Just curious, what would that check look like that's not open to the same vuln?

in other words: Google could make a more accurate authenticity claim than they currently do.

This problem would be worse without oauth, though, right? With plain email login, all they would need to do is "forgot password" and there wouldn't even be a way to tell.

in other words: Email login would never be able to make a more accurate authenticity claim.

Agreed, and with the number of services and the "ease" of oauth it's likely impossible to even track. You could make a list of the major ones, but there could be hundreds per user, ultimately thousands of unique services used depending on the breadth of the startup's activities.

wait...

In a more typical model, backend devs focus more on security, while not needing to know the frontend, and vice versa.

(Very cool project though)

Seriously, sure, 4K is enough for output but who says it's enough for input? As long as sensors keep getting better, the industry will keep finding ways to take advantage of it until it's essentially required.

Imagine a future where you can zoom in on any detail as well as you could with a high-res sensor at capture time?

It's not necessary for today's viewing experiences, but we know little enough about what is going to become popular that I wouldn't put ANY bets on "4K" being enough forever.

The conclusion is sound (although leaves out a discussion of the whether an email confirmation field is at least better than nothing).

[1]: (As a side note, I think the most common explanations for grammar validation are programmer perfectionism and proactively stopping user garbage, such as copy-paste errors or intentionally fluffed fields that will result in a bounced email anyway.)

In the current app store, with the methods that consumers are used to spending money on their phones, for whatever reasons, it's not.

It's like when you'll easily spend $30 on drinks on a Friday night, but suffer a shitty note-taking system for years when you could have many of your problems fixed for $5 one time just because you don't know the possible transaction exists.

I certainly hope they aren't interviewing anybody under duress.

In other words, yes, the WSJ does intend to only give Google access to their content, and not the general public.

But no, the WSJ has not "authorized" Google by anything more official than a bank telling their security guards to let anyone into the vault who is wearing a blue t-shirt.

So yeah, I agree with you, there is a lot of conflation of technical means and the law, but we also shouldn't be granting to the WSJ that they are doing any real "authorizing" here, beyond wishing it and hoping it stays true.

With that said, I clicked the click-bait title, and I enjoyed the article. (shrug.)