i_am_not_a_robot

We can all hate Elon and Twitter, but we’re really arguing in favor of internet censorship and extraditions for foreign citizens living in their home country that, knowingly or unknowngly, assisted or has employees that assisted people in circumventing that censorship.

Elon is not in Brazil, and making the service available via CloudFlare was not an action taken in Brazil. Brazil should be able to seize assets in Brazil and change how they block access to prevent Twitter from doing business in Brazil, but arresting people in other countries for something like this is extreme.

large companies who can afford the security infra to do those checks and store that data

There is no such company. This is just another way to ban “harmful” content. Verifying your identity and age to access restricted content is practically guaranteed to result in your identity being compromised within your lifetime.

This is a bad idea. If breaking the law of any country can result in extradition to that country then people are going to be getting extradited for things like disrespecting the communist party.

Having a non-garbage domain provider can be a luxury. I used to work at a place where we were paying boatloads of money for certificates from Sectigo for internal services, and they were charging us extra per additional name and even more if we wanted a wildcard, even though it didn’t cost them anything to include those options. Getting IT to set up the DNS records for Let’s Encrypt DNS verification was never going to happen.

I’m pretty sure browsers stopped distinguishing EV certificates years ago.

Is it baffling? Live service games are all about extracting as much money from players as possible via loot boxes and battle passes. The best game is the game that makes the most money. Therefore, live services are the optimal type of game.

A large percentage of those hosts with SSH enabled are cloud machines because it’s standard for cloud machines to be only accessible by SSH by default. I’ve never seen a serious security guide that says to set up a VPN and move SSH behind the VPN, although some cloud instances are inherently like this because they’re on a virtual private network managed by the hosting provider for other reasons.

SSH is much simpler and more universal than a VPN. You can often use SSH port forwarding to access services without configuring a VPN. Recommending everyone to set up a VPN for everything makes networking and remote access much more complicated for new users.

Shodan reports that 35,780,216 hosts have SSH exposed to the internet.

Moving SSH to ports other than 22 is not security. The bots trying port 22 on random addresses with random passwords don’t have a chance of getting in unless you’re using password authentication with weak passwords or your SSH is very old.

SSH security updates are very infrequent and it takes practically no effort to keep SSH up to date. If you’re using a stable distribution, just enable automatic security updates.

Having SSH open to the internet is normal. Don’t use password authentication with weak passwords.