Now that there’s Blockstack Auth, there’s the possibility for services (i.e. this forum) to use Blockstack IDs as identifier. When taking non-serverless (legacy) services and linking Blockstack IDs to that, you have user data (i.e. private messages) that’s still under control of that service but linked to a Blockstack ID. But Blockstack IDs can expire and another user can pick it up (which could get even a bigger problem with crawlers etc).
Therefore the question raises what should happen with the linked data and I’d like to kick off a discussion about this.
- What happens with user data when someone picks up my ID after I forgot to renew it (or when I intentionally don’t renew it)?
- Should services delete my data when I revoke my ID?
- Do I lose my all my account data when I forget to renew my ID?
- Is it the duty of the service that uses Blockstack Auth to handle this accordingly?