Yuki v~

A patch to fix this (among other things) is currently in the works and should be out fairly soon. Many thanks for your patience and the issue report!

This is in fact intended behaviour: when a subscription cannot be renewed, we'll provide a grace-period of two days during which payment collection will be retried. If no payment could be collected throughout this grace-period, then access will be fully revoked until the user has things sorted out on their end (either ensuring linked payment methods have appropriate funds, linking a valid payment method, etc.). Thanks for your report, but be assured that everything is in appropriate working order here!

I've PM'd you so we can get this solved in a setting that ensures your privacy.

Awesome, the extra information is quite helpful for investigating this! I am seeing a couple reported issues with regards to uBlock causing some weirdness with PayPal: one, two, three, ... The uBlock project maintainer seems to suggest that some instances are due to the filter lists containing something they shouldn't, or issues with Firefox or Chrome. I'm not seeing anything about Safari, but it's totally possible that an issue has started up affecting it. Thanks to the additional information you've provided, we can much better handle filing an issue report with the appropriate party, and/or potentially working around this issue. (In other news: the "Cancel Link" text has been replaced with simply "Cancel")

This is a known issue which was recently brought to light in a discussion over at: TLDR: Discord authentication checks for both a matching unique ID and username. Removing the extra username check for Discord will have all well again in the case where usernames change. Thanks for your report – we'll have this sorted out as soon as possible!

When you made your Floatplane.com account by connecting in your LTT Forum account, a separate set of credentials were created for the Floatplane.com account. These credentials are expected when updating certain user settings, as we don't have access to the Steam or LTT Forum databases to verify supplied passwords/usernames for those services. If you would like to generate a new password for your Floatplane.com account, you can simply navigate to the login screen and tap the [Forgotten your password?] link. If you enter your current email in here and follow the link in our reset password message, you should be able to set a fresh password. With this newly set password, you should be able to authenticate properly on the settings page. If you created your account via connection a while back, then you may not have been given the option to set a password for your account, but only a username instead. In which case a password reset as described above will be necessary.

Exactly: your "toor" Floatplane.com account was never linked to anything. I don't believe it was suggested anything had been linked to this account. I'm afraid the contradiction lies with you. It was never claimed that the account wasn't created on Floatplane.com. The account was created on Floatplane.com but was linked with your forum account because you took action to do so. We have record of this. For obvious reasons, security policy does not permit sharing the raw data. Again, it is impossible to link without it being requested. One must first push the [More sign-in options] > [Sign in with LTT Forum] button. This requests an auth token. Next, the received token is used to create an account provided that you fill in the form which I provided a screenshot of in my prior post. There's no magic going on with the session. We don't automatically link from any source and there's nothing in the session that would trigger this. When you create an account normally (by the [Sign up] button), it does just that: creates an account. There is no functionality whatsoever to pull from LTT Forum data and magically merge forum accounts. If you create an account by going through the [More sign-in options], then yes, you will be linked to the LTT Forum account in question. This is how things are meant to work. Our records indicate that this is what occurred. There's no abuse here. Let's take a look at some example: Suppose the user "Yuki" on this LTT Forum wanted to link with Floatplane.com. They can absolutely do this. However, there already exists a user named "Yuki" on Floatplane.com, and I can guarantee that the Floatplane.com user is a different person. So when our LTT Forum user "Yuki" goes to link, they'll have to supply a separate username in order to link up. This isn't a case of abuse, just the fact that Floatplane.com is a totally separate website, powered by a separate database. As a side-effect, there's a bunch of fresh, available usernames. We don't prevent anyone registering with a name just because it's used on the LTT Forum. It's all first-come, first-served. I'm sorry, but we really didn't. As I mentioned above (and some times prior), an account will only be created through link if specifically requested. It is absolutely impossible for an account to be linked without an auth token being requested by the user. It's as simple as that. With many disposable mailboxes one can specifically request whatever name they desire. Many of these services do not prevent multiple people requesting the same mailbox and they make no attempt to authenticate before doing so. If one user decided to make a Floatplane.com account with such a temporary mailbox service and a malicious party became aware of this, it would be trivial for the malicious party to claim the email in question and simply request a password reset. There is an astronomical difference in the level of security offered by such disposable services and your typical mail providers. Disposable mailboxes will just give up an account for free. In comparison, any normal provider with a shred of common sense will require one to at least go through some hoops to get your password reset. Floatplane does not "hijack" any session data. In fact, Floatplane has no access to your LTT Forum session data at all. This is the entire reason why you are redirected to linustechtips.com when requesting a connected-account link (to fetch and return an OAuth token), and this is the only way we are able to retrieve (very little) information about your account. I'm sorry things aren't working how you'd expect, but I assure you that there is no issue with regards to security here. If there is something we can take action on to make things better for you, please do let us know. As things stand now, this appears to be just a little misunderstanding.

Unfortunately our records indicate a different story. While your original account, "toor," was made some time back, the email confirmation message was never confirmed and so the account remains inactive. I believe support did take action on this ticket and I do certainly recall seeing a note regarding this account at some point. Your second account, "toor2," appears to have been created by linking your forum account in through [More sign-in options] > [Sign in with LTT Forum]. Upon tapping this, Floatplane had you redirected to the LTT Forum website in order to gain an auth token, a process which can happen seamlessly if a web application has been given authorization previously (just as colonel_mortis has mentioned above). Because you were logged in with the "toor" LTT Forum account at the time, this is the remote account which authorization was requested for. After receiving your authorization, you were supposedly prompted with a form which looked very much like this: This looks a bit like our sign-up form. One key difference here, aside from the heading and cancel button, is that the email and username are both automatically populated with information from your remote (LTT Forum) account. Once prompted with this form, you spent 6 minutes and 7.926 seconds before completing the account link process with valid data. This time was inevitably spent recognising that the automatically filled information was already in-use by your other account (the inactive "toor"), setting up another email, etc., before continuing on. Everything appears to be working normally with regards to this process and there is no security issue immediately evident here. The fact that the forum account "toor" was linked to your Floatplane account "toor2" is not any cause for alarm: there is no restriction requiring that remote usernames or emails match those used on the Floatplane platform. In fact, such a restriction would cause a number of issues if implemented, as there are bound to be conflicts between different services. If we were to automatically grant access to the "toor" Floatplane account simply because a remote account was found to have the same username or email, as I believe you may expect things to work, this would truly be a security issue. Such an exploit is absolutely prohibited. If you truly desire the "toor" LTT Forum account be linked with a Floatplane account with matching username "toor," then you could unlink from "toor2" and link with the other account through the [Connected accounts] settings page on Floatplane. Because the other account in question is currently unverified, some steps must be taken to correct this first (PM me if interested – I'll have your sorted out!). As a general caution: disposable mailboxes should be considered ill-advised for any important service which might contain personal information or linked payment methods. These mailboxes may not have security or uniqueness guarantees and could expose your account to security risks. Even when using a variant which supposedly implements the most secure practices, it can become a great hassle to prove account ownership in the case of support requests.

I'm unable to reproduce this issue with Safari on macOS (in both private-browsing and normal mode). Unfortunately, because it appears that the errant code is controlled by PayPal (according to your screenshot, see https://www.paypalobjects.com/web/res/2cd/6c95150722b94271a966a5d3785d0/js/button.js?build=x), it may be that there's not much we can do. After taking a look at your account, it seems you were able to link a PayPal account. Was this from Safari or another browser? If you could try Safari again, there is a chance that it may magically work, as PayPal does have issues from time-to-time. If not, any additional information to help narrow this down would help (including a list of any extensions installed, whether or not this was in private-browsing mode, or any other peculiarities that you might think of). Many thanks for your patience!

Awesome, thanks! In the future, the setup phase will work a little differently, to avoid this sort of issue (will come to prod once some related goodies are done and tested, shouldn't be too long).

To clarify: you are able to access videos on Floatplane.com, though after tapping [More sign-in options] > [Sign in with LTT Forum], correct ? If that's the case, things are working as intended. Floatplane will never allow users to use simply the same username/password combination for login as they do on the LTT Forum directly, even after linking, as credential data is not shared with us (only a token allowing for subscription retrieval). If you wish to login by just username/password, try and reset the password for your Floatplane account here. You'll be able to use the set password and your Floatplane username once that is done, though the forum login option will remain as a convenience.