← Back to context

Comment by nixosbestos

4 days ago

Exactly. How is there an entire alarmist article and 165 comments on this thread. This comment, and it's legitimacy/factualness, is the only thing worth discussing.

`sub` _IS_ the immutable reliable identifier. If it's not, (1) I want to see actual proof, not an anonymous rando (sorry, but this thread re-inforces how little I trust context-less comments like that), and (2) I'd want to hear a convincing argument that ... `sub2` would actually be less mutable.

Threads like this make me really question other peoples' general comprehension skills.

2 comments

nixosbestos

Reply
ycombinatrix  4 days ago

agreed. the real story is that people are ignoring `sub` out of convenience and creating a security hole.

pl4nty  4 days ago

every trufflehog post I've seen on hn has been alarmist clickbait. could've been an opportunity to discuss security tradeoffs of `sub` vs `email` and how to handle `sub` changes, but nope their take is "sub doesn't fix the problem we found"