Currently:
- Anyone with the ID of a game can join either side if they haven't already been joined. This is problematic per se, because IDs are sequential.
- The ID can be easily derived from the observe link/one join link, making it even easier to join timers you aren't wanted to.
The second issue can be avoided by not sharing the observe link before both sides have been joined, but this may not be obvious. And in any case, it is preferable not to have either issue.
Resolving this would inevitably mean making join links longer, which is not ideal.
Currently:
The second issue can be avoided by not sharing the observe link before both sides have been joined, but this may not be obvious. And in any case, it is preferable not to have either issue.
Resolving this would inevitably mean making join links longer, which is not ideal.