- From: Adam Rice via GitHub <sysbot+gh@w3.org>
- Date: Fri, 28 Mar 2025 19:03:38 +0000
- To: public-webauthn@w3.org
Sites can use that extra bit of information to lock out users who have credentials for the site but don't want to log in for whatever reason. A few sites like Twitter and Instagram show some content to logged-out users but aggressively try to coerce them to log in. With this feature they could be even more obnoxious. Requiring user interaction seems worthless as a hurdle in an age where every site has cookie banners. If there was a way to restrict this only to scenarios where the user was going to have to log in anyway, the privacy concerns would be lessened. I can also see a usability problem when the account I want to log in to Twitter with is a different one from the one that my browser knows about. -- GitHub Notification of comment by ricea Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2228#issuecomment-2762201567 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 28 March 2025 19:03:39 UTC