Hacker News new | ask | show | jobs
by jonathanpoulter 2015 days ago
Maybe they're looking to get a lot of granularity. Thinking of, https://haveibeenpwned.com/, you could give an email address and get value from the site, but there's no need for an account. Assuming you store the email that's certainly more of a privacy/security risk than using it once and throwing it away.
1 comments
WA 2015 days ago
Possibly. The wording is odd. It assumes that I have information about the identity of a user, but the only thing I have is the email address.

If my app asks for more data, which are backed up as a service to the user (no tracking), that is of course connected to the email address of the account. However, there is no effort from my side to find the actual identity of the user.

This whole identity thing is very confusing. Might need to contact Apple developer support.

link
dwaite 2014 days ago
The email address is considered information about the identity of a user. It is a very broad concept.

If the user has state or permissions on your site based on that email address, that email address is part of the user's account on your site.

link
nicoburns 2015 days ago
Yeah, they even ask that about User ID. I just answered yes.
link