| ▲ | HPMOR 2 days ago |
| Why is this the case? I don't understand, can somebody explain the logic to me here? |
|
| ▲ | ares623 2 days ago | parent | next [-] |
| Maybe used the email address as a primary key. Ask me how I know. |
| |
| ▲ | Glyptodon 2 days ago | parent | next [-] | | That was my first guess TBH. Mostly because it seems like the kind of thing scientists writing Python would do. | |
| ▲ | prmph 2 days ago | parent | prev | next [-] | | So with all their billions they could not get a proper software engineer to architect their project? Unless there is some deep technical reason why things have to be this way, which I very much doubt. And now they can't change it? Where is Claude when you need him/her | | |
| ▲ | jaggederest 2 days ago | parent [-] | | The funny thing is that if you ask Claude if you should use email address as a primary key it will pretty adamantly warn you away from it: > I'd recommend against using email as the primary key for a large LLM chat website. Here's why: > Problems with email as primary key: > 1. Emails change - Users often want to update their email addresses. With email as PK, you'd need to cascade updates across all related tables (chat sessions, messages, settings, etc.), which is expensive and error-prone > [Edited for length] |
| |
| ▲ | blitzegg 2 days ago | parent | prev | next [-] | | Well it does eliminate a whole list of problems related to account takeover, account recovery workflows, legal questions regarding which email owns the data, etc. Sometimes less is more. Secure, reliable, simple. | | |
| ▲ | darth_avocado 2 days ago | parent | next [-] | | If anything, this makes account takeover and account recovery way more difficult. It probably makes a bunch of legal stuff easier for them, but that’s about it. | |
| ▲ | prmph 2 days ago | parent | prev [-] | | I fail to see how preventing email changes solves the issues you listed, or how allowing it necessarily makes them worse. | | |
| ▲ | blitzegg 2 days ago | parent [-] | | That's pretty obvious to anyone who had to maintain a high traffic site. Just the tip of the iceberg (I haven't included additional legal issues and other): 1.1 Strong protection against account takeover Email change is one of the most abused recovery vectors in account takeover (ATO). Eliminating email changes removes: Social-engineering attacks on support SIM-swap → email-change chains Phished session → email swap → lockout of real user Attacker must compromise the original inbox permanently, which is much harder. 1.2 No “high-risk” flows Email change flows are among the highest-risk product flows: Dual confirmation emails Cooldown periods Rollback windows Manual reviews Fixed email removes an entire class of security-critical code paths. 1.3 Fewer recovery attack surfaces
No need for: “I lost access to my email” flows Identity verification uploads Support-driven ownership disputes Every recovery mechanism is an attack surface; removing them reduces risk. | | |
| ▲ | MattJ100 a day ago | parent | next [-] | | You're very wrong, because account takeover can still happen due to a compromised email account. People can and do permanently lose access to their email account to a third party. | | |
| ▲ | TheNewsIsHere a day ago | parent | next [-] | | Having worked in security on a fairly high profile, highly visible, largely used product — one of the fundamental decisions that paid off very well was intentionally including mechanisms to prevent issues with other businesses (like Google) from impacting user abilities for us. Not having email change functionality would have been a huge usability, security, and customer service nightmare for us. Regardless of anything else, not enabling users to change their email address effectively binds them to business with a single organization. It also ignores the fact that people can and do change emails for entirely opaque reasons from the banal to the authentically emergent. ATO attacks are a fig leaf for such concerns, because you, as an organization, always have the power to revert a change to contact information. You just need to establish a process. It takes some consideration and table topping, but it’s not rocket science for a competent team. | |
| ▲ | cromka a day ago | parent | prev [-] | | This is a logical fallacy. That's like saying security of the website is not important because someone can still steal your laptop. | | |
| ▲ | MattJ100 a day ago | parent [-] | | What logical fallacy, exactly? I think you're perhaps misunderstanding the conversation. This translates just fine to your proposed analogy. In your analogy, the claim would be that some online account is tied to a laptop and whoever possesses the laptop has access to that account. The online service does not permit the account owner to revoke access from that laptop and move the account to a different laptop. I stand by my statement that this would be a serious security hazard. Because yes, laptops can and do get hacked or stolen, just like email addresses. Where your analogy isn't quite as strong is that at least you can generally add additional anti-theft protections such as full-disk encryption to a laptop, while with an email account generally 2FA is the best you can do. |
|
| |
| ▲ | tzs a day ago | parent | prev | next [-] | | > Attacker must compromise the original inbox permanently, which is much harder This may need further analysis. I'd guess that a significant fraction of the people that want to change the email address that identifies them to a service want to do so because they have a new email address that they are switching to. Many of those will be people who lose access to the old email address after switching. For example people who were using an email address at their ISP's domain who are switching ISPs, or people who use paid email hosting without a custom domain and are switching to a different email provider. A new customer of that old provider might then be able to get that old address. You'd think providers would obviously never allow addresses used by former customers to be reused, but nope, some do. Even some that you'd expect to not do so, such as mailbox.org [1] and fastmail.com, allow addresses to be recycled. [1] https://kb.mailbox.org/en/private/e-mail/when-is-a-deleted-a... [2] https://www.change.org/p/stop-fastmail-recycling-email-addre... | |
| ▲ | prmph 21 hours ago | parent | prev [-] | | Are you using LLMs to do your thinking for you? |
|
|
| |
| ▲ | sixothree 2 days ago | parent | prev [-] | | They also allow google accounts. I guess they use the email for that too? |
|
|
| ▲ | aunty_helen 2 days ago | parent | prev | next [-] |
| I know, what’s so special about email? The common thing between your accounts, that the company that has a lot of chat history is allowing you not to change? |
|
| ▲ | perotid 2 days ago | parent | prev | next [-] |
| >When creating an account, please make sure you use an email you'll have long-term access to. I'm just guessing, but the above might suggest a potential incentive: They would like you to hand over a valuable/longterm email, as opposed to a temporary email (for supposedly more privacy or testing), by making it difficult to change it later. 'Dark patterns are the pavement of todays corporate infrastructure.' |
|
| ▲ | rbtprograms 2 days ago | parent | prev | next [-] |
| I can only assume there is some database structuring issue where things would potentially be broken if emails aren't update correctly, but I'm just guessing. |
|
| ▲ | CPLX 2 days ago | parent | prev | next [-] |
| If I had to guess, it's to stop people from acquiring a high reputation with Anthropic and then selling the account or giving it to other people. Obviously, there's a way to do that still. Not saying it's a good idea. But if I had to guess as to why, that's the one that comes to mind. |
|
| ▲ | doctorpangloss 2 days ago | parent | prev [-] |
| To reduce subscription sharing. It’s not complicated. |
