Magic – Completes signup forms automatically, with just an email address
magicsignup.comOn the plus side
- The convenience factor is compelling, like auto-complete.
- As a v1 you can see the true magic in a seamless signup.
On the downside:
- It does something unusual / unexpected / creepy.
- It's too slow - noticeable lag vs. say the auto-suggest in search.
- If accuracy is good why bother exposing that to the user? Intercom.io does this all in the backend off of email only registrations and seems to have about a 70% hit rate. The data is useful to business owner but I'd bet the user would feel less enthusiastic knowing that I have their personal fb, twitter, linkedin, etc as soon as they register.
I am sure that svbtle can show the A/B data validating this is worthwhile for THEIR audience.
But I'm not sure for a broader use case this is going to help due to the factors mentioned above.
> If accuracy is good why bother exposing that to the user?
That's a great point. A prior startup I worked at used a nice social referral tool, whose name slips my mind right now, but their backend would asynchronously pull Facebook, Twitter, etc. links for each of your customers. It was really convenient and worked for 80-90% from what I recall.
Mailchimp does something like this.
Nice start, but perhaps Magic can also suggest the user's password by searching for their email address in a database of known password leaks.
Best feature suggestion ever. But what would be cool is to do that, but instead of pre-fill in their password, notify them that they are using a password that is known to have been a previously leaked password of theirs.
I made something like that for Angular email textboxes: https://github.com/bradcavanagh/angular-pwned
Presumably, they have some preexisting database that maps email addresses to personal information. Their Privacy page, however, is not transparent how exactly they got this data:
> Broadly speaking, we collect information in three ways: (1) when you provide it directly to us, (2) when we obtain information about you or your company through trusted third parties or indexing systems, and (3) passively through technology such as “cookies”.
This is a disconcerting use of "secret sauce," particularly since email addresses have the same weight nowadays as usernames.
Maybe clearbit? Which you can opt out of here: https://claim.clearbit.com/claim
I did this a few weeks ago and magic signup does not work for my email address.
Alex McCaw mentioned in Clearbit's launch post earlier this year that Svbtle is using their API to auto populate their sign up form: http://blog.alexmaccaw.com/clearbit
My guess is that Magic is using Clearbit's API as a base, then layering on their own scraped data sources as well, which is a pretty common strategy for these types of APIs.
Probably not. That clearbit form tells me that they don't have my email address, but my information was pre-populated into Svbtle when I used that same address.
I got the same thing the first time, but I did it again and it sent me an email to claim my account. Maybe their site got overwhelmed by HN requests? Not sure what happened.
same thing with me. Somehow pulled my information from twitter.
If you don't want to provide clearbit with additional information (e.g. location), it might be useful to remove yourself with this link via a VPN or hide.me
https://www.fullcontact.com/privacy/ If it's coming through our FullContact Person API, you can claim your profile or opt out here.
Does anyone know if Clearbit is just a frontend for Fullcontact? I tried both recently, and all I get from Clearbit is basically a subset of Fullcontact (plus some added data eg lat/lng)...
Or it might be Pipl.
Opt out for Pipl is here: https://pipl.com/directory/remove/
That link doesn't seem to provide opt-out, it just provides a way to request the deletion of specific records. But you have to find the page for the record before you can request it to be deleted.
Yeah, it sucks that they don't make it easier.
It's Clearbit - and btw way more data than this is available on you based on an email address. Scary in a lot of ways for sure.
How is it that clearbit charges $99/2500 reqs, while magic is charging 1/5th of that?
Probably a caching layer on their side.
Sounds like a TOS violation
From https://clearbit.com/pricing:
> How long can I retain the data?
> Forever! We have a very liberal data licensing policy.
Clearbit uses this as an example in blogs, etc
Their secret sauce is a third party API.
Why would you use this instead of login with Facebook/Google/Twitter/etc., which only requires two clicks from most users and actually has better privacy implication since the user knows which data you can access?
Or maybe the goal of the service is for web sites to surreptitiously get more data from users who are otherwise unwilling to provide it, but are somehow willing to provide an e-mail address tied to their real identity?
One advantage from the dev side is not having to deal with the OAuth integration, Facebook permissions, tokens expiring, etc.
That assumes the user is logged in to Facebook / Google / Twitter. That's a safe assumption on desktop, but not on mobile.
We saw much higher FB auth rates on desktop web than mobile—bad enough that we may forego Facebook login on mobile web entirely.
It's pretty creepy that I can randomly enter email adresses and get first and last names... !
Tried some short gmail handles, can confirm. Creepy and stupid. Cloud-based datastores coming with your browser (aka what Chrome has* and probably its competitors too) have better performance, privacy, and UX; I can't think of any reason why I'd use something like this.
* - AFAIU if you set a sync passphrase you also get some (probably limited) form of "zero knowledge" client-side encryption; this makes me hopeful they implemented it properly i.e. "we literally can't access your shit" https://support.google.com/chrome/answer/1181035?hl=en
ok, how does that work: did all those people sign up with Magic?
Based on other comments, the info is bought off Clearbit. You can opt out here: https://claim.clearbit.com/claim
That just kept re-directing me to enter my email. I was never able to opt-out
It sends you a confirmation email. Inside this email is a link to your profile. You can either add information (linkedin, facebook, angellist, etc.) or delete your profile.
I deleted my profile.
the "link to my profile" is just a link to the same submission form for "claiming" my profile.
I filled that out, and got another link to the same place.
Welcome to Clearbit!
heh, yeah. I'm pretty sure all that did was sign me up for more spam/marketing-tracking. hooray
Actually this make me very angry that my private details exposed in such creepy way, even if this is using some public APIs etc.
I would never sign up to service with such form.
So now I can find out the first and last name of the owner of whatever email I punch in there?
If it's the primary email on their account, you already can with Gravatar.
Only if they choose to supply that information to Gravatar in the first place. Magic is not giving people the opt-in option, it's just opting you in whether you like it or not.
Somewhat. Either it's rate limited or their servers are overwhelmed right now. I'm getting some weird errors thrown back like status code 422.
On the one hand, yes, I can see how this could improve sign-up rates for those who are concerned about those things, and I count myself among that number from time to time.
On the other hand… yeah, creepy as hell.
Say what you will about Dustin Curtis, but everything he makes is just so nicely designed and enjoyable to use.
I'm curious about the pricing model: $20/mo for 2,000 requests. I wonder if you still pay for the request if it returns a non 200 or if their API can't find a name.
Clearbit, Full Contact and Pipl all have email lookup APIs. My guess is they are using one or more of these APIs.
I have a fairly unique last name, which is in my email address.
So far two dead relatives that never really used the internet have been "marketing matched" to my email address. So I get spam for my deceased grandmother and uncle. Its a little jarring. I'm not sure what kind of matching they do but clearly its not working.
Plus isn't the point of using a service being able to decide to match it with twitter, Facebook or just not link to those things.
Because it helps your users save time, Magic increases conversion rates and makes the web easier to use.
Honestly, how much time do you really save by auto completing a couple of fields? This seems like a solution in search of a problem.
Also, while I don't have the data to speak for other users, I personally don't see myself paying for any service that presents my own personal information to me before I even know what the fuck it is.
I don't get it :-/
I couldn't even try it because my browser's autocomplete automatically completed all fields.
Doesn't everyone has autocomplete?
Also, it's pretty creepy.
No, I'm in the same boat. Chrome already does this for me, I couldn't tell if anything different was happening.
I suppose it's a good thing nothing came up when I entered my email?
I would be turned off from a website or service that prepopulated a lot of my information without my consent.
I wonder if a new way to do signups would be just an emailto: link that you click and send. From there it automatically logs you in and sends you a password.
This is what I was thinking as well, but not necessarily email you a password because it's always some random crazy thing. More so remember the computer you clicked the email link from and either keep you logged in or you can log in with just your email from the computer you clicked the email link from. Sure there could be some security risks with your phone being stolen or a snooping SO, but most sites don't necessarily need to have that worry. For instance, commenting platforms like disqus, reddit, or your favorite news platform, or some site you'll probably only use once. With sites like this it doesn't matter much of other people gain access to it. It's not like your social platforms, LinkedIn, bank portal, government site, etc..
Like Magic Links in Slack. That's a great idea.
I have no problem with this, but it doesn't work very well for me.
Tried about eight of my email addresses. School and work ones did nothing, and neither did my Outlook.com account, or Yahoo.com.
For Gmail addresses it just pulled the name from my Google+ account for the one that had it, and failed on all the rest.
Not super impressive IMO. Especially considering all my email addresses are some variation on firstname.lastname or flastname.
Guess who is using lol@lol.com
So, I guess it's cool now to overload app/service names? E.g.: https://getmagicnow.com.
But more than that... "Because it helps your users save time, Magic increases conversion rates and makes the web easier to use."
There's one heck of an unfounded/unvalidated assumption.
Probably a way better way to increase "conversions" would be just to not have a pain-in-the-ass login process.
oAuth/Persona, and then don't ask for anything else until its actually needed.
And now you have (for the logged-into-oauth-provider case) a 2 click login system. It can not get easier than that
Isn't there already a service called "Magic"? https://getmagicnow.com/
So many site names could start with "magic"
Calling it "AnalProbe Data Collector" might have reduced sales.
I don't understand what's the value of exposing this autofilled data to the user. Why not just do it on the server-side?
Going out on a limb here, but what if this really a data training layer on top of Clearbit? Maybe they sell the human validated data back to Clearbit or downstream?
What if the data is wrong? What if it prefilled in a username I didn't want to choose?
um chrome (and presumably other browsers) already remember all of my information and autofill it...
Except it works terribly.
I hate how I only get those prompts when the field matches whatever fields Chrome thinks it should, yet many companies don't use these field ID's, so Chrome sits there stupidly.
I would love the ability to teach Chrome that this is a form and yes these are valid fields. Maybe somehow submit it to Google and have them update whatever regex they use. I feel like it fails about 50% of the time.
Im pretty sure theres a set of standard attributes you can set on fields to make them autocompletable. I use this as a reference: https://wiki.whatwg.org/wiki/Autocomplete_Types
What was the increase in conversions? Right now it's just hand wavy :)
Their demo still requires a password. A little white lie?
Is this related to that one concierge-like service?
Not another Magic! Cool feature though :)
can anyone explain how they might be getting all that data from the email in an automated fashion?
thats creepy, what if i don't want to be on that database :/
If it's coming from FullContact Person API, you can opt out here: https://www.fullcontact.com/privacy/
$20 for 2000 requests a month? HAHAHAHAHA no.
As far as contact records go, that's not an unreasonable price, especially so at such a low quantity.