On 2/2/17 03:53, Richard Newman wrote: > > - The old email address never becomes available for registration again. > > > That is, email -> FxA user never changes from one user to another. > > We could certainly do this, but it's not clear to me what value it would > deliver or what it would guard against. > > > My reasoning: devices (and potentially services) do, or must, sometimes > use the email address as a unique identifier for a user. > > For example, the FxA on Android is named by email. A service like > Bugzilla might similarly associate an external account with an FxA by email.
I'd prefer they didn't do this, but you're right, they often do... > If a new arrival can take a vacated email address, there is a chance > that they can take ownership of a service, or get consumers into a very > confusing state. If there's no benefit to taking ownership of a vacated > account, then I'd argue it's unnecessary risk. A good example here is Pocket. Pocket ties your FxA to any existing Pocket account with the same email. So you could get a scenario like: * I sign up to Pocket using FxA with o...@example.com * I change the address on my FxA to n...@example.com * Someone else re-registers for FxA with o...@example.com * They can now log into my pocket account To be fair, if they now control o...@example.com, they could use a traditional password reset flow to access that account on Pocket, and probably also to take over a bunch of my old accounts around the web. But I think I'm coming around to the suggestion that we disallow re-registration of emails, at least for the initial version while we get our heads around the broader ecosystem effects. Cheers, Ryan _______________________________________________ Dev-fxacct mailing list Dev-fxacct@mozilla.org https://mail.mozilla.org/listinfo/dev-fxacct