If it can’t run Emacs, it’s not a computer (for me)

ok, according to another user, the password reset screen *did* reveal the underlying email address for a lightning address. not good!

That makes sense (and accepting lightning addresses for password resets might have seemed like a reasonable feature, comparable to usernames). I might suggest a clarification on the official announcement: “Password request emails also have been requested for lightning addresses which falsely exposed the user's email address” The phrase “falsely exposed” sounds alarming, but I think you mean that users might “falsely” conclude their email was leaked from Alby, not realizing that their lightning address could have been used to kick off the password reset. Or am I misreading “falsely exposed” here?

This is slightly more clarifying than the official announcement. You’re saying that if anyone had tried a password reset with a lightning address (for most of your users, that would be their getalby address), you would send the reset email to the real email address on file? But now you’ve disabled that behavior?

https://www.instagram.com/p/DPZmvsXDjzt/?img_index=2

French artist throttled by #instagram for no good reason as his new Paris boutique enjoys its grand opening.

Zaps prove that lightning DOES strike twice. Multiple times even!

Affirmative

👎