Debug steps: turn off bitwarden, my only extension. Never helps. Ctrl+Shift+Del cookies. Never helps. Sigh, open chrome. Works first time.
Is it just me or did the web up and dump firefox just when it started to get good?
I asked them and they're like "yeah, it only works on chrome-based browsers". Or something to that effect. It's not like some CSS was wonky, or a bug somewhere... No, the default process of them building the SPA somehow yielded a completely non-functioning app for Firefox.
This is a change that’s been underway for years but came as a surprise when it actually shipped. I coordinated updates to ~40 packages owned by 5 different teams at my company, and had to put aside a good amount of other critical product work for about a week to ensure we didn’t encounter any customer issues.
The crux of the issue for maintainers is that Auth flows that require cookies to be sent around different origins (e.g. OAuth with form_post) will no longer work unless they update the cookies to explicitly be SameSite=none and Secure=true. Chrome led the pack on shipping the changes to browsers, but also implemented a special timeout rule that temporarily allows cookies that don’t meet the new spec to be set anyway to try to ensure auth flows don’t break. Eventually they will lift this timeout. Firefox has shipped support but has not implemented such a timeout.
For me it's usually extensions.
A truly deplorable act...
I also added about 30 seconds of latency to every page I visit, but for completely different reasons as op. Switching to Brave and blocking all cookies and JS by default made me have to manually enable it for nearly every site that I actually wanted to use.
About a week later, Chrome was reinstalled. Maybe I'll try it again once I level up my willpower.
That explains a lot... I frequently have to solve 10+ captchas when I'm using Firefox, many of them rate-limited. It feels like a punishment for resising surveilance. These things should be illegal due to the accessibility problems they cause if not the fact they're a nuisance.
I'm sorry if that's unnecessarily dystopian
Everything is okay and justified when rich corporations do it. "Normal" people just have to accept it without fighting back in any way. Company directly and openly transmits malware to people's browsers, collects all personal information and creates detailed profiles of people in order to sell to interested parties? If I did that, I'd no doubt get charged with some sort of crime. They just make it part of their terms of service which nobody ever reads much less agrees to and somehow everything is justified. Suddenly it's not malware but "surveillance capitalism", a totally legitimate activity. And if we try to resist in any way, they use the lack of tracking to say we're indistinguishable from the networks of bots spamming them or DDoSing them or whatever. Since it's part of their terms of service, any attempt on our part to circumvent their fingerprinting is abuse.
> we're going to correct your behavior by making your browsing experience miserable
Hopefully the only thing they'll achieve is the death of their own online community. Imagine if HN forced people to solve a captcha before every single post.
> Invent a better one and the world will throw money at you.
It already exists.
The abuse stems from the fact servers connected to the wider internet are designed to respond to anyone who tries to talk to it. That's the fundamental problem with internet security today: computers talk to strangers they don't know much less trust.
What if computers dropped all packets by default and networked only with authorized users? The risk of exploitation and abuse becomes negligible because to unauthorized users it's like the computer is not even there to begin with.
This can be done with single packet authorization. The internet would lose its mass market appeal but it's much better than normalized widespread surveillance.