Reddit account for 13+ years. Constantly prompted to provide email. Have no desire to have any personal information in it whatsoever, so never provided any. However, it is the only account I’ve ever used for extensive long term discussion and community involvement. Thousands of comments in discussions with other folks on topics I’m interested in. Logged in from many different locations and platforms over the years. Opted to never enter an email. Have never forgotten password, never needed to reset password. Didn’t care about recovery. If the account is lost, so be it. Logged in recently to a banner saying my account has been “suspended for suspicious activity security reasons” and the above message. The only way to recover the account is to “reset the password by entering an email”. Created a random anonymous email online, entered it as a fresh new email never provided before, reset link shows up in email, reset password, back in the account.

If I had to make a cynical skeptical guess - looks like an obvious stunt in advance of the IPO to grab a bunch of emails for accounts that didn’t have emails in order to drive up account metrics used for valuation. Side note, I did receive the IPO invitation.

I spend more time on Lemmy now because the phone apps are awesome. I only hang on to Reddit because there are some communities that exist there that don’t have Lemmy equivalents. But I have been thinking about running one of those account comment / post scramblers and then deleting. This is bringing me closer to that decision.

  • LibertyLizard@slrpnk.net
    link
    fedilink
    arrow-up
    61
    ·
    edit-2
    9 months ago

    How would this provide any measure of security if your account had been hacked? So the hackers just need to provide literally any email address? That doesn’t pose much of a barrier.

    • elvith@feddit.de
      link
      fedilink
      arrow-up
      7
      ·
      9 months ago

      I think newer accounts can only be created, when providing an email address. There may be some old accounts that don’t have an email address associated. So, in most cases, you’d just be able to restore the account if you have access to both the account password and the email address. This breaks apart, if there’s no email address associated so I think they provided this way of recovery although it doesn’t improve security since it only applies to very few accounts?

      • LibertyLizard@slrpnk.net
        link
        fedilink
        arrow-up
        2
        ·
        9 months ago

        So you think it’s just a mistake overlooking a small number of accounts? Seems possible. I am curious how many such accounts there are.

        • elvith@feddit.de
          link
          fedilink
          arrow-up
          3
          ·
          9 months ago

          Not quite. If they had overlooked a few accounts, they’d probably not even implemented that function. They’d just said "well, if you forget your password - or need to change it - you need to use the forgot password workflow that sends an email. Everyone without an email Adresse associated with their account would be SOL.

          Since they implemented it, they are aware of such accounts. But since “providing freely any email address for a password reset” makes absolutely no sense, this should only work for this special case - accounts without an associated email address.

          Whether it’s only done for unlocking accounts, whether this would have also worked when clicking on “Forgot Password” or whether this account lock and unlocking workflow might even be intentional to associate an email address to such accounts, is unknown (to me)

      • Couldbealeotard@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        9 months ago

        Last time I checked, you can still make one without an email, but you have to click on a very small ambiguous hyperlink during creation. It’s possible this is no longer the case.

        Being able to make throwaway accounts has been the back bone of Reddit for a long time. People want a right to privacy.

      • cqthca@reddthat.com
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        I can say by using multiple portable chrome instances that reddit now requires an email, but you seem to have an option not to verify it. But it has a nag to verify. example h@h.hw would be good enough for an account, but they would send a verify email to that account. I got tired of their petty crap after I’d be in for 10K karma and some person would be angry with my reasoning and since I deleted my comments by script, I didn’t have an appeal option. I’m trying this place out