Disallow Journal Inheritance

[mlady_rebecca]

Title
Disallow Journal Inheritance

Short, concise description of the idea
Prevent people from inheriting ownership of a journal when they receive a recycled email address previously used to open a journal.

Full description of the ideaIn working in Support I've noticed that a lot of people make "unsubscribe me" requests, not knowing their email

Comments

[mskala]

How often does it happen that different person "inherits" an email address? It seems to me that that's awfully unusual, and I wonder if it's a common enough case to justify breaking the current "I can always recover my journal while I maintain control of my email address" assurance.

[lied_ohne_worte]

I suspect that most of these users have actually created the account themselves through some unexpected means

I was going to say that, too. People who open those "UNSUBSCRIBE ME!!!" requests generally tend to have above-average difficulties with figuring out how to delete the account associated with their address even when given instructions by Support, so I tend to suspect they created an account without knowing what they did. The "the account might have been opened by someone who had this email address before you" is part of the usual answer for these users, but I always thought it was more to mollify users that LJ isn't spamming them.

[lady_angelina]

Some email services apparently recycle old email addresses. I know that at least, a few of the places where I used to work, etc., do just that.

[gerg]

Yeah, there's no real way to do this with the current security set-up on the site and I can't think of an alternate system that would be acceptable while permitting this either.

[azurelunatic]

There's the ... oh.

I was going to say there is the remove email tool, but that requires the email to not be the validated one (for 6 months) and also to be in the account, which would require pw change.

I could potentially see an employee only admin tool to remove an email from an account without unvalidating, to be used in weird cases, but not something user accessible.

[imc]

I'm not sure who is to do the disassociating in your suggestion. It can't be the journal owner's responsibility, since they already have a way to do this (by validating a new email address when they stop using their old one); but no one else can actually know when the email account has been recycled.

If you yourself care about what happens to your account if your email account gets recycled, then switch to an email service that doesn't recycle inactive accounts.

[mlady_rebecca]

Given that the current system makes a point of making it impossible to steal an account as long as the owner retains control of the email address, this is almost certainly an unacceptable side effect.

Maybe I didn't express myself correctly. This is a person who owns the verified email address for the account. If they are claiming they don't have a journal, they either inherited the email address, or they forgot they ever created a journal to begin with. Or maybe a family member using the same email created the account. Either way, the control is still tied to the email holder. They are just releasing control over the account instead of deleting it outright.

[azurelunatic]

What about an email sent to the verified address (triggered by someone with access to do that) with a link that would devalidate and remove the address from the account? That way, it could not be done with access to the account only and not the email address, wouldn't require account access (with the password and such), and could only be used if the party in question actually had access to the address (because I'm a cynic about things like spoofing).