Comment by zwnow
4 days ago
In that case one could argue emails dont make users identifiable either, if the addresses dont contain any meaningful names
4 days ago
In that case one could argue emails dont make users identifiable either, if the addresses dont contain any meaningful names
A passkey is always one per site. Emails tend to be naturally reused, unless the visitor uses a paid aliasing service (plus trick is trivial to canonize, having a dozen mailboxes on a self-hosted email still associates them with each other, because there's no anonymity set to speak of, and major email providers like Gmail won't let you register an account today without a phone number, credit card, or passport).
And yet your passkey and therefore app access is tied to a singular key connecting that with all the user info.