

The Anonymous User Pattern - choxi
http://roshfu.com/2012/01/16/the-anonymous-user-pattern.html

======
patio11
I tried this with BCC. It ended up being a _colossal_ support expense to have
guest accounts available as an option, and didn't lead to meaningful revenue.
(Literally less than $100 in about 6 months.) I had every possible variation
of "I used it at home and now I am using it at school and the evil computer
lost all of my work!!1 FIX IT NOW!", despite telling people multiple times
that exactly that would happen if they didn't put in an email address.

It is entirely possible that my implementation sucked or my customers are just
uniquely ... inexperienced with dealing with novel usage paradigms, but test
the heck out of this.

------
EvilTrout
Why not just create a User model that has a null username and password field?
If they sign up, you fill in those attributes. No need for a second table!

~~~
loquace
This is the first question that came to my mind too. And it feels like a more
accurate model of reality, since an anonymous user _is_ a user, just without a
username/password.

You could model this in other ways on the User model too, like having a
registered_at column, which, when blank, means an unregistered user. (In case,
for example, you wanted to autogenerate a username for anonymous users, for
display purposes.)

------
ch
Seems with this approach it should be easy for an admin to 'su' to a normal
user account and perform actions as that user. Nice for tech support and other
administrative operations.

~~~
choxi
wow that's a great idea, I hadn't thought of that! I guess that's just another
benefit of dissociating the identity (Identity) from the login (User).

~~~
ch
This is typically why you separate authentication and authorization. In your
case many authenticated users can be authorized to access a single identity.

------
ajhit406
We tried this for a healthcare Q&A site we built (under the assumption that
anonymity was paramount).

We blocked spam bots the best we could, but still had issues with actual human
spammers and a general lack of quality of submitted posts.

Pros: Questions submitted increased by almost 3x's Cons: Quality of questions
/ answers decreased considerably. Threatened the integrity of our overal
experience so we removed it.

------
wahnfrieden
I do this with my site, <http://www.manabi.org> to let users try reviewing
Japanese flashcards before signing up. They can do everything a normal user
can except for share their potentially spammy content with other users.

~~~
wahnfrieden
(I'd love to get input on my way of doing it, btw - lazy signup has some
unsolved UX challenges, I think)

------
joevandyk
I wonder how you prevent bots from creating millions of fake users. I guess by
looking at the headers for their user agent and have a blacklist of known
bots?

~~~
choxi
it's the same problem as allowing users to create millions of identities. if
it gets to be a problem, you can just start removing unclaimed identities from
oldest to newest.

------
guynamedloren
Great article, but that text shadow is horribly distracting. I'm a fan on
header text, but not so much on main content.

------
yesimahuman
I wonder what benefits localStorage would have over cookie based sessions in
enabling anonymous usage over longer periods of time. Are user behaviors for
clearing localstorage different from cookies?

Seems like an interesting thing to test on my new project.

~~~
politician
Tangentially, but you might also be interested in evercookie
(<http://samy.pl/evercookie/>) which exploits the fact that browsers have made
clearing cookies, localStorage, and a few other things into separate tasks, so
the probability of users correctly clearing everything is low.

(caution: dark side points)

------
zrail
I use something like this on FivePad[1]. Users get a "profile" record right
away that gets attached to a "user" record as soon as they register.

[1]: <https://www.fivepad.me>

------
nreece
We use the same approach on Feedity - <http://feedity.com> and offer users
'signup & save' option at the end of the flow.

------
spicyxtreme
it would be interesting to know how this affects the bottom-line across
businesses. e.g. IMO, this will not work in the games industry. Anyone has any
experience implementing this to share?

