196
Community Rules
You must post before you leave
Be nice. Assume others have good intent (within reason).
Block or ignore posts, comments, and users that irritate you in some way rather than engaging. Report if they are actually breaking community rules.
Use content warnings and/or mark as NSFW when appropriate. Most posts with content warnings likely need to be marked NSFW.
Most 196 posts are memes, shitposts, cute images, or even just recent things that happened, etc. There is no real theme, but try to avoid posts that are very inflammatory, offensive, very low quality, or very "off topic".
Bigotry is not allowed, this includes (but is not limited to): Homophobia, Transphobia, Racism, Sexism, Abelism, Classism, or discrimination based on things like Ethnicity, Nationality, Language, or Religion.
Avoid shilling for corporations, posting advertisements, or promoting exploitation of workers.
Proselytization, support, or defense of authoritarianism is not welcome. This includes but is not limited to: imperialism, nationalism, genocide denial, ethnic or racial supremacy, fascism, Nazism, Marxism-Leninism, Maoism, etc.
Avoid AI generated content.
Avoid misinformation.
Avoid incomprehensible posts.
No threats or personal attacks.
No spam.
Moderator Guidelines
Moderator Guidelines
- Don’t be mean to users. Be gentle or neutral.
- Most moderator actions which have a modlog message should include your username.
- When in doubt about whether or not a user is problematic, send them a DM.
- Don’t waste time debating/arguing with problematic users.
- Assume the best, but don’t tolerate sealioning/just asking questions/concern trolling.
- Ask another mod to take over cases you struggle with, if you get tired, or when things get personal.
- Ask the other mods for advice when things get complicated.
- Share everything you do in the mod matrix, both so several mods aren't unknowingly handling the same issues, but also so you can receive feedback on what you intend to do.
- Don't rush mod actions. If a case doesn't need to be handled right away, consider taking a short break before getting to it. This is to say, cool down and make room for feedback.
- Don’t perform too much moderation in the comments, except if you want a verdict to be public or to ask people to dial a convo down/stop. Single comment warnings are okay.
- Send users concise DMs about verdicts about them, such as bans etc, except in cases where it is clear we don’t want them at all, such as obvious transphobes. No need to notify someone they haven’t been banned of course.
- Explain to a user why their behavior is problematic and how it is distressing others rather than engage with whatever they are saying. Ask them to avoid this in the future and send them packing if they do not comply.
- First warn users, then temp ban them, then finally perma ban them when they break the rules or act inappropriately. Skip steps if necessary.
- Use neutral statements like “this statement can be considered transphobic” rather than “you are being transphobic”.
- No large decisions or actions without community input (polls or meta posts f.ex.).
- Large internal decisions (such as ousting a mod) might require a vote, needing more than 50% of the votes to pass. Also consider asking the community for feedback.
- Remember you are a voluntary moderator. You don’t get paid. Take a break when you need one. Perhaps ask another moderator to step in if necessary.
view the rest of the comments
I mean, there’s a reason browsers moved towards asking to autofill. Back when browsers would just do it automatically, there were malicious pages/ads that would hide fake username+password fields offscreen. So when the ad loaded, the browser would try to be helpful and would autofill the info. Then the ad would simply capture the autofilled info, and now your account is compromised.
Autofill attacks were so awful because the browser automatically did it without asking first. It was literally a zero-click drive-by attack that nabbed your info without any prompting or alerts on the user’s end. So to try and combat this, browsers moved towards requiring a prompt.
Tangentially, malicious ads then started using clipboard attacks instead. The ad would simply request your clipboard data, because there was a very good chance that it was your password. That’s why browsers stopped allowing sites to request clipboard data at all, and now it requires the user to actually push the data via a Ctrl+v instead; Anyone who has used Google Docs/Google Sheets will be able to tell you that Right Click>Paste doesn’t work, and it’s because the site isn’t allowed to request access to your system’s clipboard.
That's all very interesting and insightful, but I don't see how a site putting username and password entry on separate screens helps mitigate any of this, unless they're doing something like showing ads on the page that asks for the username but not the one that asks for the password? I typically use ad blockers so I genuinely don't know what's standard. My gut feeling would but they don't show ads on those pages at all. Apart from sites that have username and password boxes on the main page. But that's still no reason to split the password from the username if both are on a dedicated page with no ads. I don't see how it would prevent against fake password entry boxes either. Most of those sound like things the browser would ultimately need to mitigate against since any site could be compromised. Obviously sites have some role in it too.