Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

By not providing 3rd parties access to email, Apple makes themselves not only the controllers of the physical devices and also over the full identity of their users

Third party apps don't have to use e-mail for logins. They can use user names.

Backers of e-mail based sign-in often call it a "frictionless" method for the users to sign up. What it really is, is a frictionless method for them to collect information about their users.




As a user, I'd much rather use my email than have to make up a new username for every site. Emails are already public, it's not always some cynical conspiracy.


Uh, email addresses aren't already public - there isn't some magic email directory in the cloud (I mean aside from those aggressively hoarded by trackers, advertisers, and marketers because you had no choice but to use your real address once).

But this is also specific to "social" logins - eg ones where you aren't intentionally providing your email address.


They're a public endpoint designed to intake communications from anybody. Identity is an outcome from people using the same email, and that's a valid reason for using a proxy, but the address itself has always been public.

More in-depth article about it: https://www.troyhunt.com/im-sorry-but-your-email-address-is-...


If you just have a username and password, what do you do for account recovery after a forgotten password? If not an email address, would a cell phone number be any better?

For accounts that really matter (not throwaways), someone needs to know a fair bit about the user's identity to ensure recovery works. It can be delegated (and probably should be), but that moves the identity problem rather than eliminating it.

Maybe someday we'll all have two Yubikeys (one for backup) and register with each website using them, but that's not how things work today for most users.


You obviously provide an E-mail address in your user profile. You don't have to log in with it.

This "problem" has been routinely solved by free forum software and other systems for decades now.


Yes, but traditionally we didn't mind sharing our E-mail address with random Internet forums.

(I still don't. My email address is public. But some people apparently do.)


The only accounts that really matter to me are:

- financial accounts: they would never use a third party login anyway.

- social accounts: None of them are going to let you login with third party accounts anyway.

- work accounts: Again they arent going to use social media accounts. They are going to use some type of ADFS federated account.

- My AWS account: I use Google Authenticator for that.


Google lets you set a backup email for account recovery.

I lost my original Reddit account because I never gave them my email address and it was hacked. (Using a throwaway password set back when I didn't care about Reddit.) I contacted support and they shut it down, but without some other way of knowing it belonged to me, wouldn't give me my account back.


My comment was directed more to using “Sign in with Apple” for accounts “you care about”. None of the accounts I care about, use third party logins.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: