Hacker News new | past | comments | ask | show | jobs | submit login

That’s great—as long as that token can’t be trivially re-randomized and huge bonus points if that “real person bit” is a thing.

I haven’t investigated Facebook or Google SSO in depth (I always considered it a bit distasteful to participate in making these behemoths more indispensable) but if they offer some useful metadata that allows me to exclude G/FB accounts which are inauthentic or freshly created, I might look into it too.

Re-randomizing the email wouldn't make sense, as it's not the user identifier. It's literally just an email address, unique to the combination of your app and the user. If it could be re-randomized that wouldn't affect your ability to identify the user.

The "real person bit" is a thing. It's the sole bit of information Apple gives for free, which is either that Apple thinks it's "highly likely" that the user is a real person (the bit's absence doesn't mean Apple thinks it's a bot, it just means Apple can't be confident it's a real person, which might simply mean Apple doesn't have enough information to make that call).

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact