The plague of 'you've logged in to our site again' notification emails

March 14, 2019

Several years ago, Twitter picked up a pretty annoying habit; it sent you email every time you logged in in a clean browser session. Twitter is not the only site to do this, and my perception is that this behavior is growing steadily (this may or may not be the reality; it may be that I've just started to need to log in to more sites that behave like this).

As far as I've ever seen in limited experimentation, the sites doing this are not applying any sort of intelligence or significant rate-limiting to the process. It doesn't matter how many times you've already logged in from the same IP with the same user-agent, and it doesn't really seem to matter how many times they've already sent you email that week; log in again and you'll get a new, nominally helpful email. And of course there's usually no way to tell the site to turn this off.

Perhaps there are some people in these companies that sincerely think that this is helping account security. If there are, I'm confident that they're completely wrong, simply because of the problem of false positives, a problem that is magnified due to how dominant email systems like GMail deal with email that users find of low value.

As a cynical person, I've always assumed that part of the reason for these reminders is not for security but to attempt to persuade people to stay logged in to the site. The kindest view of this is that the site is trying to increase engagement by getting you to reduce the friction of using it. The less kind view is that the site really wants to track you in detail, either just your actions on the site itself or as you move around the web (using various mechanisms).

(I'm willing to believe that on some sites, constant reminders are partly a 'well, we did something' means of providing people with excuses.)

PS: The more websites do this, the more I wish for a 'copy profile' option in Firefox. Perhaps I should look into container tabs to see if I can arrange something, likely using Multi-Account Containers.

Written on 14 March 2019.
« Peculiarities about Unix's statfs() or statvfs() API
Staying away from Google Chrome after six months or so »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu Mar 14 23:01:58 2019
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.