zherring
commented
3 years ago Hi @fpesari, really appreciate the feedback. Unfortunately, w/ the matching algorithm we're using, email/password registration makes gaming the round really easy. We (currently) have to rely on other services with OAuth and anti-spam measures in place to ensure the integrity of the round. There are other ways (SMS verification, etc) that we will potentially roll out on future rounds to make email/PW possible but it wasn't feasible with the MVP and the time to launch that we had.
Deleting the account poses an interesting dilemma (ie, what's stopping someone from donating $10, then deleting their account, then re-creating their account, then donating $10 again for the an equally high match?) but I think we should be able to work around that. I'll bring that up w/ @humanific to get to before the end of the round. Thanks for bringing this to our attention!
Hello,
why does FundOSS only allow logging in via Github? Other than it's easier to implement and maintain, security-wise. I think that even if it's more work, FundOSS should provide its own email-based registration with support for account deletion (according to GDPR).
Saying this as someone with a Github account, obviously :smiley_cat: