Most likely different incentives and platform culture.

Customization isn’t that big on iOS, other than the occasional viral fad, so there’s less interest for custom keyboards and in return less development spent on it.

Monetization of custom keyboards is also really hard and due to limitations on tracking and collecting data the incentives that Android has don’t really exists on iOS.

So what you end up with is a handful of custom keyboards often by big players that have bags of money to throw at it or as a companion to a regular app (e.g. Grammarly, GIF apps) to fulfill a specific function.

They’re right about browsers, but jumped the shark on keyboards.

Custom keyboards come with some rules and limitations for obvious reasons, but they’re by no means the system keyboard in disguise like how browsers are all WebKit under the hood.

Here’s documentation on custom keyboards: https://developer.apple.com/library/archive/documentation/General/Conceptual/ExtensibilityPG/CustomKeyboard.html#//apple_ref/doc/uid/TP40014214-CH16

The scandal didn’t lie in following court orders, it lied in the marketing and the fact that the French ToS lacked any nuance to indicate that it would even be a possibility that ip would be logged.

Furthermore, even when dealt with court orders, other companies that don’t tout privacy to be one of their core values, have chosen to fight such orders in court.
Proton could’ve at least tried to show that they were putting their money where their mouth is, by challenging the order.

Between this and the IP logging scandal, it seems that they’re going downhill fast.

I would expect they’d collate that information and pass it on at regular intervals to the instance that holds the true version of the post, who then subsequently disseminates that information to subscriber instances.

Then again, I guess you could collate the detailed information in a similar manner.

Not disputing what you’re saying, I assume you’ve tested this out and that’s what you’re reporting, just commenting on the choices made by the project to implement it this way.

Is that what you found out during your experiments?

That seems like a really inefficient and useless implementation to have all instances provide those details to one another, when every instance can simply keep track of it for their own users and pass along the total number.

That sounds like a gaping security hole, but with how likely it is that you lock yourself out with the current 2FA implementation, I can’t be mad about it.

If all else fails you could also reach out to the admin of your instance I suppose and see if they can disable 2FA on your account, but I figured it’s best to avoid the headache altogether and just not log out until you’re 100% the 2FA works properly.

That’s also a good way of verifying! As long as you go through the login process somewhere different than your current browser window you should be able to make sure it works properly.

Current 2FA implementation in Lemmy is a bit janky with the risk of being locked out.

First things first: DO NOT UNDER ANY CIRCUMSTANCES LOG OUT UNTIL YOU’RE 100% SURE YOUR AUTHENTICATOR WORKS AND THAT YOU CAN LOGIN USING ITS GENERATED 2FA CODE

Now that that’s out of the way, here are some steps to follow:

1. Ideally clicking on that button will open your authenticator which will then prompt you to select login credentials to attach it to; if it doesn’t and you instead are lead to a URL with a secret key or if you right click and you can copy that URL, then you need to manually copy the URL and paste it in the 2FA section of your authenticator or password manager
2. Once you’ve figured this out don’t log out, instead open a private browser window and test to see if you can login with your credentials + 2FA

If you can’t get it to work then you can disable it in the window you’re still logged into.

If you share which authenticator you use, people might be able to give you more specific instructions to get you through step 1.

Whatever you do, don’t log out. You will be locked out!
Unlike most common implementations, there is no built in step to verify if you can successfully generate a TOTP before 2FA is fully enabled.

Pro tip: if you do insist on using Google scroll to the bottom until you see a notice like the one below.

You can then click on the complaint to see the URLs that were removed.

They’ve wisened up a bit and now require a (throwaway) email to access the links, but chances are that if you’re looking for something more obscure, the link you seek is still there.

Typical Lemmy experience, haha.

Honestly has its charms, gives me the feeling of nostalgia, like we’re back in the early 2000’s.

Another such rough edge is that comments sometimes get posted twice, like your comment