Limit user registration with the same email address

[willemarcel]

Problem

Currently, it's possible to create multiple accounts by adding a +sometext to your email address handle. This makes it very easy for vandals to create multiple accounts and try to escape moderation.

Description

We could limit only 2 accounts by email address, or block new account creation with email addresses of users who received blocks.

Screenshots

No response

[pnorman]

Do we have any evidence that this is a problem?

Would stopping it help even if it was a problem because email addresses are generally free and someone can set up a domain where all emails go to them?

[tomhughes]

As @pnorman says this is like putting your finger in a dyke and ignoring the open floodgate beside you.

If somebody wants to create extra accounts there are endless ways to get an email address so making one very slightly harder is going to achieve nothing. At least if they use plus addresses we can tell that it's definitely the same person - if they start signing up with throwaway accounts with other services then we can't definitively link them.

[willemarcel]

In the last week, we had a vandalism case in Brazil, and it seemed the same person created 10 accounts (cc @SomeoneElseOSM). Maybe someone with access to the email data, could validate that hypothesis.

[SomeoneElseOSM]

To be fair, the example that @willemarcel was referring to wasn't really a vandal, although they did create multiple sock-puppet accounts, and some of their activity could be characterised as "trolling". Some of their changes were later backed up by their own photographic evidence and were correct.

Where people have done this sort of thing in the past (and with a DWG hat on I've encountered a few) they have often created completely new email addresses for each "identity", and that identity may be active other than just on OSM.

People often create different OSM accounts for different sorts of editing (and our processes actually require that in some cases). I suspect that this change would impact lots of people negatively, while have minimal impact on problem users.