It even has the approval of my wife.

He is the chosen one! Hail him!

Never say never - unless you’re writing clickbait.

The point people are making is that communication and discipline, both things that require time and skill, would be a better, less invasive approach.

Perhaps that’s being done as well?

But even if it is, that approach doesn’t work with all people, no matter how skillful or how much time is put into it.

True - although just because you are paranoid, that doesn’t mean they aren’t out to get you…

And hopefully will continue to be asked, because one day it may not be poor OPSEC.

The BBC still uses it to break news, I’m saddened to say.

In my experience, /most/ people don’t care and further, they don’t want to care.

Even those that do care have to exist on a sliding scale of compromise in order to function.

since the plain text isnt stored

I’m not sure I’d accept a bet on that assumption.

In my experience, the AI bots are absolutely not honoring robots.txt - and there are literally hundreds of unique ones. Everyone and their dog has unleashed AI/LLM harvesters over the past year without much thought to the impact to low bandwidth sites.

Many of them aren’t even identifying themselves as AI bots, but faking human user-agents.

robots.txt does not work. I don’t think it ever has - it’s an honour system with no penalty for ignoring it.

I have a few low traffic sites hosted at home, and when a crawler takes an interest they can totally flood my connection. I’m using cloudflare and being incredibly aggressive with my filtering but so many bots are ignoring robots.txt as well as lying about who they are with humanesque UAs that it’s having a real impact on my ability to provide the sites for humans.

Over the past year it’s got around ten times worse. I woke up this morning to find my connection at a crawl and on checking the logs, AmazonBot has been hitting one site 12000 times an hour, and that’s one of the more well-behaved bots. But there’s thousands and thousands of them.

If cookie prompts annoy you (and why wouldn’t they? Complicated and time wasting prompts caused by terrible and compromised legislation that’s led to far more intrusion instead of enforcing use of browser settings) and you don’t care about cookies, then the browser extension “I don’t care about cookies” suppresses the vast majority.

Or at least, those influencing in favour of Trump and general chaos.

But UK laws do, which share a lot of commonality - like the GDPR

I think this type of scheme is illegal under the GDPR, which is in effect in the UK just as it is in the EU.

It’s been a while since I worked with the GDPR, but from memory the wording is such that:

The data holder needs to allow people to opt out of data collection. The subject can request to be forgotten. The data holder explicitly cannot charge for this.

But changes move slow, and The Mirror is probably banking on nobody caring enough to complain, and Trading Standards being too underfunded and swamped with other work to investigate otherwise (which they are). If they’re challenged, they’ll just change tack, go “oops” and are unlikely to hit big fines unless they dig in.

Cookie laws are a horrible mess and always have done - the resulting consent banners are far more intrusive than anyone wanted.

By its own shareholders?

Are they just trying to get some money out before class actions from its customers decimate the company?

Maybe, but it’s not going to happen soon. Any malware type insurance requires effective AV on all devices, and C-levels do love their insurance.

Not just Crowdstrike - any vendor that does automatic updates, which is more and more each day. Microsoft too big for a bad actor to do as you describe? Nope. Anything relying on free software? Supply chain vulnerabilities are huge and well documented - its only a matter of time.

Why would you want another year of their software for free?

Because AV, like everything else, costs a fortune at enterprise scale.

And yeah, I do understand your real point, but it’s really hard to choose good software. Every purchasing decision is a gamble and pretty much every time you choose something it’ll go bad sooner or later. (We didn’t imagine Vmware would turn into an extortion racket, for example. And we were only saying a few months ago how good value and reliable PRTG was, and they’ve just quadrupled their costs)

It doesn’t matter how much due diligence and testing you put into software, it’s really hard to choose good stuff. Crowdstrike was the choice a year ago (the Linux thing was more recent than that), and its detection methods remain world class. Do we trust it? Hell no, but if we change to something else, there are risks and costs to that too.

I lost a day’s holiday, and our team spent 8 man days on this entirely preventable mistake.

$10? Try extending our licence by another year for free, that might start going towards it.

It has a privileged service running locally - csagent.sys - that was crashing causing the BSOD.