So I mean at my Gmail I have all manner of different Facebook accounts with various misspelling of my email address notifying me of stuff, none of them are mine. I'm sure they entered my email address (with dots) by accident, not on purpose.
I appreciate that sites not allowing you to register the same email address twice hardly solves everything, as I absolutely get email to my actual correct Gmail address from random sites I've never signed up for. But at least it would help in certain cases like Facebook where I do have an account.
I tried to login to Discord. It detected a novel browser or location. Sure, this stuff can happen. It wanted to confirm that I was still me and asked me for my e-mail address. I gave it and it said "This e-mail address is already registered". What. Of course it is. It's me. Mine. The one I have registered with you.
Since I have a few useful things tied to Discord, I felt my pulse go up. I googled for answers, found a Reddit thread with this specific problem. They said "Hey, if you use Gmail you can use the dots-are-ignored-feature to give Discord a "new" mail that will still go to you, allowing you to verify it!" (https://www.reddit.com/r/discordapp/comments/12makhd/verify_...)
Sounded clever so I gave it a fore.name.sur.name@gmail.com variant.
Sure enough, I got the mail.
I logged in. I gasped as I realized Discord had now created a new, empty user for me! It somehow thought I was a brand new user despite this was only a user account _verification_ due to changed IP or whatever to begin with.
I tried logging in to my original account once more and now I somehow got in! The verification on my new account had somehow triggered (cookie? I have no idea) that I was trustworthy again. Phew! I promptly deleted the new-account-going-to-same-mail and breathed normally again...
Instead of clicking the "login" button on discord's home page, you clicked the "Open discord in your browser" button.
This, by default if you're not logged in, takes you to a create account flow. The prompt you entered your _username_ into was the "Pick a display name" prompt. If you enter, say, "user" it silently adds numbers to your displayname to make a new username ("user1234"), rather than redirecting you to the login page or prompting you about it (like most other sites do).
At the end of the flow is a "Finish signing up", "claim your account" prompt (which really is the end of the "create a new account" flow, the ephemeral account without an email you're using there is in a partially signed up state).
This is the box where you were entering your email, getting a conflict, and ended up using a new email to create a totally new account.
I know people who use hacker news are on-average much less tech savvy than the average discord user, so I can get why you missed the login button on the home page and instead went through the "create account flow", but everything that happened is "working as intended" rather than a "bug".
I do agree the flow there is pretty confusing. They've managed to make the new user signup flow so optimized you didn't even realize you were doing it.
Still, by the time it was telling you your email was already registered, you really should have slowed down and noticed it was telling you you were creating a new account rather than using a new email address for some reason.
Sarcasm? Serious question. I used Discord exactly once, many years ago, and it appeared to be mostly children playing video games. I hear things have changed, but it’s hard to imagine a more tech savvy group than HN.
Okay.
> Instead of clicking the "login" button on discord's home page, you clicked the "Open discord in your browser" button.
Sure.
> This, by default if you're not logged in, takes you to a create account flow.
That is a UX bug! Why does opening discord in my browser automatically imply I need to create a new account?
> I know people who use hacker news are on-average much less tech savvy than the average discord user
And yet, somehow, much more tech savvy than the average Discord UX designer.
https://engineering.atspotify.com/2013/06/creative-usernames...
I think at that point I would just have been too scared that this would cascade-delete the old account as well ^^
The parent poster then did not realize they had created a new account and, even when it told them their email address was registered to a different account, somehow didn't realize they should go click login instead.
I think the easiest way for discord to make this a not-confusing experience for people who aren't tech savvy enough to click "login" to login, is to make it so the signup flow is a normal explicit "Enter email, enter display name, enter username" prompt, not a flow where they silently create a username if you _just_ enter a displayname.
The reason this would help is because forcing the user to enter a username early on lets you display a "Would you like to login instead?" message if the username conflicts.
Having the user enter a non-unique displayname, and silently creating a random unique username, means the signup flow no longer has the ability to say "Are you sure you don't want to login?"
Of course, discord mostly targets relatively tech-savvy users, not the average hacker-news-user, so it probably isn't that big a deal for their main demographic.
It's really annoying that on some websites you have to open up multiple dropdowns to reach the login page, also passing five sign up buttons on the way there. It's even filled with dark patterns, with the sign up button blinking and screaming at you to click it every single time, while the login button is made smaller and grayed out. I remember GitHub pulling this shit some time ago. Once I truly couldn't find the login button and gave up, opting to guess the URL/find it in history.
What is even the purpose of that? Is it truly a scheme to get users to sign up multiple times for the same service so that the user number goes higher? That seems too dumb.
But if you do this you better do it everywhere you use email. Otherwise you can get some pretty nasty bugs where two emails aren't considered the same sometimes, are are considered the same other times.
[1] now pretty much abandonned but I mostly keep it to avoid anyone obtaining it and impersonating me. I still need to do some housekeeping and make sure I am not registered anywhere with that address anymore.
I've had a number of accounts opened in my address but with different dots (eBay, Spotify, Shutterstock) that didn't require confirmation.
I usually reset the password, inform customer service (who generally don't care, or don't want to do anything because it's not my account), and then I close the account.
I had to do this once when someone signed up to FB with my email address. It actually was an eye opening experience as to how much data FB collects from everyone.
Now keep in mind that: 1) I don't have a FB account myself 2) This person signed up with my email address (which is <something-generic>@gmail.com), but their name is completely different from mine 3) They didn't even speak the same language, when I logged in to the new account the whole thing was in Swedish or something like it.
So nothing at all linking the account to me, except a misspelled e-mail address. When I logged in, FB was happy to suggest I friend a whole bunch of people I know IRL. Including people that do not know the e-mail address used. Absolutely crazy. How were they able to link me to these people when I was signed in to a complete stranger's account?
You're right that if Facebook required the email to be verified (by sending an email to it) before it could be used with Facebook then two different people wouldn't be able to have two separate Facebook accounts with one of them having an email address controlled by someone else. However, Facebook, in order to "reduce friction" and "reduce time to first value" is happy for you to use an unverified email address and they're happy to send a variety of emails to that address (including lots of emails telling you to finally verify that address).
I've just gone to facebook
clicked register new account
Entered Name, DOB, Email
I doubt they will send any chaser emails but I will report back in some time
I never get any of these problems.
That said, clicking the "report spam" button should allow you to unsubscribe from such emails without dealing with logins or whatnot. Gmail supports certain unsubscribe headers that'll automate the process, which should make getting rid of Facebook's spam a lot easier.