There was a mild uproar recently about Firefox adding a feature that could allow mozilla to push out extension blacklists or something, or disable extensions entirely for a specific site (for "security" of course). I'd read the details but all I have is a reddit link and all the libreddit instances are ratelimited rn: r/MozillaInAction/comments/14rt5jx/firefox_115_can_silently_remotely_disable_my/
so I just saw an HSTS popup and was reminded: there's already a sorta analagous feature that restrict's the user's ability to make their own decisions on privacy/security matters: HSTS. It prevents users from loading a page without working HTTPS even if they want to take that risk, and it is controlled by the site owner entirely, the user has no say.
HSTS is not really that anti-user, it just enforces secure transfer, you'd be an idiot to take the risk of using HTTP, and should also enforce HTTPS from the client-side whenever possible.
But let's talk about AGP cards, now those were anti-user.
The blanchard brainworms are coming back, please help.
What was wrong with AGP cards?
Shoulda gone with PCI-X!
But actually this is just a joke about Blanchard
I mean sure but like, if https is broken, bypassing the cert check can be useful. with hsts you are at the mercy of the server operator to keep their shit working. if you know the risks you should be able to bypass it.