I tried looking through the docs but couldn't find an answer to this question: What is the nature of the link that is established to the sys-admin and devs of tildes for an account and the invite account?

as in, do they store the invite code that I used to create this account permanently and will be able to link that invite back to the issuing user? so that my account and the issuing user will always be linked in that way?

Edit: whoopsie, already being discussed here: https://tildes.net/%7Etildes.official/2x3

This is tangential to this post here about NSFW/controversial content. Sometimes one needs to make a confidential post detached from their own identity (say for example about a psychological problem or advice on an event where the OP wants to conceal real identities), and most places one needs a throwaway account. I think it'd be nicer if we allowed people to make posts detached from their main accounts w/o having to create new throwaway accounts. It might be possible via allowing a certain number of "personas" (i.e. a couple names one can allocate and use as nicknames), or via allowing to post anonymously (i.e. hiding the poster's account name, not w/o one), or allowing personas but temporarily and randomly generated names. What's you thoughts?

Before posting this, I checked my user settings page, the site’s documentation, and GitLab. I also did some site:tildes.net Google searches and used the on-site search for the ~tildes group.

I saw that on GitLab there is a feature request for account deletion, but not deactivation, that was marked “Accepted” about 5-6 years ago (August 2019).

I also saw some posts here in the ~tildes group, including one from about 6-7 years ago (June 2018) with a comment that said an option for both account deletion and account "dissociation" was planned. Both of these features sound great.

In addition to account deletion and account dissociation, I want to also request an option for account deactivation.

I don’t want to ask for the Moon here, but I envision account deactivation as having the option to remove all your posts and comments from the site (as well as your profile), with the option of restoring them if you reactivate your account. (I don’t know how annoying or how much effort this would be to code. I’m just imagining what I would find ideal from a user perspective.)

Another wonderful bonus would be the option to set a timer limiting your ability to reactivate your account, e.g. don’t let me reactivate my account for 6 months.

In the past, I’ve done this on another site through an elaborate system where I:

1. Set up two-factor authentication.
2. Saved the two-factor recovery code on an encrypted pastebin in a password-protected paste.
3. Saved the password for the paste in my password manager.
4. Used FutureMe.org to send an email with a link to the paste to myself X amount of time in the future.
5. Deleted the link to the paste from my browser history.
6. Deleted the entry for the site from my two-factor authentication app so the recovery code is the only way to get in.

This works, but it’s an elaborate process and if something goes wrong with FutureMe.org or the paste bin site, you could lose your ability to ever reactivate your account. You have to be willing to take that risk!

I might end up implementing this wacky system again for Tildes. For a site like Tildes, if I permanently lost access to my account (due to FutureMe.org shutting down or suffering data loss, for example) and wanted to re-join the site at some point in the future, I guess the worst consequence would be losing my username. (Also, getting an invite again might be a hassle, I don’t know.) That might be unfortunate depending how much you like your username, but it’s not as bad as a site with follows and followers where you would lose all of those.

My phone abruptly died, and it turns out I did not back up my 2FA codes. I have 2FA turned on for Tildes, and while I am still logged in, I can't turn off 2FA without 2FA, so if I ever have to log in again I'm screwed. I didn't save backup codes, of course, because I'm a fool (and I never figured out a good/safe way to store backup codes somewhere different than my password manager). What should I do?

I went into "Set up account recovery" in my personal settings, and I entered in my email address there. It says that if I can send and receive email from that address, I will be able to reset my password. But I already have a working password, what I don't have is working 2FA. Would a password reset do anything useful in my situation?

If there is nothing anyone can do at this point, how should I use my remaining time on this doomed Tildes account?

UPDATE: Admin turned off 2FA for me, so this account is no longer doomed. Thank you!

tildes.net isn't accepting my 2FA codes on login. I used a recovery key and disabled 2FA, but now I can't re-enable it for the same reason (I generate a code with the new secret key given but it gets rejected). I've checked on other sites and it doesn't seem to be a problem with generated 2FA codes on my end, leading me to believe something may be misconfigured on the server (maybe the tildes.net system clock is off or something?).

Anyone else experiencing this?

Edit: Still not really sure why I couldn't get it to work initially, but after giving it some time the problem went away.

I tend to be generous with votes if I like specific posters and want to encourage them. I like to assume that's ok, but is there an official take on that?

And what about people who are likely to share an IP address with me? I'm on a small node with fewer than 200 users, and at least 2 or 3 come here (got invited by one). I don't necessarily know them but will that look like alt accts boosting votes? Is there a whitelist or something like that for verified individuals on the same address maybe?

Hi there. The account recovery page mentions that password resets are performed by emailing a specific Tildes address from your own specified recovery address. But as far as I can see, that Tildes reset address that's supposed to be sent to.. is unlisted anywhere on the website. I could be mistaken, of course, but in any case it's not easily visible. Also unlisted is what string should be placed in the Subject field, alongside any body content this sent email should contain.

As to the reason for the inquiry:

So when I registered for Tildes, I generated a password and stored it in my KeePass database like a responsible person. Except... like an idiot, I restarted my computer at some point without remembering to actually save my KP database (I promise this is only like the second time this has happened in 2 years or so), so I'm in the curious position of still being logged in but not actually being able to change my password. Naturally, I explored account recovery options, and registered my email address with the recovery page, but as I described above, I can't seem to find the address I'm supposed to send an email to in order to reset my password as part of the recovery process.

I don't need to reset my password, and I really appreciate the way that it is done to maximize anonymity. However, I think there is a bit of a problem with how it is done in terms of users getting locked out.

If you're locked out, as far as I can tell, there is no way to view the email hint associated with your account. It seems a bit counter intuitive to me that in order to see the hint for how to regain access to your account, you have to already have that access! I also think that it won't work in the case that someone has been away for a few months and has forgotten their password. I'm not sure what a good way of displaying the hint would be, however, since if it is done by username anyone who has seen your posts can look at your password hint.

Hopefully with a bit of discussion we can cook something up that can solve this catch 22!