They are killing the functionality that has supported robust adblocking for a long, long time. Any extensions that replace the current model will be less effective.
This is why you shouldn't "innovate" with encryption unless you are a trained cryptographer (or equivalent). Cryptographers may be programmers, but programmers are not cryptographers.
But it seems it wasn't obvious to bullen that this way the password is essentially sent in plain text. So yes, let your authentication be analyzed by an expert or use standard software.
And for companies that don't do business with those countries - this is not a loss.
Most "asshole" traffic I see falls into one of two categories - attempts to exploit vulnerabilities (../../../etc/passwd stuff) and account takeover attacks.
The first I can forgive, I don't frankly care where that traffic comes from and the responsibility is entirely mine as website admin to prevent these types of attacks through good coding practices, WAF, etc.
The second I have less control over because customers / the general public sucks at security. They re-use passwords they've had for 10 years and won't opt-in to 2fa. And as a merchant, my company generally eats the cost of fraud that these attacks generally result in.
If no or little legitimate traffic is coming from Tor, and a significant percentage of malicious traffic is coming from Tor - at great cost to me / my company - why the hell would I allow it to continue?
One simple solution I can think of is to restrict POST requests from Tor exit nodes while still allowing GET requests. Cloudflare will give you a impossible-to-solve captcha even if you just try to visit site.com/index.html and I see no reason for this.
My personal experience is not what you are advertising here. I like Chrome because of the features unrelated to performance on Google's own assets - it simply has been the better browser. Yubikey support. Enterprise management capabilities. A robust extension ecosystem. Security. Better memory management for multiple tabs. Some of these are no longer a differentiator for Chrome, but Chrome got there first.
Firefox, IE, Opera have all been way late to the game on some or all of these features.
In the past I have been in the position to help make decisions on browser support at my company. We easily decided on Chrome because it was faster and more secure than IE, but more manageable than Firefox at an Enterprise level. Firefox is just starting to catch up to these feature sets. IE gave up. Safari is a literal running joke even amongst the most ardent of MacOS supporters at my company - features are simply non comparable.
I never once saw an incompatibility problem in Firefox that made me open Chrome. I currently run 2 browser sessions on my main computer - one in Firefox for personal use and one in Chrome for work use. I like and use Firefox, but Chrome has momentum.
Oh yes, Yubikey support. Which Firefox also supports but The Almighty Google doesn't allow to use with Yubikey on their sites (same as Facebook etc.). Good job Google, that really motivated me to switch. (not)
A company promoting their own products on their own websites is far from being criminal. Amazon.com right now just showed a giant splash for buying an Echoshow on their home page.
Imagine your bank, alphabank has 80% of personal bank accounts and 70% of auto insurance. When you check your transactions, you see a notice: "you could save up to x% by switching to alphacar."
That's the premise behind antitrust (even though in practice, its 50 years behind the times). If you have dominant market share, things that are otherwise lawful^ aren't anymore.
^Antitrust stuff like anti-competitive behaviour isn't criminal regardless.
It would be anti-competitive in your hypothetical if your bank refused to make transactions to your auto insurance company because it was not the bank's insurance company.
Pop-ups in your bank portal are uncomfortable but are not anti-competitive.
I'm taking Amazon's side because of Elastic's decision to keep security features (auth) behind a paywall. I will gladly support my company's use of Amazon's Open Distro if it means we can grant the right access to the right people at the right time without going from a lowish cost (we do pay for some features and support from Elastic) to an unsupportable high cost environment because of something as basic as authentication and authorization.
I'm glad someone open sourced such basic security concepts and I don't care that it was Amazon.
It's not just about AWS, other people need to use this as well. Why are security features a paid for addition? Why not make core features a paid for addition instead? I've always hated Elastic (the company) for this decision, please stop trying to give away free things that are not secure, and then charge for security.
