Users will unfortunately click on absolutely anything that a trusted (deservedly or otherwise) source tells them to, and you won’t be able to reliable convince them otherwise with UX alone. This includes all “developers only”, “click 5 times” etc. UX interventions.

You have to decide whether the feature warrants the remaining risk after all mitigations, or at least exceeds other, simpler attack vectors.

I think in this case it does, but it’s not an easy decision and I can understand most opposing positions as well.

▲

skybrian 4 hours ago | parent [-]

I suppose if it’s being actively exploited, the next step would be to make users wait a day, like the plan to change how Android side loading works.

	▲	lxgr an hour ago \| parent [-]
		I'd be absolutely livid if my browser asked me to wait for a day before letting me firmware flash whatever new USB gadget just arrived in the mail.