Couple of things happened, this and this. I got soured and needed to find a better alternatives for my TOTP.

I just tried the free option (bitwarden) and then migrated to Proton to use all of their apps. TOTP support is also an added bonus for the Proton Pass since Authy has fucked off a cliff.

It’s a rootkit. When it runs it basically has complete access to your system. You’re at the mercy of the guys at Riot and pray that no one breaches their system.

IIRC Genshin Impact uses a similar system and a breach has already happened.

(👁 ͜ʖ👁)

Some websites circumvent this by only having one paragraph of the story loaded if you turn off JavaScript.

This, I already set Mullvad as an always on VPN and turned on all the content blockers there.

Not necessarily announce their existence. There’s some way for websites to communicate with extension like explained here. IMO, a sufficiently motivated actor can use this to add additional data point for fingerprinting.

Although most of the methods are only applicable if you’re using Chrome or Chromium based browsers and Firefox has disabled the methods commonly used to extract information from the browser.