"99.9% of websites on the Internet will only let you create one account for each email address. So if you want to see if an email address has an account, try signing up for a new account with the same email address."
Yes, but signing up is a more cumbersome process and usually has a CAPTCHA attached to it, unlike logging in.
> Yes, but signing up is a more cumbersome process and usually has a CAPTCHA attached to it, unlike logging in.
My guess of what is most common is that the actual trying to create a user in the backend/database is protected by a captcha, but checking if the email/username already exists is a separate endpoint that the frontend hits while filling out the signup form, before trying to create the actual user.
But it's just a guess, and I can already think of many examples where that doesn't happen, which is for good reasons.
> but checking if the email/username already exists is a separate endpoint that the frontend hits
I'm sure this happens in some cases, but it's definitely not a good practice, would hopefully get flagged by any pentesting or security audit, and also, most people use some sort of framework for auth (devise for Rails, Spring Security for JVM, or similar) - and those usually don't work in that way.
The only site that has ever asked me to solve a CAPTCHA before browsing content was pcpartpicker.com, and even that one stopped making me solve a CAPTCHA.
Do you browse the web behind a VPN, Tor, or something else to hide your IP? That's been known to trigger CF's CAPTCHAs.
Yes, it's my VPN triggering it. I run my own Wireguard on a DigitalOcean box, and I'm the only user--so not exactly a lot of bad traffic coming off of my IP (may have in the past, though).
With the prevalence of Cloudfare now, it's pretty onerous to captcha every visit to a new site just because VPN. You would think Cloudfare could at least give me a "session" that persisted across the web, if they're going gatekeep the whole fucking thing.
> I run my own Wireguard on a DigitalOcean box, and I'm the only user
May I ask why you bother doing this? At best, unless Wireguard is also filtering your traffic, the only privacy you're getting is hiding your home IP address. Trackers will still track you by IP and build a profile based on it.
> You would think Cloudfare could at least give me a "session" that persisted across the web, if they're going gatekeep the whole fucking thing.
I'm just tunneling, really. I prefer the logs on my WG box vs the local ISP and whoever else in-between. I don't think my webhost is really in the business of tracking down VPN users and selling out their browsing history, although it's possible. I do think my ISP probably is cashing in on people's browsing history, though, in some form or fashion.
I use a pi-hole as well to block the trackers etc as much as possible, and so I don't leak DNS requests to the ISP either.
The only one I could think of would be the John Brown Gun Club. One of their members committed a terrorist attack on an ICE facility back in 2019 so perhaps that's why PayPal flagged the post author.
Honestly I feel like jQuery is my "secret weapon" similar to how Lisp is Paul Graham's in Beating the Averages. It's so much more productive than vanilla JS with negligible impact on performance, especially with caching.
My least favorite form design "feature" is when they don't allow you to manually enter the date and you have to click a dozen times in a calendar to select the correct date.
WRT the query not in the address bar - this is probably because then something like tuxdex.com/?terms="embarrassing search" doesn't show up in history or suggestions.
also to handle the case of browsers sharing the referrer url, though firefox only shares the domain and noreferrer html and security tags exist as well
