In the terminology the definition for an Actor can be better: An ActivityPub object acting on behalf of a User (It is not necessarily representing a user, maybe it represents a group, channel, the instance itself has one, too)
I agree. This is much more generic.
It not really outlined how Funkwhale should act when a remote delete request is received.
What I tried to convey was that a delete request should essentially remove any caches of tracks owned by the user and any personal data, but that can be made clearer.
In the solution section, step 3: We can either delete or thombstone, both isn't possible. I guess all userdata should be deleted from the actor and thombstoning it afterwards?
Yes. The associated data should be totally removed in line with user expectations and then the account should be tombstoned so that the handle can't be reused and so that it conveys what has happened.
API behavior, only users can delete their own account: Mods and Admins should be able to use this endpoint, too!
API behavior: We cannot send an E-Mail after the data (including the address) is deleted
So the best thing to do is to send a message advising the user that their account deletion is being actioned before the account is removed, yes?
Webapp behavior: I'd prefer to confirm the deletion by typing the name of the deleted object, eg the user
Webapp behavior: We also need to clean the localstorage (if not done by the logout already)
I don't know if this is done by the logout. Might be something to look into because it probably should be. Either way, we can add to the spec that this is required.
Do we really need to include the design group? We might be able to use our UI components and glue them together.
Possibly not. It's more of a UX thing than a UI thing, but we can lean on the existing modal designs.
Open questions: I prefer the 202 Accepted instead of success
MVP: ActivityPub enabled deletion for associated channels should be confirmed, this confused me. Deleting channels is slightly out of scope here?
Well, if a user deletes their account and they own channels, then the channels also need to be deleted since they're owned by the user. Since the channels are AP-enabled, we just need to make sure that they are following best practice when they are deleted (I suspect they are, we just need to confirm).