Having done my own auth I get why they do it this way. LLMs are already a massive problem with AoC, I imagine an anonymous endpoint to validate solutions would be even worse.

Having done auth myself, I can also understand why auth is being externalised like this. The site was flooded with bots and scrapers long before LLMs gained relevance and adding all the CAPTCHAs and responding to the "why are you blocking my shady CGNAT ISP when I'm one of the good ones" complaints is just not worth it. Let some company with the right expertise deal with all of that bullshit.

I'd wish the site would have more login options, though. It's a tough nut to crack; pick a small, independent oauth login service not under control of a bit tech company and you're basically DDOSing their account creation page for all of December. Pick a big tech company and you're probably not gaining any new users. You can't do decentralized auth because then you're just doing authentication DDOS with extra steps.

If I didn't have a github account, I'd probably go with a throwaway reddit account to take part. Reddit doesn't really do the same type of tracking Twitter tries to do and it's probably the least privacy invasive of the bunch.