Forum Feedback How do you want to login into Xello?

[Renegade]

While thinking of a login flow, my first thought was around market deals and the frauds that happen occasionally. I thought let's have mobile (OTP) only registrations and logins as that should discourage people from being irresponsible on deals.

That should also dissuade members from taking their profile very lightly as it is tied to an important resource, mobile number, which have a limited availability for most of us unless the intention is not right.

All of us are also comfortable registering with our mobile numbers on several apps like messaging, shopping, delivery, social media.

Another option is to require mobile numbers only if you want to start a marketplace thread. In that we can allow other forms of login as well.

So what do you all think? Which other forms of login, if at all, should be allowed.

 

[NotMyRealName]

Absolutely not.

Your intentions may be good today, but there's nothing stopping that from changing tomorrow. Nothing personal, just an observation on human nature.

I barely have a social media footprint, just use whatsapp for one to one comms, no groups.

And i don't give my real mobile number anywhere. Places that require it, i avoid.

This whole privacy mess we're in today as a global society is because people took their personal information too lightly.

I understand the need to have more accountability wrt. user ids, rather than them being disposable and easily alternate-able, but this is not a solution.

 

[logistopath]

I give out my mobile number only if it is very essential. Since my mobile number is tied to so many important details, I'm sceptic about giving it out to every site. I prefer to register on sites where I can use email and password. I avoid even Facebook login or Google logins.

 

[vyral_143]

Another option is to require mobile numbers only if you want to start a marketplace thread. In that we can allow other forms of login as well.

This is more comfortable. This would put notion of credibility/responsibility to Market threads.

Like above, I generally do not use social media logins or Google/Apple Logins anywhere.

 

[Renegade]

In that case, I guess email, phone, google ID and apple ID should be enough options for users to login. I am guessing this covers 100% of the users.

With phone mandatory for market section.

 

[nRiTeCh]

In that case, I guess email, phone, google ID and apple ID should be enough options for users to login. I am guessing this covers 100% of the users.

With phone mandatory for market section.

This makes sense and sound stringent. It will help curb fraudulent activities and easier to track & if required then to report legally etc.

 

[puns]

mobile numbers can be changed. Also they can be bought using someone else's name and details.
Doesnt really provide any protection per se for market section in any way right ?

 

[nRiTeCh]

mobile numbers can be changed. Also they can be bought using someone else's name and details.
Doesnt really provide any protection per se for market section in any way right ?

But thats the best we can do right? We cannot link Aaadhar/Pan etc. as this isnt a govt. site nor an mnc type co. or biz.

 

[Renegade]

mobile numbers can be changed. Also they can be bought using someone else's name and details.
Doesnt really provide any protection per se for market section in any way right ?

If you've used a mobile number once then you can be traced with your location, contacts to whom you called, mobile phone IMEI etc if the legal system wants to track you. So it's a disincentive.

 

[booo]

If you've used a mobile number once then you can be traced with your location, contacts to whom you called, mobile phone IMEI etc if the legal system wants to track you. So it's a disincentive.

it can be very easily defeated. at least here in usa. google voice, text me app or burner app.
if the intention is to avoid fraud, I think an escrow service/credit card info could be the solution. but in any case it all depends upon whether you want to assume liability on transactions or not.

I am a very privacy oriented person, and I would like email/userid type of login only. I agree with Julian; if am forced to give out any information other than my email id, I would probably not login.

Also, one more small advice, I use noscript, ublock origin and cookie cleaners to stop much of the cancer that news sites like cnn ndtv etc spread. if you are developing this project in house, please keep analytics collection to a minimum and reasonable like it is today.

 

[Renegade]

it can be very easily defeated. at least here in usa. google voice, text me app or burner app.
if the intention is to avoid fraud, I think an escrow service/credit card info could be the solution. but in any case it all depends upon whether you want to assume liability on transactions or not.

I am a very privacy oriented person, and I would like email/userid type of login only. I agree with Julian; if am forced to give out any information other than my email id, I would probably not login.

Also, one more small advice, I use noscript, ublock origin and cookie cleaners to stop much of the cancer that news sites like cnn ndtv etc spread. if you are developing this project in house, please keep analytics collection to a minimum and reasonable like it is today.

Intention is not to avoid fraud, it is to reduce it. You are right, it is easily defeated outside India. No we do not want get involved in the deals, so escrow and all is out of question.

Most apps try to access my location and other data for no apparent reason. I don't see why we would need any other data besides what you are doing within the app.

It is completely in-house and thats why it is going to take such a long time.

 

[NotMyRealName]

Basically, any method, except high-end 2FA can be defeated, so a per-incident policy of moderation is the only reasonable way out from both perspectives.

I remember this dude called zaibatsu and later muttonbiryani used to troll quite a bit and the mods were pretty good at de-duping parallel accounts. of course it puts a lot of pressure on the mods to maintain sanity, so everything has a tradeoff.

 

[tech.monk]

Basically, any method, except high-end 2FA can be defeated, so a per-incident policy of moderation is the only reasonable way out from both perspectives.

I agree; even Google and Microsoft offering for 2FA - Authenticator app can be compromised and the same app I can use it without having actual mobile number and still pass the 2FA

 

[Renegade]

The objective is not authenticity. It's the users responsibility to ensure authenticity by whatever means necessary no matter what mode of authentication you choose. Nor is that problem exclusive to any specific platform.

The objective is to tie a real world user to the community username. Which is easily possible through a mobile number. You have to be of criminal bent of mind to bypass that. Of course like I said, it's useful only in India.

 

[nRiTeCh]

If we keep thinking on that part of curbing then no method is 100% foolproof. There are many ways to escape, it just require those criminal minds and cruel intentions.
And the mentality is, once a login is linked to a phone no. more than half of such minds stop thinking in cruel ways.

And only once we kick-off Xello, we will come across more about usability and user exp. and thereafter new measures can be implemented and existing once improvised.

 

[red dragon]

I am not at all comfortable giving out my mobile number for obvious reasons. For market place, it is understandable. And what about members living outside India?

 

[Party Monger]

If it ain't broke, don't fix it.

 

[puns]

If it ain't broke, don't fix it.

This used to be my signature but if we dont stay up with the times and technology, we run a risk of being wiped away.
Its already happening so change is welcome

 

[6pack]

What will you do for people having businesses and wanting to sell on TE? Business account with TIN or GST number or something else mandatory?

The more we think, the more complicated this will become.

I think -
Just warn buyers and sellers to be prepared for the worst case and let them deal with the problem themselves. No need for mods to be involved in any matter.

 

[red dragon]

^^ Absolutely. Mods should not be responsible for any fraudulent deal in the market place. Logging with mobile numbers for everyone can lead to very serious issues. Do not want to get into political matters again, but the IT cell is very real and they have very wide reach. Unless you experience it first hand, it is difficult to understand. They don`t stop at cyber bullying, they can really come after you/ your family just from a twitter handle. With phone numbers they can trace your home address within minutes.
Please make it optional for regular members.