[Cryptpad] - Pads not removed after account deleted? #955

Closed
opened 2024-07-12 09:01:21 +02:00 by muppeth · 8 comments
Owner

User pointed out his pad was still available even though the account was removed.

User pointed out his pad was still available even though the account was removed.
muppeth added this to the 24.07 - July milestone 2024-07-12 09:01:21 +02:00
muppeth added the
🤔️ Investigate
label 2024-07-12 09:01:21 +02:00
muppeth self-assigned this 2024-07-12 09:01:21 +02:00
Owner

I see in the admin interface:
Account deletion is permanent. Your CryptDrive and your list of documents will be deleted from the server. The rest of your documents will be deleted in 90 days if nobody else has stored them in their CryptDrive.

So I guess this is normal behavior.

I've tested on my home machine: indeed the document is still available after I remove the test account.

Should we contact cryptpad devs about that?

I see in the admin interface: `Account deletion is permanent. Your CryptDrive and your list of documents will be deleted from the server. The rest of your documents will be deleted in 90 days if nobody else has stored them in their CryptDrive.` So I guess this is normal behavior. I've tested on my home machine: indeed the document is still available after I remove the test account. Should we contact cryptpad devs about that?
Author
Owner

So looks like either when removing account the data becomes inactive which means that pads will be deleted only after inactiveTime value which would be weird. I asked for clarification on their forum as suggested. Good moment to make an account there :)
For reference: https://forum.cryptpad.org/d/310-pads-not-automatically-removed-right-after-user-deletion

So looks like either when removing account the data becomes inactive which means that pads will be deleted only after `inactiveTime` value which would be weird. I asked for clarification on their forum as suggested. Good moment to make an account there :) For reference: https://forum.cryptpad.org/d/310-pads-not-automatically-removed-right-after-user-deletion

According to the documentation for version 2024.6.0,

There are two ways of deleting a document on CryptPad:

  • Removing a document means it stops appearing in the drive but remains in the database. The document remains in the drive of other users who have stored it. The document can be recovered in the drive using the history.
  • Destroying a document deletes it from the database permanently. The document is deleted from all drives that store it, and it cannot be recovered using the drive history.

with the following notes:

If a document is not stored in any drive, it is destroyed from the database after 90 days (the length of this delay can be set by the service administrators).

Once destroyed, documents may still appear in other user's drives. Once a document has been added to someone's drive, the encrypted nature of CryptPad makes it impossible to take it back. Therefore a destroyed document may still appeared in a user's drive if they had previously stored it. However, they will not be able to open the document.

In the same time, logged in users have (among others) the following options:

  • Account deletion: Option to permanently delete your account and all of its documents. Delete your account and confirm.
  • Destroy all owned documents: All documents where you are the sole owner will be permanently destroyed

But they don't say what kind of document deletion is performed in case of an account deletion.
Also, it seems that even if you want to destroy all owned documents some might survive (when owned my multiple users).

According to the [documentation for version 2024.6.0](https://docs.cryptpad.org/en/user_guide/drive.html#deleting), > There are two ways of deleting a document on CryptPad: > - **Removing** a document means it stops appearing in the drive but remains in the database. The document remains in the drive of other users who have stored it. The document can be recovered in the drive using the history. > - **Destroying** a document deletes it from the database permanently. The document is deleted from all drives that store it, and it cannot be recovered using the drive history. with the following notes: > If a document is not stored in any drive, it is **destroyed** from the database after 90 days (the length of this delay can be set by the service administrators). > Once destroyed, documents may still appear in other user's drives. Once a document has been added to someone's drive, the encrypted nature of CryptPad makes it impossible to take it back. Therefore a destroyed document may still appeared in a user's drive if they had previously stored it. However, they will not be able to open the document. In the same time, logged in users have (among others) the following [options](https://docs.cryptpad.org/en/user_guide/user_account.html#account-management): > - **Account deletion**: Option to permanently delete your account and all of its documents. **Delete your account** and confirm. > - **Destroy all owned documents**: All documents where you are the sole owner will be permanently destroyed But they don't say what kind of document deletion is performed in case of an account deletion. Also, it seems that even if you want to destroy all owned documents some might survive (when owned my multiple users).
Author
Owner

@floss4good yeah I was reading documentation and was equally confused hence wrote to the forum. Hopefully there is some clarification. Although I understand the delay on purging the files with delay (it applies to files not added to the drive so implementing similar retention as on etherpad makes sense). But in case of removing account, this should be different and wiped right away.
If the guys reply and make it clear, we might need to submit feature request.

@floss4good yeah I was reading documentation and was equally confused hence wrote to the forum. Hopefully there is some clarification. Although I understand the delay on purging the files with delay (it applies to files not added to the drive so implementing similar retention as on etherpad makes sense). But in case of removing account, this should be different and wiped right away. If the guys reply and make it clear, we might need to submit feature request.
meaz added the
on hold
label 2024-07-17 18:32:13 +02:00
muppeth changed title from [Cryptpad] - Pads not removed after account delted? to [Cryptpad] - Pads not removed after account deleted? 2024-07-24 01:45:26 +02:00
meaz modified the milestone from 24.07 - July to 24.08 - August 2024-08-04 15:18:22 +02:00
Owner

Reading the answer on the forum, I guess the solution would be to set archiveRetentionTime to 0. This means we don't archive. And we need to set disableIntegratedEviction to false so that the server automatically runs the script, we don't have to set a cron. Do you understand like this too?

    /*  Starting with CryptPad 3.23.0, the server automatically runs
     *  the script responsible for removing inactive data according to
     *  your configured definition of inactivity. Set this value to `true`
     *  if you prefer not to remove inactive data, or if you prefer to
     *  do so manually using `scripts/evict-inactive.js`.
     */
disableIntegratedEviction: true,
Reading the answer on the forum, I guess the solution would be to set `archiveRetentionTime` to 0. This means we don't archive. And we need to set `disableIntegratedEviction` to false so that the server automatically runs the script, we don't have to set a cron. Do you understand like this too? ``` /* Starting with CryptPad 3.23.0, the server automatically runs * the script responsible for removing inactive data according to * your configured definition of inactivity. Set this value to `true` * if you prefer not to remove inactive data, or if you prefer to * do so manually using `scripts/evict-inactive.js`. */ disableIntegratedEviction: true, ```
Author
Owner

Yes I think we should do it. Makes sense from our point of view to not archive stuff but we have to be clear with people that whatever is removed if gone and there is no way to recover. It might created some fustrations for some but i think its rather a rare occasion. @meaz will you take care of this one, or shall I make a PR?

Yes I think we should do it. Makes sense from our point of view to not archive stuff but we have to be clear with people that whatever is removed if gone and there is no way to recover. It might created some fustrations for some but i think its rather a rare occasion. @meaz will you take care of this one, or shall I make a PR?
Owner

PR done @muppeth

PR done @muppeth
Author
Owner

It's currently pending merge. Once it's done we can push to staging and prod.

It's currently pending merge. Once it's done we can push to staging and prod.
muppeth added
In progress
and removed
on hold
🤔️ Investigate
labels 2024-09-01 09:14:44 +02:00
Sign in to join this conversation.
No milestone
No project
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Disroot/Disroot-Project#955
No description provided.