"Please put a valid address in the email field, or we won't be able to send you a new password if you forget yours. Your address is only visible to you and us. Crawlers and other users can't see it."
Make sure never to commit to a public git repo either.
(Edit)
In all seriousness though, we're really bummed this happened and wish it hadn't. We do code reviews and try our best to prevent this kind of thing from happening. That said, if you truly want your account here to be anonymous, you're right to remove all personally identifiable information. I'd also recommend using tor (and using it correctly).
You could always ask users for their email address at sign-up, send them a random, single-use, account recovery code, and then never store their address.
I've made statements on HN I'd prefer are anonymous to the general public?
Also, there was no mention they were handing the info over to a 3rd party. If you explicitly state something like that, you should follow it and/or change it when the situation changes.
I don't have that issue with git repos.
I'm kinda amused a yc employee went through the effort of downvoting it after pointing out this situation is caused by y'all not following what you actually have in your notices for things.
>I'm kinda amused a yc employee went through the effort of downvoting it after pointing out this situation is caused by y'all not following what you actually have in your notices for things.
Seriously what is it with HN/Reddit where everyone assumes that any downvotes are from people with an agenda?
I'm not sure how to make it more clear than I did, but this data was not intentionally shared with a third party. Had we known it would happen, we'd obviously have prevented it.
The only data we knowingly send to Firebase is already public and visible to anyone that can speak HTTP.
As far as I know, a person can not downvote top level comments on their own threads (or a reply to their comment). Perhaps employees & mods have the power to do that. But I'm not sure how you can tell it was a yc employee that downvoted you.
It took me a while to figure out what exactly you were objecting to, but I guess you don't like the fact that HN sends its data to Firebase?
I don't think it's fair to criticize the admins for that. For pretty much any web application you want to use, "only visible to you and us" should automatically be understood to include "and our hosting provider too, if they go digging or screw up."
The situation is actually tighter than that. We don't give the "only visible to you and us" data to Firebase (or anyone else), precisely so it won't matter if somebody else goes digging or screws up. You're protected from all of that. What you're not protected from, unfortunately, is us screwing up. We'll try our best not to do that again.
That some people use email addresses that are personally identifiable in the non-visible portion of their profile but have an otherwise anonymous profile whose comments they do not wish to be traced back to the maker. For instance an Apple employee that speaks about Apple internals anonymously might get sacked if they were exposed.
Right, and just so it's 100% clear to everybody: we never did and never would knowingly publish this data. A small amount of it leaked (for 30 seconds on 3 occasions) because of an obscure mistake in our code, and we're deeply sorry about that. We turned off API publishing the instant we found out about it and dropped everything until we were sure it was fixed.
The API design has always been to publish only information that is already public, that anyone could get by scraping the website.
Welp, I'm taking my email out.