Microsoft Is Experimenting With a ‘Super Duper Secure Mode’ for Edge

Microsoft Is Experimenting With a ‘Super Duper Secure Mode’ for Edge
Photo: Sam Rutherford/Gizmodo

Privacy and security on the internet are hot-button topics these days, with every tech company introducing new features to safeguard your data. But Microsoft is approaching the issue with a bit of levity. The company’s browser vulnerability research team is experimenting with a new feature in Microsoft Edge called “Super Duper Secure Mode.”

Super Duper Secure Mode — yes, it’s really called that right now — is currently in early stages and works by turning off something called Just-In-Time (JIT) compilation in V8, Edge’s Javascript engine. JIT is used to speed up browser performance by taking JavaScript and compiling it into machine code before it’s needed. The gains are impressive, but it also creates many vulnerabilities and is easily exploited. In a blog, Microsoft Edge Vulnerability Research Lead Johnathan Norman writes that in 2019, roughly 45% of common vulnerabilities and exposures were related to JIT. Norman also points to data from Mozilla showing that over half of Chrome exploits in the wild hinged on a JIT bug.

Turning JIT off would “remove roughly half of the V8 bugs that must be fixed.” According to Norman, that would translate to fewer security updates and emergency patches. That said, no one really wants a laggy browser. Disabling JIT did result in significantly lower JavaScript benchmarks. However, in other performance testing, Norman notes that most of Microsoft’s tests showed no or negligible changes when JIT was disabled and that users rarely noticed a difference in daily browsing.

For some folks, better security and OK-but-not-great browser speed is an acceptable tradeoff. This is especially true for journalists, activists, or others who may work with sensitive material. You can try enabling Super Duper Secure Mode if you’re running a beta version of Edge, though there are certain limitations. You can find the feature under edge://flags in Edge Canary, Dev, and Beta.

As for the question that’s on everyone’s mind… why Super Duper Secure Mode? According to Norman, the browser vulnerability research team plans “to have fun with this project” which includes giving it a “slightly provocative name” because it’s funny and too early to give it a more “official” moniker. Fair! However, in a tweet, Norman also indicated they were taking suggestions on other names as the name will likely need to change later down the line. Boo. Here’s to hoping that the suits at Microsoft loosen up a bit and let everyone have some fun.