The theoretical security people have gone off the deep end. The idiots in charge of browsers have decided the entire internet should break every 47 days in case someone might get a private key to a certificate, even though that's basically never been the source of a security compromise ever.
Meanwhile, advertising on the Edge start page and the top of Chrome search is the number one source of practical, working malware attacks. But those things make the browser companies money.
I no longer think big tech security people are serious.
It's justification for surveillance and adtech on the software side, and planned obsolescence on the hardware side. There's no disincentive that prioritizes sustainability, (actual) security, or function on the user side. The user is just a net input of data. The money comes from brokers (marketing firms and advertisers indirectly) and advertising buys. The product is the user data. The customers are companies and occasionally individuals acting as middlemen. Devices are increasingly tools to acquire data, with features being driven to the bare minimum a user will accept and still use.
Nobody in tech seems to be serious except for the people driving the adtech and surveillance models. Nothing else makes as much profit, and it financially justifies enshittifying every other aspect of every other piece of hardware or software.
Legislate protections of user data, and start nuking brokers and data collectors from orbit, and everything gets better. Until then, the only space that isn't continually and totally enshittified is open source, and/or markets and products new enough that quality still matters.
The world wide web is one particular network. If you decide to copy stuff from the world wide web and use it for your own purposes, and the world wide web changes and your stuff breaks, that's on you.
Does the world wide web still work? If so, the change was fine.
See also the removal of the client certificate bit from Let's Encrypt certificates. Let's Encrypt issues certificates for web servers. What are you doing using one on a client? You should either do your own thing, or have an actual contract with Let's Encrypt for them to support whatever you're doing. Otherwise you have no right to complain about that.
Meanwhile, advertising on the Edge start page and the top of Chrome search is the number one source of practical, working malware attacks. But those things make the browser companies money.
I no longer think big tech security people are serious.