FreeOTP/FreeOTP+
depending on your goal for this (real 2fa vs just simulated) you shouldn’t have sync in the first place.
you could also look into security keys (hardware solution, webauthn/FIDO2) as an alternative that has strong security with good user experience (no typing anymore), but they’re not as widely accepted.
I think this is zerobytes.monster, one of the reddit mirror instances.
the post count fits and it also matches with the user count not significantly dropping.
that instance has been using rather strict waf blocking rules from time to time that likely also affect the crawler for fediverse.observer.
the token is completely tied to your account.
you can access part of your account info/settings with that as well, a while back they added an extra password prompt to some of that.
truly anonymous searches are simply impossible unfortunately. while they claim they’re not logging any searches it’s impossible to verify.
indeed
there is https://opennic.org/ but I don’t know how they deal with stuff
you can’t delete comments from modlog, except for admins purging then, and then there is a purge modlog entry. purging also only applies to the local instance. the reason that you don’t see it in modlog is that banning a user while selecting to also remove their content is only going to put the ban in modlog currently, so the comment removal was never there in the first place.
what about young people over 30 though?
fwiw, every week or so there is a scheduled task that permanently overwrites contents of deleted comments.
fyi @[email protected]
how about “silly”? “stupid”?
unlike on reddit, you can edit your post title here on lemmy.
reporting absolutely helps. it increases visibility for content that slipped through automated moderation and having more reports for content indicates urgency.
at that point you’ll just discourage any new users if they have to gamble on whether or not their content is actually seen by anyone. account age really isn’t a good indicator of anything other than soemone being dedicated enough to spam. considering this isn’t the first wave of csam attacks, i can assure you that whoever is targeting lemmy with this is determined enough that account age won’t deter them for long, they’ll just have to slightly adjust their playbook.
that doesn’t do anything, they’ll just register accounts in advance and wait some days.
we’ve even had spam recently from accounts that had been dormant for months, although it was a different kind of spam.
account deletion does not federate in general, only banning (+ content removal) does
you sound like you’re not even washing coconuts
those aren’t actually gifs.
they’re frequently webms.
various people don’t care or don’t know the difference between media formats though, so they’ll just call anything remotely gif-like a gif.
true, my comment was primarily from the perspective of the recipient of tracking links
for our admin team, we’re using a bot to message a matrix room when content is reported and reacting to the message when it’s been handled.
this could be done pretty much the same way on mod level, though this is certainly not easily accessible to everyone due to the hosting involved.
and all of this is only relevant if you even receive reports about content in the first place. if you moderate a community on another instance, tough luck unfortunately, as they currently do not federate.
edit: typos
I haven’t checked how reddit does this but just from the example it seems like there is no anti tracking from the use of urlcheck that you’re describing.
reddit appears to generate tracking link with a specific numeric identifier in their database, so instead of attaching a bunch of removable url parameters they instead do a lookup in their database and then redirect to the original destination.
this also means your app checking the redirect will need to fetch the url to determine the destination, which means their tracking still works just fine.
edit: a word
I don’t see “AI” being a relevant factor here, it should be treated the same as if it was drawn, photoshopped or otherwise.
Although I don’t know the full intention of the rule as it was originally created, I assume the intention to be avoiding political debate here. One of the easiest ways to accomplish this is by banning political figures, no questions asked, but that also prohibits a bunch of content that is unlikely to result in political debate.
At the same time, we have
Exceptions may be made at the discretion of the mods
so I would consider this an exception on that ground.
that’s like calling strong randomly generated passwords 1.5FA.
with proper MFA, even if you steal my password (database), you won’t be able to steal my account, as you’re missing the second factor. with classic otp this is just a single use number you enter on the potentially compromised system, but if you get the seed (secret) stolen, valid numbers can be generated continuously.
password managers (should) protect against reuse. MFA protects against logins on untrusted and potentially compromised systems/keyloggers if they’re not extracted live. password managers with auto fill and phishing resistant MFA can prevent phising, although the password manager variant is still easily bypassed when the user isn’t paying enough attention, as it’s not even that uncommon for login domains to change. obviously there are also other risks on compromised devices, like session cookie exfiltration, and there is a lot of bullshit info around from websites, especially the ones harvesting phone numbers while claiming to require it for 2FA just to gaslight users.