The problem is that it mixed good recommendations along with user-hostile ones. I have no qualms about things like "Detect and throttle guessing attacks" and "Require authentication for remote services containing user data.", but then there's also...
SE1.1 End of life notification policy is published
SE1.2 Expiration Date is published
Planned obolescence.
AA4 Security Updates applied automatically, when product usage allows
VS4 Anti-Rollback
User-control and herding. "You want this feature we removed? Too bad, fuck you."
SI113 Enforce x509 certificate pinning for primary services.
You can't easily MITM and see what data it's exfiltrating.
SE1.1 End of life notification policy is published SE1.2 Expiration Date is published
Planned obolescence.
AA4 Security Updates applied automatically, when product usage allows
VS4 Anti-Rollback
User-control and herding. "You want this feature we removed? Too bad, fuck you."
SI113 Enforce x509 certificate pinning for primary services.
You can't easily MITM and see what data it's exfiltrating.