My org (or rather, the org they pay to run their IT) blocked browser plugins with a security justification.

I find this incredibly amusing, and at a different point in my life I'd already be gone.

When you outsource IT, there are many, many misaligned incentives.

> I find this incredibly amusing, and at a different point in my life I'd already be gone.

How so? Bad actors buying existing extensions with large user bases then publishing a new version which does bad stuff is a pretty common pattern. It certainy seems like a reasonable concern for a corp IT department.

	▲	michaelt an hour ago \| parent \| next [-]
		99% of security experts I know use ad blockers. When there are unpatched browser vulnerabilities, attackers will use ad networks to inject attack code into reputable-but-ad-laden websites. And even when there aren't unpatched vulnerabilities out there, many ad networks will happily accept scam ads, ads that trick people into downloading malware, fake download buttons and suchlike.
	▲	nazgul17 an hour ago \| parent \| prev [-]
		Not GP, but I think the point was that no extensions => no ad blockers => major malware vehicle unlockable, short of disabling JS