BeyondMachines 
some people deserve Extra-Hell
Olivier Stuker (he/him)@beyondmachines1 a few days ago I came across a registration form that didn't let you CTRL+V the email field...
š§DaveNullš§ ā£ļøpResident Evilā£@holzchopf That shit is actually frequent, from devs who think "users are stupid and don't know their email address so I make sure they provide the right one by forcing them to put it 2 or even 3 different fields without the ability to paste". The same use regex to "validate" email @ š¤¬
I just past it to another field, then select/slide it into the email address fieldā¦ Fuck'em, I'm not going to waste time typing long email addresses 2-3 times just because of an asshole web devā¦
Gustavo@devnull Don't forget the cases where they update e-mail validation and previously valid e-mails are recognized as invalid, or, worse, they use different validation schemes between sign-up and log-in. Do you have a internationalized domain? (I used to have a domain with my name in Japanese.) Sorry, forbidden. Oh, you signed up with that domain? I need your govt ID so I can change your account to a Gmail address. (It fucking happened with me.)
@qgustavor Wait, whatā¦ They auusmed you had a gmail address (or expect you to create one)??? What the hellā¦
> they use different validation schemes between sign-up and log-in.
I had a similar case recently, not exactly but close enough. Needed to manage electricity contract fast without having to waste tome in offices and take a leave each time I need something, I'm still at work when they close and their office isn't exactly close so I created an online accountā¦
@qgustavor My main email account uses my full ID (first name and name). Nope, invalid address. I fist though they discriminate based the domain. So just for testing purpose, I tried replacing the actual domain with gmail dot com. Still not invalid.
Then I tried another address, under a pseudonym, username is shirt. Still not gmail but it worked. My full ID is longer than the usual western namesā¦ Some moron decided to limit the left hand part (username) length to something way too shortā¦
1/2
Email RFC fixes the username length to 64 octets, which is plenty enoughā¦
But the electricity company implemented some stupid design accepting only much sorter usernamesā¦ If only web Deva stop using regex to "validate" usernamesā¦ There's no point in it, they still send validation linksā¦ They have no valid for stupid, DIY, random regex based on stupid assumptions, based on what white people/westerners consider to ba "a valid name"ā¦ š
But that only half of the joke [ā¦]
@qgustavor Their system actually registered both my email addresses. Only the one with shortner username allowed me to move to the next page and to validate account creation. But I receive "news" which I never consented to, and other notifications to both email addresses š¤”
The online account worked for sometime, but I can't connect to it it anymore. Not sure if that's they changed to password validation scheme since I can't even change the password due their broken password update process [ā¦]
[ā¦] My current password is not wrong. I can't make a typo or misremembered it since it comes from a password managerā¦ It just doesn't work
And in order to reset the password, they send an OTP password by SMS in order to access the actual "update your password" page. Which is not a problem per seā¦
The thing is: I never receive their OTP password.
Possible explanations are:
- They resort to SMS spamvertising to send their OTP. I could be one I opt-outĀ¹ from
- Although they claim using SMS, they actually use google's RCS crapā¦ My phone don't support thatā¦
1. Although laws requires opt-in, in practice it opt-outā¦ Stupid companies collect phones numbers for valid reasons then misuse them for ads purposes without consent, although it's compelely illegal in Europeā¦ š Some spamvertising companies honor opt-out until someone else gives them that phone number again. Some others simply ignore the opt-opt "stop" SMSā¦ I'm tired of this shitā¦
@devnull It could be worse: here companies use WhatsApp to send OTPs. Everyone and their dog uses WhatsApp, even banks.
@qgustavor It's not so different. RCS still require having Internet connectity and messages are stored on google's servers. While in theory, telephony service providers could host RCS servers, they won't bother. "google provides it for free and handles technicals issues, right"ā¦
They don't give a flying fuck about users privacyā¦ Their websites are trackers-ridden already and full of dark patterns to limit users ability to protect themselves from advertising trackingā¦