Raw content of
git clone
Log | Files | Refs | README | LICENSE

commit 6e696fab7906c7e43ac6aa7a6ce2a373a60bc3c2
parent a09da365f34b5c615f229b92d2cde5253df7bebb
Author: Jake Bauer <>
Date:   Sun,  4 Sep 2022 23:15:30 -0400


Acontent/garden/greenhouse/user-profile-systems-bad-assumptions.gmi | 45+++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+), 0 deletions(-)

diff --git a/content/garden/greenhouse/user-profile-systems-bad-assumptions.gmi b/content/garden/greenhouse/user-profile-systems-bad-assumptions.gmi @@ -0,0 +1,45 @@ +# Bad Assumptions Made By User\/Profile Systems + +From: + +=> + +Don't assume: + +* the user will never delete their account +* the user should be expected to individually delete their posts +* the user will never change their legal name +* the user will never change their email address +* the user will never change their phone number +* if they do change those things, surely they will think to use our change info ui before getting rid of their old name/phone number/email address +* the same as above, but with SSO linkages +* the user will never die +* the user will never be arrested +* the user will never be subject to search and seizure +* the user will never want or need a copy of their data +* the user doesn’t need or want their data in any standard easily readable formats, +* some json or xml blob should be good enough right? that’s standard and readable, right? +* the user wishes to have their identity be immutable and persistent - that is to say, continue to be associated with old posts , analytics data and content regardless of the number of name and identifying info changes, thanks to “helpful” permafingerprint algorithms tracking the user across identity changes. +* the user will never have a stalker, an abusive ex, or angry internet mob +* the user probably doesn’t mind having their full legal name and list of postal addresses listed on the public web a google searcg away. i mean, it’s public data right? information wants to be free dude. you can just unregister to vote if you don’t like it. +* the user database will never be hacked or leaked + +^ this one is interesting from the perspective of: if you start from the assumption your user database definitely will be leaked: what design decisions do you make differently + +* the user doesn’t care if their profile is indefinitely indexed by search engines by any and every old name they have ever had. +* the user is definitely some binary gender +* that gender is definitely something you need to collect +* that gender will never change +* you can enumerate all the possible genders without leaving anyone out +* the user wants to be your user; doesn't instead wish to interface with your design and have capabilities to maintain their own, independent, unobstructed store of information which includes but is not limited to that provided by your design. +* the user's computer meets X spec +* the user owns a computer +* the user has exclusive access to an internet connected device +* the user can receive out-of-band messages (sms, etc.) +* the user will always be in a position to communicate both in and out of band at the same time +* the user has power and an internet connection at all times +* the application can use as much of the user's compute resources and communication bandwidth as it needs with no limits +* there is no legitimate reason for multiple physical beings to share a single identity +* there is no legitimate reason for a single physical being to have multiple identities +* a user's identity can be validated by some official authority +* the user can produce any piece of official documentation of their identity