Speculative execution bugs in modern CPUs popped up out of nowhere, but the worst of the nightmare seems to be mitigated. We destroy these mitigations by taking a skeptical look at their assumptions, and reveal that unprivileged userspace applications can steal data by simply ignoring security boundaries — after all, what do address spaces and privilege levels mean to Intel’s CPU pipeline?