Hacker News new | past | comments | ask | show | jobs | submit login

Good question! We're building Grasshopper while we're within Google's Area 120, so the easiest way for us to ensure Google's privacy best practices are followed is if we use Google Authentication.

It might be possible for us to convince the powers-that-be to use another form of authentication, but for right now, we're sticking with just Google Auth.




I think that:

Privacy best practice is to know nothing, or as little as possible, about the user.

If storing progress is required, and local device storage is not sufficient, a minimalist online setup is the desirable solution.

An automatically generated user id and a simple user-progress table should be enough. GCloud has all the required parts ready to go.

In any case this whole thing should come after the user has had a chance to experience the product.

But that’s just me.

I ain’t no power-to-be ;)


We've thought about putting the signup after the tutorial, just haven't had the time to get to it just yet. I'll add this as a +1 to us starting to work on it :)

Thanks for the feedback!


The google signin was the stopping point for me too.


Saying that you want to use "best practices" is a great way to sidestep the question of why an app like this needs any private information at all.


Not trying to side-step, just trying not to get into the weeds too much, but since you asked, reposting a bit of my response from another part of this thread:

We need a user account to store your progress: what puzzles you've completed, what code you've entered in order to save progress if you didn't complete the puzzle yet, coding streaks, etc. We're not collecting information about your device (or any other personally identifiable information other than the Google Account we associate with your account).

It's been easiest for us to do this user account creation using out-of-the-box Google Authentication, so that's why we went down this route. Hope that makes sense!


I get the ease of use for login/authentication. However, one thing that I'm running into is that I have a child user account setup on my tablet so my kids can use it without having an email. I tried to get my kid to use this app this morning but this account doesn't allow authentication so I just get an error: "there are no accounts to select". If I had an alternate way to sign-in I could get my kid involved in coding.


You can’t store progress locally?


If you do that, people complain that you don't sync the data. Source: my own apps.


That makes sense, but is Grasshopper really the kind of app you want to sync across devices? I sometimes work on mobile games, and we always have the issue of whether we should force people to login (and give us data) or play without the login. We obviously want the login to improve our chance to make money. But sometimes logging in causes users to quit the app. But we can let them play without logging in, and sometimes games do that to get players hooked and nag them to surrender some privacy later. But that is why we do it: to make money.


I personally wouldn't try this because it wants me to login. I don't care if it's Google authentication or Facebook or Yahoo or anything else. I don't see any reason why I should link any of my online accounts with this. Since this is an app, you could save all progress information on the device and if required, collect any analytics right from the device whenever it runs (if you do need usage data).

Please remove the need to create an account or login anywhere. Or make it optional so that those who do want to login, can. I would prefer the default be to not create/login to any account and an optional login flow for others.

Thanks!




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: