Even if that's were true, I would be very surprised if this caused a loss of even 0.0000001% annual revenue. Going to need more 9's in that number.
edit: If you don't understand why this is actually important, realize that they're burning billions. They don't focus their devs on things that generate revenue, or the light will go out.
OpenAI has no idea what is the cause of the problem, but once OpenAI has built a general intelligent system, they will ask it for a way to fix this bug.
Neither does Replit, and your Replit email has to match your GitHub if you want the two to talk. I guess this is what running and not walking looks like.
Thanks, but.. this was true as of some months ago. And I definitely was told by support that my [personal] email couldn’t connect to my [consulting] GitHub email account. I re-arranged quite a lot of my tech life to connect the two, per Replit support.
But I’ll double check tomorrow and reach out if I find anything worth sharing.
Steam also has usernames that can't be changed. They added changing the actual email address associated with your account, but your original email address as account name is frozen forever, for old accounts.
That's wild. I guess I've never experienced it because I still have the email attached to my nearly 15+ year old Steam account.
Some tangently related anecdata: VRChat has a pretty strict email-changing policy. You need to confirm you own both the VR account and the original email account. Reasonable, but can be tricky if you don't have access to the original email anymore. I was able to navigate it but yeah, it's not always simple.
To be clear, we will redact personally identifying information and do other things to prevent someone's past HN activity from causing them any trouble in the future. We certainly don't want to cause anyone any trouble and will do whatever we can to prevent that. Our concern is only to avoid gutting past threads and ruining them for the others who participated in in them and for future readers who may find the content of the discussions interesting.
Which is great. The redaction of information from places like Reddit that has taken place makes some discussion/references unreadable now. Decade old HN threads still retain all their juicy context.
Can you confirm you have sought legal advice on whether the policy of not deleting user data on HN is compliant with GDPR and whether is indeed compliant (or not)?
YC has a legal department, and they do ongoing analysis to determine our position relating to the different privacy regulatory systems around the world. As I said in the other reply, we’re willing to go to great lengths to protect people’s privacy.
FWIW this is widely accepted best practice, and Art. 85 GDPR is also very clear that data processing for journalistic, academic, artistic or literary expression is exempt.
ChatGPT is just a consumer of their identity/auth system though, same as their core product - the API. Considering ChatGPT came much later, it seems irrelevant.
I’d say the consumer front end is more of an afterthought. It also seems like something they want to get rid of at some point so that they have to deal with the resellers like Microsoft did in the 90s with MS Windows
The model might be fine (I have questions, but let's assume it's reasonable), but I don't think anyone could use the UI for more than a few minutes and not realize it was a hack job.
For one fun one, on mobile web (android/chrome) you can't insert a space in the middle of a "word" you created by deleting the space between two words. The deletion is immediately reverted by some JS abomination.
It's one thing to call that an unimportant bug, but it calls into question a whole chain of decisions leading to that moment, and it's far from an isolated incident. As always there's a relevant xkcd: https://xkcd.com/463/
My five cents for a guess: they've used the email as an index somewhere, which massive amount of data now depends on and they keep pushing forward the need of migrating away from that because it'll be painful and take long time.
That's a good guess .. but I bet they are also paying price for this in support costs .. I'd be curious what percentage of their support tickets are related to this (also the require you to cancel subscription, create a new account, create a new subscription if you want to change a pro account)
Yeah, but imagine the first engineers at ChatGPT back in 2021, some thrown together group of people who knew frontend the best from OpenAI, a research lab, to create a quick prototype UI for chatting with a text generating ML model. Of course they'll take some shortcuts, that's to be expected. All of this is just guesses though, but seen similar things play out many times. Of course, at one point someone needs to step in and pause for a moment to plan ahead for a bit, but depending on the leadership, it isn't always so easy to do.
Philips Hue also doesn't allow for an email change, and they've been around longer than OpenAI. And if you want to delete your Philips Hue account to create a new one with a new email there's considerable pain involved if you have a house with many Hue products.
You can use 3rd party apps/tools to get around this, FWIW.
I use OpenHue on Linux. On iOS I've not had much luck finding a quality app, however a long time ago I did find a good one for Android...(I just don't remember the name, sorry.)
The account login crap is ridiculous, considering you don't even need internet to use their stuff. The lack of needing a login was the whole reason I bought into the ecosystem to begin with.
> That requires extra hardware in your network though, right?
It requires a Hue bridge, but all the official Hue apps need that too (unless you're using the new Bluetooth support, which very few people are). You shouldn't need any other hardware though.
> The advantage of their hosted services is that they can get through NATs without any additional hardware or software.
Locally, it doesn't really matter, since everything just goes over the local network. You're definitely correct for remote access though, but I hardly ever need to control my lights remotely.
Phone either, I’ve moved countries and no longer have access to the phone number I signed up with. I was hoping they’d address this before that number came up for reassignment but maybe not at this rate.
You cannot change your google email itself .. because there's no other reference to identify you with them. But you can use your email as the "inbox" for all other services. OpenAI doesn't have an "inbox" .. they accept other "inboxes" so they should allow you to change it.
Google only allows email changes if you didn't create it with a gmail address. When I found this out years ago I immediately scrapped that account and created a new one with a non gmail address before there was too much on the original account.
That might be technically true, but in practice not an issue. I have a Gmail account, so the primary address is fixed because the address is the account, however I use a different address to sign-in, and Google recognises those addresses as being on that account. For pretty much all uses my account has a different email address.
Allowing users to change emails is surprisingly tricky:
- if they verified their email, are they allowed to change it?
- if so, can they use the new email for anything as long as it’s not verified, or does it stay in pending state? for how long?
- if it’s in a pending state, can someone signup with a "pending state" email?
- does the email change need to be validated by sending a validation email to the previous email addresses?
- once changed, can an email address be reused for another account? That’s a dangerous one but if you don’t support it you end up shamed on HN with "OpenAI doesn’t allow me to create an account with an email address that used to be associated with an account on their platform but isn’t anymore"
I’m probably missing 10 more bullet points.
I bet most comments in this thread didn’t think beyond "UPDATE accounts SET email = $1"
Car company makes innovative new car engine for their vehicle. A user wants to get a replacement key made for the vehicle, but company doesn't have the process in place to make replacement keys:
Are you fascinated by this hypothetical companies level of discipline? Or would you consider it negligent and inept?
If the car in question were the probably most hot software in town and the user wants to change the photos on their profiles, I'd find it very interesting if they kept the discipline to focus the whole team away from such a low-priority change and into the priority of keeping it the most hot software in town.
Let's keep in mind that OpenAI is a small company (in people terms), and they are fighting toe to toe with Google.
Heck, if they mess up a quarter they are probably dead.
Besides the fact you're completely shifting the goal post here on analogies, changing email address is a pretty normal feature of any service pretending to be serious. Also, you seem to have the belief it is impossible for such a large company with such investment to work on multiple things simultaneously.
According to Gemini, it's because OpenAI uses the email as the unique identifier of the user. But if that were the case, it's probably an week's project for a single engineer at most. I thought there was a better reason for this like some security measure for such a fast growing company, it never occurred to me that the reason could be so simple
Yep, same here. Fortunately they don't seem to use it for anything yet, somewhat begging the question of why it's there in the first place. (It doesn't need to be stored in a user-visible way if the only purpose is as a poor/annoying "proof of humanity" against sockpuppet accounts).
Update: I just checked, out of curiosity – seems to be gone now?
I'm on board with this, imagine the headaches and development costs of adding this feature and 100 other QoL features. It would absorb energy and complexity budget that could be spent on core product features.
Your email is your identity. If they allow you to change your email, what they should refer you by, your passport number? Was kind of easier in the times of usernames, but these are long gone
This is probably one of those tickets on the backlog that is constantly kicked down the road. Always superseded by a new fire.
We have just cut the costs of software development by 90% didn't we?
While pushing the requirement for speed of development up by only 100%!
Even if that's were true, I would be very surprised if this caused a loss of even 0.0000001% annual revenue. Going to need more 9's in that number.
edit: If you don't understand why this is actually important, realize that they're burning billions. They don't focus their devs on things that generate revenue, or the light will go out.
OpenAI has no idea what is the cause of the problem, but once OpenAI has built a general intelligent system, they will ask it for a way to fix this bug.
(for those who don't get the reference: https://www.youtube.com/watch?v=TzcJlKg2Rc0&t=1886s (31:26 - 32:13)).
Neither does Replit, and your Replit email has to match your GitHub if you want the two to talk. I guess this is what running and not walking looks like.
We do let you change it; under your account setting there is a email with an edit button next to it. And it shouldn’t need to match your GitHub email.
Perhaps there is some weirdness if you’ve signed up with GitHub. Feel free to email me and we can take a look: amjad@repl.it
Thanks, but.. this was true as of some months ago. And I definitely was told by support that my [personal] email couldn’t connect to my [consulting] GitHub email account. I re-arranged quite a lot of my tech life to connect the two, per Replit support.
But I’ll double check tomorrow and reach out if I find anything worth sharing.
This kind of stuff is simply a result to certain companies having a userbase bigger than they maybe even want (especially when offering a free tier).
They can get away with not implementing even basic stuff, becauase their core feature is all 99% of the users even care about.
At some point, it must be worth it to implement this just for the sake of their customer support team alone.
Then again, they have LLMs that can just deflect all "change email" related questions to an FAQ article containing the "wontfix" information...
Steam also has usernames that can't be changed. They added changing the actual email address associated with your account, but your original email address as account name is frozen forever, for old accounts.
Since 2003!
That's wild. I guess I've never experienced it because I still have the email attached to my nearly 15+ year old Steam account.
Some tangently related anecdata: VRChat has a pretty strict email-changing policy. You need to confirm you own both the VR account and the original email account. Reasonable, but can be tricky if you don't have access to the original email anymore. I was able to navigate it but yeah, it's not always simple.
My misspelled My Chemical Romance lyrics @yahoo.com address will never die because of this.
Ah yes, that happened quite a lot when I was a young boy.
HN doesn’t allow you to delete your account or erase/overwrite any of your old comments
that's by design
Isn't that in violation of GDPR?
No. https://gdpr-info.eu/art-17-gdpr/
>Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
>for exercising the right of freedom of expression and information;
dang will randomize your username on request though, which is compliant. Everything else on your profile you can delete yourself.
To be clear, we will redact personally identifying information and do other things to prevent someone's past HN activity from causing them any trouble in the future. We certainly don't want to cause anyone any trouble and will do whatever we can to prevent that. Our concern is only to avoid gutting past threads and ruining them for the others who participated in in them and for future readers who may find the content of the discussions interesting.
Which is great. The redaction of information from places like Reddit that has taken place makes some discussion/references unreadable now. Decade old HN threads still retain all their juicy context.
Can you confirm you have sought legal advice on whether the policy of not deleting user data on HN is compliant with GDPR and whether is indeed compliant (or not)?
YC has a legal department, and they do ongoing analysis to determine our position relating to the different privacy regulatory systems around the world. As I said in the other reply, we’re willing to go to great lengths to protect people’s privacy.
FWIW this is widely accepted best practice, and Art. 85 GDPR is also very clear that data processing for journalistic, academic, artistic or literary expression is exempt.
Oof that's bad. Makes it seem like ChatGPT is really more hacked together than we all want to admit.
ChatGPT is just a consumer of their identity/auth system though, same as their core product - the API. Considering ChatGPT came much later, it seems irrelevant.
I don't think their API is their core product. The chat application is not only used by more people, but it drives development of the API.
Drives more revenue too. But I still think in the long run, APIs will bring more revenue.
I’d say the consumer front end is more of an afterthought. It also seems like something they want to get rid of at some point so that they have to deal with the resellers like Microsoft did in the 90s with MS Windows
And yet it is still better than Gemini’s front end
All software is more hacked together than we want to admit.
The model might be fine (I have questions, but let's assume it's reasonable), but I don't think anyone could use the UI for more than a few minutes and not realize it was a hack job.
For one fun one, on mobile web (android/chrome) you can't insert a space in the middle of a "word" you created by deleting the space between two words. The deletion is immediately reverted by some JS abomination.
It's one thing to call that an unimportant bug, but it calls into question a whole chain of decisions leading to that moment, and it's far from an isolated incident. As always there's a relevant xkcd: https://xkcd.com/463/
Create table account (email varchar(255) primary ....
But ChatGPT told me to run that, so I did.
No mention of the reason why. Seems like a foundation feature. Ran into trouble more than once by their bad auth system.
My five cents for a guess: they've used the email as an index somewhere, which massive amount of data now depends on and they keep pushing forward the need of migrating away from that because it'll be painful and take long time.
Maybe they could use Claude and speed up that development.
That's a good guess .. but I bet they are also paying price for this in support costs .. I'd be curious what percentage of their support tickets are related to this (also the require you to cancel subscription, create a new account, create a new subscription if you want to change a pro account)
I’d say it’s a rookie mistake, but they’re a half-trillion dollar company, so maybe I _should_ use email address as an id?
Yeah, but imagine the first engineers at ChatGPT back in 2021, some thrown together group of people who knew frontend the best from OpenAI, a research lab, to create a quick prototype UI for chatting with a text generating ML model. Of course they'll take some shortcuts, that's to be expected. All of this is just guesses though, but seen similar things play out many times. Of course, at one point someone needs to step in and pause for a moment to plan ahead for a bit, but depending on the leadership, it isn't always so easy to do.
No doubt there’s a lesson in there, but I don’t think it’s a technical one.
Maybe they used ChatGPT 1.0 to vibe code it
Philips Hue also doesn't allow for an email change, and they've been around longer than OpenAI. And if you want to delete your Philips Hue account to create a new one with a new email there's considerable pain involved if you have a house with many Hue products.
They used to not even need an email.
You can use 3rd party apps/tools to get around this, FWIW.
I use OpenHue on Linux. On iOS I've not had much luck finding a quality app, however a long time ago I did find a good one for Android...(I just don't remember the name, sorry.)
The account login crap is ridiculous, considering you don't even need internet to use their stuff. The lack of needing a login was the whole reason I bought into the ecosystem to begin with.
That requires extra hardware in your network though, right?
The advantage of their hosted services is that they can get through NATs without any additional hardware or software.
> That requires extra hardware in your network though, right?
It requires a Hue bridge, but all the official Hue apps need that too (unless you're using the new Bluetooth support, which very few people are). You shouldn't need any other hardware though.
> The advantage of their hosted services is that they can get through NATs without any additional hardware or software.
Locally, it doesn't really matter, since everything just goes over the local network. You're definitely correct for remote access though, but I hardly ever need to control my lights remotely.
Phone either, I’ve moved countries and no longer have access to the phone number I signed up with. I was hoping they’d address this before that number came up for reassignment but maybe not at this rate.
You're kidding ?
I created an google account, use it on my android smartphone and buy some app, many years ago.
It's 2026 and Google still doesn't allow email change.
You cannot change your google email itself .. because there's no other reference to identify you with them. But you can use your email as the "inbox" for all other services. OpenAI doesn't have an "inbox" .. they accept other "inboxes" so they should allow you to change it.
What do you mean? I've changed my email on my Google account a bunch of times.
Google only allows email changes if you didn't create it with a gmail address. When I found this out years ago I immediately scrapped that account and created a new one with a non gmail address before there was too much on the original account.
That might be technically true, but in practice not an issue. I have a Gmail account, so the primary address is fixed because the address is the account, however I use a different address to sign-in, and Google recognises those addresses as being on that account. For pretty much all uses my account has a different email address.
Allowing users to change emails is surprisingly tricky:
- if they verified their email, are they allowed to change it?
- if so, can they use the new email for anything as long as it’s not verified, or does it stay in pending state? for how long?
- if it’s in a pending state, can someone signup with a "pending state" email?
- does the email change need to be validated by sending a validation email to the previous email addresses?
- once changed, can an email address be reused for another account? That’s a dangerous one but if you don’t support it you end up shamed on HN with "OpenAI doesn’t allow me to create an account with an email address that used to be associated with an account on their platform but isn’t anymore"
I’m probably missing 10 more bullet points.
I bet most comments in this thread didn’t think beyond "UPDATE accounts SET email = $1"
Seeing that their product keeps improving I’m actually fascinated by that level of discipline.
Total focus on the main product, which is the API.
This is a hilarious take.
Car company makes innovative new car engine for their vehicle. A user wants to get a replacement key made for the vehicle, but company doesn't have the process in place to make replacement keys:
Are you fascinated by this hypothetical companies level of discipline? Or would you consider it negligent and inept?
If the car in question were the probably most hot software in town and the user wants to change the photos on their profiles, I'd find it very interesting if they kept the discipline to focus the whole team away from such a low-priority change and into the priority of keeping it the most hot software in town.
Let's keep in mind that OpenAI is a small company (in people terms), and they are fighting toe to toe with Google.
Heck, if they mess up a quarter they are probably dead.
Besides the fact you're completely shifting the goal post here on analogies, changing email address is a pretty normal feature of any service pretending to be serious. Also, you seem to have the belief it is impossible for such a large company with such investment to work on multiple things simultaneously.
The fact that they can, but choose not to is exactly the fact I’m astonished with.
Authentication to the API platform seems like an important part of that product.
Password change also requires you to use forgot password flow too, rather than a straightforward change password button.
I guess development teams are all focused on feature delivery and research.
According to Gemini, it's because OpenAI uses the email as the unique identifier of the user. But if that were the case, it's probably an week's project for a single engineer at most. I thought there was a better reason for this like some security measure for such a fast growing company, it never occurred to me that the reason could be so simple
Nor changing the phone number. But who would ever need to change their phone number, right?
Maybe email is a primary key in OpenAI's database somewhere? Half joking :D
Funny how this vanished from the main page faster than hot cakes.
Saying from experience getting flagged previously while reporting changes in OpenAI’s policy regarding medical and law advice
https://news.ycombinator.com/item?id=45777828
That's what happen when the future is vibe coded...
Change the provider, and problem is solved.
To which one? Claude doesn't support it either [1], and Gemini is tied to a Gmail address to begin with.
[1] https://support.claude.com/en/articles/8452276-how-do-i-chan...
Why don't they just ask AI to implement it?
Or phone number. My phone is linked to one in another country. I’ve been here for 3 years.
Yep, same here. Fortunately they don't seem to use it for anything yet, somewhat begging the question of why it's there in the first place. (It doesn't need to be stored in a user-visible way if the only purpose is as a poor/annoying "proof of humanity" against sockpuppet accounts).
Update: I just checked, out of curiosity – seems to be gone now?
It was used to geofence access to some countries a few years ago, if I remember correctly.
I'm on board with this, imagine the headaches and development costs of adding this feature and 100 other QoL features. It would absorb energy and complexity budget that could be spent on core product features.
[dead]
Your email is your identity. If they allow you to change your email, what they should refer you by, your passport number? Was kind of easier in the times of usernames, but these are long gone
You can use a random numerical ID as PK and let people associate as many authn IDs as they want after logging in with one.
Who in this scenario outlines the key infrastructure, and how is the private key maintained?
primary key. https://en.wikipedia.org/wiki/Primary_key
Why would you allow this complexity for basically nothing?
Using a separate table for authn is a basic pattern for this problem. What would you do?
Most services I know allow changing both.
They should use the integer primary key of the users table, of course.
Nah, that’s too 1985.
Because client doesn’t know it, inserts can be slow in cross-db environment.
Guid is always better (can be client generated), and modern guid versions can be ordered chronologically
Please enter your integer primary key and password to log in.
That's probably an implementation feature that is hidden and not dependable if it exists at all.