The Future of Performance

(applause) - Thank you.

So, time to first, a last wrinkle it is.

This is going to be my thing.

So, we had a wonderful, wonderful couple of days and I want to just give a huge shout-out to MCs, and also to the organisers, for making a wonderful, wonderful, fabulous event, so if you could join me in applause, I think that would be in order. (applause) And so, I was thinking quite a lot about how it would be, how to close the conference and how it would go and what I should share because it feels like every single speaker who is speaking over these two days said everything that you need to know about performance.

We looked into third-party scripts, we looked into metrics, we looked into performance culture, and everything in between.

So, what am I here to say? Well, I'm coming with peace, but I'm coming from the UX side into the web performance world.

And, I was studying a lot how people think, how people touch, how people tap, how people click on mobile devices this year. And, especially, as I was working with European Parliament, I spent also quite a lot of time thinking where GDPR is coming from.

This entire privacy discussion, the cookie popup, where is it coming from and how can we make it better? And so, today, what I wanted to share with you is some kind of insights that are mostly user-centric, but looking at the web performances as how we know it today.

And, for that, we kinda need to look first into where we stand.

What are the state of things? And, essentially, the state of things is quite complicated and sort of fragmented, but let's try to nail it down. Now, we have 7.6 billion people around the world at this point.

That's a lot of people.

5.6 billion people are an addressable market that we might want to address.

3.5 of them are using an active smartphone. Now, out of them, we have approximately 24% using an Apple at this point.

And, 76 using an Android.

Now, how much time do people spend on these phones though? How much time do you spend on a phone just looking at the screen? Too long, maybe too much? It used to be that we were spending three hours. Now, we're moving towards four hours and it looks like as we're moving forward, we're heading towards five hours a day, which also, according to the other data, means that as we take our phone and pull it from our pockets to look at it and put it back, we do it approximately 80 to 90 times a day. Which, translated to the amount of time that we sleep, how much time do you sleep in a given day? Maybe eight hours, maybe a bit less than that? It depends on the country.

So, if you happen to live in France, you'll be sleeping more.

If you happen to live in South Korea, you'll be sleeping less.

And, as we are moving forward, this looks like we're actually sleeping less. So, approximately every 10 to 12 minutes of our existence, we take a phone from our pockets, look at it, and put it back.

Every 10 to 12 minutes.

Now, what kind of phone is it then? Well, as we know, it's probably one of those. Moto G4, maybe it's Nokia S1.

Maybe it's Alcatel 1X.

And, as also Tatiana mentioned and also as Tim mentioned, most of these phones are not going to be great. They're definitely not the phones that we have in our pockets.

So, if we look into performance of those phone, obviously, we know that most of them, almost all of them, are between 12 to 15 times slower, but they're also 12 to 15 times cheaper, which is kind of fair I guess.

So, in that regard, when we're looking into performance, we're looking into how people interpret the sites. This is the experience that most of these people are going to endure.

This is a video by Addy Osmani, it's been around for quite some time.

But once we look into how heavily optimized websites that we're creating and building and deploying and designing, they have no chance in countries like Indonesia. They have no chance in Brazil or Venezuela, as we learned today, because they're way too slow and the architecture that we are providing is just not good enough. Now, we might think that technology's going to save us. After all, we have 5G coming up and 4G's made a really significant jump and it's spreading as well.

But, in fact, if we look into 5G, yes, it looks incredible. We should be expecting anywhere from 100 Mb to 10Gbit per second as speed.

That's quite incredible.

And, it's 10 to 100 times faster according, of course, if you look in what we are told by providers. But, at the same time, that means, just translated, that if you wanted to download one episode of Game of Thrones in 4K, it would take us 90 seconds. Or, 1080p, 35 seconds.

Or, the entire season in 15 minutes.

And, this is kind of the danger that's coming in from providers.

Essentially, the speeds are, of course, quite remarkable. Or, at the same time, when we look into the forecast of what is going to happen in Europe, for example, we should be expecting, by 2025 or so, a really slow increase in what we should be expecting in terms of 5G adoption.

And, in fact, we see these rollouts coming up already where we have the 5G hitting the markets in pretty much consistently around the world. But, at the same time, it doesn't mean that things are going to get better.

In fact, if you look into Scott Jehl's post, we might be in a much worse world than we used to be in the past.

Now, why is that? Now, if we look into this curve, the adoption of 4G over the last years and as well 3G is, of course, everywhere, we see this little red bubble here right at the bottom. Now, if you think about the next prediction of what's going to happen with 5G, it's probably this curve.

It looks very similar to this curve, doesn't it? Hmm, that means that as we go from 4G to 5G, we should be also expecting a lot more JavaScript coming our way as well, which means that we probably will see a huge boost in how 5G is going to affect web performance, not necessarily in a good way, because we can send more data.

And, as we know, of course, we can mobile and desktop, most of the time, will be sending the same amount of data and that's a big problem.

And so, when we look into JavaScript overhead, between 2011, 2019, 4G coverage spread from 5% to 79, but then with JavaScript transfer size on mobile, we had an increase by 611% and 706% by third-party scripts. And, we think, no, things are going to get better because we have HTTP3 and QUIC.

And, they will get better, yes.

And, of course, as Patrick also mentioned, there are a couple of issues with HTTP2, which have kind of been resolved in HTTP3.

But, at the same point, we should not be expecting like 20 or 30 or 40% improvement.

Although, it seems like we're in a pretty good state at least.

When I was switching to HTTP3 because it's backwards compatible.

So, we should be in a good shape anyway.

And, in fact, we should start looking into YouTube, for example.

You will find the protocol HTTP2 plus QUIC 46 showing up there as well.

And, one of the really cool features, of course, is your round trip time we should be expecting over QUIC. And, of course, it's fully encrypted by default and all of that, which is really, really nice. But it looks like it's not going to really make things much better.

Although, it will make things better.

But the problem is really different.

The problem is that if we look into the amount of data being used or consumed every year, every single year, we have an increase of 145% of data that's being used.

And, that's quite a lot of data because we're apparently Netflixing and chilling and stuff. But that also means that if we look forward, in the next five years or so, we should be expecting a magnificent or really strong change in how much data we're consuming.

So, as of right now, most people in the world, if you look at the average here, we have have 5.4 gigabyte per month that we're using. And, we're going to jump 24.

In North America, we should be expecting a jump from 10 gigabyte of date to 56 gigabyte of data being used. Now, that's a significant amount of data that's going to go through the networks.

And, also, if we look into the people who are going to come to the web for the very first time, this is not going to be North America and it's not going to be Europe.

Most of the time, we are looking to Asia Pacific, Sub-Saharan Africa, Middle East, Latin America, and a little bit of North America and Europe. And, in fact, the countries that will be dominating the web as we know it are not the countries that we're kinda used to maybe. Specifically, if we look into this report by Mobile Economy 2019, China, but it's locked down in a way, India, Indonesia, USA, Brazil, Russia, which is also on a really bad path to being locked down very much like China at this point. Japan, Pakistan, Nigeria, Bangladesh.

And, of course, Europe makes a part of it, but we're looking to very different newcomers to the world.

And then, we have another thing coming up, which is what Ilya was mentioning.

We have 4K, we have 5K, we have 8K coming up. And, we're expecting 60 frames per second gaming in the browser.

How can we make that happen? Now, when you look into people and how they use the web and when we look specifically into how fragmented the web is, one thing that we should mention is that it's never, obviously, normalized.

So, what we see, that even if you look into Europe, we'll see that in Bulgaria, the 4G adoption is much weaker, much slower than, let's say, in Norway.

Or, say, in Switzerland.

And, at the same time, even if you look into places where it's supposed to be pretty good, we'll find out that it really depends.

Sometimes, mobile is faster.

Sometimes, WiFi is faster.

So, it's extremely inconsistent and the entire mobile experience is extremely fragmented. Now, looking into the state of web performance today, on the one side, we have really cool things. We have incredible browser compatibility.

Now, I remember the times when the web didn't exist. Anybody remember the times? Not that many actually, not that many.

And so, all the pain we had to go through in the past is mostly gone, which is pretty cool. Have incredible browser engines, rendering engines, JavaScript engines, incredible.

Tooling has never been better.

APIs, metrics, incredible stuff.

Code splitting, tree shaking, all the wonderful things that help us make things faster and better. And then, we also have really nice frontend techniques coming up.

We have prerendering, we have rehydration, and also static strategy now with JAMStack. And, on top of that, of course, Resilience, finally, with service workers, progressive web apps. It's cool stuff, it's incredible.

If you think about the state of technology today, it's just groundbreaking.

And then, on top of that, 5G, QUIC, Brotli, WebP, AV1.

All these wonderful things floating around. But then, what did we do with it? Well, we ended up with a lot of polluted and bloated websites serving a lot of CSS and JavaScript with a massive cost of third-parties. Extremely heavy fragmentation.

And then, looking into 4K, 5K, 8K, the amount of data, the hunger for data is coming up, it's growing, so we have to deal with it.

And, we are dealing with it on devices that are not high-powered devices.

We're leaving some in the low range or middle range. And then, also, I spent a lot of time in European Parliament this year and past year. And, if you have to deal with a lot of legacy, first of all, it's no fun, as you know.

But, second of all, you can't use all these fancy technologies and all these fancy things that we haven't left.

So, that's a really, really sad state of things. And, on top of that, we have a lot of privacy issues and a lot of accessibility concerns.

I ran a poll just a month ago about accessibility and how people see the role of accessibility and has it improved over the last five years? I was not very surprised to find out that most people think that it didn't change much at all. Now, obviously, the performance and our work has been remarkable, but we still have a lot of work to do.

Now, what does it mean? Well, it means that one of the most critical things we have to adopt and find out how to deal with it is this notion of adaptive serving that we covered already where we really have to think, from the designer's perspective as much as from developer's perspective, of how we're going to serve different experiences to different classes of devices with different connectivity, different memory, and also different hardware that we're going to send to. And so, I think we often look into only two things. Maybe connectivity, that's one of them.

And then, I got a view port.

But there are many other dimensions we haven't explored yet. Data mode, of course, is one of them.

Privacy and accessibility settings is another. Now, of course, we can learn how to really deal with performance.

We have best practices.

Actually, I would say that we're pretty good at things, in theory, of what we're supposed to do. And so, we built a, for example, dedicated network, like 3G on Shopify where they set up a network for developers to build.

Facebook was known for 2G Tuesdays.

I'm not sure how many of you implemented this idea in your work.

Having a dedicated 2G day where developers are highly encouraged to build and deploy in 2G.

But, at the same time, when we look a little broader, this brings us to a place where we have to think about a set, or a family of performance budgets. We have to think about different conditions. So, giving that memory, giving that network, giving that screen, giving that and that condition, what should be an optimal, or an okay performance budget at that point? Think about slow 3G, slow 4G, slow 5G, fast 5G, by finding everything in between.

And so, there are wonderful tools, like, for example, this one, Performance Budget Calculator, which allow us to play a little bit with this budget and figure out what's right just for you.

And, that means that for every component we're building, for every wonderful React component we're serving, we have to think how much impact it has on the overall performance.

Should we play videos automatically or not on slow 2G or slow 3G? Should we have parallax or not? Should we have web phones or not? This kind of idea is really, really important. And, I think that with Network Information API being one of them and Device Memory API being another, we're moving to a pretty good place.

And, in fact, it's not that complicated, but we need to bring in and think, from the design perspective, again, and the developing perspective, of how we actually make it work.

From the accessibility perspective, we also have the Media Queries Level 5, which allow us to adjust the experience again based on motion, contrast, light level, transparency, and color scheme.

Now, I was attending a conference in Prague two months ago and there was a woman coming from China, from Shenzhen, and she was running a startup incubator there. And, she was talking about the experiences they have in China and she was talking specifically about WeChat. And, as I was listening to what WeChat can do, I was so shocked and amazed by the thing.

Of course, it drives on the cost of privacy, but if you think about machine learning and artificial intelligence, how it's embedded, you can think about every single app you have on your phone bundled into one WeChat app.

So, one of the conversations that was really incredible for me went, how come that somebody sends you a link, maybe in WhatsApp or Facebook or whatever it is you are using, and you have to go to that link and enter that site in a browser to check out? Why is that? Shouldn't you be able to actually go ahead and check out right in the chat as you're talking to somebody? That's totally normal and it's just regular way in WeChat, but we haven't even started thinking about it yet. And, now, the reason why I bring it up is when we look, of course, on the state of things and especially on what people are using, it should not be very surprising that the smartphone app just surpasses everything. So, if we compare mobile web and smartphone app, obviously, we know that more people are using the apps. And, in fact, if we look into the most people, even around the world, and where they spend mobile minutes, in all markets, it's at least 80%.

And, what really worries me, personally, because I grew up with the web and I knew the web of being a very different place, is this thing.

Where if you look into the next generation of people coming up, they might not even know what mobile web thing is at all.

Because I feel and I'm afraid that as we are moving forward, we probably will not have something like just one WeChat and that's it.

But we might end up in a world where we have just a few big apps that encompass everything where everything is happening there.

And, what's really dangerous, I feel, is that whenever I go to Indonesia, because Facebook is providing a service for free, people are locked into Facebook.

They don't know the web as we know it.

And, it might feel that this is the experience that we're heading into.

Mostly also because the expectations are very different on a mobile device.

If we look into the expectation, more than half of all sessions that people have on those phones are 30 seconds and less.

And 40% of smartphone app usage lasts less than 15 seconds. Now, if we need like eight seconds or nine seconds to just render our application, we lost already. There is no way for us to survive at this point at all. So, we really have to rethink and not just in terms of performance culture, but think about how can we bring people back? And, I think there are a few things that I really wanted to share at this point. Let me just jump a little.

Sorry, guys, I think the reason why people are not on the web is not necessarily because our applications are slow.

It also has to do to a vast degree with the way or how we deal with tracking and privacy. Now, I really asked myself and it was a really tough year for me because I decided to do two things.

Every time somebody sends me a link to any app, I'm going to go to extremes to read the entire privacy policy before signing up. I was buys every Sunday.

(audience laughs) The longest was Amazon, which took me eight hours, 24 minutes.

(audience gasps) So, how many people read privacy policy for fun? (audience laughs) Okay, a few people.

The other thing I decided to do, every time I see a cookie popup, I'll go to extremes to opt out from every single tracker and measure how much time I would need to opt out.

How much time do you think I need? It's really hard for me to go for websites. Don't send me to websites.

(audience laughs) So, I needed approximately 42 seconds to opt out from every tracker.

42 seconds of my time.

And, don't get me wrong, I'm not privacy-obsessed. I don't have Tor installed somewhere.

I wanted to find out what it means for average people who care about privacy and what it means for people who don't care.

What is the difference if you think about performance? And, I asked myself, how come that we ended up here? How come that we ended up in a world where this is normal? We are not laughing about this.

This is just normal, we just take it.

We don't go to the streets to protest against it. We just take it and, in fact, we build it.

And, in fact, sometimes you just click things away and this is just moving forward.

But then, you end up with extremely disgusting interfaces. Or, sorry, disrespectful interfaces.

(audience laughs) When we look into this interface and here's a question that's being asked.

Do you have children? (audience laughs) And, I'm wondering, somebody must be sitting somewhere and designing and building a slider, which is a perfect answer for the question, do you have children? Because sliders have two properties.

One is the minimum value and one is the maximum value. The minimum value is kinda obvious because it's zero, but the maximum value has to be defined.

And, luckily is was defined by developers because it's five.

(audience laughs) Now, if you happen to have more children, that's fine because there is a way out.

You can click on the pencil icon.

That thing turns into an input field, using React. (audience laughs) See? We are making progress here.

And then, you can type in whatever you like in the input field, but the interface will tell you, uh-uh, five because the interface knows better, obviously. Now, this is all weird and awkward.

And, there are evil companies around as well. Are there any fans of Ryanair? Well, one, are you working for Ryanair? Well, I'm like an elephant, I never forget because a while back, whenever you book a flight with Ryanair, the insurance was added in for you automatically, unless you opt out.

But to opt out, you needed to find how to opt out because opting out is conveniently located between Denmark and Finland.

(audience laughs) And, you might say, so what does it have to do with performance? Well, I think it's a really critical part of it because performance is all about usability in the app. It's all about user experience.

People don't go to websites because this is the average experience.

And, the research I've done kind of proves it in some way. But it goes deeper.

Have you seen this Instagram ad? How beautiful, somebody decided to Photoshop in a hair so it shows up on Instagram because people don't like to have hair on their phone and guess what? AB testing went through the roof.

Click engagement went through the roof.

Retention rate, not so much.

(audience laughs) But that obviously does bring clicks, but is it something that we want to put out? And then, somebody says, we can do better than this. Let's add some dirt.

(audience laughs) And then, of course, this is a nice example. And then, what do you decide to do? We can do better, how can we do better? Let's add a nice push notification because who doesn't like a nice push notification? (audience laughs) And so, MyMedic would like to send you notifications and there are two options.

You can choose not to stay alive or get notifications. (audience laughs) And, that was an AB test.

I think it was non-blocking AB tests.

Server-side and all.

But they decided it's probably a good idea to move away from this to this.

(audience laughs) Which performed much better, much, much better. But most of the time, these examples are funny to look at, but it's the state of things.

And, this is really, really horrible.

Most of the time, it's mostly invisible.

Whenever you get this little bubble, and there I've been to Watch section on Facebook, I get this bubble prompting me to log in or to get in. The same thing that happens with websites showing you, hey, somebody just booked this or somebody just bought that. I'm not going to call out names.

(audience laughs) And, it's not this example from another site. But there are scripts around that you can buy, they even open source some of them, which can contain names, locations.

And then, you can type in the product images URLs and prices and all of these.

Just randomly combines all those things into one, mimicking, essentially, this fact that somebody's buying something.

And, do you know what really shocks me? That these things, these plugins, and I'm not afraid to show them up, but these plugins are the bestsellers for envatomarket, for example, and others because, apparently, it works on human psychology. Really, really horrible.

Now, when you start reading privacy policy and, probably, it's a long conversation, you'll find incredible things.

If you do go and you do read Amazon's web privacy policy, this is, first of all, a very lengthy document, but if you go all the way to Section 54.10.3, which is an incredible thing, highly encourage you to do that later, you'll find a Zombie Apocalypse Clause.

(audience laughs) Which restricts the impact of Amazon, such as the liability of Amazon in case somebody's using their tools, one of them being Lumberjack, which is used for game engines, to build robots or ninjas or anything of that kind, which will result in the end of organized civilization. But if that happens, they are not liable.

(audience laughs) Now, anybody used FaceApp? It was making the rounds for a while.

Somebody sends me a link, I have to read the privacy policy, it was very interesting. You know what really surprises me? Every time these apps show up, and wonderful apps per se, I'm wondering how come the interface is so-so, but they always take it to extremes to create an incredibly lengthy and very detailed privacy policy that nobody understands? And, if I look into it, that's just unspeakable. Not only do you give 'em all access to everything, like all folders and all that, but, at the same time, they can use it in any time, in any way, in any work that they will be building and developing in their lifetime.

And, anybody who reads privacy policy for fun? We just give that access without even thinking twice. What's even worse, that they also place a device identifier that may deliver information to us or a third-party partner without asking you. Now, luckily, there is this wonderful service, which is called Terms of Service Didn't Read, which actually provides a lot of information. Especially, in light of of GDPR, you kinda need to know what happens to your data as somebody's signing up for a service.

It kinda provides a really nice summary of privacy policy, which is really, really cool to have.

But then, as things get worse, things get really worse. It was mentioned already at the conference, when these things started happening, we started fighting back and customers started fighting back.

And, for a long time, I thought it was just me. It's just me having all these ad blockers and Facebook blockers and containers and whatever. But it seems like, as I was doing research, talking to students, and talking to people, just regular users this year in Georgia, in England, here in the Netherlands as well, it's a mainstream thing, it's becoming a mainstream thing. You will not find any teenager who doesn't know what an ad blocker is.

And, of course, browsers are fighting back as well with things like Firefox blocking third-party tracking cookies and crypto mining by default and also showing it, if you're doing a lot of work in that area anyway. And, Chrome following as well.

And then, you have Safari as well in Intelligent Tracking Prevention.

And, Edge too and it looks like we're moving to the world which is kind of different and difficult. So, if you look into the state of things today, this is the world as our customers or our users see it.

Whenever you get a popup and modal, block.

Whenever you get a push notification request, block. Whenever you get a chat window popup, block. Whenever you get a feedback popup, please give us a little bit of feedback, take part in this survey, block.

Install app prompts, blocked.

Important contacts, blocked because we know the history with LinkedIn when everybody all of a sudden got spammed. We don't want that.

Whenever you ask for geolocation, this is not going to be granted without you explaining why you need it.

Then, whenever it comes to GDPR, okay.

(audience laughs) Cookie consent, that's fine.

Whenever you ask somebody to turn off an ad blocker, there are two established strategies that people adopted and I thought that it's just me.

One of them is going into incognito mode.

Who does that? Hmm.

And, the other one, it's very common to have a second browser for other things.

And so, people tend to use that second browser. So, getting people turning off an ad blocker is really, really hard, unless you have extremely valuable information. Access to camera and photos is blocked.

Microphone blocked.

Video auto-play, people just scroll by.

They are not going to watch.

Email input, that's a funny one.

Let's say, you end up at the airport and you want to get into WiFi and you have an opportunity to sign in with four options. Twitter, Instagram, Facebook, and email.

Who would sign in with Twitter? One person, exactly one person.

Who would sign in with Facebook? One person, you should talk.

(audience laughs) Who would sign in with Instagram? We won't let them in.

No, Instagram is our darling.

Who would sign in with email? Now, what kind of email would that be? (audience laughs) Because we have two classes of emails, don't we? We have the email, the darling email, the one that we don't share.

And, the other one with newsletters and spam and accounts and anything of that kind.

So, getting a proper email today, almost impossible. People know how to create temporary emails. People know how to create fake accounts.

They are really, really good at it, so getting a proper email is really, really hard. The same goes for gender, age, and phone input because it's very common for people to fake just to make sure that whenever somebody wants to send you a marketing message, that the data that they have is not the right one. Very often, you will see people type in fake data just to screw up with you.

And, the same time, what else do we have? Well, CAPTCHA.

Well, the invisible one, but then we get to see wonderful crosswalks.

(audience laughs) That's fun, that pixel, is it already in that square or not? And then, what I see people saying sometimes, but in less and less people do that, I have nothing to hide, so what's the big deal? So, what if Facebook and Instagram, it's the same thing. What if they know things about me? So, what's the big deal? Well, the big deal is that we don't know where the data flows.

This year has been a really horrible year for the age of Menstrual Surveillance.

We are pregnancy-tracking apps.

We are collecting data and selling them to the highest bidder.

Would you like your manager to find out if you're planning a family or not? Probably not, this is totally out of your control because we sign up and we don't read privacy policies. At the same time, it goes deep than that because you also find health insurance have particular interests about how often you go to the gym or what you eat or what you don't eat or when you eat. That's not their business.

So, all those things, it really is about protecting your data from somebody who doesn't have any business of searching for it or looking into it.

The weirdest part is that sometimes, because this data can be bought, you find these cases where somebody gets a pregnant ladies list from a data broker and then sends hello emails or congratulations postcards inviting them to a particular company.

Isn't that nice that this data gets leaked? Anybody had this feeling, you're talking about something and, all of a sudden, it shows up on Instagram and WhatsApp and whatever, anybody? Well, as it's been proved, the data is being to sent approximately 100 times a day, different audio segments are being sent to Facebook servers and we are not quite certain why. So, it looks like this is not paranoia.

This is something that actually happens.

And then, I discovered something that was really, really scary.

I have to show it, even though I don't have that much time. So, I'm going to show you a real thing.

It's not a scam.

And, it's out there and it's perfectly legal to have it. So, I'm just going to turn it on.

I hope that the audio plays well.

- [Announcer] The Spinner is a new online service that enables one to control articles presented to a pre chosen specific individual of the websites he, or she, usually visits in order to subconsciously seed a message in their minds. That person, the target, is exposed to hundreds of items strategically placed as editorial content repeating the same message over and over and over again.

Whether it is propose marriage, quit smoking, initiate sex, or stop riding motorcycles.

How does it work? The basic package offers a set of 10 different articles presented to the target 180 times over a three-month period. The articles, along with their eye-catching headlines, are chosen by a group of psychologists in order to influence the target on a subconscious level. The Spinner sends you an innocent looking link. The link is sent to the target via text message. When the target presses the link, a cookie connected to the link attaches itself to the target's phone.

From this point, the target will be strategically bombarded with articles and media specified for him or her. The story of The Spinner was covered by Rolling Stone, Financial Times, New York Post, The Sun, and many others alongside popular preset campaigns.

The Spinner also offers tailor-made campaigns. The most requested tailor-made campaign is settle outside of court, which has now been added as a preset campaign. And, get back with your ex.

If you're interested in a campaign tailor-made-- - Isn't that incredible? And, you know what really shocks me? This is not a scam.

You can buy it for $49 today.

And, that's incredible because it's enough to just tap in an Instagram account and then they will do the rest, whatever that means. That's just scary.

That really is.

Now, if you look at the state of things and, of course, I'm not even mentioning things like this, for example, which everybody uses.

For example, Adblock and all those things.

Or, Stop Chat Pop Ups, the new kind of upcoming thing. And, my favorite one is Track This, which allows you to open 100 tabs, which essentially track target trackers.

So, they create a different personality of you. Maybe, you want to stand for luxury and having a couple of Mercedes and stuff.

(audience laughs) Essentially, it shows up, creates all these 100 tabs, and then you change your personality.

You will get really interesting Instagram ads as a result. Highly encourage you to try it out.

(audience laughs) Now, I think one important thing that's really critical here is that people don't trust the web, they don't trust us because actually, in many ways, we are just creating experiences that are not what people want to have.

And, one thing that's really critical here when it comes to privacy, in general, is the fact that when we think about our data, we should be thinking about what can happen to our data because we have no idea.

For example, would like your manager to find out that you're looking for a job before you found a job? Probably not, would you like your partner to find out that you're going to propose from Instagram ads because you looked at jewelries? Probably not, so all of these things, the legal things and I think that Sarah Jamie Lewis really hits it in the nail because this is day-to-day battles that we have to protect.

And, in fact, that thing that Shuga was talking about as well, GDPR, is actually there to protect us. Now, who thinks, honestly, that GDPR is a waste of time? That's okay, it's a safe place.

(audience laughs) More or less. (laughs) Well, in fact, I asked myself, where does it come from? What does it mean? Will we see tons of cookie popups now showing up everywhere again? Kind of draining on performance one more time? And, it looks like it actually has a very interesting history.

So, the very first proposal and very first directive came from 1995 to protect customers' data.

And, it's actually international, which means that it actually acts both in Europe and everywhere else in the world.

Now, GDPR, which is also a very fascinating material to read on a Friday night, is a very lengthy document and it's actually Article 25 GDPR, specifically. It's all about protecting the data in many different kinds, in many different ways. And, data, refers not only to cookies.

It's not a cookie law.

That refers to genetic data, biometric data, and all kinds of online identifiers.

MAC addresses, fingerprints, RFID tags, and so on and so forth.

And, I don't want to drive you to the introduction to GDPR.

That's not the point.

But the point is we have to treat privacy as a default. But it also means that we have to be really careful because if you look into North America, North America has a very different perception of privacy. It's very normal to sign up for a service and the data would belong to the company, but it's not normal in Europe at all.

So, now we have a conversation about privacy or GDPR or the impact of cookie popup.

Kinda really have to be sure that you are speaking on the right terms.

Now, in general, essentially, what it means is that we're kind of basing our designs and then our development as well on privacy. I was in these really strange conversations lately. And, I don't know where it's going to lead us, but I think it's important for all of us to hear it because I was in this conversation and somebody comes to me, I work in legislation in the US and they tell me, "Why do designers and developers think "that they're special?" I'm like, what do you mean? I don't understand.

Well, if you want to be a doctor or lawyer, you go to school, you get the license, then you become a doctor or a lawyer.

Developers, everybody can wake up in the morning, look at a couple of React tutorials and say I'm a developer.

I'm a developer today.

The same goes for designers.

They just wake up one day and say hey, I'm a designer today. But we have a lot of responsibility.

So, the proposal from their side was then shouldn't designers and developers, like regular people, go to school, get a license, and once they get the license, start practicing design and development? Who would be comfortable with that? You're hiring, right? Maybe 15 people or so.

I think that many people would find it quite uncomfortable or strange and unusual.

But, again, if we look into impact, this Spinner thing, it's just out there.

It has an incredible impact on society, potentially, and on people around you and it just exists because there is no legislation trying to break it down. And, I think it's important that these kinds of things can start getting under control, let's say. Now, I won't go into all of that.

That's not so important.

But I want to see where we heading with all of that. One important thing, by the way, that's really critical is that customers have the right to be forgotten. And, very often, we don't even know what that means. If you install and plug in your third-party scripts, that's your responsibility, as a developer, to know what happens with that data.

So, when that request, the GDPR request, comes in your way, it's your responsibility to send that request or forward that request to a third-party that you're using to ensure that that data is stored.

Or, you might end up having a little GDPR lawsuit against you if you can't prove that.

That's not something we should treat lightly. Now, of course, when GDPR came into force, it was implemented in a really poor way.

It was never the idea behind GDPR, but this is the world in which we ended up with. And, I think that this is why we hate these cookie popups and we find them quite useless.

Because everybody just clicks them away.

Now, the fun part about this one is, on New York Times, it doesn't matter where you click.

It's always the same thing, it's not like you have a choice. By clicking I ACCEPT button, or cross in the right corner on this banner, or using our site, you consent to the use of cookies, unless you have disabled them.

This is not a choice.

It's not like you can turn them on and turn 'em off. And, in fact, of course, this is not GDPR compliant, but you might say so what? It's not like somebody is going to go to US and file a lawsuit against the New York Times because they're not GDPR compliant.

Well, it depends on how it's going to be treated. If it's a bigger company, it might be blocked in European Union because it's not respecting the rights of European citizens. So, this is kind of what you're risking.

And, as I mentioned before, sometimes it's so crazy, all the things that we come up with just to save cookies. This is incredible, this is one of them.

Not only do we have like 500 trackers sometimes. Sometimes, it would go all the way, where you have to tap, like on an accordion, and then potentially select and opt out and opt in.

And then, you know what the best part is? The saving of the settings takes 43 seconds. When you click on that button to save, I hope you will see it, the processing is running. Unbelievable, and all these things, they're happening everywhere.

And, this is no wonder that some websites do this. Your website in not available in our country. So, people who came from North America, are you excited about the appearance of cookie popups? (Man speaks faintly) Oh, yes, so the thing is, is it really the future? I was in another conversation and that conversation went like this.

Because you have very specific rules for children in the US as well, so whenever there is a news website and the child might go to that website, you probably want to have parents' consent, so they can access that site.

So, the idea was, shouldn't we have something like GDPR, but just for age as well, so we can verify that somebody's old enough to enter the sight? And, we just have cookie popup, install app prompt, newsletter box, and then a age prompt as well. And then, the new discovery in the world of design for cookie popups is this one.

Cookie Settings and according to GDPR, only necessary cookies are allowed by default. Whenever you need more data, you have ask permission to get that data.

You may not collect any data without that permission. Well, necessary is opted in by default, which is fine. Statistics, Comfort, and Personalisation, are not. But then, there are two buttons actually.

One, select all and confirm.

(audience laughs) Isn't that nice? And, one, confirm your selection.

And, it's been widely adopted and you'll find it in many different cases as well.

This is one, I think, even from NetPhones if I'm not mistaken.

Allow all cookies, or Manage cookie settings. So, is it really the future, is it where we're heading? Well, there are good patterns as well.

The thing is, whenever it comes to push notification, whenever it comes to cookie popup, the one thing that people are really okay with, when they're happy to give you data, is when you explain why you need this data. That's very critical.

We should not show a push notification prompt at the point where we don't know if somebody's going to act on it or not.

We should show a push notification only at the point when we're certain that the person is going to say yes.

And, that means we need to initiate a relationship or build trust with somebody entering the site. So, this is why, by default, I think the way forward would be is to not log anything, only necessary cookies. As time passes by and somebody maybe accessed two or three pages or so, only then, we can slowly, gradually ask for more and more data as time passes by and ask those questions only when we are certain that we're going to get that permission. And, we also have to explain why we need the particular data.

What happens on that level, on the other level, and the 1,000 cookies level? Because people don't mind sharing data for advertising purposes, but they mind tracking. That's something that they don't want to have. So, if you explain in nice terms, helpful terms, why you need this data, you might receive their data after all.

Now, just a nice little note here, which I think is important to mention, there is a big discussion happening in European Parliament as of now about the future of that cookie popup.

And, in fact, what I was really quite happy about is the fact that it's been considered, understand, and realized that, for example, the consent rule to protect confidentiality failed to reach its objectives as end-users faced requests to accept tracking. So, European Parliament has understood that this cookie popup doesn't work.

And, there are different options that have been considered. And, one of them is to look into how browsers actually deal with do-not-track settings today.

And, they don't want to bring do-not-track header back. It's already in browsers, but it's just Safari pulled out from it.

But the idea being, in the future, two, three, four years from now, we probably will not see cookie popups at all.

Instead, it's supposed to be legally binding for browser makers, I don't know how it's going to work though, but it's a proposal that's coming in, to adjust or to set up a setting on the browser level, so once you install a new version of Chrome or Firefox or Safari or anything, you will have to make a choice, how much data you would like to share.

And, based on that, this is going to be advertised as a header to websites and applications and it will be your responsibility, as developers, to respect that.

That means that according to, addition to everything that we covered so far, the network, the memory, the screen, we probably need to think about different designs for different levels of personalization and tracking and advertising.

And, in fact, if we look into the simplification rule that's coming up seemingly next year, and I think I'm going to just read it out.

I just need like two more minutes and that's it. The cookie provision, which has resulted in an overload of consent requests for internet users, will be streamlined.

The new rule will be more user-friendly, as browser settings will proved for an easy way to accept or refuse, both options, that's very important. It will have two options, accept and refuse. Tracking cookies and other identifiers.

The proposal also clarifies that no consent is needed, that's important for us.

No consent is needed for non-privacy-intrusive cookies improving internet experience, like to remember shopping cart history, or cookies used by a website to count the number of visitors, which is another text. So, it looks like we are moving into better shape, where things are getting actually much better. So, this is why I'm really confident that we're actually moving the right direction. Now, to wrap up.

I skipped a lot of stuff and I focused on privacy, although I didn't want to.

But I think there are really a few important things to take away from this.

We had a really couple of wonderful days discussing all kind of little details about performance.

What can we do to improve things? And, so on and so forth.

But if there are not users coming to our sites, then it all doesn't matter.

So, we really have to make sure that we're bringing this trust back that we have lost. Not we, but all of us have lost.

These are all the wonderful thing we learned and this is just a really short summary of it. We have to think about adaptive serving.

We have incredible technology coming up.

It's not going to close the performance gap, but rather widen it, mostly because we have so many people using different fragmented devices out there. We have to translate performance metrics to business vocabulary.

We have to increase stability in our layout and measure and target reflows.

WebAssembly and Web Worker, we can also use them to really offload and make things faster.

We can prefetch routes based on analytics.

And, we need a clean-up.

All of this mess that we have around, it really needs our help.

And, I would love for us to go ahead and build really nice things, like this one, which really changed the world to make it a little better. - [Announcer] You might wonder how blind people deal with everyday challenges.

Well, normally, the answer is simple.

We're not that different from you.

We play music.

We go to school.

We go to work.

You get the picture.

But sometimes, the simplest things can be difficult and we need a pair of eyes.

- [Artificial Voice] Connect to.

- [Announcer] That's where you come in.

- [Artificial Voice] Establishing video connection. - [Announcer] Through your smartphone, Be My Eyes connects the blind with sighted people through a live video connection.

Simply choose if you need help or want to help by the click of a button.

- [White-Blanketed Girl] That's a nice picture of Jenny, Val, and Kelly.

Is this for a present? - [Gray-Shirted Girl] Yes, it's a photo for my parents. - [Announcer] You can help just by installing the Be My Eyes app.

- [Artificial Voice] Print image.

- [Announcer] And, we'll notify you when someone needs your help.

And, if you're in the middle of something, don't worry. Someone else will step in.

- [Caller] That milk is way too old.

- I would feel really uncomfortable if I knew that I created a service or built a service that might the personal data of most-vulnerable people in a way that would be just horrible.

That would make me feel very uncomfortable. Just one more positive thing because it was a really sad video.

This is the story of my life.

I always show it, to be honest.

I think we can do a lot of things in performance, but the best part is that it's never perfect. And, I think it really is the best part.

We can always try because the world is unsatisfying. (audience laughs) (metal clanking) (splat) (knocking) (sizzling) (rattling) (audience laughs) (metal squeaking) (clicking) (beeping) (sizzling) - [Vitaly] Aw, thanks to Parallel Studio for the wonderful, wonderful video.

With this in mind, let's make the web better because we can.

Cats, Cats, and meow, and thank you for your attention. (applause)