Let me just give you google’s definition of dogmatic.
Key Characteristics
- Certainty: Being 100% convinced you are right and everyone else is wrong.
- Inflexibility: Sticking to a set of rules or doctrines regardless of the circumstances.
- Arrogance: Asserting opinions in a superior or “bossy” manner.
- Rejection of Evidence: Dismissing criticism or facts that don’t align with established beliefs
Do you not see how people might be interpreting how you present yourself in this argument as dogmatic? You call it “well informed” when what you really mean is that in your opinion the tradeoffs are worth it. You position that as it it’s an objective position of fact. When anyone argues with your opinion, you assert your certainty, you are inflexible in hearing their counters, and you resort to arrogant replies like “you should’ve read everything” or “I don’t think you work in ‘The Industry’”.
You match this description to a tee.
I am enforcing it because people wouldn’t use it otherwise. This is a threat because the community trusts each other. I don’t want hackers to abuse that trust by hacking an account and distributing malware. There are other threats but this is the threatmodel I care about right now.
You have diverted the conversation with this line of thinking many times but you miss the point. The complaints are communicating to you that what the issue you’re trying to combat is not as bad as the solution you’re implementing to combat it.
You can re-answer it a hundred times but that doesn’t change that they are voicing concerns that it is irrelevant to you. It doesn’t matter what threat vector you think you’re covering. It doesn’t matter if you think covering it is worthwhile. It matters if users do, because users are everyone who isn’t you on this site.
DanielBaker17 suggested that your approach is mismatched to the problem. Dictating that you are correct because you want to cover the threat vector of people using stolen accounts to upload malware is not relevant to that conversation. What’s relevant is that the solution you have provided does not meet their definition of a worthwhile tradeoff for the friction you have created. They pretty clearly laid this out, and your response was to act dogmatic about it. To assume you were correct because you “know better” and to write off what they were actually saying as if the points don’t stand because you disagree with them.
Finally I wanted to address this:
I have no obligation to appease anyone.
No, you don’t. But you do run a site, and literally the only thing that makes the site matter is people wanting to use it. Adversarial design for the sake of “security” is not in line with that.
You have locked at least two threads related to this topic. You know that many users are unhappy with the implementation, regardless of your justifications or how worth it you think it is. Is the site here for uses to enjoy, or for you to feel nice about implementing “best practices” at their expense to little to no measurable gain, against a threat vector with far lower applicability than others?
Not everyone wants breadcrumbs leading back to their porn sites on their devices. Making this stuff less obvious/more private means more hoops to jump through. In my case it means either installing another application someone with access to my machine could see/use, that then requires an extra layer of logging in, or using the secure folder on my phone with its own authenticator that also requires additional login steps.
It turns what was a two second login process into probably 15-20s of fucking around across two devices. Sure that’s not a ton, but it sure is really annoying. As someone who wants to have zero breadcrumbs to this site other than a throwaway email and a password I have in my head, I find it offensive to be forced to have more crumbs sitting around for an account that has zero value to anyone else.
