
“I guess you can’t use NYU Libraries if you don’t have Twitter or Facebook?” - troydavis
https://twitter.com/dietrich/status/956937724983783425
======
prappawrap
So create a garbage account, that voids any premise of authenticity or
identity to the social login.

Certainly this is jumping through hoops, and performing a silly dance to get a
cookie.

One might suggest that it’s not a terrible idea to share passwords to these
kinds of accounts with random strangers (written in bathroom stalls at train
stations and airports, passed around at bars and restaurants), in order to
further confuse authenticity and identity, rendering any attempt at harvesting
or collecting interesting information from these emphemeral accounts as
fruitful as trying to feed one’s self with the residue extracted from the
insides of candy wrappers found in the garbage.

~~~
nextstep
Harder and harder to do as these social networks require a phone number to
create an account.

~~~
prappawrap
Which is why it’s important to share intentional junk accounts with random
strangers, forging a pool of vagrant hobo accounts.

Doing so renders burner identifiers more burnt than if one were to abandon
them in a non-reusable state.

Sometimes such accounts will be hoarded or closed off by vigilantes who might
opine that this behavior is somehow immoral or ethically reproachable, even
though it isn’t, but so what?

------
trevmckendrick
The response tweet from NYU:

"This is our login option for visitors. NYU community and consortium members
are able to login with their school IDs. If you require assistance please use
the Ask a Librarian chat on our homepage."

~~~
toyg
More relevant, further down: "NYU is a private university. The social media
login option is only for visitors who are engaged in onsite research. Our
materials are not available to the public online."

------
farnsworthy
I assumed HN would guess this, whereas Twitter wouldn't:

Wasn't this most likely a simple technical implementation shortcut/limitation?
(Which they're now having to defend as a "policy" decision against the
tweetrage?)

In other words, I assume it's an organization with a limited technical staff
and budget who just followed a means--social login--to an end (since everybody
has one of those, right?).

~~~
echlebek
Probably. Getting oauth2 to work with Facebook and Twitter is dead easy, and
far more secure than rolling your own email auth.

~~~
hungerstrike
Easier and more secure are debatable IMO.

You don't have to roll your own in order to signup users with email. There are
plenty of libraries out there to do it just as securely as Twitter and FB.

------
bardworx
From my experience in dealing with NYU (technical side of merchant dealing
with NYU student cash cards), a bunch of stuff is outsourced. I think the last
reply in the twitter feed “WTF” is a bit sensationalized.

Yes it’s annoying but they have a revolving door of students and visitors.
Managing security is tough. Outsourcing to 3rd party for validation makes
sense and brings cost down, even if it pisses of a few folks.

~~~
madez
> even if it pisses of a few folks

Are there only a few people who realize how big of an issue having no vender-
neutral solution is? That'd actually scare me.

If you think this deeper, then why not organize the voting of the government
through Facebook or Google? That'd outsource the identiy management, so it's
cheaper.

It's depressing how many people are blind to consequences of technological
decisions, especially when financial incentives are at play.

~~~
revicon
What would be a "vender-neutral" solution in this case? There are very very
few people that host their own email servers on the internet meaning almost
everyone hitting this login window have a gmail/yahoo/whatever email address.

~~~
madez
A good way would be to accept gpg keys as identities.

~~~
Shoothe
Indieauth.com does just that:
[https://indieauth.com/pgp](https://indieauth.com/pgp)

------
dethos
This is very dangerous, the assumption that everyone should have an account on
a specific private company, even if it is free.

------
bitwize
Ownlife is doubleplusungood.

------
anfilt
Really?

~~~
craftyguy
Yes. It would appear so, based on the 'conversation' on that there social
media network OP posted.

~~~
anfilt
I mean really as in that's batty. Probably should have put in a few more
words. I can't give the written word a tonal inflection to add context. I
could say "Really! How laughable is that."

------
myroon5
non-mobile link:
[https://twitter.com/dietrich/status/956937724983783425](https://twitter.com/dietrich/status/956937724983783425)

~~~
dang
Changed, thanks.

