Things get ambiguous when account names are a persons real name, same for the email address. IP Addresses are also ambigous because of their topical use.
Hacker News may log IP Addresses but there is an argument where these IP Addresses can be "traced". Trouble is an IP Address is PUBLICALLY identifiable information. It can be viewed easily and there are no real correlative relationship between IP and person.
An argument can stand to say "Hang on, I'm sending this message to Hacker News website via my mobile phone, that has an IP Address mapped to my device, therefore indirectly my IMEI device number is mapped to an IP Address where that IMEI number is mapped to an IMSI number on a SIM card which could be linked to subscriber contract details".
Yes true, but that IP Address is from a pool of addresses assigned to that mobile device via the connection provider. It changes based on DHCP Leasing rules.
Passwords are not personally identifiable information. HOWEVER, Hacker News still has a responsibility to protect that information.
What specifically would trigger you to wonder?
Well, I do.
> You can't download a copy of your entire posting history
Yes you can.
http://hn.algolia.com/api/v1/search?query=author_:krapp
> You can't can't edit or delete comments after a certain window
Yes you can, just not automated. You could mail the moderators with a request.
> You can't edit your username
Why would you, that's your HN identity, not your identity in real life. You ascribe more power to the GDPR than it has.
> you can't delete your account
Have you tried mailing the moderators to ask them to delete your account?
> Full control over your profile would allow you to do all of those things without needing to contact a moderator or use a third party service.
No, the GDPR does not say anything about the company having to automate these things, only that there should be some way to do them. On HN the moderators are in charge of those things. So if you really want to delete your account feel free to contact the moderators. And the GDPR also does not forbid for the company to engage a third party to export the data (though, funny enough, that third party would have to have a DPA with the company).
