This is a small subset of what I've been saying they should do for years. All third-party embeds and non-same-origin followed links should be porn mode by default, only upgraded to logged-in state by explicit user action (tool button).https://twitter.com/waxpancake/status/978708653472587776 …
-
Show this thread
-
This would completely eliminate CSRF as an attack vector, too. CSRF simply wouldn't exist because requests initiated by other sites would never carry auth cookies with them.
1 reply 1 retweet 2 likesShow this thread -
Replying to @wattsamata
Non-awful browser is something I'd like to do, but too overwhelming in scope...
9:36 PM - 28 Mar 2018
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.