Hacker News new | past | comments | ask | show | jobs | submit login

The quora item looks like a leak to me, it confirms that a userid is valid before the credentials have been entered.



There was a lot of discussion about that one. That's also one of the purposes of my blog, to stimulate dialogue around these kind of details.

In this case, some answers on the topic can be found here I think: http://stackoverflow.com/questions/415/decode-email-address-...


I think it's because they're using FB for registration -

http://news.ycombinator.com/item?id=1594596

FB no longer functions this way for me - but Quora populates my full name and pic right after entering my email address (i.e. no credential submission required).


That's a good point, I guess if you did it with Gravatar instead it might make more sense as there wouldn't be any data leakage.


If profiles and e-mails are public (like at GitHub), it's not revealing anything new. Does make it easier though.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: