For example,
MZMcBride, what if your password is "wiki", and somebody
compromises your account, and changes your password and email. You don't
have a committed identity, so your account is now unrecoverable. You now
have to sign up for Wikipedia again, using the username "MZMcBride2". Of
course, all your previous edits are still accredited to your previous
account, and there's no way we can confirm you are the real MZMcBride, but
at least you can continue to edit Wikipedia... Obviously you are not the
best example, since I'm sure you have ways of confirming your identity to
the Wikimedia Foundation, but not everybody is like that. You could argue
that if you consider your Wikipedia account to have that much value, you'd
put in the effort to make sure it is secure. To that I say see the above
paragraph.
What if all of the email addresses that a user has ever used were to be
stored permanently? Then in the event of an account hijacking, he could say
to WMF, "As your data will confirm, the original email address for user Foo
was foo(a)example.com, and I am emailing you from that account, so either my
email account got compromised, or I am the person who first set an email
address for user Foo." The email services have their own procedures for
sorting out situations in which people claim their email accounts were
hijacked.
I feel as though this idea does not meet my need for privacy. I can guess that at least a
portion of the community would agree.
Thank you,
Derric Atzrott