Forced 2FA

It’s becoming increasingly clear that this is no longer a debate about “MFA good” vs. “MFA bad.” It has shifted into a critique of failed leadership and technical hubris. Vlad, you’ve repeatedly threatened to silence “uncivil” discussion, yet you’ve spent this entire thread insulting and mocking the community. You have called users ignorant, lazy, cavemen, etc. You don’t get to demand a “professional” tone from the community while simultaneously dropping lines like:

That is the definition of a double standard. You claim you’re “exhausted” by this conversation, but you don’t get to be tired of a fire you started through unilateral action and a complete lack of empathy for your user base. When you make a decision that creates friction for thousands of people, you owe them an ear, not a middle finger.

Absolute Security vs. Community ROI As others have pointed out, applying security without context is just dogma. By forcing MFA on every single throwaway account, you are prioritizing a theoretical shield over actual community growth. You are burning the village to “save” it from a threat that could be 90% mitigated by simple Trust Level restrictions on uploads and links.

The Real-World Consequences This isn’t just “4.7 seconds of friction.” I have personally seen the fallout of this “my way or the highway” attitude. I know of at least one talented creator who has quit scripting entirely-not just left the site, but stopped the hobby-because of the toxic way this rollout was handled.

This person was a vital part of the LGBT scripting community, a niche that is already underserved. When you lose a creator like that, you aren’t just losing a “user metric”; you are losing a sub-community’s momentum. These are the human costs that aren’t captured in your technical “threat models,” but they are the costs that will ultimately lead to this site’s stagnation.

If the goal was to make the site “safe,” you might have succeeded in a vacuum. But in reality, you’ve just made it a place where people no longer feel welcome to create.

Totally on board with this. If I didn’t need to login to download things I wouldn’t care about 2fa for the very few times I post or talk to someone otherwise.

Stop goalposting. I never claimed this forum was a “high security institution”. And yes users have been contesting whether MFA should be enforced because “It’s just a porn site”.

In order to do that it would require I:

1. Record information that would violate your privacy.
2. Present that evidence to the public and potentially doxx people.

In order to present this evidence to you I would need to fingerprint your device, ip address, and login timestamps and correlate it to previous logins and determine your activity behavior analytics.

This is how we detect suspicious logins in the security field. So what you’re asking me is to prove it, I need to violate your privacy.

If you’re not going to argue in good faith I will not respond to you further.

Then build the plugin. I’ll audit the code and add it to the server.

I’m not responding to the rest, it’s not worth my energy to explain that you don’t take medical advise from people who aren’t doctors.

You missed the point of me adding that qualification entirely. You never said it was. You said it was the bare minimum, and left that qualification out, because you don’t seem to see it. That is the qualification. This porn site does not qualify for needing 2fa. That’s what people have been trying to get across.

You’re thet one who said I was rejecting evidence. I wanted to make a rhetorical statement obviously showing that’s not the case, because you have not proivded such evidence. Only conjecture.

As others said, you’re the one that started the fire here.

I’ve repeatedly said that “This porn site does not qualify for needing 2fa” is wrong and listed various reasons why.

Ironically this is ignoring evidence

I didn’t start the fire. I placed a wooden foundation for a home and the vocal opposition lit it on fire.

It already is with exception to the scripts section. This was implemented for a few reasons in the beginning. Their threads are out there.

You’re right. I have crashed out. My patience ran thin and continues to run thin.
I’ve realized the people arguing with me can’t be helped. Their dogma runs deep and they will not listen to evidence. Even when I point it out they goalpost and change the parameters and claim im the one not listening.

Against my own wishes I think it’s best I don’t allow this discussion to continue further for my mental health, to cease uncivil discussion, and because it’s clear to me this thread doesn’t service any other purpose than letting myself and others complain in circles.

I see someone is typing so I’ll let them finish their post and I’m closing the thread.

This is a matter of opinion you keep positioning as fact.

I asked for evidence regarding your conjecture. You said you cannot provide it without doxxing, which is entierly correct and valid. The point was rhetorical. You cannot supply evidence of accomplishment, only conjecture that you think it accomplishes things. You covered a threat mdoel which is not the same as a threat model ever being leveraged.

You could encase your entire home in a steel box to prevent invaders, but that’s probably not worth it if nobody ever tries to break into your house. You choose solutions that make sense for the level of security you really need, not the level of security you think you might need.

No. You decided unilaterally to enforce a change without consulting if the community agreed with the change at large. You think you know better whether it’s worth it for everyone at not because you have the technical background to know that it is technically better, and you undervalue the less technical elements that are the problems/friction involved, again, in part biased around your background.

Making unilateral change is what was lighting the fire.

Now you have a good reason to change it to not having scripts be required. It seems like a very easy solution that makes most people happy. I’m not sure why it was restricted, so I just assumed it was for good reason, but if there’s no other good recourse here for change it’s the next best step to some of us.

People don’t care what you think is better on a technical level or how right you are about security. All that matters is the experience is worse and it’s not worth it to them for the tradeoff. You seem to view this as a problem with education when it’s really a problem of differing priorities. People don’t need to be helped. They want you to get out of their way.

This didn’t happen. What happened is I inserted a qualifier that everyone else has implicitly been stated, explicitly, because it seems like you missed it, or just ignored it because you don’t agree with it. Either way, the point was rhetorical.

Discussion would remain more civil if your goal was to make as many people happy as you could rather to enforce your dogma on everyone. It’d also help if you didn’t use thinly veiled insults on people because you see their knowledge as inferior, as others have pointed out.

People want to enjoy coming here. They aren’t coming here to torture you, they just want to use the site seamlessly.