Extended Validation certificates have always been useless

I'm responding to this:

Furthermore, as I've said many times before, for EV to work people have to change their behaviour when they don't see it! If someone stands up a PayPal phishing site, for example, EV is relying on people to say "ah, I was going to enter my PayPal credentials but I don't see EV therefore I won't". That's how EV "stops phishing" (according to those selling the certs), yet here we are with a site that used to have EV and if it ever worked then it was only by people knowing that PayPal should have it. So what does it signal now that it's no longer there? Clearly, that people aren't turning away due to its absence.

I'd like to put the myth that EV counts for anything whatsoever to bed.

EV is useless even if people check for the green bar before entering their credentials. It is completely useless, because it doesn't protect from the following trivial attack:

This isn't just for login forms, either. If you're already logged into a website and have a valuable cookie, just visiting the website results in compromise; by the time you've seen that the front page of the website has no green bar, it's too late, your cookie has already been sent.

The summary here is: