I do not recognize the problem the author talks about, but it seems weird. From the article:<p>> Prof. Aaronson, given your expertise, we’d be incredibly grateful for your feedback on a paper / report / grant proposal about quantum computing. To access the document in question, ...<p>It seems odd to want feedback and then ask someone to go and register somewhere, probably requiring to accept a bunch of legalese in the privacy policy and terms of service... Just attach the document you want feedback on, right?<p>At least if I'd email someone (out of the blue or an acquaintance) for feedback due to his expertise, I'd be grateful for the time taken and try to make it as easy as possible to do.<p>Edit: it has been made clear to me that it's not about individuals contacting the author, it's some big corporation that probably sends this out, probably in an automated manner. I still don't understand why anyone would bother with this when "peer reviews" can happen between "peers" (i.e. sending each other documents for review, rather than going through the middleman that everyone seems to hate such as Elsevier, if blog posts linked on HN are to be believed).
Recently, in my customer support tickets, more and more of my users have given me email addresses "protected" by <a href="http://boxbe.com" rel="nofollow">http://boxbe.com</a>.<p>When I write my reply to them and submit, I get an ACTION-REQUIRED from boxbe.com telling me to register + captcha so that I can get on the receiver's whitelist.<p>It's so invasive that I don't bother. They'll have to check their spam folder for my email.
Ha ha, I'm at the same "get off my lawn!" moment in my internet life to. The barrier "first, create an account and login..." is a one that very very few products can tempt me to do.<p>I realized recently that I have space in my life for three log-in websites (HN, a gamedev site, one subreddit), three web apps (gmail, github, slack), and three non-built-in phone applications (instapaper, ride sharing app, twitter). If there's something new in town - it needs to be more valuable than these to knock someone else out of rotation!
This is, in principle, no different than the fact that you have to log in to Github to create issues or add comments.<p>What makes it different is that as a profession, we have decided that Github is nice, good, and ubiquitous. Unfortunately, the portals that he's describing are crappy, bad, and balkanized.
On the topic of "the humans failed to engage them through the intermediary of their bureaucratic process", we long ago stopped accepting any purchases for under $20,000 if the customer insists we apply to their organization, sign contracts, and fill in paperwork to obtain a vendor account with their organization.
Yup. In addition to not creating accounts, I've stopped filling in Captchas, especially Google's notoriously horrible re-captcha (I've already clicked all the storefronts about a million times and still it's not good enough), turning on JS for sites that don't present content without it, using sites that don't work with ad blockers, etc. except when I have no choice (banks, work). To me, all these sites are broken. If they want content, they need to fix themselves, and present something useful and secure. Most won't due to their business model.
I applaud this attitude, not least because it reminds me of the UX design story on allowing guest checkouts: <a href="https://articles.uie.com/three_hund_million_button/" rel="nofollow">https://articles.uie.com/three_hund_million_button/</a><p>Add a hurdle, <i>any</i> hurdle, to your potential users' workflow and you are doing yourself a massive disservice.
This describes an increasingly common practice among online businesses -- aggressively monetize visitors, turn them into clients and corporate assets.<p>When you visit a typical modern website, within 15 seconds an overlay appears encouraging you to sign up, give away your email address, and become part of what's <i>really happening</i>.<p>In a hypothetical parallel universe where telling the truth is mandatory, you would visit a website and ask, "So, what are you selling, what is your product?" The website will be forced to reply, "You."<p>All this apart from the present state of the scientific-technical publishing business (also discussed in the linked article), which uses different methods to obtain the same result: monetize people's wish to communicate with each other.
The worst are the companies who seem to get completely new systems every few years, and if you didn't log in recently you effectively have to create an entire new sign in, and guess what you can't reuse that email and you have some silly new password restriction because SAP or whoever says so. Just awful experiences.
From the article: Oh, Skype no longer lets me log in either.<p>Funny, I've had the same issue. Between legacy Skype passwords, Microsoft accounts, and what not, for a period of time it became almost impossible to log into Skype. It has improved, but the reset process was designed almost as a maze to help shed all but the most determined. I was not determined enough and eventually gave up and forced Skype contacts to reach out to me via WhatsApp/GChat/Signal/Duo/Allo/FBMessenger. Anything but Skype.<p>Side note: Same thing happened to Wunderlist after they too got purchased by Microsoft.
I agree with all the advice and sentiments given. Moreover, the proliferation of user accounts, the stickiness that implies for registration email addresses, the general failures of password-based security systems, and the unconscionably high level of tracking implied by indivdually registerd, client-side tattling interfaces, are all rapidly reaching a crisis point.<p>Some months back, another HN user mentioned as an aside in comments that he had <i>over seven hundred</i> site authentication credentials. This is a slight inflation over ordinary users, but not tremendously -- the typical citizen will have a score or several accounts -- social media, email, various vendors, and quite easily 100 or more.<p>There's also the problem of multiple worlds colliding. As YouTube's founder famously noted when faced with a "Please create a G+ account" prompt a few years back. After being reasonably assured that G+ and YouTube activity were separate, I've just learnt that they are not, with results that 1) I'd inadvertantly changed my G+ identity and 2) I've yet again blown away a YouTube profile I really don't care for.<p>I'm not sure what we're going to replace this system with, but extending the current path ain't gonna work.<p>As for the haircuts, a $25 set of electric clippers addresses that need. Or a blade. A 35 year old man is old enough to learn to cut (or shave) his own hair.
I'm no scientist, but I was involved in a couple of projects with a research group to develop web apps that others could use to run biophysics simulations.<p>When submitting them for peer review, there was an absolute requirement from the journals in question that the sites did not require a login to use, and not even an email address to be entered to alert the user to results/completion. Result pages and download links were to be provided at a hidden URL which was linked to from the submission page after the form was submitted. So while we did this, we also ended up maintaining emails for job alerts, but optionally so. Most users have since used their emails to run jobs as it is more convenient for them.<p>But for the reviewers, their requirements made sense. We were submitting to journals which had entire dedicated editions for online scientific apps. Hundreds of them, all of which required peer review by scientists who were being very generous with their time. For a free service, such requirements don't seem at all unreasonable.
"Whenever my deepest beliefs and my desire to get out of work both point in the same direction, from here till the grave there’s not a force in the world that can turn me the opposite way."<p>Words to live by.
The Journal Of Open Source Software does the review process rather nicely:
You send them a PR with your software/description, and then a reviewer will publicly go through the review process (described here: <a href="http://joss.theoj.org/about#reviewer_guidelines" rel="nofollow">http://joss.theoj.org/about#reviewer_guidelines</a> )<p>Of course that doesn't work with all of science, you don't always want open peer review, usually because several people are working in various stages on similar or related things, or you don't want to publicly criticize the reviewed party, or you don't want to make the reviewer look bad when the reviewer doesn't know what s/he is talking about
On a related, but more trivial level, I note that a lot of places that used to have a nice little punch card or whatever for a loyalty program now have accounts you can log into. So I can, if I want, choose to have to remember a <i>burrito password</i>. Awesome.
This is a global issue. We all experienced friends or people asking for joining them on their social network, or their IM app, which unfortunately you're not on. Same for vendors and partners and such that ask you to create accounts on their websites for sometimes just a single event or document to sync. XKCD recently published a fun illustration of it (1810).<p>On the other hand, most of us want to split between work and friends, between private and public. So we have different accounts for this purpose. I don't use Twitter and Linkedin the same way, and I don't have the same circle of relations connected by those means. So it may be "convenient" to have separate accounts, but at the same time this becomes a burden to maintain and check every of these (not counting data breaches and so).<p>My current practice is the following :
- an email address for my close friends & family.
- some public accounts for infosec usage (linkedin, twitter...)
- some undisclosed accounts for my professional usage.
- some undisclosed accounts for my private usage (ecommerce etc.)
- all the rest (a vast majority) uses throw-away emails (I own a domain, enabling me to generate unique email addresses per website) and random passwords, so I don't care to monitor them or if they are breached. If I know I won't use the site frequently I don't even remember the password, I just do a "recover password" if I need it in the future.<p>My rules:
1. never reuse the same email twice for websites. That also helps me monitor breaches and/or spam and/or db resellers.
2. never reuse the same password twice. Obviously.
3. never use 3rd party authent such as "Login with FB, Twitter or Gmail", as it breaches the first rule.<p>It generates some work to maintain all of this, but I've been doing it since probably over a decade, and it's now an habit I can't quit, considering the benefits.<p>So, back to the paper, I'd tend not to follow this guideline, even if I'm tempted to do so.
The author was me before I started using LastPass password manager and form filler. I can input my name, address, credit card number in seconds, and it will automatically track all my logins. There are many other such apps out there besides LastPass, so this is not a particular endorsement of that product. And, of course, LastPass or other password manager will not fix all the bad websites out there.
And that is why we have implemented this in our platform:<p><a href="https://qbix.com/platform/features/invitations" rel="nofollow">https://qbix.com/platform/features/invitations</a><p><a href="https://qbix.com/platform/guide/invites" rel="nofollow">https://qbix.com/platform/guide/invites</a>
Lol this reminds me of the Demolition Ship Captain incident at AoKH where DSC hacked into Angel THS's account (and then ban half the active users on Age of Kings Heaven) by just creating a website where he could get Angel THS to use the same password he could use everywhere (HUNTER)
> <i></i>Why didn’t I call myself? Mostly, because I hate making unsolicited calls of any kind, a phobia that I admit isn’t entirely rational and that often causes inconvenience.<i></i><p>Interesting. I hadnt thought of a reservation as being unsolicited. What about online reservations that are more pubsub-like?
The unnecessary accounts I hate the most are the ones that are needed to send feedback. An account should not be required for that if you want feedback from outside your happy users bubble.
If you ever wondered what people meant by out of touch "ivory tower" academics, just read this post.<p>Just imagine telling a client, "sorry I don't open Google Docs on principle. Life is too short and too precious."