The remote module is a serious security liability and a sizable footgun, as I wrote about here. We should disable it by default and ultimately move it to electron-userland.

This is a fairly disruptive change as it will affect any app that's using the remote module, which is most of them.

Deprecation Strategy

1. ✅ In Electron 9.x, start emitting a deprecation warning when using remote without explicitly enabling the remote module via the enableRemoteModule WebPreference.
2. ✅ In Electron 10.x, set the default value of enableRemoteModule to false. Apps that use remote will need to update to explicitly set enableRemoteModule to true.
3. ✅ Once WeakRef is available, refactor remote to use that instead of our custom GC hook callbacks. [Update]: WeakRef is now available in Chrome 85 / Electron 10. This refactor is targeted for Electron 11, as 10 has already branched for beta.
4. ✅ Once remote no longer relies on native code, create electron-userland/remote and start warning when apps use require('electron').remote or set enableRemoteModule: true, directing them to the userland version. [Update]: This is now targeted for Electron 12.
5. ✅ After 2 major versions of warning on require('electron').remote, remove it. [Update]: This is now targeted for Electron 14.

I can see an argument for delaying (1)–(2) until WeakRef is available, so we can skip straight to the userland module and only have one change instead of two. However, I think it might be valuable to start warning ASAP so that apps can start the process of migrating away from remote if they decide they want to.