Especially when it’s a website that requires an account but they want to use SMS-based or Google Authenticator style 2FA in 2025. “Magic links” are stupid as hell too if you’re not a moron and use a decent password manager — I have no clue what random email address I generated for you since I can’t trust any company not to sell off my PII.
How hard is it to implement FIDO2 then let valid users make requests from whatever IP address they want? IP-based blocking is pretty fucking stupid if you’re already doing secure account-based authorization.
Saying all this as a heavily privacy-conscious web developer. All my traffic looks “suspicious” because how dare I not want your shit hole website to put its grubby little hands all over my IP address.
I live in California and I don’t recall the maps being drawn that way. At one point the State mailed a draft of the new map and explained that it was redrawn in accordance with the change in population. Overall it seemed pretty fair.