[lauritz]

Given that everyone gets a different 'input' string for every problem to prevent the simplest form of cheating and to enable such a thing as a leaderboard, I think this is a very reasonable measure, better than having yet another e-mail login for a service that is by definition seasonal. Also, when you connect it to GitHub, it does only ask for a very limited amount of data. What solution would you have proposed?

[such_a_casual]

A reply I made to another user in this thread: "You're joking right? The site could just use cookies like every flash game ever made. The site could generate a registration for the user. The site could take manual registration from the user. This trend of linking accounts between sites is completely inappropriate from people who are well aware of the privacy and security issues the internet faces today."

[lauritz]

While I agree that having one account to rule them all is generally a pretty bad idea if you're talking about projects that deal with sensitive data, I still think it's not that big a deal here. A cookie would tie you to one device, and I really think it is preferable to have this site (which is not dealing with any sensitive information about me whatsoever) not handle an e-mail/password combination, but let GitHub etc handle security. From a UX standpoint, I think this is a good solution that doesn't add too much complexity. If the app dealt with more private data, I would be screaming for a manual login myself.

[justifier]

i agree with your original post, but i'm assuming the login with other services bit was to reduce effort expelled in making the project

having reddit on the list of options means the barrier to entry can be counted in keypresses

you can make as many reddit accounts as you want, much like hn, where the only requirements are username and password

make one and just treat it like an advent login

[such_a_casual]

That's a fair point. I'll take your advice and use a reddit account. Thank you.

[maxerickson]

What are the privacy implications of having your github account provide an oath token to some rando site that you input a few numbers and strings into?

I guess they could collect wrong attempts and use them to try to shame people?

[such_a_casual]

There is no implication whatsoever. It's explicit. This website has no need for your irl identity (or even just your identity as a programmer).

[maxerickson]

Okay, what are the dire problems that arise from sharing an identity with some rando site that you also put some numbers into?

[aaronem]

Utterly nonexistent, which is why I'm surprised to see people making such a big damn deal over it. The privacy implications of having an identifiable account on any of the services used for AoC login are enormous by comparison, but I guess there's always some folks who'll "strain out gnats, yet swallow camels".