Hello,
I am hoping to have my account deleted. I have gleamed conflicting information on this, both that it can and cannot be done. I can understand hesitation, but I'll go through whatever verification process the mods need, in order to feel confident that this is not done by someone other than the user.

The best that we can say is log off and never ever log back in as the mods have deleted accounts before and have gotten complaints because it wasn't the actual user. There's no verification, there's no deletion.

Essentially this. Account removals were a thing you could message the mods for, then certain users had their account removed because a roommate or troll logged into their account and decided to be a dick and have another person's account removed.

Since then, account removals aren't a thing anymore. Best thing you can do is just not go here anymore.

That's understandable. All the same, I'd like to contact the mods to at least discuss it. Are there proper methods for who/how to contact?

I am a mod and will just say we don't do it anymore, really just logging out and leaving is the best

Eep, Doesn't that mean HypnoHub isn't GPDR compliant?

Will European (<<www.wired.com/story/calif...es-historic-privacy-bill/|and Califonian>>) users be blocked/banned like what some other companies do because "complying to GPDR is too tough"?

GDPR applies to the storage of personal data. Hypnohub doesn't store any of that, as far as I know. See gdpr-info.eu/art-17-gdpr/ for more info about what GDPR requires regarding deletion.

A question to the mods in regards to this. Does this site log IP adresses with your account? These are considered personal information in relation to the GDPR , so, if this site somehow does this, you would have to honor an account deletion request to be GDPR compliant.

It's enough for an admin to be able to see the IP of a userpost these days and many people forget that IP's, no matter if dynamic or static are considered personal information.


A couple of ISPs in europe are already blocking access to this site. Though that may be for other reasons than the GDPR.

Aaand at the press release it's suggested that <<europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en|IP-addresses and e-mail addresses are personal data (fixed)>>

That link doesn't lead to anything. Also, it would probably need to go before a court before the EU will regulate based on stuff like IP address logging, because removing that would require basically disabling Apache logs. I think those will fall under the banner of things that are necessary for a website to maintain, especially because their connection to a person's identity is very tenuous. I know a tiny little bit about GDPR, don't worry. (For the record, I know that the recitals state that IP addresses constitute personal information. I do not think that it is something someone would have a good legal case to make. Although I don't know what the current state is in the EU - maybe there are a lot of shark lawyers pushing it. I highly doubt that they'd take something like that for a site like this. It'd be much more likely to be fought against a bigger fish first, since this is a point where compliance is definitely not yet universal.)

As for emails, I don't think you necessarily have to have one on your account here, if I remember right. Those would be more likely to be seen as a compliance issue, if it were ever raised as such.

Oh you mean like that one in 2016 in preparation for the GDPR where the court ruled that it is personal Data? www.alstonprivacy.com/ecj...-addresses-personal-data/

It's already clearly stated in the GDPR documents that they consider it personal data, so ...


Yes, it is optional. However, if you opted to enter it, it is personal data that is stored in your account. Which means the site has to honor request to delete your account, not just the entry of the email address.

Mkay, so from your own link:



Go ahead and ask the admin if he has any friends at an ISP in the Netherlands (assuming the site is still hosted there) who will slip him the address of someone given an IP address. Probably not, yeah? It's personal data for governmental/regulatory bodies who have the means to correlate the data by obtaining the additional info stored at the ISP. That ruling would only tangentially touch a challenge for a private website like this.

Anyhow, none of this has anything to do with the topic subject. Account deletion and scrubbing IPs from the logs are not necessarily correlated - one would, by default, probably be done without the other. Even if IP addresses were personal data in this scenario - which they would probably be ruled not to be, even if it was challenged - you would need to go through the processes outlined in the GDPR to get them removed from the site's logs.



This doesn't make any sense. If they wiped the field, it would remove their personal information. Just because it was related to the account does not necessarily mean that the whole object needs to be removed. Think about the implications of that in a big relational database. Like at Amazon, you ordered a VSI on this host with an account on your email - are they supposed to get rid of records of the guest's existence because you asked them to take your email out? The host? GDPR is about removing ways for a website to identify you if you no longer want them to be able to. If their data doesn't point back to your email at the end of it, they've complied.

Yeah that argument is reasonable. The entry level for obtaining the RL address from an IP IS HIGH. It's almost exclusively done by the government to fight crimes. Nevertheless, it was marked as personal data even though there is this high entry level.

I am not sure why you say they would be ruled not to be when the actual GDPR documents states that they consider it personal data. Of course, you could fight that decision, but then there was the other case I posted and courts often take these earlier rulings quite serious - and it was not a local court, it was the european one.

I think you are at least partly right with your last paragraph, but I am not 100% sure though. I can tell you, that the company I work for deletes everything. The complete data is gone and I handle a couple of GDPR requests a week. But it may be enough to just remove the email address in that case. There's still the question about the IP's though - is it even possible to remain a functional account if no IP addresses are logged? I would say no ... or not unless some really fundamental thing in the software is changed, if that is even possible (i don't think it would happen, because the board software is just too old). It certainly is impossible for the company I work for, so they have to remove everything.

The whole thing about how it intersects with other websites is one of these really wanky rules, so most companies just remove the email because it could possibly lead to something and these days everyone just wants to make sure they do as much as possible. If you look at how google implements GDPR, they really go all out on removing everything because you can be sure all eyes are on them and facebook these days - on this page? Probably not.

But in the end, yes, you could fight it. The question is however, if that is worth doing or if just offering the service isn't an easier choice (and a more user firendly one). I can certainly see the reasoning of the moderators as well. When at work, I have ways to be 99% sure that the actual owner of the account contacts me. That is really hard on a mostly anonymous site like this. You have to question however how many people really log in with another account and ask for the deletion and if you are not willing to take that risk because i think it is really low.

I think there will be a lot of clarification coming in the next years and maybe we will all get more accustomed and know what we can do and what not. My personal advice would be to do as much as possible to avoid as much hassle/conflicts as possible.

I also want to state that I do not want to force the mods to do anything. However, if the Hoster (I think its Slayerduck) sees this topic it might be interesting to know what and how he implemented possible changes and/or if he even considered some of the things we posted here.

We actually build a tool on rule34 but hub's software is different so it doesn't work here. We'd have to do it manually but we can simply rename a user to something different and null their email and ip record and that would be compliant. I'll educate my staff regarding it, email [email protected] for it.

p.s if you're banned don't bother to ask us to delete the IP, that's a legitimate reason for us to keep a record even if you don't agree with the ban.

I truly didn't mean to start some sort of argument, I apologize. But yes, if my account can't be deleted (which is still preferable) I'd at least like to request a change/removal of identifiers.