[beefjerkins]

I'm surprised at how little regressions there were in the tests they run, given they completely disabled JIT. This could be very useful as a default 'mode' for websites, with JIT able to be turned on for trusted websites if the user would like more performance.

[rhdunn]

They did note that the JavaScript benchmarks were reduced by upto 58%, while noting that users won't generally notice the difference.

I would be interested to see how this affects the performance of websites that make use of complex JavaScript for things like charting/visualization (like the D3.js demos, or online formulae graphing tools), audio waveform rendering/processing, games, and other complex uses of JavaScript (including things like vue, react, bootstrap or other JavaScript UI frameworks).

[hawk_]

I know where you're going but this can easily turn upcoming players into second class, further reinforcing big tech monopoly.

[Retr0id]

Assuming "trusted websites" is a user preference, why should it matter?

[vladvasiliu]

Because "defaults are forever" or something like that.

Most people won't alter those settings, so whatever is "trusted by default" will run faster. The average user will just note that some sites are very fast, while others are very slow.

[Vinnl]

Basically what you see for instant messengers on Android: phones usually come with battery savings exceptions for WhatsApp, so when people install Signal, it looks bad for not delivering messages as reliably as WhatsApp.

[signal11]

Everything’s a trade off, but this one is worth trying imho.

There are lots of things could be done to even the playing field. Eg require all browsers to come “out of the box” with with zero sites trusted.

This would incentivise regular sites to not use heavy JS, if they knew they won’t be JITed by default.

And by all means, if you use say Salesforce, by all means trust the site. But that tiny bit of friction is a good thing imho, analogous to running ‘chmod +x’ on Unix.

In general, I think it’s time to say that browsers should have a more refined security model, and letting every darn site on the internet access to run code on your computer is maybe not a great idea.

[janfoeh]

I don't think it's quite so dire. Remember that big sites like Facebook at least used to display warnings in the developer console, akin to "DO NOT PASTE THINGS IN HERE YOU RECEIVED FROM STRANGERS"?

There is a sizeable subset of people who are curious and do care, and who would be eager to try that "one weird trick that speeds up <hot web property du jour> 200%" spreading through their Telegram group.

But for the most part, non-technologically inclined people seem to have a Hindu cow-like frustration tolerance when it comes to technology. If Windows takes twelve minutes to boot and your browsers viewport has shrunken to the size of a postage stamp due to toolbars, then that's just the way it is.

I would wager that for them, site Y running half as fast as site X matters a lot less than you think.

[kenny11]

Or maybe instead of trusted websites they'll move to a model where you need digital signatures on your JavaScript code to enable high-performance mode, just like you need to code sign Windows applications to avoid scary warnings about what they might do to your computer.