Hacker News new | past | comments | ask | show | jobs | submit login

Sharing trip information is done using registered email.

Could you provide any details? How is such "registered" email different than any other email?






"by using the email account you registered with"

not GP but like, ok, why can’t that be sent from any other email (user-provided or otherwise)?

My guess is that it's being send to the email the user registered with. And requiring them to provide a separate email from the one they registered with completely defeats the purpose of obfuscating the email in the first place, so I think it'd be unreasonable to ask a developer to implement a whole second place to put an email just to work around Apple denying access to that information in the first place.

At the very least Sign in with Apple needs to support a request for the user to enter the real email they want to use to be contacted by the app after-the-fact for cases where someone obfuscates their email but then wants access to functionality that explicitly requires their real email.


If I understand the model of the hypothetical app referenced above, they send email containing confidential (already, this seems problematic, but let's ignore that) "trip" information to some email address. Within that structure, then sure it's problematic to have to require two different email addresses. Except, you don't have to do that. Don't require an email address to start using the app. Let users enter whatever confidential trip info they want, keep a reference to the resulting DB records in a cookie, and only require an email address when the user wants to, uhh, get an email sent.

Having typed the foregoing, I realize now I'm basically just saying "don't use any third-party sign-in, including SIWA". Maybe it's fine that the ecosystem doesn't always cater to apps of questionable utility...


When you share a Trip with Tripit, or add a traveller, you enter their registration email. blahblah@gmail.com or something.

> My guess is that it's being send to the email the user registered with

I assumed otherwise because they specifically wrote "sharing". Still, I'm not sure agree with:

> requiring them to provide a separate email from the one they registered with completely defeats the purpose of obfuscating the email in the first place

I can't use most apps without providing an email, whether they need it or not. That's a much worse situation than not being able to use some features without providing one (which still assumes me having no access to or knowledge of my own iCloud email).


When you send an email, there's typically 2 email addresses.

But if you share a trip to a person who's on Tripit - they just get a notice and a record in their webapp.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: