[zopticity]

I'm not going to register with my information, and here's why:

1) I don't know what this website is, and why it's collecting my information. Where's the credibility? Now people can use this "open source software" and can modify the where the endpoints are. I'm a little bit worried than anyone who has malicious intent can alter the code.

2) Why isn't it even requiring HTTPS/SSL? I don't want anyone to intercept my sensitive information, especially with someone that can just dump the code anywhere and pretend to be an "official" voter registration. Take that demo app for example.

I know this post was meant for something good, but I feel security measurements are not its strongest points. And I must petition for more security when the app involves with sensitive information that can be collected by any 3rd party website. Please correct me if I'm wrong!

[jkonowitch]

I think your concern is legitimate. I imagine that organizations wishing to make use of the app or modify it will imbue it with trust by associating themselves with it - ie a League of Women Voters logo somewhere on the page. As the article points out though, there are a lot of regulations in this space so I'm not sure if that is allowed.

As far as SSL goes yes I think at the very least the production.rb file should declare `config.force_ssl = true`.

[chimeracoder]

> Now people can use this "open source software" and can modify the where the endpoints are.

I'm a bit confused by what you see as the point of concern here. Are you concerned that the actual deployed application doesn't reflect the source code provided? That's a concern regardless of the license used; it's an example of where security is based largely on trust.