Not to mention that Cellular service providers have quite unstable IPs which often reset or change upon connection and disconnection, plus the ready availability of Public Wifi sources. IP just isn't a good metric anymore, if it really ever even was.
I was able to easily do it using the Dev tools in the browser, it's not very difficult when you know what to look for in the network packets, but for someone who's not a web developer or worked with json to might be tricky, and might carry some risk if they add them incorrectly (not sure if lemmy prevents corrupting user settings with safeguards but better safe than sorry).
What would be very nice is if the Client Would just allow for using a URL in place of an upload just like what can be done on posts and comments
Can't upload images at all to the site, they disabled it due to the CSAM attack a few months ago, not sure when they plan on fixing it.
There is a way to add an avatar without uploading it to the site but it is a bit complicated and requires the api, it also is required that you host them somewhere else i.e. imgur, file.coffee, gitlab, codeberg, anywhere that lets you host the images.
Unfortunately it's a side effect of disabling uploads, it is possible to have externally hosted avatars (field is just a URL linking to the image) but isn't officially supported by lemmy-ui yet, hopefully it can be in the future though, I made an issue for it on the GitHub to hopefully get it supported (linked in my other comment).
Would be easily doable, I was able to do it on my account here since the user settings config just contains a link to an image which can point at pictrs or at an external image hosted elsewhere so using the API (in my case using a third party app being built by my friend) you can replace avatars with externally hosted images, I made an issue on the lemmy-ui GitHub to hopefully get that feature integrated officially.
I very much agree, invite-only systems are a bad idea for this reason.
I think the images should never be cached from other instances in the first place, that is a huge oversight in pictrs since not only does it have the potential to cache unwanted content but also causes the images hosted to rapidly accumulate which isn't ideal as it increases storage requirements which is unfair to people who want to self-host a personal instance. Hosting a personal instance should not have monstrous storage requirements or serious liability risk due to caching all images automatically, it should only cache what is uploaded to the Instance like profiles and banners, and posts that include images from the Instance.
I have reservations about allowing fully-invite based registrations on lemmy instances. While I do think it might be good to have invites as a way for users to skip filling out an application I don't really like the idea of requiring them like Tildes does, makes it feel like an elitist exclusive club of sorts having to beg for an invite from users. I don't think it should be an alternative to application-based registration, but rather a supplement to it, if someone can get an invite from users that's great but if not they should still be able to write an application to join, this could be extensive and also lower priority since you could get invites but should still be an option available.
Account requirements really depends on what they are and what they restrict (also who on the instance is allowed to impose restrictions). For example on instances with downvotes enabled I think score/upvote requirements are a bad idea since it essentially means that people who disagree are locked out, like on Reddit with karma restrictions, I do not support this, it creates an echo-chamber where unpopular opinions. It'll also lead to upvote farming if there are negatives due to having a lower score.
Comment or post requirements would just lead to post or comment farming similar to vote farming, though it's not as bad as score-requirements since people making posts and comments naturally (whether they are liked or not) can't be taken away by other people based on opinions (only if they break the rules and get posts removed, which isn't even remotely similar since they broke the rules).
Limiting image uploading is a fair requirement in my opinion since uploads can be particularly harmful if the uploads are malicious, and also uploads aren't really needed since people can externally host almost all their images without the need for uploads.
When it comes to DMs and restrictions around them I feel like that should be up to individual users to decide to allow private communication from certain users or not, or even to allow DMs at all, this shouldn't be something globally applied to people, maybe it could be a default in User settings and have a requirement set by the Admins but people should be able to turn it off if they don't care or want to accept messages from new users, I know I certainly will, I hate being nannied when it comes to who's allowed to send me messages, IMO Annoying or uncomfortable DMs are a fact of life and I prefer to deal with issues when they happen rather than block anyone who's a new user that might want to talk to me, it's one of the things I hated that Reddit does without giving me the option to opt out and receive messages from everyone.
I think having a Machine-Learning based system to identify Malicious images is actually a pretty good idea going forward, I know how some people feel about AI and Machine-Learning but I think it's probably our best defense considering that none of us want to see it, it might have False positives but I'd rather than than to allow CSAM to live here. Ultimately the choice is have ML scanning or Disable pictrs here, I think ML is the better option because people are going to want to have Avatars and without pictrs that isn't possible (unless Lemmy adds support to the UI for externally hosted Avatars and Banners).
When a user is banned, temporarily or permanently, liftoff shows a banned flair on their name, if they are banned from the community it'll show a banned from community flair. This shows up when the user is banned from the instance you're viewing it on or from their home Instance. When an Instance is defederated it won't show any flare or indicator, at least as of the current version.
Admins don't always choose to purge all posts by a user who has been banned, sometimes they'll just ban the person and remove the infringing posts since if the person was a very active user purging them could take a chunk out of the content on the site, and assuming they have mostly legitimate posts it's probably the best option to remove specific troll posts after banning than to purge their whole profile.
Also if someone is temporarily banned they almost never purge those people since it's a temporary ban, many of the recent bans on LW have been temporary or are long-time members on the site with a lot of content.
I prefer not to use that specific service because they block viewing access to Tor users, so they end up not being able to see images that are hosted on that site.
I hope they someday increase the size limit to 200 kb it's annoying because most of the profiles I have are just barely over 100kb and If I compress them any further they look grainy and awful.