Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

I would argue that registration pages should not let someone know if an email is in use - if a duplicate email is used in registration then the site should just send a quick email notifying the user that this email is already in use (with sensible DOS protection and email opt-outs etc.)

Your use-cases miss out one type of hacker/spammer/bad guy - the one who is only looking for you, they know your email, they want to profile you specifically.

Over the top/exaggerated example (with many implicit caviats!)...

Mr Smith has Mrs Smiths email - he uses it to try to register with a Dating Website - but hold on, it's already registered!

Now there could be 3 reasons for this...

1. infidelity

2. It pre-dates the relationship

3. A third party trying to cause trouble by signing Mrs Smith up.

I don't believe a company has the right to decide what data they hold on you is visible to the outside world - without expressly asking you.



What happens on the front end in that case? Would it be an irritating "Please check your email to continue registration" kind of situation? Because people don't like that as of 2010 ish


What sp332 said - there wouldn't be any extra steps as you would have to go to your email to complete registration anyhow.

You could have an extra link in your email which lets you update your existing registration details with the ones you've just entered, but that's not going to significantly extend the amount of time you take to register.


Yeah, I've gotten that recently. It's not that annoying, since you're going to have to validate your email address at some point anyway.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: