Seems a bit biased in places. One of the example sites has a big scary red X next to "Deleted images are not really deleted", despite that being an important feature for any site that lets users delete their own content.
It's one of those tradeoffs you make where you trade a tiny fraction of risk (e.g., that somebody might break into your system and steal the exact cat photo that one high profile blogger was embarrassed to have uploaded) so that you can have an easy fix for the dozens of emails you get each month from people who accidentally deleted the wrong photo and can't believe you deleted it even though I told you to and I'll sue you because that's ILLEGAL!
Definitely not worthy of a big red X against your site, since it's the only sensible choice.
They could let you delete deleted items permanently, like Dropbox does. Storing data you uploaded with no way to delete it does have privacy implications, since it may be looked at by people working there and could be a lot more sensitive than a cat photo.
I'd say a term that is more unfairly given a thumbs down is giving them a license to user content, since it's impractical to operate a user-generated content site without this.
I agree. But sometimes the copyright license conceded by the user goes way beyond what's needed for the service. Why do you give rights to sublicense and to transfer to Facebook or Twitter?
Partially necessary. And I completely agree with you. The licenses they demand are far broader than what they need, but that goes to the imbalance inherent in the relationship: big company with lots of money for lawyers versus some person just wanting to tell his friends what he had for lunch.
Since all Twitpic does is hosting public pictures for Tweets, I would assume as a user that if I click "Delete" then the pictures would be… well. Deleted. Having a short period to rescue the picture from a back up would be acceptable.
I don't understand your example with the "high profile blogger".
That's a common outlook to have if you've never run a site where users upload content.
In practice, if you give your users a way to damage or delete their own account, they'll do it without giving it any thought. Then they'll think about it. And they'll want to undo it.
When they don't find an "undelete" button, they'll write you an email. And if you don't have an easy switch you can flip to magically fix the problem they caused for themself, they'll get mad at you.
So you quickly learn to just set an IsActive bit to false instead of actually deleting things. And it's not in any way a big deal for a "twitpic" style site where people are uploading things to the internet with the intention of sharing them.
My privacy policy that explains this makes a point of telling you that "If you don't want the things you upload to be on the Internet, please don't upload them to the Internet". I still field plenty of "undelete my stuff" mails, and it's nice to know that it's a 30 second fix to fix it. (And I've never once gotten a mail from an angry user because I didn't actually delete the bits from the hard drive when he hit the delete button)
Oh please, do condescend to me about what sites I have run and which I have not, much less ones I have or have not written myself.
Look, I (and likely many others here) know what you're talking about, and it's not necessary. You can deactivate things, sure, but you can also say "This cannot be undone," and people will know what that means. Software has commonly operated this way for almost the entire GUI era (at least). These things aren't cut and dried nor required, and they are entirely the product of business rules and policies, which in your case sounds like a little bit of "blame the victim" ("well then you shouldn't have uploaded it"). Users know what a warning means in this context, though.
No condescension intended. Sorry if it came across that way.
I can only throw in my experience, which is that users of the sites I run have a history of not understanding what it means when they hit the delete button, regardless of how many warnings you give them.
As I said, it's a trade off. The upside for the site owner is less headache and angry users. The downside, at least in my experience, is nothing (apart from a red X on this website we're discussing today).
I basically agree with you that supporting undelete is a lot friendlier to 95% or more of the population. But you can get the best of both worlds by simply keeping it around for a fixed time (and letting the user know how long after they hit delete) and then hard deleting. You can even offer them a "if you didn't mean to do that, click here; if you would like to permanently delete this now, click here"
I don't think you are morally correct just because you haven't gotten any complaints.
In fact, until you make it possible for people to permanently delete things, you are not. The reason you haven't gotten any complaints is that the people who deleted things on purpose don't send you an email and don't know it can be undone.
Is it not as simple as to add a "Trash" function? It's been around on operating systems for years, everyone understands how it works and that you can restore something from the trash, but you lose it forever if you empty the trash.
Since this is something that's trivial to implement and is a UI principle that's extremely common, there is absolutely no excuse for keeping images around where the user wants to delete them. If you're annoyed at a dozen emails a month, you implement that and then you can easily respond "Wait, you sent it to trash bin, then deleted it, and NOW you change your mind?", in more polite terms.
(Edit: sorry, late for the party, I was linked here from another post on the same subject)
The only sensible choice would be to mark items as deleted for a while, say a week or two and then delete them for real. The site may even notify the user before the permanent deletion, so he/she can think twice about what to get rid of or not.
Also, this is not about whether someone steals your content but about it being your content. You should be able to do whatever you want to your content and that includes deletion.
It's one of those tradeoffs you make where you trade a tiny fraction of risk (e.g., that somebody might break into your system and steal the exact cat photo that one high profile blogger was embarrassed to have uploaded) so that you can have an easy fix for the dozens of emails you get each month from people who accidentally deleted the wrong photo and can't believe you deleted it even though I told you to and I'll sue you because that's ILLEGAL!
Definitely not worthy of a big red X against your site, since it's the only sensible choice.