. Right?

Not so fast.

Around 2012, I started encountering error messages like this whenever I went to comment on someone's WordPress blog:

Notice how prominent the WordPress logo is. That became a factor in the troubleshooting later on.

Sometimes I could leave a comment after logging in with my Google account and doing some random browser back-and-forth. Sometimes I would get stopped at that point and not be able to leave a comment at all. Given that most of the time this was to participate in Friday Flash, I felt really bad about not leaving comments on posts that I'd read. A lot of people have their comments sections locked down at least a little bit, so that spammers will have a harder time leaving comments, so usually I would have to proffer up some real e-mail address. But WordPress knew about my main address, and it wasn't going to let me use it.

I looked into it, and discovered that WordPress has no way to let you delete an account. Even if that account does not, and never has had, a WordPress blog attached to it. You cannot use an e-mail WordPress knows and say, "meh, the security on this blog doesn't require me to log in, so I'm not going to."

This is... not the norm. Most other systems either let you choose, or else use cookies to keep things as un-painful as possible.

According to WordPress, this is a feature, not a bug. It's supposed to stop people from impersonating you. I'm not so sure, if only because if it weren't for fifteen minutes back in 2008, they would have no idea who I was anyhow.

It got to the point where for some Friday Flash authors, I just left them comments over Twitter, explaining that WordPress wouldn't let me leave comments on their blog.

Friday Flash doesn't have the participation it once did, but #craftblogclub does, and a lot of its regulars use WordPress. Once again I found that I couldn't participate in a community and leave comments on people's blogs. So I reluctantly used the Forgot Password feature to get into my WordPress account, found my profile, and changed the e-mail address to a different active one I have. You have to use a real e-mail address you can access because they verify it.

Okay, done and dusted again, right?

Not so fast.

Despite no longer being anywhere in my WordPress profile, WordPress was still giving me the same "you must log in" error message when I tried to leave a comment on a WordPress site. This time, however, when I went to log in and see if I had somehow not saved my profile changes, I got this error message:

So basically I couldn't leave a comment using my old, supposedly erased e-mail address, but I could only log in to WordPress if I used my new e-mail address. Which I did and... my old address wasn't anywhere in my profile.

At this point I was frustrated enough I decided to pursue things further, and contacted their support. It's interesting — all support is conducted via the community forums, and your question has to be tagged a certain way before WordPress staff will even look at it. Luckily for me, there was a more experienced WordPress user on the forums the night I wrote up my issue, and she tagged the forum thread so it would be looked at.

I received the response about 36 hours later — not bad for a turnaround time. They said that if I wanted to use the old e-mail "to open another account" (ha!) I had to remove it from my Gravatar profile.

Huh? What's this? Two profiles? Apparently so.

Fortunately, a direct link was provided in the response, because I hadn't noticed a second profile location for Gravatar when I was trying to fix my profile before. I had to go in, delete my old e-mail (now referred to as a "secondary address"), and just leave the new address (because we still can't delete an account once it is created).

And... yay? it worked.

So I suppose all's well that ends well, except that a) for at least two years I've only been told "accounts can't be deleted" with no instructions for a workaround, and b) again, all of this stems from fifteen minutes of activity in 2008.

Think of something that takes fifteen minutes, and think how it could affect the rest of your life. All I can think of is casting a voting ballot or getting pregnant, or maybe causing something catastrophic like a car accident. Nowhere would I include something to do with checking out a free (er, and legal) Internet service I never actually used. Think about it — even Revenue Canada and banks only keep or expect records from seven years ago.

And how does this work in the EU with their "right to be forgotten"? Does WordPress have a different process for people who live there? If they do, what happens to their supposed "security" logic?

Why, on something as ephemeral as the internet, am I committed to something that took 15 minutes in 2008?