[nicolaslem]

My eye got caught by the author's signature on the side: "Standards hacker. Mozillian. Loves talking about turning the web into an OS."

I'm personally going the opposite direction, I started using browsing with JS disabled a while ago and found my browsing experience improved.

With the recent security issues, is that really the way we want to go?

[Ajedi32]

I actually quite like the security model of the web.

All code is considered untrusted except for the OS (browser) itself. Permissions are fine-grained, explicit, optional, and enabled on a site-by-site basis. Even basic things, like an application's ability to play audio or execute JavaScript aren't entirely taken for granted and can be controlled by the user.

Overall, I think the web does a pretty good job of balancing security with user convenience. Certainly better than any other mainstream platform I'm aware of.

[albertgoeswoof]

Probably, you’re putting an extra layer of protection (the browser sandbox) between the attack vector and your system.

[earenndil]

But by doing that you're feeling ok with running untrusted code which could easily exploit the JIT. Whereas with native code you have to trust it so you'll only run good trusted code.

[Ajedi32]

> with native code you have to trust it

I consider that a drawback of native code. Not an advantage.

> so you'll only run good trusted code

In practice this isn't a very safe assumption to make.

[fabrice_d]

There is some truth in the fact that until we have support for signed code on the web - and a way to check that whoever signed can be trusted, we only have "level 1" security.

In FxOS we used code signing to grant access to more powerful apis. I think that something like what the Dat project is doing could be interesting in this regard, or web packages as described in https://github.com/WICG/webpackage/blob/master/explainer.md

[SimeVidas]

Turn on Tracking Protection in Firefox and add a blocker such as Ghostery, and you will have both performance/security and enhanced functionality.