Hacker News new | ask | show | jobs
by JSavageOne 1025 days ago
Personally I refuse to signup just to check out something I'm only passively interested in, and I will never understand why startups do this. I imagine they're immediately turning away >80% of potential customers vs. just letting people try out the damn product
4 comments
michaelmrose 1025 days ago
Any product that allows you to consume lots of resources including API calls, interact with other users, or share anything basically needs to be authenticated to avoid misuse. This covers virtually everything.

Sign in with google/apple can be virtually painless and only lets them know your email address, name, and profile pic if oauth is configured reasonably and its easy to tell on your side if its not because it asks for the additional permissions. You can also sign up with email without making the person go through a lot of malarky. Simply send them a sign in link instead of doing the whole normal dance. Click it and continue on.

If need be they can be prompted to fill out additional data if features require it.

link
JSavageOne 1025 days ago
Yea but if I haven't even seen the product yet, I'm not going to bother and give away my email + personal info.

I understand sometimes you need auth, but the app could just show the live app and then pop up a signup modal when the user tries to do something that requires auth (that's what I do on my apps)

link
gitgud 1025 days ago
It’s not the only way to prevent misuse for example: captcha’s, rate-limiting etc…

I bet they implemented the login anticipating misuse… and like all other startups, there’s only a tiny chance the product would be misused, but a large chance that many people won’t use it due to the login wall.

link
michaelmrose 1025 days ago
Effective captchas a much worse than logon with google or send a login link to email. Rate limiting might prevent the system falling over or spending all your money but it does near nothing for vandalism.

Rate limiting is like handing your football players packs of condoms instead of cups. It might be necessary but it sure as hell isn't sufficient.

I would suggest that if your app requires interaction with others you provide them with a test experience where they can read live data but not effect others. Gate functionality that might be misused with a request for an oauth2 login or email which you can send a login link to. Near zero commitment don't have to share anything beyond your email and name don't even have to make up yet another password. A few clicks and you are done.

You can provide almost as good an experience as you want without people getting their lols or their dollars off your other users.

link
Gnarl 1023 days ago
I really don't want google/apple knowing anything of what I do online, hard as that is, but I'm not going to help them snoop on me.
link
newusertoday 1025 days ago
i doubt 80% figure. Email is constant source of abuse and requires additional infrastructure so more and more indie products are sticking to social logins only.
link
pembrook 1025 days ago
Why wouldn’t the abuser just create fake gmail accounts?
link
newusertoday 1024 days ago
it is tougher to create fake gmail account than temporary email account in your own domain or using services that provide temp emails.

It also prevents from mass creation of email accounts for probing services as google is likely to detect that.

link
Gnarl 1023 days ago
Just a screenshot tour would be enough for me to see if I'd want to sign up.
link
dooraven 1025 days ago
pretty hard to show metrics to investors if you don't capture any of them
link