I waited for the issue to reoccur so I could test that out. The jwt cookie is missing from the request to / but is present in several of the other resources used for the page. That’s consistent with Crashdoom’s comment. Sometimes, the issue would only occur in a specific tab (refreshing the tab did nothing, but opening a new tab would have me logged in), which is roughly the opposite of what that user reported, but this time, it was a problem in any tab
Any system where the most severe outcome is “A moderator will look at it” is an easy sell for me, so I wouldn’t have any problem with 1 or 2. And an opt-in system of nearly any kind is going to be okay by me so long as it doesn’t stand to harm anyone who hasn’t given informed consent, so 3 also sounds fine.
With 4, I’d definitely want more details on what is considered “a significant risk or pattern of spammy behavior” and on why the temporary suppression “may break existing conversations or prevent new ones” before being comfortable with such a system.
Is this a continuation of Lemmur? The Lemmur logo appears when the app loads, but the project is not marked as a fork of Lemmur and the readme makes no mention of Lemmur
I had the issue reoccur, and I can confirm that the jwt token was missing from the request to /, but present for other resources such as the css stylesheet