> the deal has been simple: you click a link, arbitrary code runs on your device, and a stack of sandboxes keeps that code from doing anything nasty.

At most, Mythos has reminded us that this "deal" is subject to frequent cycles of being compromised-and-patched.

From time to time, I have run browsers configured for opt-in javascript (eg, umatrix), but man it's a lot of work to live that way.