USPS’ website does this, sort of.

If their text service is down it’ll let you know and just skip the 2FA process even though normally they offer an option to get the code via email.

The fact that they do this is bad enough, the fact that this happens so often that I’ve seen this at least a dozen times is even worse.

Cue the nuclear shills that will handwave away any legitimate concern with wishful thinking and frame the discussion as solely pro/anti fossil, conveniently pretending that renewables don’t exist.

The proposal is bad enough as it is, but it’s the duplicitous gaslighting BS that really pisses people off.

If they came out and said “We came up with this thing to prevent loss of revenue on ads and prevent LLMs from capturing data” then people would still be against it, but at least it would feel like an honest discussion.

Instead it’s just another page out of Google’s playbook we’ve seen many times already.

1. Make up some thinly veiled use cases that supposedly highlight how this would benefit users, while significantly stretching the definition of “users”
2. Gaslight every one by pretending that people simply misunderstand what you’re proposing and what you’re trying to achieve
3. Pretend that nobody provides reasonable feedback because everyone is telling you not to commit murder in the first place instead of giving you tips on how to hide the body
4. Latch onto the few, inevitable, cases of people going too far to paint everyone opposing it in a negative light
5. Use that premise to explain why you had to unilaterally shut down any and all avenues for people to provide comment
6. Make the announcement that you hear people and that you’re working on it and that all will be well
7. Just do what you want anyways with minimal concessions if any and rinse repeat

For what it’s worth I blame W3C as well.
Their relatively young “Anti-Fraud Community Group” has essentially green lit this thing during meetings as can be seen here:

https://github.com/antifraudcg/meetings/blob/main/2023/05-26.md

https://github.com/antifraudcg/meetings/blob/main/2023/07-07-wei-side-meeting.md

WEI can potentially be used to impose restrictions on unlawful activities on the internet, such as downloading YouTube videos and other content, ad blocking, web scraping, etc.

Did the author of the article come from some dystopian parallel universe?

Well that explains why they did a 180 on their “no AI” rule, which has the mods in a tizzy.

Who knows, maybe it’ll cut back on the toxicity in the sense that you don’t have to interact with toxic people ¯\_(ツ)_/¯

The presumption of innocence doesn’t preclude the fact that criminal courts don’t find someone innocent, rather they find someone not guilty.

This is for the simple fact that it’s neigh impossible to establish someone’s innocence, whereas it’s easier to establish that there isn’t enough evidence to consider someone guilty.

This case is, and sexual assault cases in general are, a great example why we can’t expect criminal courts to establish innocence.

These are often cases with little evidence available either which way, because often there are no other witnesses. Even if there would be physical evidence of a sexual act, it’s still challenging to prove under what circumstances those acts have occurred, specifically on the matter of consent.

To expect a court to be able to say with certainty that something hasn’t occurred is unreasonable.

That is not to say that it isn’t good that we have these high standards before we impose punishment onto someone, but it is important to recognize what it means when a court comes to a decision.

Additionally the presumption of innocence is just that, a presumption to establish who has the onus to prove something, there is no additional meaning attributed to it in the legal principle beyond establishing who has the onus to prove the facts at hand.

In that regard it’s rather unfortunately named, as it would’ve been more apt to name it “the presumption of not guilty” but I suppose that doesn’t roll as nicely off the tongue

To add to that, that the presumption is specifically a principle that only has meaning in criminal court, because the burden of proof is generally higher than in civil court.

People can be, and have been, found liable in civil court for the very thing a criminal court has found them “not guilty” on, on the very basis that criminal court can’t establish innocence and that the bar that needs to be met in civil court is generally lower than in criminal court.

As such to bring up the presumption of innocence in a vacuum is kind of like bringing up the generally recognized human right of freedom of speech when a social media company bans someone and removes their post.

Yes, the concept exists, but it’s irrelevant because it doesn’t apply to the topic at hand, because the concept aims to govern a very specific circumstance that isn’t applicable here and withholding the important context surrounding it (i.e. the role it plays in criminal court for the presumption and the fact that it only limits governments for the freedom of speech) masks the limitations of said concept.

None of the above aims to reflect my opinion on Spacey’s innocence (or lack thereof), rather it aims to provide the necessary details to put things into context.

Most of these services are US-centric because a lot of the necessary records to provide the information isn’t public in many countries outside of the US.

Birth records, death records, marriage records, divorce records, voting records, criminal records, etc. is considered public information in much of the US. Even address information can be found publicly and immigration records become available to the public after a certain time.

In a lot of countries, especially in many European countries, these are hard to access for people that aren’t the subject of these records, if accessible at all.

For example while court records are public in much of Europe, often times the names of private persons are censored because it’s not deemed necessary to know who the parties are to be able to check if the courts make fair decisions.
This automatically excludes criminal and divorce information from disseminating into the public.

Some countries will make some records public once the subject of those records have passed for X amount of years, but that’s still pretty rare.

As such services like these have limited use outside the United States.

That sounds like a gaping security hole, but with how likely it is that you lock yourself out with the current 2FA implementation, I can’t be mad about it.

If all else fails you could also reach out to the admin of your instance I suppose and see if they can disable 2FA on your account, but I figured it’s best to avoid the headache altogether and just not log out until you’re 100% the 2FA works properly.

That’s also a good way of verifying! As long as you go through the login process somewhere different than your current browser window you should be able to make sure it works properly.

Current 2FA implementation in Lemmy is a bit janky with the risk of being locked out.

First things first: DO NOT UNDER ANY CIRCUMSTANCES LOG OUT UNTIL YOU’RE 100% SURE YOUR AUTHENTICATOR WORKS AND THAT YOU CAN LOGIN USING ITS GENERATED 2FA CODE

Now that that’s out of the way, here are some steps to follow:

1. Ideally clicking on that button will open your authenticator which will then prompt you to select login credentials to attach it to; if it doesn’t and you instead are lead to a URL with a secret key or if you right click and you can copy that URL, then you need to manually copy the URL and paste it in the 2FA section of your authenticator or password manager
2. Once you’ve figured this out don’t log out, instead open a private browser window and test to see if you can login with your credentials + 2FA

If you can’t get it to work then you can disable it in the window you’re still logged into.

If you share which authenticator you use, people might be able to give you more specific instructions to get you through step 1.

Whatever you do, don’t log out. You will be locked out!
Unlike most common implementations, there is no built in step to verify if you can successfully generate a TOTP before 2FA is fully enabled.