app-mining

app-mining copied to clipboard

Some apps require that the user provide an email to access the app. In some cases, this email is required before the user even signs in with Blockstack. It is our view that this requirement runs counter to the Blockstack ethos because it forces app users to give away personal information to a third party before even using the app. It is our position that is not compliant with Blockstack authentication which only requires the signed authentication token to access the app.

Proposal: Apps that require email in addition to Blockstack auth should be treated as if they are using 3rd party sign in methods and scored as such. Blockstack Browser should also make email optional by providing an option to skip it.

Why is is blockstack forum using email? I don't want to give my email I just want to sign in with blockstack?

Why is is blockstack forum using email? I don't want to give my email I just want to sign in with blockstack?

Because we didn't develop Discourse, other people did. Back when I wrote the Blockstack plugin for Discourse, it wasn't possible to remove email as a requirement...I'm not sure if that's changed now.

@larrysalibra What are your thoughts on getting the email id from email scope of Blockstack during login with Blockstack ID? Is this fine? I see a few apps do that today.

https://forum.blockstack.org/t/help-using-email-scope/8017/7

I propose that you get lower scores if you request the email permission without the option to not provide the email address.

The option would be to have two sign in buttons (until the blockstack browser allows to skip it): "Sign In with Blockstack" "Sign In with Blockstack + subscribe to the newletter"

Ideally, apps should sign in without email permission and then provide a button "Subscribe to newsletter".

Ideally, apps should sign in without email permission and then provide a button "Subscribe to newsletter".

I like to see this, maybe a permission manager like iOS and Android is needed for Blockstack Auth.

@larrysalibra 👍 to this change.

@larrysalibra chatting with team about this further. New onboarding we are working on could affect this. Suggest we pause on this change until that is in production and we feel like we are doing a great job delivering emails to devs.

Fine with putting this on hold. @jeffdomke can you share the on-boarding work you're doing?

`This discussion started out with addressing that some apps require that the user provide an email to access the app. Then the discussion got derailed into Blockstack onboarding. There is still the unresolved issue of some apps using the dark pattern of tricking the user into submitting their email address before onboarding. Let's also get back to the proposal that apps that require email in addition to Blockstack auth should be treated as if they are using 3rd party sign in methods and scored as such.