I'm sad to see this become practice. Playing around the javascript console is one of the "WOAH" moments I had when I was first learning to code.
I remember using the Facebook "Like Bomb" during an all nighter at the library. It was a javascript snippet that would like everything on the page and annoy all your friends. Back then, I didn't consider myself a coder, and didn't think for a second I'd be doing this 4 years later.
I also remember being on gTalk with a friend and he was really annoyed by a paywall he couldn't get around. It was nothing more than a popup modal, so I sent him back a couple lines of javascript that got him through the paywall. I felt like a wizard.
The JS console is like peeling back a layer of the web and seeing a whole new world. Web pages stop being this thing you consume, and starts being something you manipulate and break. Anyone with experience will be able to get around this, but its sad that a lot of people might just shrug it off and not have those same experiences.
I for one can not wait until EME expands beyond Video to include full encryption of entire web pages so the web can be locked down behind DRM.... That will be fun for everyone
Netflix and Facebook will be the first to adopt it, the kind of thinking that creates locking out the console will create the expansion of drm.
Worth noting that this only works for Chrome. For what it's worth I don't support the practice and think it will not help prevent "self-XSS" at all. The idea of self-XSS being ridiculous to begin with.
Apparently it's common enough on Facebook, and not that ridiculous to imagine.
It's just like the "delete system32 to make your computer go faster" trick. For anyone on this site it's a laughably stupid prank, but you only know about it because there are people out there ignorant enough to fall for it.
Unfortunately, ridiculousness does not seem to prevent people from being hurt by it on Facebook.
What Netflix thinks they are defending against I don't know, though. Hopefully a Facebook user would think twice about some really long list of instructions of how to bypass the Facebook security. Since I can't imagine Netflix has the same problems with people being fooled into attacking themselves, they probably think this is some sort of security measure, but, that's a race they not only can't win, they can't even stay even with. Making it slightly more annoying to run JS? Sure. Making it impossible? Not gonna happen; the user has to much control over the JS context.
I remember using the Facebook "Like Bomb" during an all nighter at the library. It was a javascript snippet that would like everything on the page and annoy all your friends. Back then, I didn't consider myself a coder, and didn't think for a second I'd be doing this 4 years later.
I also remember being on gTalk with a friend and he was really annoyed by a paywall he couldn't get around. It was nothing more than a popup modal, so I sent him back a couple lines of javascript that got him through the paywall. I felt like a wizard.
The JS console is like peeling back a layer of the web and seeing a whole new world. Web pages stop being this thing you consume, and starts being something you manipulate and break. Anyone with experience will be able to get around this, but its sad that a lot of people might just shrug it off and not have those same experiences.