One problem I've encountered is that usually sites won't allow you to register an account if the email address is already registered at that site. So if I register foo@gmail.com then someone else can't accidentally register foo@gmail.com. But they can register f.o.o@gmail.com just fine.
So I mean at my Gmail I have all manner of different Facebook accounts with various misspelling of my email address notifying me of stuff, none of them are mine. I'm sure they entered my email address (with dots) by accident, not on purpose.
I appreciate that sites not allowing you to register the same email address twice hardly solves everything, as I absolutely get email to my actual correct Gmail address from random sites I've never signed up for. But at least it would help in certain cases like Facebook where I do have an account.
LOL this reminds me of a hilarious bug (but only in hindsight!) I had with Discord just three days ago!
I tried to login to Discord. It detected a novel browser or location. Sure, this stuff can happen. It wanted to confirm that I was still me and asked me for my e-mail address. I gave it and it said "This e-mail address is already registered". What. Of course it is. It's me. Mine. The one I have registered with you.
Since I have a few useful things tied to Discord, I felt my pulse go up. I googled for answers, found a Reddit thread with this specific problem. They said "Hey, if you use Gmail you can use the dots-are-ignored-feature to give Discord a "new" mail that will still go to you, allowing you to verify it!" (https://www.reddit.com/r/discordapp/comments/12makhd/verify_...)
Sounded clever so I gave it a fore.name.sur.name@gmail.com variant.
Sure enough, I got the mail.
I logged in. I gasped as I realized Discord had now created a new, empty user for me! It somehow thought I was a brand new user despite this was only a user account _verification_ due to changed IP or whatever to begin with.
I tried logging in to my original account once more and now I somehow got in! The verification on my new account had somehow triggered (cookie? I have no idea) that I was trustworthy again. Phew! I promptly deleted the new-account-going-to-same-mail and breathed normally again...
Instead of clicking the "login" button on discord's home page, you clicked the "Open discord in your browser" button.
This, by default if you're not logged in, takes you to a create account flow. The prompt you entered your _username_ into was the "Pick a display name" prompt. If you enter, say, "user" it silently adds numbers to your displayname to make a new username ("user1234"), rather than redirecting you to the login page or prompting you about it (like most other sites do).
At the end of the flow is a "Finish signing up", "claim your account" prompt (which really is the end of the "create a new account" flow, the ephemeral account without an email you're using there is in a partially signed up state).
This is the box where you were entering your email, getting a conflict, and ended up using a new email to create a totally new account.
I know people who use hacker news are on-average much less tech savvy than the average discord user, so I can get why you missed the login button on the home page and instead went through the "create account flow", but everything that happened is "working as intended" rather than a "bug".
I do agree the flow there is pretty confusing. They've managed to make the new user signup flow so optimized you didn't even realize you were doing it.
Still, by the time it was telling you your email was already registered, you really should have slowed down and noticed it was telling you you were creating a new account rather than using a new email address for some reason.
You're trolling, right? Discord's sign up pattern is similar enough I've actually made this mistake not once, but twice. I think it's closer to a failure of design than anything else - it's almost never correct to blame user error for things like this.
> I know people who use hacker news are on-average much less tech savvy than the average discord user
Sarcasm? Serious question. I used Discord exactly once, many years ago, and it appeared to be mostly children playing video games. I hear things have changed, but it’s hard to imagine a more tech savvy group than HN.
I hate that prominent sign up, hidden sign in pattern so much. Is it simply that a tracking system "discovered" the sign in button isn't statistically used that often so someone concluded you don't really need it?
You might be right but then why did I get in just fine the second time I opened Discord after these hoops? I clicked on the same button both times. That was about as surprising for me, that I was just suddenly logged in and fine again. On my old account. And the Reddit thread is full of people falling into this trap too?
I hadn't thought of getting possibly locked out of Discord for something so stupid. I have so much going on in there as far as dev comms... That makes me nervous now. Is there a way to export anything just in case?
I've done this at least twice for the same reasons, and it's lead to me pulling my number off discord twice now. It's stupid how similar logging in and creating an account look.
What actually happened here is that the parent commenter, instead of clicking "login", entered their username into a "enter a display name" prompt on the home page, which registers a new account using the string you entered as a _display name_, and generates a random username.
The parent poster then did not realize they had created a new account and, even when it told them their email address was registered to a different account, somehow didn't realize they should go click login instead.
I think the easiest way for discord to make this a not-confusing experience for people who aren't tech savvy enough to click "login" to login, is to make it so the signup flow is a normal explicit "Enter email, enter display name, enter username" prompt, not a flow where they silently create a username if you _just_ enter a displayname.
The reason this would help is because forcing the user to enter a username early on lets you display a "Would you like to login instead?" message if the username conflicts.
Having the user enter a non-unique displayname, and silently creating a random unique username, means the signup flow no longer has the ability to say "Are you sure you don't want to login?"
Of course, discord mostly targets relatively tech-savvy users, not the average hacker-news-user, so it probably isn't that big a deal for their main demographic.
Not trying to mislead existing users into creating new accounts.
It's really annoying that on some websites you have to open up multiple dropdowns to reach the login page, also passing five sign up buttons on the way there. It's even filled with dark patterns, with the sign up button blinking and screaming at you to click it every single time, while the login button is made smaller and grayed out. I remember GitHub pulling this shit some time ago. Once I truly couldn't find the login button and gave up, opting to guess the URL/find it in history.
What is even the purpose of that? Is it truly a scheme to get users to sign up multiple times for the same service so that the user number goes higher? That seems too dumb.
No, just @gmail.com ones, and maybe a few others - not all email providers ignore dots.
But if you do this you better do it everywhere you use email. Otherwise you can get some pretty nasty bugs where two emails aren't considered the same sometimes, are are considered the same other times.
Doesn't Facebook require users to verify the email address with a confirmation email? If so, the only Facebook spam you should be able to get would be such confirmation emails. Or what am I missing?
I can't speak about facebook but I am in the case of having a gmail address[1] with my first name initial followed by my last name and I am in the case of having people with same last name and first name initial using my email address to register. That box is polluted by regular confirmation emails followed by spams from the same many websites. It turns out that more often than not the confirmation email is made to protect the companies running the websites (I guess to limit bots and password that can't be reinitialized), not promotionnal mail registration. You still receive all the promotionnal and automated email regardless if the user is active. Different table in the database I guess. Also there websites/services that don't use confirmation emails as well as processes initiated through physical office/point of sale.
[1] now pretty much abandonned but I mostly keep it to avoid anyone obtaining it and impersonating me. I still need to do some housekeeping and make sure I am not registered anywhere with that address anymore.
In my experience, surprisingly few services nowadays require email confirmation, I suppose in the name of increasing conversions or something.
I've had a number of accounts opened in my address but with different dots (eBay, Spotify, Shutterstock) that didn't require confirmation.
I usually reset the password, inform customer service (who generally don't care, or don't want to do anything because it's not my account), and then I close the account.
Oh I wish that were true, I've been receiving email for years for someone who signed up to facebook with my email address. It's a horrible pain, you can't contact facebook without a facebook account, and I can't create one because someone already has one with my email address.
Do a password recovery, log in and simply delete the account.
I had to do this once when someone signed up to FB with my email address. It actually was an eye opening experience as to how much data FB collects from everyone.
Now keep in mind that:
1) I don't have a FB account myself
2) This person signed up with my email address (which is <something-generic>@gmail.com), but their name is completely different from mine
3) They didn't even speak the same language, when I logged in to the new account the whole thing was in Swedish or something like it.
So nothing at all linking the account to me, except a misspelled e-mail address. When I logged in, FB was happy to suggest I friend a whole bunch of people I know IRL. Including people that do not know the e-mail address used. Absolutely crazy. How were they able to link me to these people when I was signed in to a complete stranger's account?
Well I sort of did, didn't want to delete the guy's stuff, so I made a dummy gmail account, switched it to that and deleted the gmail account after weeks of spam emails and trying to contact facebook I figured he could do some of the hard work to get his account back.
Of course it backfired, after he stopped using his account facebook and a couple of weeks facebook started sending begging emails to my email account again (don't believe them when they say they delete anything), I still get the occasional "what you've missed on FB" emails and about once a year the guy tries to recover his account and I get an email, I'd drop him a note, but the only email address I have for him is mine
Facebook shouldn't be sending you those emails at all, to be honest, assuming you never clicked the verification button.
That said, clicking the "report spam" button should allow you to unsubscribe from such emails without dealing with logins or whatnot. Gmail supports certain unsubscribe headers that'll automate the process, which should make getting rid of Facebook's spam a lot easier.
The trouble is that Facebook doesn't know every email providers rules and which email addresses the email provider considers equivalent. So for Facebook, foo@gmail.com and f.o.o@gmail.com are two separate addresses (and indeed foo@hotmail.com and f.o.o@hotmail.com probably really are two separate addresses probably controlled by two different people).
You're right that if Facebook required the email to be verified (by sending an email to it) before it could be used with Facebook then two different people wouldn't be able to have two separate Facebook accounts with one of them having an email address controlled by someone else. However, Facebook, in order to "reduce friction" and "reduce time to first value" is happy for you to use an unverified email address and they're happy to send a variety of emails to that address (including lots of emails telling you to finally verify that address).
clicked register new account
Entered Name, DOB, Email
Now I'm stuck, can't proceed past "Enter the code from your email" and going to https://facebook.com in a new browser tab takes be back to the "enter code from email page".
I doubt they will send any chaser emails but I will report back in some time
I just did the same thing with the opposite behavior, you’re probably coming from a bad internet neighborhood. Facebook does a lot of reputation stuff in their login and onboarding flows.
I don't understand how someone could sign up for a site with f.o.o@gmail.com in this example. That person would never receive email from the site (like a confirmation), because the foo@gmail.com owner would receive the confirmation. Doesn't Facebook require confirmation before the account is created?
I have exactly the same problem, and it has made my gmail account almost unusable. I have at least 150 unwanted emails per day (80% of them get caught by the spam filter)
Bear in mind that since there are a lot of websites (hundreds at least), and you haven't signed up to all of them, you can end up getting emails from websites you didn't sign up for even, when you're not using Gmail. I doubt it makes this minor problem appreciably worse
So I mean at my Gmail I have all manner of different Facebook accounts with various misspelling of my email address notifying me of stuff, none of them are mine. I'm sure they entered my email address (with dots) by accident, not on purpose.
I appreciate that sites not allowing you to register the same email address twice hardly solves everything, as I absolutely get email to my actual correct Gmail address from random sites I've never signed up for. But at least it would help in certain cases like Facebook where I do have an account.