How meaningful are SPECTRE mitigations on single user desktops and workstations of the installed software is trusted?
What prompts this question is why some Spectre mitigations are considered meaningful on single user workstations or desktops.
When a piece of software is trusted by the admin or a user to run on a single user system, what is the purpose of applying CPU related security mitigation on that system unless the software is not truly trusted, in which case it shouldn't be installed on the system?
In the case of using shared resources like virtual machines with hosting providers or other multi-user, multi-tenant system where a hostile party can cause damage or steal data these mitigations are meaningful, but what about the case where the owner of the workstation uses it to plays games and doesn't share the system with anyone else. Are such measures meaningful, more so when they come with performance penalties which may matter a lot in some applications? Are they sensible?
I get that web browsers may enable software to be downloaded and executed, but if downloading and executing software is restricted, just browser based Javascript software, which again the user is expected to trust, then where is the risk?
Another thing which prompted the question is the differences between X11 and Wayland, with Wayland offering more security against some flaws in X11 out of the box. Question is for desktop apps on systems not shared with others what difference does it make?
