How hard is it to implement email verification?
this post was submitted on 19 Jun 2026
347 points (95.3% liked)
Mildly Infuriating
46383 readers
428 users here now
Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that. Please post actually infuriating posts to !actually_infuriating@lemmy.world
I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!
It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.
Rules:
1. Be Respectful
Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.
Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.
...
2. No Illegal Content
Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.
That means: -No promoting violence/threats against any individuals
-No CSA content or Revenge Porn
-No sharing private/personal information (Doxxing)
...
3. No Spam
Posting the same post, no matter the intent is against the rules.
-If you have posted content, please refrain from re-posting said content within this community.
-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.
-No posting Scams/Advertisements/Phishing Links/IP Grabbers
-No Bots, Bots will be banned from the community.
...
4. No Porn/Explicit
Content
-Do not post explicit content. Lemmy.World is not the instance for NSFW content.
-Do not post Gore or Shock Content.
...
5. No Enciting Harassment,
Brigading, Doxxing or Witch Hunts
-Do not Brigade other Communities
-No calls to action against other communities/users within Lemmy or outside of Lemmy.
-No Witch Hunts against users/communities.
-No content that harasses members within or outside of the community.
...
6. NSFW should be behind NSFW tags.
-Content that is NSFW should be behind NSFW tags.
-Content that might be distressing should be kept behind NSFW tags.
...
7. Content should match the theme of this community.
-Content should be Mildly infuriating. If your post better fits !Actually_Infuriating put it there.
-The Community !actuallyinfuriating has been born so that's where you should post the big stuff.
...
8. Reposting of Reddit content is permitted, but attribution is not required in any way. No links to Reddit in post body
-If you would like to provide a source link, do so in the comments but not in the post body.
...
...
Also check out:
Partnered Communities:
Reach out to LillianVS for inclusion on the sidebar.
All communities included on the sidebar are to be made in compliance with the instance rules.
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Harder, actually.
That's the point of OAuth, which is what you're seeing there.
The idea is that you're you and you have a... google account. This shitty little website doesn't want to be responsible for you login details, because those can get stolen. Maybe they contain an email address, which is a problem. Software needs to be updated, it's all a big. They don't want to touch anything in terms of security that identifies you as you.
Maybe all the website does is save your favorite pepe memes. They don't need anything else from you, but they still need to have something to get a user id and make sure nobody messes with your pepe meme collection. That's where this system comes in, because the rest of website becomes significantly easier. They don't need to store anything personally identifying, all they get is an ID and they can connect it with your pepes.
The only downside to OAuth is, as you can also see, that it's corpos you don't want to trust that are offering it.
Most users outside of Lemmy dgaf about corpos if it saves them having to type in an email address on their phone and get it right and then go to their email and then hit refresh a few times before going back and hitting send again and then checking their spam folder
But most oauth implementations use the user email as identifier so they get the email anyway
All the smarter ones don't because an email can change, your google account unique id will not, that's the purpose of account IDs.
I won't deny that many people/websites probably do use email though. Which is bad. But I can't deny that that probably is what is happening.
i saw many that use the email as "convenience", as the user can later login with a magic link (i hate those!) without the oauth or even using another oauth service linked to the same email
Okay, but where is the link to this Pepe memes page?
Unfortunately that was just an example.
Yeah show us deh memes
Yeah, some of the same reason everyone uses stripe or PayPal for payment systems. If the site itself handles the cc info it holds all the liability, and has to pass rigorous POC testing and compliance.
While I get that, it is still unfortunate that no open-source, trusted variant can be part of the usual ways.
That's... mostly because of popularity and it depends on whether some service is offering OAuth and if the website in question is using THAT identity provider.
For example, mastodon is technically offering it.
https://github.com/mastodon/mastodon/pull/16221
but this is the docs page:
https://docs.joinmastodon.org/admin/optional/sso/
So the answer in this case is to just grow, promote and support what we're already doing: fediverse stuff.
Actually, there are some open-source self-hosted alternatives like Hydra but no one implements it :( I have seen only 1 site that support it
There's really no reason something like that couldn't exist. A foundation would just have to decide to dedicate the resources to it.
The issue is it would have to gain significant adoption in order for web admins to think to include it. This list here is actually a lot larger than you usually see. It's often just the big 2 or 3.
I might trust Mozilla and I already have an account...
They can? They are in some cases!
Just usually indie stuff. There's Login With Mastodon on plenty of websites.
Even something like bitwarden would be nice
Exactly!
Was just about to say getting Auth right is super hard. Getting someone else to do it for you is a godsend.
I have no account with the above. I wouldn't make one for being able to use another service.
No idea what the product is here, but I guess I'm not their target audience. Which is fine.
Just have a spam account?
spamspamspamspam2026@gmail.com for e.g.
That's the OP's point - logging in by email is not an option.
A gmail account is a Google account.