webwizart
commented
4 years ago Why is is blockstack forum using email? I don't want to give my email I just want to sign in with blockstack?
Open larrysalibra opened 4 years ago
webwizart
commented
4 years ago Why is is blockstack forum using email? I don't want to give my email I just want to sign in with blockstack?
larrysalibra
commented
4 years ago Why is is blockstack forum using email? I don't want to give my email I just want to sign in with blockstack?
Because we didn't develop Discourse, other people did. Back when I wrote the Blockstack plugin for Discourse, it wasn't possible to remove email as a requirement...I'm not sure if that's changed now.
wilsonbright
commented
4 years ago @larrysalibra What are your thoughts on getting the email id from email scope of Blockstack during login with Blockstack ID? Is this fine? I see a few apps do that today.
https://forum.blockstack.org/t/help-using-email-scope/8017/7
friedger
commented
4 years ago I propose that you get lower scores if you request the email permission without the option to not provide the email address.
The option would be to have two sign in buttons (until the blockstack browser allows to skip it): "Sign In with Blockstack" "Sign In with Blockstack + subscribe to the newletter"
Ideally, apps should sign in without email permission and then provide a button "Subscribe to newsletter".
Walterion01
commented
4 years ago Ideally, apps should sign in without email permission and then provide a button "Subscribe to newsletter".
I like to see this, maybe a permission manager like iOS and Android is needed for Blockstack Auth.
stackatron
commented
4 years ago @larrysalibra 👍 to this change.
stackatron
commented
4 years ago @larrysalibra chatting with team about this further. New onboarding we are working on could affect this. Suggest we pause on this change until that is in production and we feel like we are doing a great job delivering emails to devs.
larrysalibra
commented
4 years ago Fine with putting this on hold. @jeffdomke can you share the on-boarding work you're doing?
njordhov
commented
4 years ago `This discussion started out with addressing that some apps require that the user provide an email to access the app. Then the discussion got derailed into Blockstack onboarding. There is still the unresolved issue of some apps using the dark pattern of tricking the user into submitting their email address before onboarding. Let's also get back to the proposal that apps that require email in addition to Blockstack auth should be treated as if they are using 3rd party sign in methods and scored as such.
Some apps require that the user provide an email to access the app. In some cases, this email is required before the user even signs in with Blockstack. It is our view that this requirement runs counter to the Blockstack ethos because it forces app users to give away personal information to a third party before even using the app. It is our position that is not compliant with Blockstack authentication which only requires the signed authentication token to access the app.
Proposal: Apps that require email in addition to Blockstack auth should be treated as if they are using 3rd party sign in methods and scored as such. Blockstack Browser should also make email optional by providing an option to skip it.