If a client sends us a duplicate token we should not be creating a new account for them or updating their token to that number, but maybe return an error.
This however makes the registry backend into an oracle that can confirm to third parties if a certain user is an OONI Probe user, which we may not want to do.
If a client sends us a duplicate token we should not be creating a new account for them or updating their token to that number, but maybe return an error.
This however makes the registry backend into an oracle that can confirm to third parties if a certain user is an OONI Probe user, which we may not want to do.