Hacker News new | past | comments | ask | show | jobs | submit login
Tim Berners-Lee: 'Stop web's downward plunge to dysfunctional future' (bbc.co.uk)
573 points by pmoriarty on March 11, 2019 | hide | past | favorite | 305 comments



Tim's letter: https://webfoundation.org/2019/03/web-birthday-30/

I actually thought it was pretty carefully worded and not super alarmist (despite the BBC headline).

I personally think it is worse than he presents it. Perhaps it is just nostalgia, but today's web / internet seems to have given up on open standards and cooperation. Instead most of the money and effort is going into figuring out how to capture people in a walled garden such as Facebook etc.. so you can mine their data and advertise to them.

For all its downsides, Bitcoin is the last exciting open standard I can remember that has done well and maybe has a future.

We seem to have failed as a community to solve chat with an open standard (that has broken out enough to win), which is a serious shame. That's a hugely important medium today and we have essentially handed that to WhatsApp / Facebook / whoever. Imagine if we had done the same with email or the web itself.

I wonder if it is just a cultural difference somehow. The Stalman's of the world seem farther and farther apart, or perhaps just the internet has become so monetized that the best talent just can't refuse the $$$s from a FANG job that focuses on crushing the competition and owning everything.

I don't know, but it makes me sad.


Every once in a while I feel the same way. It's hard to reply to this sentiment, though, because I think there is also a lot of wishful thinking mixed in.

Years ago, standards processes were as much about screwing your competition as it was about cooperation. Take the telephone protocol standards. They are open, but the idea was always to rush an implementation that was different from your competition, push through that implementation in the standards committee and then force your competition to rewrite their code. The early days of web "standards" went that way as well (as I'm sure many people will remember).

However, the other thing to keep in mind is that proprietary solutions designed to force customers into vendor lock-in has always been the dominant situation. In fact, things are dramatically better than they were ages ago.

Things like TCP/IP were not the solutions that the big vendors wanted. They wanted their walled gardens (and worked hard to produce them). Even HTTP and the web only became popular because of NCSA Mosaic, which was proprietary software. It's also interesting to see the list of original licencees [1] The only company that currently exists is Fujitsu. Netscape Navigator was written by many of the same authors as Mosaic and they only decided to open source it in 1998 -- a move that literally shocked the development world. This eventually led to Mozilla.

Back in the day, people "in the know" knew about free software, the FSF, Emacs, Vi/Vim, Posix, etc, etc. The average programmer knew nothing about it, except for being forced to learn vi in university perhaps. These days, you can't swing a cat without hitting someone who is passionate about at least open source, even if they don't necessarily quite understand software freedom.

I don't think we are in a worse position than we used to be. Granted, there are more and more users (billions now) that don't know anything about free and open systems. 30 or 40 years ago, those people were similarly ignorant, but weren't using computers. So when your aunt Martha is hooked up to Facebook, it seems like we've lost (or at least are loosing). But these open platforms and protocols have always been niche and our niche is much bigger than it was before. While you may never be able to chat with your aunt Martha with a free and open system run by people who are more interested in providing a service than somehow extracting money from you, you can chat with a lot more people than you ever could before. I think the key thing to remember is that you've never been able to chat with your aunt Martha using that free and open system.

I think it is perfectly acceptable (and probably even preferable) to turn inward and mostly ignore what's happening in the proprietary world. I think it's probably a good idea, at least for now, to ignore fashion and popularity and instead concentrate on building free and open applications that work the way you want. There are more than enough people around with the same ideals to make it work.

If you build it, they might not come, but if you don't build it, they definitely will not come.

[1] https://en.wikipedia.org/wiki/Mosaic_(web_browser)


When aunt Martha and uncle Martin weren't using the free and open system, but also weren't using computers to talk to people regularly, the social pressure, if you wanted to stay in touch with them, was toward more physical means: in-person visits, mail, and telephones, which, while definitely technological in nature, have more physicality than the currently-dominant digital world.

People have more of an instinctive understanding of what “open” means in terms of the physical world. You don't meet them at Facebook Square, where every word you say to them goes through corporate-controlled smart air; you might meet them at their house, or at some public or commercial place, and when you're in public, you're both being continously reminded of this through physical environmental cues. The mail is often a monopoly, but its function is circumscribed, and opening your envelopes without a really good reason is at least a clear violation of social norms; the physical object provides a boundary. Telephones don't usually manipulate the context of what you say during calls, and while the mass surveillance issue is hazier there, the basic model of social expectation is still simple. (The simplicity of model applies to a lesser extent to IM, but telephones currently have universal interop in a way that got shattered for e.g. XMPP by a whole storm of issues, and the subscription funding model for the infrastructure has social acceptance that it doesn't in the IM world. I don't have a short history of why this is right now.)

Nowadays, it's likely that the social pressure is for you to actively use the closed system, because that's what your aunt and uncle have reoriented their habits toward after finding that it felt so much more convenient and took so much pressure off them. Which is arguably one of the good effects—though other people have written uneasily about how this is in a way the outsourcing of emotional labor to machines. But because digital social networking is intermediated so much more deeply than earlier and simpler forms of telecommunication, whoever controls the software now has hard influence over the form those habits take, and your aunt and uncle's need to not have a big chunk of their social life disrupted, combined with the relative non-manipulability of the digital world to people who don't fall into the “programmers with a lot of free time who are willing and able to flout TOSes and/or evade detection” class, means they can't easily resist it. The resultant inertia is very asymmetrical in a way that I don't think it was for previous means of socialization. It's also fast in a way that it wasn't before: governments can crack down on things in oppressive ways or manipulate and infiltrate people's social networks, but it's harder to do en masse, and the actions in question have to be more visible to have an effect, so grassroots opposition has more margin to get started. Nowadays, I see people saying that they feel like planning their activism on Facebook is the only way to get any reach.

Then you get how a lot of people's working understanding of computer technology is based on a fuzzy notion of “computers” and “the Internet” which mushes everything together, so whatever decides which models of interaction are fashionable can force you to follow them or be in the dreaded “inaccessible to users because of lack of familiarity” weak position, which just gets reduced to “not easy to use”, and then you die. Compare how Mastodon is basically a Twitter clone on many levels, and that's seemingly what wound up taking off among less distinctly-in-the-know users in the ActivityPub sphere, and even then merely introducing the idea of “instances” seems to have taken a lot of social doing.

So I think we are in a worse position than we used to be, both because getting traction on “move from physical world to open, benevolent digital” is harder than “move from closed, manipulative digital to open, benevolent digital” and because the closed, manipulative digital now has a lot more ways to close off the terrain before you can get anywhere.

… I seriously need to compose my thoughts on this into something more coherent and well-researched at some point.


I had to think a lot about what you are saying. I think I agree. The world is in a worse place overall than it was before with respect to freedom. The warnings that people like RMS made have come true. However, I still think that doesn't invalidate the idea that freedom in in a better position than it was before as well. It's just that non-freedom is growing at a faster pace.

Now that I think about it, though, there is definitely one place where we are losing. It used to be, despite the lack of popularity, free-as-in-freedom software was by and large better than other software you could get. GNU was much, much better than the proprietary Un*x collection of user land tools. Linux was much better than the proprietary Posix kernels (though you can argue whether or not BSD was better, it doesn't matter since it is also free-as-in-freedom). Development tools were much better and when we talk about compilers, interpreters, reuse libraries and frameworks, this (at least) has accelerated. Even going later on, Asterisk was head an shoulders better than any proprietary PBX (not that it's saying much). I would even argue that IRC and Jabber, et al were dramatically better than the proprietary offerings. But especially in this kind of telecommunications field, we've been overtaken.

I'm not sure if making a better X will promote adoption of "free X", but I'm sure that allowing the proprietary gang to own all of the high quality software in the area will result in "free X" always being an impossible dream. In telecommunications, I personally think there is nothing (with the possible exception of Mastodon) that's even close to the proprietary competition at the moment. That's a massive problem. I would concentrate on fixing that before I tried to do anything else.


But what is “high quality software”, if we look at it from a perspective of user expectation? There are a lot of things users expect now that are not just a function of the software itself. And how do you organize the people to produce the software? I think the volunteer model that powered a lot of the IRC and Jabber era you mentioned is both decaying and under attack in terms of viability for mainstream end-users.

One psychological element is that I suspect the “service = client = identity = interaction model” meta-model of mental compartmentalization has been embedded firmly into mainstream end-user consciousness, because it's easy to understand and provides strong environmental cues. This is both encouraged and to some degree enforced by the “Does It Work On Mobile” situation, which implies dealing with Google or Apple app stores. Notification handling seems particularly awful, because it usually means going through an app-specific developer account which is required to be responsible for a forwarding server, which then becomes both a recurring financial expense and a centralized point of attack, and so on.

OS-level, user-level, and security-apocalypse-related requirements for fast-paced updates destroy anyone following the “make something acceptable and then leave it be for a while” development model, which drives the effective cost and need for commitment way up. In the dominant IRC/Jabber era, clients could have code that didn't get touched for a long time, which is much more amenable to a volunteer model.

Non-volunteer libre software models run into all the usual market and funding problems, but both they and volunteer models also run into the problem of being exploitable via the newest iterations of embrace-extend-extinguish, which I guess I'd call copy-customize-clobber. Marketing departments are both ethically Interesting and a massive money sink. Taking money at all at least used to involve huge logistical concerns (which themselves have centralizing effects), though some of this has become easier.

The pricing gradient is abysmal. Much like how the iOS App Store has had its pricing driven to rock-bottom by price anchoring on “things that got added onto your phone bill” even though the new crop of apps was full-fledged polished packages that cost much more to make, the anchoring expectation for keeping a new service running (and its client maintained, and so forth) has been driven to “free” by VC-backed data-driven operations providing a very strong distorted market signal to that effect (I say “distorted” under the assumption that users don't realize the full scope of the mass surveillance and control that is possible with digital socialization and aren't taking it into account, but in either case it hurts the open options).

A lot of the polishing of end-user-facing software involves slogs, and some of them involve money-draining and executive-function-draining slogs. “This doesn't work on Android device Foo” is something that is very hard to fix without having a Foo on your desk. Users, frankly, can also be quite ungrateful in an open-source development context (keeping in mind that whether this reflects badly on them is a separate question, given the amount of hidden psychological distance involved and the social context of other unfortunate power exchanges that they're pushed into by digital technology). In a corporate context this is mitigated by social barriers and financial compensation, but avoiding maintainer burnout in more idealistic contexts seems to be an unsolved problem, and my observations suggest that it's true even when there's a crowdfunding model, because now if you make any mob-justice-able missteps, a bunch of your money immediately goes away. (Arguably this should be true for the big closed networks too, but it isn't, so you're still at a disadvantage.)

Non-text telecommunications sometimes involves esoteric skills. There's been motion to improve things (for instance, the rise of Xiphophorus audio codecs (Vorbis, Opus, etc.)), but there's still things like echo cancellation and noise reduction which can get arcane and maybe run into patent minefields (I haven't checked recently). My Discord calls don't have anywhere near the level of background noise that my Signal ones do.

I've weakly observed a strain of resistance to acknowledging or prying into uncomfortable models of human psychology among open-source developers, who tend to lean systematizing and abstracting… I don't have a good perspective on that one right now, but I guess I'd say the “we need to be friendlier to Normal People” departments seem to default toward “normal people like flashy websites” and away from (I'd approximate) “normal people like not having to keep cognitive context or be put in situations where they might be embarrassed or have to be responsible for something awkward”. The latter is a much, much harder set of problems, even if you ignore the ones that are inherent to network effects and seemingly have to be bypassed by luck. Then again, proprietary services sometimes mistreat their users in these ways and don't necessarily get exoduses, so maybe network effects just completely dominate here; I don't know.

(I guess a secondary problem is that an emotional understanding of the mechanics of fashion is rare in conjunction with the technical skills to close gaps like this, because they involve such vastly different approaches to the world. And that leads into a whole potential digression on whether human fashion cycles are even amenable to creating a world in which people can generally live without relying on abusive services for their social lives, without strong common-knowledge agreement to avoid them.)

I'd love to hear better ideas for tackling any of this. (And sorry for the core dump!)


I think social/communications software should be developed by universities or perhaps a new kind of institution. And there should be project based grants, paid from tax money.

The internet was better when the communications software was in fact developed this way by universities.

Companies can still provide the hardware, of course, but they have no business looking at our data.


> And there should be project based grants, paid from tax money.

The vast majority of tax payers don't care that the government spends some stupendous amounts of money on proprietary systems. It is depressing, but that won't change until:

lobbying = corruption (allowed = true)


I think fundamentally you can't tackle the problem the way that a traditional VC backed startup would. You've got to burn through money like crazy and there just isn't going to be the ROI multiplier at the end -- because you can't lock in your customers. Free software business models have to work on a "payment" upfront way of doing things. However, payment can be made in a lot of ways (including the "consortium" style approach that Apache software takes). If you ever want to talk about free software business models, look up my email in my profile and I'll be happy to go on for as long as you want ;-)

I think that volunteer organisations can go a long way, though -- especially if they are motivated by things other than money. Scarce skills are actually not nearly as much of a problem as you might imagine. I actually have the skills to fix your audio problems in all likelihood. In fact, I would go so far as to say that I haven't found any VOIP package that is as good as one that I built 15 years ago (unfortunately not free software... sigh...)

The key is to actually run a free software project. Signal is not free enough for me because it forces me to link to non-free code if I want to use the service. I'll be completely honest, open core sucks when it comes to attracting people who have the ability and desire to help. It is vendor lock in by design. And while Signal in not actually open core, it might as well be because of the lack of federation coupled with the necessity of using Google Play and Signal's server.

If it were me, I would rewrite rather than fork Signal because I also don't like a lot of things about their design (and I have considered it). But in the end, I'm not all that interested in writing a VOIP/messaging server. I've got another project on the go and I'm only one person. This doesn't mean that there isn't someone else with similar skills to me. It also doesn't mean that I wouldn't chip in and help with a project that I felt aligned with.

And I think this is exactly the key. You need that low barrier of entry. This is one of the absolute key things you need for building a free software project that attracts the talent you require. That is a lot more to it, but without removing all the excuses to work on something, people just won't find the time.

I think the problems you are currently focusing on are secondary. You do not need to fix them up front. They are things that you can iterate on. It's the "how do I get people excited to work on this project" that's important. You don't need to appeal to the masses for that. You need to appeal to the programmers (and potentially documenters and artists). Once you have people invested in your vision, then you can start to wonder how to expand your reach.


I take your points around Signal but I think your priorities may be different than others. IE, I care more about an open standard being created for E2E encrypted chat that lets you pick your own home server than I care about Signal using Firebase Cloud Messaging. If Signal's standard was built to allow multiple home servers then we could each pick which client served us best.

It is a shame XMPP got lost in the shuffle along the way.

On the Firebase point, it is harder than it looks. I know this because we have similar problems as them (needing to notify our app to go sync) and basically Android has removed every other option for you to wake a device to do that EXCEPT for FCM. Every release has come with more and more ways they lock down background apps to now it being completely impossible for an app in the Play store to do anything but FCM.

So Signal doesn't have a whole lot of choice there, at least not unless they decide they won't be available in the app store which kinda sinks them as being a real competitor.

On that note, I think they do a decent job and I really do want to use them but they are behind on features compared to their peers and I just don't see it happening. Some of those are large moats created by the "free or nothing" philosophy. For example, one of the most useful WhatsApp/Telegram features is being able to share your live location for 30m or an hour with a friend or group. It isn't clear this is going to happen due to not having a good free map provider: https://community.signalusers.org/t/live-location-sharing/25...


>>> I think it's probably a good idea, at least for now, to ignore fashion and popularity and instead concentrate on building free and open applications that work the way you want.

Yes. Thank you


You mean giving up on standards like IE6 and below, adobe/macromedia flash, RealPlayer, Quiktime and ActiveX ?

You mean the open web of ICQ, Skype, AOL's walled garden?

The web of 5, 10 and 15 years ago was much less standardized then we have today. Even though chrome is basically the only major browser left, almost all content you browse today is written in to an open standard.

Walled gardens existed in the past just as much. We just didn't really consider them walled gardens because there was really no real alternative.

The only difference now then in the past is scale. It seems that a closed and non-standard platform is ok if it is small, but the things that forgiven for a site with a few hundred thousands users is not for a site with billions.

Which is as it should be, I think. We should have different moral standards for different sizes of market domination (the same way we have for monopolies), but let's not paint it as if the web was more open in the past.


>You mean the open web of ICQ, Skype, AOL's walled garden?

There were open-source clients that connected to all of them. Accounts were easy to register and didn't have draconian verification. The IMs of the old we used for actual communication and social interaction, instead of some synthetic nonsense that's designed to leak as much of your personal info as possible.

>Even though chrome is basically the only major browser left, almost all content you browse today is written in to an open standard.

Google has far more control over web standards now than Microsoft ever had in the 90s-00s. It's just that they are much better at presenting themselves as the good guys who act in public interest.


> You mean the open web of ICQ, Skype, AOL's walled garden?

I get your general point but i would point out that in regards to something as simple as messaging, ICQ/AOL/MSN/GChat/Facebook. It wasn't that many years ago that I could have all those clients loaded up in one chat client.

Noways i think ICQ is about all that's left that allows you to connect to their chat services outside of proprietary software.


Not anymore. Sometimes in late December, ICQ users received following message:

"We are discontinuing support of older ICQ versions and other unofficial clients. To continue chatting, you need: 1. Link a phone number to your account here https://icq.com/<redacted>/verifyphone?sc=<redacted> 2. Log in using the official ICQ client which can be downloaded at https://icq.com"

I can still log in with an alternative client, see my contacts' status and receive text messages, but any message I send is either lost, or delayed by several days.


Also lets not forget that time when you could send messages between almost all of those prividers including Gchat and Facebook messenger because it was all federated XMPP.


From the big messenger networks, only Google and Facebook used XMPP, and Facebook's was never federated.


Even though WhatsApp is basically a hosted ejabberd fork.


> It wasn't that many years ago that I could have all those clients loaded up in one chat client.

Pidgin supports FB Messenger, Whatsapp and Hangouts. Those plugins are based on reverse engineering the proprietary protocols, but that was also true of the messengers of yore.


It seems like a lot of communication services that started with open API's later abandoned them. Most famously, Twitter. Maybe we should think about why this happens? Bots and abuse, maybe?

There are still multiple clients available for email, but it does have a bit of a spam problem.


It's simple, and has nothing to do with bots and abuse (after all, a centralized service can handle this centrally, regardless of the client used).

Communication services have inherent network effects, and network effect is how you make money in this space. So first, you need to build your userbase. At this point, interoperability is a feature, because people can try out your service without fully committing to it. Then, after your user base grows big enough, interoperability suddenly becomes your enemy - a way for your competitors to pull on you what you just pulled on your predecessors. So you need to get rid of it, to secure your network. This pattern keeps happening again and again in any space that has network effects.

TL;DR: Embrace, extend, extinguish.


I wonder is there a route for an open/free competitor to then start with interoperability (e.g. pull your posts from FB or Twitter onto their service, allow log-in via FB OAuth) and then, after your user base grows big enough, create an open protocol that your would-be competitors adopt.

If you had 5 or 6 players who were all using the same protocol for social (similar to email), you might be able to remove the vendor lock-in completely as users might start looking for platforms using the protocol as a feature?

Feels a bit of a pipedream, but seems like the main way that we could transition to social as a 'free' medium (as in, à la email, I can post something and you recieve a notification, or I can send you a message without knowing or caring which platform you consume your social content on.)


Two big roadblocks:

1) How do you fund it? One of the reasons tech companies end up on the path from interop to lock-in is their funding model. If you take investor money, you may find yourself having no choice but to become user-hostile when the investors come back asking for their returns.

2) Legal barriers. Vendor lock-in isn't just about technical hurdles; a big part is use and abuse of intellectual property rights. It may not be legally possible for you to interop with Twitter and FB unless they allow you, and they will stop allowing you access the moment they realize you're a potential competitor.

There's an inherent asymmetry here. It's easy for a commercial competitor to take over an open network. It's very difficult to do the reverse.


Lets not forget slack allowing IRC client access, then disabling it.


I think it's about something much more insidious: FOMO.

Today it's easier than ever to create e.g. a decentralized or independent means of doing pretty much anything that could easily let people escape those walled gardens, if they wanted. The problem is people don't want to: FOMO. If they leave the walled garden, they have the Fear Of Missing Out on what's happening inside the walled garden.

You can even see this phenomena in real life. You have a dozen people at a table or whatever. Unless you have some good sample bias, a good chunk of them will be constantly glancing at their phones if not having their noses glued to them. You have significant things that could be happening in your immediate vicinity, supplanted out of concern for missing what are invariably trivialities in a mostly fake world.

This is a people problem - not a business or technology problem. And the worst part is that it's so incredibly insidious that people don't realize the harm involved. A person addicted to gambling will trend towards the same thing as a person addicted to drugs - losing everything they have. And so it's quite easy to see the consequences. A person who's mind is increasingly fogged and attention driven entirely to the pale glow of that screen and the little dopamine bumps it provides, by contrast, will see no immediately visible negative effects. And the addiction is so ubiquitous that even as consequences do begin to emerge, they're not really noted because it's 'normal.'


I believe you miss the main issue: Most people don't know or don't want to do computer systems administration.

People don't need to know mechanics to drive a car, or architect to live in a house and Facebook, Google... are doing the same with computers. You don't need to know anything about how computers work in order to use them.

There is no FOVO when you can convince your friends or family members to use a different and better alternative. The problem is that there is no alternative.

There is no alternative. There is not some kind of box I can buy for 30 dollars, connect to my network and instantly being able to connect with my friends, family or workers with another box automatically and without work on my and their side like you can do with a physical telephone.

There are lots of tinkering boxes for geeks. But they are too complex.


That's the main problem. But there's also a secondary problem, often tangled up with this one, that IMO deserves a separate attention: the problem of drawing everything down to the lowest common denominator. Geeks are fine with tinkering boxes, and those boxes give them superpowers. But the computing environment is moving to remove this ability across the board - to make it impossible to use your tinker-box to interact with the world at large, essentially neutering much of the use for it.


Right, and right now we are having the choice to use just those oligopolies. If we bring this down to the car analogy, it would be like if you had the choice between Ford, Toyota, VW and a bicycle. You could ride your Ford on the ford-roads, your Toyota on toyota-roads VW on vw-roads and if you feel mighty you could even bike but there's no way you will be allowed on the same road as the big guys and eventually you'll meet the dead end.


When businesses tune their platforms to elicit exactly this type of behavior, and have psychologists on staff to help them do so, it's absolutely a business problem as well.

People aren't blameless, but neither are the businesses exploiting them.


I think its more then just the lack of wide usage of open standards. Centralization was what sunk the ship. And it did so for a reason. Mailinglists became twitter, Forums became subreddits and dont even get me started on youtube and facebook. I dont think we have a viable concept anymore how to finance independent infrastructure, or maybe we never had one to begin with. Sadly the end of year push to collect enough to cover the server costs was always a common occurrence.

I dont see how something like video streaming in a watchable resolution can be crowed founded.


Didn't Tim Berners-Lee have a hand in approving Web DRM and abandoning consensus? He did [0][1][2]. For all his accomplishments in creating the Web as we know it today, his considerably more recent involvement shows that even he has given up on open standards, cooperation, and consensus.

[0] https://news.ycombinator.com/item?id=14720591

[1] https://boingboing.net/2017/07/07/eschatology-watch.html

[2] https://news.ycombinator.com/item?id=15278883


There are still Stallmans, it's just much harder for a single person to have as great an impact as the various computing verticals have gained inertia. Not to downplay the importance of early pioneers, but a lot of success comes down to timing, being in the greenfield where your ideas can be fully realized without any prior art getting in the way, or needing to reach feature parity with the status quo.

The trade off is that those pioneers had to work with very little, while we have very nice computing environments, but there are a ridiculous number of us, a lot of who are brilliant, and a lot of the great ideas are already taken.


>For all its downsides, Bitcoin is the last exciting open standard I can remember that has done well and maybe has a future.

If you don't mind elaborating, this point comes up rather frequently nowadays about bitcoin/other blockchain tech. So far the only thing that fell into the "exciting" category for me was ipfs and even that didn't really convince me that it's a viable thing.

I get that blockchain tech is an industry nowadays but from my outside perspective 99% of it and the applications they promote seem rather, for the lack of a better word, self serving. Either that or it's some niche that I don't see will get any mass adoption anytime soon.

Lots of these technologies seem to be technical solutions to problems that are social in nature and thus, again - from my outside perspective, prone to failure. Proof of X tech often looks like stuff that's solved as soon as parties agree on using it in the first place.

edit: formatting


> > For all its downsides, Bitcoin is the last exciting open standard I can remember

> I get that blockchain tech is an industry nowadays but from my outside perspective 99% of it and the applications they promote seem rather, for the lack of a better word, self serving

Blockchain might have been as exciting as the internet at the start, but it has turned bad (i.e. been exploited for profit by big corporations at the user's expense) much more quickly. In my view it is because blockchain puts money before technology rather than the other way around, i.e. during the dot-com era it was often "let's just build something useful and worry about monetisation later" whereas with blockchain it is more "we've got the monetisation in place and we'll worry about actual use cases for the technology and mass user adoption later".


In other words it's a solution in search of a problem


I think its a bit more subtle than that. Imagine on one hand if a printing press was invented that outputs the printed material to anyone in the world for free. At first there could be lots of great materials printed with it, but then the question would be asked - can we start charging money for some of it? Imagine on the other hand if a silver church collection tray was invented that could collect money from anyone of that particular religious persuasion anywhere in the world. At first it could collect great amounts of money, but then the question would be asked - can we do anything else with this silver church collection tray besides collecting money?


I also put `ipfs` in that category, of ya, maybe this will be interesting / enabling.

Bitcoin is internet money. Yes, it is also totally full of scams, pump and dump schemes and everything else, but it is the nearest analog to the web for money anybody has come up with. It is decentralized, open, resistant to attack and open to everyone on the globe.

Whether it is viable from a political (and to some extent technical) aspect is still an open question, but as a standard it is pretty awesome.

I don't know if it will last or manage to deliver on its promises in the end, but for me it fits in the same mold as the original web.


Walled gardens are partly due to the emergence of huge corporations who harvest and aggregate personal data to build profiles ostensibly to aid advertising.

I find this baffling - traditional shopkeepers never used to ask for the personal details of the customers. That's why the phrase "it's just business" makes sense.

Elizabeth Warren seems to have spoken of breaking up some of Facebook and Google. This might be the only way to combat the data hawkishness of corporate leaders like Eric Schmidt.


Walled gardens are partly due to the emergence of huge corporations who harvest and aggregate personal data to build profiles ostensibly to aid advertising.

The FAANG companies built surveillance networks to target adverts at the beginning, but I think things have changed so much that advertising is just one of many uses of the surveillance data now. Take Android's location tracking as an example; Google doesn't need minute-by-minute location information of where everyone is to sell more adverts. They gather that data, and use it in Maps for live traffic tracking which is ostensibly useful, but it's not for advertising.

These companies are at the point now where they soak up whatever data they can get just in case they can think of a use for it in the future. Advertising is the excuse, not the reason.


Also ML models, which in modern application boil down to "throw everything you have at some DNN and see what sticks". Which also encourage hoarding anything you can get your hands on, since you never know (and really, don't care about figuring out through thinking) which data feature will suddenly be the key to make your ML product work.


> Advertising is the excuse, not the reason.

I think you have a solid point here, but even so, that doesn't make anything better. Collecting data on people without their informed consent is wrong regardless of what you want to use that data for.


> traditional shopkeepers never used to ask for the personal details of the customers

Based on that statement, it sounds like you never lived in a small town, or you lived in a twilight zone version of one.


I've never been to a small town where the shopkeeper asks for my address book and to briefly scan my personal communications for keywords "to improve our services and deliver a more relevant shopping experience".


I don't know, I've lived in a few real-world small towns and have never had a shopkeeper ask for personal details as part of a transaction.


The main problem I see with the web is that we forgot about users. Dev's got so obsessed with means that they started to completely ignore the ends. I don't remember where I saw this phrase but I like it a lot: "make harder for databases, easier for the users". Alas, seems like desire to use the coolest tech or the only tech devs know trumps everything. The main question now is should we use Redux or MobX. Not "should we user React at all here? Does this project warrant to be a SPA?". And who needs accessibility anyway?


I think it is worse than we admit.

IMAP will soon be dead, and the only way we can check our emails will be on the terms of Google or whoever. And because of how websites work now, ad blocking is an uphill battle that will only get harder, as server side rendering becomes more common.

So, welcome to a future where you can't check your email unless it is on a multicore computing device with out least 2G of RAM, running an OS that is less than two years old. And you have to submit to email tracking beacons. (But don't worry, they will be proxies through Google so marketers will only know you opened them, but not your IP).

Google will make concessions for accessibility of course, but it will be strictly on their terms, and the screen reader will still need absurd system requirements and have to execute javascript quickly, to be able to read static text.

This WILL happen, and soon. And tech journalists will celebrate this, and say that IMAP was obsolete and "needed to die". They will praise the responsive and fashionable UX (the only interface allowed), and there won't be any serious pushback.

Maybe Google will require that you run an app or use some browser extension to fully utilize features that you used to get for free. And the OSS community will obediently scramble to implement these regressive requirements, because if Firefox and Ubuntu don't play ball with the latest DRM/restriction garbage, then they wouldn't be cool or something.

Federated email will slowly get squeezed out and die with a whimper.

OK, maybe an exaggeration, but is it really far fetched? And this is just a microcosm of where technology is going.

The reason I am pessimistic is that the developer culture that I knew is dying out. Younger developers just accept that the centralized corporate internet is the internet. And people I think are far more obedient with technology than they used to be. But what's so frustrating is that they are accepting and obedient I think partially for very shallow and superficial reasons, and wanting to be cool and accepted. As if people think that Apple is too shiny to and cool to betray us. "So what if it's horribly intrusive DRM, It's Apple, come on. Nobody wants that second best obsolete crap. It is obsolete because that cool guy said so. And Google is 'the best' so we have to implement it their way. Please don't laugh at me."

I have said it many times before, but I just wish that people were as skeptical of Google and Apple as slashdotters of old were about "Micro$oft" or Oracle.


Indeed, "a public square" and "a doctor’s office" - all one in the same and who cares right, remember there was once a thing called privacy; our grandchildren will read about it in the history books (or probably not, since maybe there won't be such things as books).


"today's web / internet seems to have given up on open standards and cooperation. Instead most of the money and effort is going into figuring out how to capture people in a walled garden such as Facebook etc.. so you can mine their data and advertise to them."

How are open standards and cooperation supposed to stop tracking and advertising?

Tracking and unsolicited advertising should be tackled head on: by banning them.


Ideally, open standards would mean that the network effects, which today keep people trapped in walled gardens like Facebook, would create a more distributed / federated community instead of a winner-takes-all model.

I think this is largely true, since if you could still communicate with your friends and family on Facebook but be on a different paid platform which doesn't track or advertise products to you, most people would go for it.


Right, exactly. You can choose a different email provider if you hate the ads or what your current one is doing with your data. You can't pick a different Facebook and still communicate with your friends there.


You can pick a different one, but if they're all spying on you, tracking you, and advertising to you, it's not really going to make a difference.

Also, splitting up Facebook alone isn't going to stop data sharing between its various parts, nor is it going to address tracking or advertising at all.


With an open standard, I don't see why you can't host your own social network similar to how people host their own email servers or websites right now.


What's an "open standard for a social network"?


Currently, it seems to be ActivityPub, which projects like Mastodon use.


It's a protocol. People don't use social networks because of protocols.

Coming back to this statement:

> With an open standard, I don't see why you can't host your own social network

You also need:

- photo hosting

- video hosting

- comments

- timelines

- feeds

- search

- social graphs

- (etc.)

for a social network to have any relevance.


> People don't use social networks because of protocols.

I agree with this point: usability is often not affected by what happens in the back. However, with open standards, it would be possible that people create other social networks because of protocols.

You mention all these technical problems that have to be solved to create a social network. I can see someone building an open source framework for all of these. For example with personal websites, everything except social graphs and feeds already exist.


There are quite a few open source framework for all/many of these.

Mastodon, Scuttlebutt to name a few. They are somewhat popular, but they are bad at many of the things I described.


This is the question!

I look at what people do with reddit, Facebook, twitter, various forums, and it looks like a more spiffy USENET.

We have a piece of that standard.

More needed



> You can pick a different one, but if they're all spying on you, tracking you, and advertising to you, it's not really going to make a difference.

If you can easily switch, then you can pretty easily find the one that isn't tracking you. The problem is that it's hard to switch.


But we can count the moments til a sacrificial lamb pops up, as with Bernie Madoff, or the epipen guy for pharma. Token examples without stopping the potential for their crimes to be repeated by everyone else in practice in the slightest.

We need to uninvent the wheel.


That will be a problem as you can't unring a bell - it is far easier to unscramble an egg.


This is the wrong problem definition and will fail.

You will ALWAYS have a centralized authority for social. No ifs, ands, or buts.

ANY successful network WILL create free space for attackers to target.

In email it was spam

In social media it’s false content, spam, manipulative advertising and so on.

You will ALWAYS have the problem of child porn, crime, and similar traveling over your network.

All of these MUST be solved, or normal users/society will target the network.

People here are solving Facebook. You need to solve for liability.


> You will ALWAYS have a centralized authority for social.

Email isn't centralized. IRC isn't centralized. Syndication platforms like RSS aren't centralized. Something like twitter could easily be decentralized by posting to some shared database like blockchain or simpler P2P systems.


> Email isn't centralized.

It is highly centralized. Corporate email aside, most people these days are using either their ISP or Gmail. Running your own mailserver is next to impossible because of dealing with both incoming spam AND having to keep up with the newest "anti-spam" trends that your server isn't blacklisted AND having to keep up with security updates.

> IRC isn't centralized.

Yes, IRC is next to dead, and most concentrates on the biggest networks (freenode, oftc, ...).

> Syndication platforms like RSS aren't centralized

RSS was a niche even before the death of Google Reader.

> Something like twitter could easily be decentralized by posting to some shared database like blockchain or simpler P2P systems.

Bitcoin blockchain can't even match the transaction rate of Visa and friends (~1700 TPS). Twitter averages at ~6000 TPS.

The sheer scale at which Twitter, Facebook, Whatsapp, Netflix and Youtube operate makes it very hard to replicate because the required infrastructure is extremely expensive, not to mention the support/moderation effort required to prevent the community from going down.


Federated != centralized

You can choose a different email provider. You can't choose a different Facebook provider.


For me, spam is easy. About 99% of it is rejected by using a regex methodology created by a gent in japan that he named "S25R". [1]

[1] - http://www.gabacho-net.jp/en/anti-spam/anti-spam-system.html

I've been using that for about 15 years. Works great. I even implemented it in a medium sized company. The only issues it caused were former employees that were running mail servers on their cable modem and stealing customers for their small businesses.


> Running your own mailserver is next to impossible because of dealing with both incoming spam AND having to keep up with the newest "anti-spam" trends that your server isn't blacklisted AND having to keep up with security updates.

I know this is a common perception, but I don't think that it has more than a kernel of truth to it. I run my own mailserver, and it requires me to spend, on average, maybe an hour a month in maintenance.


Yup. I’ve been running one for 15 years, and my maintenance might be a couple of hours every six months.


> Syndication platforms like RSS aren't centralized. Something like twitter could easily be decentralized ...

And they won't do it, since that's against their interests, hell twitter used to support RSS -even that was to much for them.


> You will ALWAYS have a centralized authority for social. No ifs, ands, or buts.

You assert this as fact, but don't explain why you believe this to be true. I don't think your statement is self-evident at all.


It sounds like the real issue is their insistence it 'must' be solved in absolutes. That absolutism leads to tyranny and the original problem going unsolved.

It is the same idiot-demagog loop of "We must do something and this is something! The fix made it worse? Do more something!" cheers

Hell the whole social media stir about internet misinformation is taking projection to previously unseen heights by everyone with an interest against a free internet.


If there e.g. was an open standard by which I could give advertisers information rather than them trying to steal and trade it, I'd happily fill out a little key/value thing in my browser to specify a few of my interests, age group etc. I'm happy to see targeted ads if I created the target data myself.


Remember when crypto mining in the browser was used as an alternative to ads? In the end websites used both to maximize profits. The same will happen in your idealized situation. You fill in a form with your personal data and then they secretly track you anyway.


But vendors would still have your data, still be able to trade that data with other vendors, would still build profiles on you and be able to track and predict your behavior to some degree.

You can't have effective advertising on the web without tracking. Advertising only works when the advertiser knows with some degree of certainty that an ad is being viewed, how often and if by demographics they find meaningful. The existence of targeted advertising presupposes the existence of a functioning apparatus of surveillance and psychological influence.


> You can't have effective advertising on the web without tracking.

I see no reason at all to think this is true.


Like billboards?


We missed our opportunity with chat about a decade or so ago. When all the disparate chat protocols (MSN, Yahoo, AOL, etc) were battling it out, we should have decided on a protocol then. Sure, we'd see some growing pains now with how to deal with encryption, but at least we'd have a ubiquitous chat protocol. Chat is now worth billions of dollars apparently, so that proverbial cat is nowhere near the bag. I would love to be able to sign up with, say, Fastmail for chat and be able to chat with whomever I wish and it just work. As it is, I have be signed up with 4 different services and they don't talk to each other. Sigh.


> For all its downsides, Bitcoin is the last exciting open standard I can remember that has done well and maybe has a future.

I'd argue, though less exciting, that the addition of emojis into Unicode is another such silo-busting standard. Nowadays, if you built a chat client from scratch, you would benefit from the network effects of those standardized emoticons.


That link gets a 404 now. You seem to have the right url, the link from the article is broken too.


Current status of the web? HTTP 417


> perhaps just the internet has become so monetized

I think this is really the core issue.


of course it's cultural.

People would now rather watch twitch, cat videos, or Instagram than Waste it on what ppl used to spend it on..

People now would rather pay for some proprietary SaaS or pay with their data than take some piece of software, learn it, make it better, then host it for other users for little to no compensation.

There are fewer people to create truecrypt, fewer Stallmans in the world now because the culture isn't conducive to the libertarian ideas that a Stallman of that time period might have... Let's have a looksee: -The internet is shit now because the government hasn't regulated it.

-The internet is again shit because greedy corporations force me to use their walled gardens, how the hell else would I communicate with anyone if I didn't allow them to siphon my data as payment to these fascist overlords.

-The internet is a shitshow because not everyone has accepted that both https and JavaScript should be mandatory.. It must be the children of anti-vaxxers, somehow refusing to believe the science, a clear byproduct of not having the first point and an easy solution.

-the internet is again a shitshow because the government hasn't told these fascist hardware manufacturers that I can't be bothered to read the quick start guides which clearly say change my router and IP cam password from 123456 to pa$$word.. Who the hell has time to do that with both pewdiepie and GoT having so much new content.. If the govt just had those clowns hard code pa$$word in the first place I'd be fine. Better yet, just let me get it as a service, they can just update it for me, then I can add nigahiga to my watch list.

-The internet is finally a massive shitshow because, all these companies making money from me being the product have no right to, especially if I'm not getting a piece of the action. Time to break up these corporate capitalists and redistribute the wealth to the people where it belongs.

I can keep going, but I'm certain it's scorched earth now. The truth is, a society that prefers the government give them things or provide their safety net, the Stallmans are going to be harder to find, because the ideas that go with such are very threatening. Pretty soon, it'll lead to making decisions for yourself AND taking blame for the outcome, good or bad, with or without a physical profit.


>People would now rather watch twitch, cat videos, or Instagram than Waste it on what ppl used to spend it on..

What's wrong with that?

I've seen a lot of complaints about social media, mainstream web culture, "cat videos and memes," etc. The web was meant for everyone, and most people want to use it for entertainment and talking to their friends. There's nothing wrong with using the web for mundane and trivial things.

You want people to embrace an open web? Stop talking to them about freedom and censorship resistance and how the fascist capitalist overlords have turned them into sheep and make it easy for them to share their cat pictures.


> Stop talking to them about freedom and censorship resistance and how the fascist capitalist overlords have turned them into sheep and make it easy for them to share their cat pictures.

Oh, that's a problem already solved by FB.


I know you're being ironic, but you're not wrong.

Strip away all of the dark patterns and evil from Facebook and you wind up with an example of the most successful and widely used multimedia platform interface ever. People use it to share news, images, videos, to view videos, to chat, to create and post onto forums. My mother, who care barely use email, uses Facebook. Billions of people do.

Any more free, more secure replacement is going to have to replicate what Facebook does in terms of user experience, or else they're doomed to never reach mainstream engagement.


All the open standards are still out there. Just because now there are 2 billions slaved to walled gardens doesn't mean all the good stuff disappeared. It just seems like everything is walled garden because the wall-to-unwalled ratio has decreased. IRC still exists, email still exists, just because whatsapp also exists and because a lot of people use it doesn't mean the web has gone down.

all your film cameras don't stop working when digital came out.


Email doesn't really work anymore. Have you tried to send to Gmail addresses via your own SMTP server any time recently? Good luck not getting spam-filtered.

An analogy to HTTP might be if browsers stop accepting HTTP and only acknowledge HTTPS to exist (mandatory web-wide encryption on anything except localhost/designated intranet IP blocks). At that point you are forced into one walled garden or another - there may be good actors like Lets Encrypt but you are still forced into either their garden or someone else's. The days of running the web server in your basement with no say-so from anyone else would come to an end. And I think maybe in the next 10 or 20 years we start moving towards that.

The film cameras didn't stop working when digital came out, but nobody will develop your Kodachrome anymore. You can also run your SMTP server and send packets into the void as much as you want.


> Have you tried to send to Gmail addresses via your own SMTP server any time recently?

I do it all the time (from a VPS), it requires crossing all the Ts (SPF, DKM, etc), but never had any issues with Gmail, only with other self-hosted systems.

> The days of running the web server in your basement with no say-so from anyone else would come to an end.

That was never true, you had to have permission from your ISP, and many forbade it (and some outright blocked those ports).


I've never knowingly had an UK ISP that restricted services I provide from my home computer. I've not been particularly careful in choosing either -- is that castrating of users a USA thing?

Gmail from a VPS has been a problem for me though, Microsoft mail has been worse (yes I look after the jots and tittles).


Bans on use of servers used to be common and explicit across a range of dial-up ISPs.

They're not as explicit now, but all contract and AUPs include terminology like "damage our networks", which cover poorly set-up and poorly run servers.


Terms are often not clear, but easily used to justify shutting someone down, e.g.

"Sky Broadband is for private use by you and members of your household only. It must not be used for any activities not reasonably expected of someone using Sky Broadband for domestic purposes."


Things like running a low traffic mail server, web server, VNC, torrents, chat servers, game servers, and such are all domestic activities .. they could claim they're not, I could see Sky being very restrictive, do they actually block/disallow though?


I don't know about Sky specifically.


> That was never true, you had to have permission from your ISP, and many forbade it (and some outright blocked those ports).

I don't know about that -- I've been running a webserver (as well as a few other servers such as email) using my residential ISP for decades, spanning several different ISPs including major national ones. It's never been a problem.


I do it frequently as well. It has yet to be a problem.


> Email doesn't really work anymore.

It doesn't?? Weird, because email is still the communications service that I use the most.


> Imagine if we had done the same with email or the web itself.

Give it time, we've certainly been trying.

See: chrome, amp, gmail, etc.


> Bitcoin is the last exciting open standard I can remember that has done well and maybe has a future.

And that future we call Ethereum.


This has been on my mind a lot recently and I really think the biggest failure was not making the internet easy to use. Facebook et al won by finally organizing all of the people/companies/organizations you care about in one place, and being a 0-friction publishing platform to interact with them.

Pre-Facebook "Grandma" either had to remember 1stbaptistchurchSTL.org, grandsontimmysawesomeblog.net, granddaughtersara42931.wordpress.com, nissanusa.com and countless other baffling URLs; or go to Google, which as good as it was for a while was a crazy bandaid. Now all of these things can be in one place and she can talk to them effortlessly.

The closest that "the community" ever came to solving this problem was what, bookmarks and guestbooks?

The privacy implications are unfortunate side effects, but have nothing to do with out these companies got so dominant to begin with. They solved real usability issues for the majority of users.


Your comment takes me back to AOL days of “keywords”. Then I realized that’s essentially what Facebook (and co) is: modern-day AOL.

The similarities are striking:

- Keywords instead of URLs? Check.

- Chat within the app? Check.

- Standalone chat client? Check.

- Marketplace? Check.

- Advertising? Check.

- News aggregation? Check.

The only real difference is Facebook doesn’t offer an internet service, and doesn’t charge a subscription fee (and ok, doesn’t send out floppy disks or CDs).

If it wasn’t so sad it would be comical how much engineering effort is wasted on reinventing the same things.


The only real difference is Facebook doesn’t offer an internet service

Well... https://en.wikipedia.org/wiki/Internet.org


> The only real difference is Facebook doesn’t offer an internet service, and doesn’t charge a subscription fee

They've partnered with Telco's. At least in my country, you get Facebook for free in "Free Mode". Then there's various promos to get you a few megabytes for Facebook.


Grandmothers used to love email. Mine had some sort of 'email appliance' for years that was basically a keyboard with a phone modem and an alphanumeric LCD screen. Basically a 90s era terminal, dedicated to email.

It was dead simple, much easier for the proverbial grandmother than even a modern iPad with the Facebook app.


> Grandmothers used to love email.

Sure, until grandmother's email started to fill up with spam, making it unusable. I think that is a big part of what killed the kind of dirt simple email you describe. Now you can still use email, but it's not dirt simple any more.

The other thing that I think stopped grandmother from using email is that all of her grandkids grew up on social media, and if they even know what email is, they think it's too uncool to use. So grandmother has no choice if she wants to communicate with them.


Hitting the "Junk" button in Thunderbird is not so hard and the filter catches most spam after a while.


Pocketmail[1]. There was a fairly brief period of time when those were great for emailing out updates from backpacking adventures, perhaps to an early blog. Of course, their utility relied on available (pay)phones, and they were only good for text.

[1] https://en.wikipedia.org/wiki/PocketMail


There's a great review from 2000 linked from that page:

http://www.dansdata.com/pocketmail.htm


> This has been on my mind a lot recently and I really think the biggest failure was not making the internet easy to use.

Why do people forget RSS?

RSS was awesome. RSS was "feeds" but in your own hands and under your own control.

Of course, it was doomed since it couldn't be monetized.


Exception that proves the rule: daringfireball. Puts a weekly ad in the RSS that users don't care enough to filter. Collected an audience that advertisers will pay to reach without microteageting.


RSS is still awesome. I use it constantly.


Maybe ya. Though does grandpa (he's no better than her) go to Facebook to check in on Nissan or does he go to check in on her grandkids? Feels like the latter to me and Nissan is only on Facebook to advertise to her.

Facebook did / does well because its an easy way to spread your photos / updates to a (mostly) private set of vetted people. Everything else came for them to monetize people once they were there, I don't think many are super passionate about the Nissan facebook page, not even Nissan.


I do notice small businesses using Facebook in lieu of a website - I find myself having to check Facebook to find today's specials menu at the two cafes I normally buy lunch from...


I don't have facebook and have no plans of ever making an account. These Facebook only companies are nearly impossible for me to interact with, so I just don't. Facebook used to let you look at stuff without an account but they eventually reached the tipping point and now a lot of stuff is inaccessible to me.

Not sure who is on the wrong side of this garden's wall...


Speaking of "garden's wall", even the bigger problem is when our local communities organize some event where everyone is welcome (everyone who's used by fb that is) and this digital fence is becoming taller each year. RMS calls such people "useds", I just simply call them neighbors.


Its the same for clubs who may have a website but for event details you have to check Facebook.


Agreed, I keep reptiles and there are few active reptile communities outside of Facebook.


My local consulate (I’m an immigrant/ex-pat/whatever) uses FB for all announcements and Messenger is _the_ communication channel. If you need to talk to them, you need to either go personally (3h drive for me each way plus waiting lines) or you send them a message on FB. They usually reply within 5-10 minutes.

Many small businesses also seem to depend on FB for communication.

I can avoid the latter, but my consulate is why I can’t delete my FB account.


I always tell those businesses that if they're only on Facebook, then they have no internet presence that I can use.


As much as I want to, I also like not being a jerk to my friendly local cafe owner who's already busy enough without having to figure out how to do a web presence.


I don't think it's being a jerk to inform a business of what works for me in terms of customer relations. That can be done in a jerky way, of course, but it can also be done in a polite, reasonable way.

I don't demand anything of a business, but if they direct me to a Facebook page, I see nothing wrong with letting them know that's not something I can use.


The problem is about money, not standards. There's no money in the free and open web. Capitalism is fundamentally antagonistic to the web as a platform. It wants to build barriers and walled gardens and spam the system with advertisements, because without all this junk, there's no money to be made. We need to realize this fundamental antagonism and look into nationalizing or strongly publicly funding / regulating the web in a manner consistent with public good, like we do with other utilities (rail, electricity, water, etc)

This may seem radical, but this antagonism will only get stronger over time. The capitalists who run these businesses are certainly aware of and worried about this future, & at least one presidential candidate (Elizabeth Warren) is thinking in these terms.


Capitalism involves private ownership, voluntary exchange, and competitive markets. These are all things "the capitalists who run these businesses" are trying to undermine. Netflix/Spotify are built on a stream-don't-own model. Apple wants to lock you into their walled garden where you have no choice but their products. And all the FAANG use regulation and corporate buyouts to keep the competition at bay.

If capitalism is really what you're after, the answer to that is an open, free, and private web where people own their hardware/software/information, have total freedom of choice thanks to free and open standards, and can compete on the strength of their service without fear of antagonistic regulation or buyouts.

The key problem with regulation is that all the large tech companies want the same kind of regulation which helps secure their position against competition and they're all well off enough to afford sizable lobbying budgets. So any regulation will have their say on it, while having little voice in that discussion for the public good (we have, what, the EFF and the CDT?).

If you think that's paranoid, simply review the history of the railroad barons.

Capitalism itself is actually supportive of the web as a platform and it's just that the aspiring "internet barons" are the antagonists. If we let them define more regulation of the internet, we're only securing their position for them and reducing the likelihood of real competition.


Capitalism as a theoretical, static picture of a well-functioning economy is somewhat supportive of the open web. Capitalism as seen from the inside, accounting for its dynamics, is absolutely against open web. It's also against free markets (you can make more money by making markets less free), against competition (the end-goal of every company is monopoly) and against voluntary exchange (the less voluntary the exchange, the more likely it is to happen and be profitable). The tension between what we need for a well-functioning economy vs. what economical actors want is the very source of growth and innovation in the market economy. Left ungoverned, unbalanced, the desires of market players are self-destructive.


The point I was trying to make is that regulation is being posed as the antidote to the self-destructive desires when it will merely legitimize them because it's those desires that will influence how the regulation turns out.

If we had a government free of corporate lobbyist influence, I would probably agree that legislation would be a good approach. As it stands, I'm not currently convinced.


Capitalism would be great, if it wasn't for those damned capitalists.


I like this summary, as it captures how much it's an overloaded term that lumps all sorts of things good and bad together.


It's exactly like that.

To overextend the usual analogy of capitalism as the ICE of innovation - gasoline itself is toxic, volatile and dangerous. By its nature, it just wants to violently oxidize. Its true value for humanity is only realized under extremely controlled conditions - those of an ICE, where correct amounts are injected and burned off with appropriate cadence. Deviance from those conditions causes issues ranging from annoyance to fiery death.

Capitalists are like gasoline.


> If you think that's paranoid, simply review the history of the railroad barons

The end of which was an extremely regulated market with partial nationalization -- exactly my point


On that we agree. Where we seem to disagree is whether that would be a good thing when applied to the tech industry.


Wasn’t this AOL?


AOL tried to wall people in too much and lost? I remember in 1998 connecting to a friend's AOL internet through some proprietary software that had built in chat and a browser. This was on a Windows 95 machine. It didn't use the standard networking stuff on windows, so there was no way to find out my IP address, no way to play Quake II games online, no way to use any internet software that wasn't part of the AOL package really, which made me start looking for an alternative immediately.


...Yes, It did. The dialer was proprietary but it fully initialized the network stack on the OS. You just had to leave it open like you would any PPP or SLIP client. IP? winipcfg

Maybe your friend had some ancient Win95 build without a full TCP stack installed by default?


It was at one time, but their model relied on being a dialup ISP as well as an online platform. That model collapsed when a different set of big corporate ISPs captured the broadband market.


"The community" has had such a hostility to a broadly-accepted user experience ever since there was a web to browse. (I used to be one of them, back when <center> was a netscape-only tag. Follow the standards! Write for content! People don't need that visual jazz!)

There's still a non-negligible contingent on here that insists that the web should be browseable without javascript; that ship sailed well over a decade ago. The users decided, rich interfaces are the way to go.

We did fail the world, and this is what we get.


As others said, users didn't decide shit. There's no meaningful way for occasional user feedback to reach the webdev community at large, not in a way that outshouts the desire to abuse users with flashy UIs and hostile monetization schemes. And most users don't give useful feedback anyway, because regular people have no context around technology. No mental model to tell them "this website is shit because A, B, C". They can only accept what's served on the market, with all frustrations that come from it, as the way the world is supposed to look ("after all, so many smart people are working on this"). They can't even "vote with their wallet", as almost all websites are non-substitutable, if you account for vendor lock-in and geographical limitations.


> There's still a non-negligible contingent on here that insists that the web should be browseable without javascript; that ship sailed well over a decade ago. The users decided, rich interfaces are the way to go.

Users decided no such thing. Users spoke QUITE loudly that even 100ms of delay results in lost attention and sales.

The FAANGs didn't give a shit--Javascript was a vector for advertising monetization. Anything which got in the way of their selling you advertising or selling your information got trampled mercilessly. No company cares about your user experience--delivering an ad takes priority.


I don't mind Javascript for rich interfaces. I do mind it if it's required to load a page that is just text and images.


The users decided on rich interfaces? Or the developers did?


I don't think the users decided on anything. Browsers are just prone to insane feature creep as a result of the game theory involved.

If you are a browser vendor, you don't want your browser to not support a feature that other browsers don't. Otherwise, users go to a website, and it doesn't work properly on your browser, and they blame you. If this website is something important like a bank, a news website they like, anything popular that their friends use, they might well ditch your browser. As a result, to some extent, browsers have to support all the features that other browsers do.

On top of this, browser vendors want to remain "innovative", show leadership, so they keep pushing for new features that other browsers don't have. I mean, imagine working on some browser team, having the opportunity to push your web project and having it become a standard web feature, your legacy would live on forever, the hubris of it is just irresistible. Fuck taking the time to properly design this API, think of possible use cases, and design something solid and extensible, let's push WebVirtualReality2000API out before other browsers do, otherwise they will push theirs first and start gaining traction!

So, back to JavaScript. Brendan Eich worked at Netscape and implemented the original version of it in two weeks and it was rushed into production. People started to make use of it. Eventually other browsers had no choice but to support it, otherwise they were faced with lots of webpages that were broken without it, webpages that only work in Netscape. Microsoft definitely couldn't let that happen.


> Eventually other browsers had no choice but to support it, otherwise they were faced with lots of webpages that were broken without it, webpages that only work in Netscape. Microsoft definitely couldn't let that happen.

And then, some time later, when they had this one opportunity to rip JavaScript out and replace it with something better (and, once again, Scheme was a candidate), competition with Microsoft didn't let that happen.


There was no such later opportunity.


I'm honestly not sure which. My favorite local fish place has a webpage with a "menu" link at the top that goes to .. a long scrolly list WITH PRICES. HOLY SHIT.

Why can't more places be like that?


Your local place probably doesn't have enough competition yet to be forced to become customer-hostile.

As for who decides, it's always the developers. Mainstream users have no context for tech, they accept what they're given, thinking this is how things are supposed to be.


> doesn't have enough competition yet to be forced to become customer-hostile.

This is an amazing statement of the post-consumerist economy. It sounds contradictory but it feels like it has to be true.


I guess it might sound contradictory if one assumes that more competition is always better for the consumer, without considering how competition works. What competitive pressure does is continuously minimize everyone's margins, forcing companies to figure out new strategies of making money in order to survive. Being the best vendor from customer's point of view is one approach, but not the only one - and not necessarily most efficient. Other effective approaches include: reducing quality, marketing, more marketing, dishonest marketing, dark UX patterns, planned obsolescence, vendor lock-in, increasingly complicated business modes. Now the kicker is, once somebody uses one of those "dark" approaches to get ahead, everyone else is forced to follow suit or risk getting outcompeted.


The users did, proxied through PMs and designers. It's a classic arms race; can't be the worst looking site/app on the block.


PMs and designers are famously terrible proxies for actual users.


Developers didn't, Product Managers did.


I’d love to see some new standards, something like an iframe you can control from the parent page with minimal js, decent date/time pickers built in, autocomplete, etc

As it is people ask for this stuff and the only recourse is to bundle tons of js into your page.


> I really think the biggest failure was not making the internet easy to use

Browsers (uniquely mozilla) can have a major role here. If they would provide a universal way to share identity, or even a fricionless cryptographic sign-in, and an instant payment solution that would already open up new avenues to compete with walled gardens. However they don't seem too eager to do such things, perhaps aided by the funding they get from said walled gardens.


>If they would provide a universal way to share identity, or even a fricionless cryptographic sign-in

Can you elaborate?


They tried to do that with Persona, but imho they did not push enough for its adoption. https://en.wikipedia.org/wiki/Mozilla_Persona


> baffling URLs

Yikes. No more difficult to understand than a phone number, and people managed to memorize the most important ones and keep an archive of the rest. I'd argue domain names can be even easier to remember as they're just words, not just a string of numbers.


I have some direct experience with this. It is summed up as "open standards people are extraordinarily hard to work with, uncompromising, and subject to infinite fine splitting of the space. Meanwhile, 5 billion users do not care and want things to be easy, fast, work well, and be well integrated."

The result of these two forces is that it ends up being extremely difficult to work on open standards for any kind of data that people care about. (Users can't see HTTP, so it is fine to standardize. They can see blog titles, so... no dice.)


"…Meanwhile, 5 billion users do not care and want things to be easy, fast, work well, and be well integrated."

They can see blog titles, so... no dice.)

Hard to place all of the blame on the open standards people if the other side doesn't want to do anything other than wall people in by not cooperating, with open standards or each other.


As an enginner I really love and support open standards.

As a user I’m on Apple everything because shit just works and gets out of my way.


As a user I’m on Apple everything because shit just works and gets out of my way.

Every time you load a webpage or send an email that content could be coming from dozens of different servers that all work together to deliver content seamlessly. A website Just Works whether it's served by nginx or Apache or IIS or caddy or.. you get the idea.

The delivery mechanism of Internet content is a perfect example of standards working. The content side of things is getting there but there's a way to go yet.


It's funny how I always hear this about apple but every time I try to use the company issued iPhone I get stuck trying to do something that just can't be done. Can't even plug in a standard sd card or an audio plug...


Thank god that you can't plug in an SD card into an iPhone. Disallowing that was one of the smartest decisions by Apple.

In Android world there's the constant flow of "why can't I save the app, or app data, or why doesn't the app save the data onto the SD card, and keeps dumping everything into internal storage".


>Thank god that you can't plug in an SD card into an iPhone. Disallowing that was one of the smartest decisions by Apple.

Thank god people can't expand their own storage and instead have to pay inordinate amounts for internal storage? What?


> Thank god people can't expand their own storage

If that expansion worked reliably, consistently and in non-confusing manner. If apps could be reliably, consistently and in non-confusing manner bet told to install to external storage, keep their data there, and save their data there.


What kind of mad man uses SD cards with their phone? That’s what the 256gb of internal storage is for.

Modern Androids don’t have audio plugs anymore either by the way.

But really it sounds liek your problem is that only the company phone is Apple. The argument really only works when all your devices are apple. Preferably including your whole family.

If you prefer Android, then all your devices should be that and you’re gonna hvae a great time.

That’s kinda the joke here. Nobody cares about open standards as long as everything they do belongs to a single “stack” because interoperability sucks. Like really sucks. Probably on purpose.

Look no further than trying to repeat a Spotify song on Alexa. “Sorry repeating songs is not supported on Spotify”. My ass it isnt you just don’t want to.


Upvoted for conclusion, with which I wholeheartedly agree, but wrt. the first two things - come on. Audio jacks are still a thing (despite some companies being assholes and removing it; I guess the next round, I'll still stay with Samsung). As for SD card - well, they have their uses. They're pretty good for storing and swapping data, and flash degradation is a problem for longevity of smartphones. TBH, I'd pay extra for a phone that lets you easily replace its internal flash.

> Probably on purpose.

Totally. A lot of cases look like deliberately breaking what could be better implemented in an interoperable way. And Apple isn't beyond blame here; what's up with breaking Bluetooth, for instance?


> What kind of mad man uses SD cards with their phone?

I do. It's extremely handy to use them to transfer for very large files, amongst a million other things. Soldered-in storage does not eliminate the need for removable storage.

> Modern Androids don’t have audio plugs anymore either by the way.

Yes, they do. Not the super-high-end phones (which is one of the several reasons why those aren't of interest to me), but tons of mid-range and lower phones do.


I'm a dinosaur, I only use winamp for music. It still works as I want it. I can change songs faster at any time I want to, no matter what I'm doing on the computer with global keys. No need to break away from my flow state.

I fully expect to be moded into oblivion for speaking anything except praise for the apple frenchise.

I'm also aware that some androids don't have what I want but I still have a choise what I buy. Most of my phones have replaceable batteries for example. And sd cards can prevent me from having to buy another phone when the 256 GB internal storage is full.

I'm old enough to remember "640 MB should be enough..."


I'm mainly a dinosaur for wanting audio jacks as i still use my old Sennheiser headphones that I bought in 2006, and still work perfectly. I did switch to Bluetooth headphones for a while but they fell apart after 12 months.

I feel like prices haven't moved in line with inflation, it's just planned obsolescence has moved further up the price range.

That said, I'm aware that I could buy a second hand iPhone with an audio jack if I really wanted.


There is something to be said about wired peripherals... their dependability, ease of use and lack of wasteful batteries that just end up in a landfill.


> I fully expect to be moded into oblivion for speaking anything except praise for the apple frenchise.

No one speaks praise about iTunes.


> 640 MB should be enough...

MB? I'm old enough to remember Bill say 640KB is enough!


"I've said some stupid things and some wrong things, but not that. No one involved in computers would ever say that a certain amount of memory is enough for all time." -- Bill Gates


Rewriting history too.

No, it was never about what he did or did not say. It was that everyone thought it was true.


I feel you've way over-generalized here.

> open standards people

Who are "open standards people?" Are you talking about the individual folks who author/edit/audit/etc. RFCs? Or small-ish groups of people organized into a committee who then create and publish various standards? Or giant corporations and non-profits butting heads to eventually produce some semblance of an agreed-upon standard?

> 5 billion users do not care

5 billion people don't care? I'd argue that there are less. If you asked a selection of that population a question using terms and phrasing commonly used in tech circles their eyes will indeed likely glaze over and their reply will be equivalent to a "don't care" because they genuinely do not care about an open chat standard nor should they. However, asking something like "Would you like to be able to chat with the same friends, families, colleagues, using well-known identifiers[1], regardless of which application you use?" You may begin to hear some "care."

You see and hear a similar argument with the folks who argue that a majority ("most") of Internet users "don't care" that their information is being Hoovered up around every corner. If all we were asking is "Do you care that ostensibly non-identifiable information about you and your browsing habits is being transferred to <some service> so that <some service> is able to provide you with a pleasurable browsing experience," you'd likely get something along the lines of "don't care." Instead present the individual with every data point collected from them, along with what is inferred by their data in aggregate (and everything else that goes in that package), and couple that with the difference they may expect in browsing experience between continuing to permit <some service> collecting their data and not. Now that they've been asked a question, using words and terms with which they may be more familiar, you might begin to see a shift from _everyone_ not caring to some amount less. Or not.

[1] "well-known identifiers" is still eye-glaze inducing, but am too tired to come up with something better.


By "open standards people" I mean "people who prefer open standards". Nothing more sinister than that. :-) (I am one, BTW)

This is already a very small subset of the population -- they've bothered to take a stand on something virtually no-one seems to care about. (At least not directly.)

This last part seems crucial to me. You're right that people care that they can chat with friends. It's the clause I think they glaze over at. Something about applications? I just want to chat!! Of course standards folks, being experts in this, care a lot, but messaging is a canonical example of this. I've personally witnessed years of strategy aimed at open standards go nowhere while proprietary standards win out. It's not because billions of people have strong preferences for open standards!

I do think that there are enough open standards fans, and enough open standards-adjacent folks, to make a strong play for something like messaging. But it's not "abstract XMPP" that's the problem -- it's "real XMPP" with fractures, federation headaches, delays in having it be caught up with capabilities of closed platforms, etc. That's the actual competitor. :-(


I doubt that the standards are the cause. I mean we have XMPP and companies use it to build products but if they prefer to disable the federated features (as WhatsApp did back in the day) you can't blame the standard.

The problem seems to be more along the lines of 'standards don't make money'. So the problem is that companies implement those standards and they do so after their purpose which is to create value for the shareholders.


> I mean we have XMPP and companies use it to build products but if they prefer

they prefer standards and protocols that work well in the smartphone era. As late as 2016 XMPP had next to zero support for features expected in a mobile-first world: https://gultsch.de/xmpp_2016.html. Most XEPs in the article were at experimental stage or draft at the time, and are still in the same status nearly three years later. Some of them like XEP 0352 are "Implementation of the protocol described herein is not recommended for production systems".


As far as the standard process goes that is true and I honestly don't know why those XEPs are not recommended yet. From my perception as a user and server administrator, they work just great. Nevertheless, just because the standard process didn't finalize those extensions, the developers out there don't care and take the draft specifications anyway.

Therefore, suggesting that XMPP had zero smartphone support in 2016 isn't true when talking about the actual applications. I used XMPP back then (still do) and the only problem I remember from that time was the Push-Notification issue for iOS (was solved a year ago or so). With every other OS, you had no problems you (or your server admin) couldn't solve.

But my point was a different one: Companies actually use XMPP (despite being incomplete in the 'recommended' state) but they disable the parts which do not benefit their purpose (e.g. Federation).


Thing is: if there's still work on those standards, it's not apparent. Are the abandoned? Are they going to change? Especially when it comes to warnings like "Deferred after 12 months of inactivity in its previous Experimental state. Implementation of the protocol described herein is not recommended for production systems."

> Therefore, suggesting that XMPP had zero smartphone support in 2016 isn't true when talking about the actual applications.

There was (and still is) only one actual application: Conversations for Android. Support and implementation across the rest (servers and services, desktop applications, iOS) varies widely (or wildly? :) ).

> Companies actually use XMPP (despite being incomplete in the 'recommended' state) but they disable the parts which do not benefit their purpose

I know that quite a few start with XMPP (or its parts), but it looks like most abandon it when they move to mobile (for various reasons, including the ones I listed).


I'm too tired to really comment on this now, but this makes me think of a Signal blog post by Moxie[0] about the decision to disallow federation/third party Signal clients. Whether or not you ultimately agree or disagree with him (I'll admit I'm pretty convinced), it's a pretty good read and parallels very neatly with this topic here.

[0] - https://signal.org/blog/the-ecosystem-is-moving/


W3C is partly to blame for the situation. They don't bother to complete their spec work anymore - W3C HTML5.3 is officially at CR status, but hasn't be worked on since october, and SVG 2, which has been reduced basically to include SVG 1.2's vectorEffect=nonScalingStroke into SVG 1.1, and remove SVG 1.1 features that were never supported by browsers anyway, looks even less like it'll ever be completed.

At the same time W3C's CSS WG churns out specs (subgrid, trigonometric functions, etc.), adding to the infeasability to code a browser from scratch ever again.

If they want to contribute, they could do a lot of things: publish a reduced, rational profile of HTML (and in particular CSS) to give developers a usable target specification, rather than a bunch of isolated specs at various degrees of completion. They could also publish "real" specs with formal semantics and grammars, rather than the prose they publish now, which doesn't know if it wants to be an authoring or browser implementation guide. They could also create a browser from scratch in a formally verifiable language. They could do more lobbying. Or they could disband, to show the world that the public doesn't sit at the table when FAANG decides about the future of human communication.

As it is, the web is becoming a net-negative, a medium for mass propaganda and censorship, an overly complicated turd leading into monopolies, and a place where creators don't get their share. W3C needs to demonstrate the actual value of the web to society, not naively appeal to idealists with their futile "save the web" campaigning. The web is a means to an end, and failing, not an end in itself.


W3C completing or not completing spec has little effect on what's in our browsers. You can put whatever you want in your spec, if no browser vendor implements it it is DOA. Also, why should W3C be busy demonstrating "value of the web to society"?


Don’t forget that W3C has been stealing WHATWG’s HTML specifications and republishing them with credits and attributions stripped: https://www.reddit.com/r/javascript/comments/5swe9b/comment/...


Idk, maybe W3C didn't do all they could to credit WHATWG, but I didn't interpret it that way. People actually reading HTML specs know WHATWG very well. I for one appreciated W3C's efforts to publish a versioned HTML spec which WHATWG never bothered to do. Rather, WHATWG created a self-serving, never-ending process around HTML (but mostly JavaScript APIs) that saw Opera and then MS drop out of creating browsers alltogether. What exactly is the HTML5 shield logo designed to shield against?


MS and Opera didn't drop out because WHATWG didn't create versions of the standard.

Moreover, Opera was one of the founders of WHATWG, and an evolving standard was (and is) one of the core principles of WHATWG.


Personally, I think that HTML5 itself is a great example of how the web is going wrong.


I've been thinking about the walled garden thing recently. Several of my friends who are /long/-time users of FB - thanks to its ability to gather scatterlings from across the world - have started talking about creating (logically) local and durable (not lost in the ad-injected update feed) content, memories and information.

As someone who long since gave up trying to provide that type of thing (because corps did it better/faster with no learning curve, excellent reach, etc), I find this shift interesting. It speaks of non-technical people wanting to have real control of their own content; not some token effort that ultimately enables monetization.

To me, there is still value in the ideas behind older unix services and protocols; things like gopher, old-school blogs (pre mega-corp platforms), irc chat, usenet, etc.

I see ActivityPub and IPFS as interesting developments; I'd love to know what other tools we could string together to help create other (presumably connected but distributed / federated?) spaces that aren't backed by a monetization engine.

It would be neat to see a "distro" that stood up a node with long and short-form content, chat, news and "groups" capabilities. Something a keen but inexperienced individual could spin up on AWS / GCP / DO / Azure, etc.

Am I crazy?

PS: Wasn't chat solved by Jabber (now xmpp)? IIRC, Yahoo and Google at the time didn't support it (other than by using brittle bridges).


Google supported Jabber in Google Talk, and then deprecated it, and then removed it in Google Hangouts: https://www.disruptivetelephony.com/2015/02/google-finally-k...


Yeah google switched hard from promoting interconnectedness to walled garden approach cca 2010. This was in response to Facebook's success and possibility of Facebook overthrowing google as the ad king.

In those days, even Facebook ran an xmpp gateway for their chat.


Facebook supported xmpp until about 2015 iirc.


The rationale at the time was that Facebook had walled-garden chat, Google had to create a walled garden compete. "Copy Facebook at all costs" was Google's survival strategy during the G+ era.


embrace, extend, extinguish?


We don't need new regulations. We need the web to be taken out of the hands of gov. and big corps.

It's interesting how the web started off feeling so very utopian. A naive and benevolent world that was built upon trust - and therefore easily taken over when big corps and gov. moved in. We are now galloping towards some kind of dystopia, where one day we'll be nostalgically watching Black Mirror repeats!

Then you have the Darknet, built on distrust and perceived as somewhat malevolent. It may seems dystopian at first, but as the community becomes broader it may actually evolve into the utopia we hoped the web would be - simply because large entities cannot wrest control of it.


> We don't need new regulations. We need the web to be taken out of the hands of gov. and big corps.

Anything socially powerful is going to get governments and large corporations all over it, under our current system.

You can build a second ‘net/web, but if it got as big as the current one the same thing would happen.

I’m not exactly a big fan of regulating the Internet either, but I’m fine with regulating the governments and corporations with their claws in it.

Getting regulations right will require significant democratic effort from technogists (beyond just voting), but increasingly it seems like the only way to do it.

The good news is that the mainstream view is gradually coming around to ours (data collection/advertising can present real challenges for freedom, user control over software and devices, ownership and incentives, users should expect E2EE messaging, etc.).

Now is probably the best time in recent history for useful democratic regulation of the Internet (or rather, what you can do to people with it).


> We need the web to be taken out of the hands of gov. and big corps.

Interesting use of the passive voice there. Who exactly is going to take the web out of the hands of gov. and big corps? Technologists?


Technologists have been not only exceptionally ineffective at preventing this dystopia, they've been instrumental in creating it.


If a critical mass of individuals migrate to a network which replicates the key functionality of the web but is designed with privacy and decentralization at the core, I believe it would be safe to say that it's not in the hands of gov, big corps, or any individual.


Like Holo.host?


Likely those who use GPL and other copy-left licenses.


We are the government (at least in the United States)


In theory, maybe. In practice, not so much.


> But initiatives like this would require all of society to contribute - from members of the public to business and political leaders.

This means almost nobody is going to contribute.

Sad but true - we can't change the world by asking everybody to change. We have to invent a replacement framework that will be both so great everybody (both customers and businesses) will love it and at the same time by-design almost impossible to use a wrong way.

Sir Tim has already invented a framework everybody wanted but failed the second part. Now he is inventing a new kind of web addressing the second part but seemingly fails the first part :-(


Tim Berners-Lee is partly to blame, his W3C squandered all of its authority, partly through incompetence and partly through bureaucracy and corruption, and now it has little leverage to affect change.


What would they do even if they had authority? What does “authority” even mean in this context?


Having the respect of those who implement the spec. To my understanding, WHATWG has basically usurped all of the W3C's influence and just let it stick around as a figurehead. But it has no real power anymore to incite change.


I don't think that altering the technical details regarding the implementation of HTML, CSS et al would do much of anything to stop the proliferation of walled gardens and spyware.



You're right, it wouldn't.

But the fact is that once the arguably most important thing the w3c did got out of their hands, they lost importance as a whole. So they now have little political power to push back on other things.


The https://contractfortheweb.org/ is so bland as to be impotent. The principles are vague enough to be a Rorschach test. Presumably it has had all sharp edged filed down to gain consensus. As an engineer Sir Berners-Lee wants to bring a solution along with the problems he's found, and this is presumably his best shot. Given his capability that's depressing confirmation that these are hard problems.


Laws stopped crime so no question they'll also fix the Web.


> With the Law of Sea and the Outer Space Treaty, we have preserved new frontiers for the common good

No we haven't. We have needlessly put limits to who can go to the stars and seas, as if the entire oceans and indeed the whole universe belongs to earth's heads of governments. The web is still the most open platform one can find, and like all undiscovered lands it is full of dangers and opportunity. We are hugely thankful to Sir Berners-Lee (my personal hero) for creating and generously giving us such an open world-wide network full of opportunity. But the ones who are destroying the web are russia's government, china's government, the NSA, Europes regulations etc, who not only want to restrict their subjects physically, but also want to own all their information. This is a bad proposition born out of fear and will only provide a temporary protection to corrupt governance. We should instead double down on free networks, create new channels and underlying infrastructure for information to flow freely, and perhaps also break up monopolies that funnel too great amounts of information.

> If we don’t elect politicians who defend a free and open web, if we don’t do our part to foster constructive healthy conversations online,

Just like universal human rights, we just can't rely on the electorates to protect freedoms, we need wide consensus


> russia's government, china's government, the NSA, Europes regulations etc, who not only want to restrict their subjects physically, but also want to own all their information.

Those really do not belong in the same sentence, especially given that many of the European regulations are for the preservation of the individual's rights over their information, in a way that doesn't exist elsewhere.

> we just can't rely on the electorates to protect freedoms, we need wide consensus

Consensus among whom, if not the electorate?


> Consensus among whom, if not the electorate?

"the electorate" is usually 51% percent who are often regulationg against the other 49%. That is a bad way to decide about the future of humanity. wide consensuses also ensure a low level or regulation.


I don't agree with the idea that the internet needs more regulation. Yes, it does have it's problems. But I think many solutions are in the making, we just have to be patient. My idea of what made the web great is its freedom and lack of regulation. I'm willing to endure some drawbacks in order to maintain a high level of freedom.


I agree. The only thing regulation is going to do is entrench existing internet companies and raise the barrier to entry for new startups to compete.


Regulation always benefits the rent-seekers. They have the best means of influencing that regulation in the first place.


This attitude ignores an awful lot of progress. Or you are just defining regulation to only include the things that favor your argument.

For instance, the 40 hour workweek is a regulation in the US. Are hourly employees the rent seekers there? Or the unions and activists that prompted the change?


You’re both right, in that regulation serves the group that most successfully steers it.

The notion that more often than not, incumbent corporations are the ones writing the regulations, is not exactly controversial. Given the recent treatment of net neutrality, I don’t hold out much faith in the open web getting a fair shake right now.


Insightful.

One could extrapolate this Internet struggle being closely related to how meaningful ordinary people are represented in government.

In many democracies, and in the US today, big money owns government to the point of anything at all aimed at defending the interests of ordinary people seems radical?

And expensive?

We may find there is a cost per person, few dollars per, or small percentage of time needed to participate in the system or be stripped down, devalued, tracked and every other thing possible to make money.


Mandatory minimum employment standards aren't progress. Work hours were declining on their own, just as the trend toward a 4 day work week is happening on its own due to fundamental changes in the economic structure.

But point granted that not all regulations are a result of rent-seeking. Some are a consequence of misguided common wisdom (e.g. labor regulations, tariffs, restrictions on foreign investment).


Yeah, right.

But you're forgetting few other categories of regulation. Like, protection of health and life - that's something companies don't tend to do on their own; in fact, it usually goes strongly against their interest[0]. Or, protection of environment. Or, protecting people from countless of individually and socially destructive activities that the market will happily engage in if left to its own devices, as evidenced by hundreds of years of history over which those issues were recognized and then regulated.

--

[0] - A common theme in recent discussions serves as a great proof: Chinese counterfeits on Amazon. By far, Chinese export goods are a product of an environment free from regulations applying in the Western world - so how come people are so afraid they'll get a Chinese-made toy or baby formula?


>>Like, protection of health and life - that's something companies don't tend to do on their own

The trends in place before labor regulations were enacted were toward workplaces becoming safer over time.

Companies absolutely do care about having safe work environments. Where workplaces are less than 100% safe is where trade-offs exist between safety and minimizing spending-outlays that favor minimizing spending outlays, and the simplistic assumption that safety always trumps minimizing spending outlays for the public interest is simply not true, because we live in a complex world where scarcity is a reality, and minimizing costs in one area can increase spending in another, more critical area.

>>so how come people are so afraid they'll get a Chinese-made toy or baby formula?

Because Amazon has introduced a new market of suppliers and consumers haven't adjusted to it with effective filtering tools, so they're reacting correctly and fearing the unknown until the assessment tooling is in place.


This is the actual problem, not regulation itself.

Regulation should be designed to scale with the size and age of the participating operator (of business or service).

Regulations should be about controlling the outsize influence of any individual player/entity in any direction, in addition to restriction malicious activity.

If these were equally important in regulation design, they would be far less harmful for new small players and better manage incumbents.


Regulation of voluntary market interaction doesn't work because one-size-fits-all solutions don't work. You cannot anticipate all permutations of a class of interactions and preemptively prescribe optimal processes for each one. Doing so will massively inhibit innovation.

Free market disruption will do much better to check larger players than easily captured regulatory agencies which are much more likely to become protectors of incumbents in industry and unions than check abusive power.

If the government wants to limit abusive corporate power without setting the dangerous precedent of violating private property and contracting rights, it can fund open source development, like the EU recently did with its funding of Proton mail.


I have clean air and water where I live, largely due to regulation.

If "rent seekers" are benefiting from such regulations, they're certainly far from the only ones who benefit.


"Regulation always benefits the rent-seekers. They have the best means of influencing that regulation in the first place. "

The first sentence is blatantly wrong (the word "always"). In what way did environmental regulation benefit the rent seekers or in what way does the GDPR help them? I really hate when people say all regulation is bad if the real problem is that politicians are captured by industry. I grew up up during a time when the river next to my town was green one day, red one day and yellow the next. The only fish in that river were dead. Now 30 years later you can go swimming in the river and there are plenty of fish. Only regulation made this possible.


Regulations benefit larger companies that can afford compliance departments, legal protection, and lobbyists.

Imagine EvilCorp on the one hand, with 50+ employees dedicated to ensuring they stay just barely on the side of the law (while exploiting all the loopholes they can), and TinyShop on the other, which has 10 employees _total_ and has to spend a much larger percentage of available time, energy, and money ensuring they don't get shut down by a regulator.

Regulations are important (that your town is healthy again is the main point), but they are also a barrier to entry that favor large, established companies over small startups.


If you can afford more lawyers you are always at an advantage. Even the “regulations” against theft or harming other people have a bigger impact on people with less money but we still have them.

So saying “all regulations are bad” is just not very smart. Without regulations we would be living in a polluted world with child labor and unsafe workplaces. Every piece of food you buy may kill you. The wheels on your car may be falling off at high speed.

I agree that there is room for improvement but regulations are a big part of what makes a modern civilized society.


That isn't a general truth. Regulation usually favours larger players because regulation favours businesses who can demonstrate compliance with regulation, and that is usually expensive. It is also much easier to achieve compliance if it is an incremental change to an existing business rather than something to be absorbed from scratch - so regulations also favour established businesses.


Force residential ISPs to permit servers running over IPV6. Then we can have federated protocols that bypass the rent seekers.


How many years do we have to be patient whilst being stripped of every personal data point that can be inferred and tracked and bombarded by malicious ad networks?

Lack of regulation - of advertising, of honesty, of data, of consumer protections made the internet the cesspit of data abuse it currently is. It stopped being great years ago to my mind.


Outlawing all the shitty data collection, or GDPR'ing it to the point so at least it's much harder and more under control, would go a long way toward fixing things, including off the web (medical providers, credit card companies, credit reporting agencies, and so on).


This depends on what you mean by regulation. If you're talking about net neutrality, then it's wrong to assume regulation will benefit rentseakers. That's a matter of protecting freedom of speech from corporate infringement.

If you're talking about regulating social media interactions... that's more complicated. I don't see a good way to stop people from spreading fake news, propaganda, etc without abolishing free speech legislation like the first amendment of the US Constitution.

There may be a way to curtail privacy invasions via legislation, but that's highly unlikely to happen since the government itself is collecting data gathered by Amazon, Google, Facebook, etc.


I would much rather a decentralized global meshnet replace traditional telecommunication networks than Net Neutrality be used to manage those networks.

I could easily imagine regulations like Net Neutrality inhibiting the development of a global meshnet infrastucture.


I too would like to live in a magical fairy land where all of my dreams came true. Since I don't believe in magic, I'm forced to think in terms of real world implications.

A centralized structure with a dedicated backbone will always be more efficient than any kind of mesh net. Additionally, such a structure requires a critical mass of people to operate.

Since people don't want to be the infrastructure when they could be a client and have much more bandwidth, that alone sinks the whole deal. If you're not convinced, consider the fact that the incumbent providers will fight such a structure at the legislative level as well as trying to undercut its userbase.

Also, net neutrality rules, as established in the US in 2015 were pretty straightforward. They wouldn't inhibit a meshnet, meshnet clients likely do not fall under the definition of ISP, and in fact such rules would probably be necessary to it's effective operation. Remember, they were based on three simple rules: "ISPs cannot block legal content, applications, or services", "ISPs cannot slow down or degrade internet service based on the content, application, or service accessed by users", and "ISPs cannot accept payment to give content, applications, or services more favorable access to users."

So back in reality-land, there won't be any meshnet to compete with the current internet for the foreseeable future. If you value freedom of speech and free movement of information online, I strongly suggest you support the rules outlined above.

EDIT: It's also worth noting that such a meshnet would solve none of the issues raised by Sir Tim.


>>Remember, they were based on three simple rules: "ISPs cannot block legal content, applications, or services", "ISPs cannot slow down or degrade internet service based on the content, application, or service accessed by users", and "ISPs cannot accept payment to give content, applications, or services more favorable access to users."

Regulations are always more complex than their supporters intend. Implementation requires additional rules for compelling compliance, and those additional ancillary rules become a hindrance to bottom-up innovation.


Those ancillary rules were mostly exceptions due to forbearance... not additional restrictions.

I don't see how forbearance was a hindrance to innovation. Maybe you'd like to explain it to me.


Generally speaking, regulations require a registration/approval process to facilitate enforcement. Participation in that industry then becomes encumbered by the requirement to go through that process, which is bureaucratic red tape that inhibits innovation.


Yes, but that doesn't apply in this case, since the regulations don't add to the approval process. The regulatory structure is there to provide legal support in case of major infractions by ISPs. Even monitoring is done by 3rd parties.

There is no established connection between this kind of regulatory structure and innovation or investment. Monitoring of major ISPs didn't show a significant pattern of increased or deceased investment. AT&T spent less. Verizon spent more. Some minor ISPs reduced investment and even petitioned to remove the rules. Others expanded service more under the rules than they had before.


I don't know enough about the particulars of this case to have an informed opinion, so you may be right. The reason I'm dubious is that what I've seen is regulations generally adding compliance overhead even for those not directly subject or for those already in compliance.

Moreover, every additional regulation generally increases the need for an official registration/approval process for would-be market entrants, which precludes a transition to the type of barrier-less industry that I think would be optimal for innovation.

That's the extent of my comment on this particular issue.


Even if it did create some kind of barrier to entry, I would argue that

1) It isn't significant next to the natural barriers inherent to wired telecom.

2) If it protects freedom of speech as the NN regs did, it's 100% worth it.


That is not my view on the likely relative importance of the deregulation benefits versus regulation benefits, though I can't provide any evidence to support my opinion.


I do agree with the idea that the internet needs more regulation. Yes, it does have it's problems. But I think many solutions are in the making, we just have to move forward. My idea of what made society great is powerful companies being held accountable for their effect on people's lives. I'm willing to endure some drawbacks in order to maintain a better society.


> malicious activity such as hacking and harassment

I don't know, but somehow I see hacking much less of a problem than harassment. I mean even the bad guys out there, trying to get into our ssh ports even minute we speak, are just a reminder to secure our systems properly. Harassment on the other side is a social phenomenon not limited to the digital world which has no upside that would be proportional to its downsides.

> problematic system design such as business models that reward clickbait

This is a real problem. I mean, it's not just about the clickbait titles. It is about an advertisement. So what is advertising? In its essence, you present information to change the inner state of a human being towards a specific direction (e.g. my product is cool, buy it!). So what an advertiser does is to forge information sources. With books, it is not much different, but with the personalized advertisement, the effectiveness has increased dramatically. Nowadays, we have effective human manipulation machines which manipulate millions of humans every day or in other words, someone has managed to crack democracy...

> unintended consequences, such as aggressive or polarised discussions

Similar to harassment, I don't think the internet is the cause here, but merely the filter to bring those nasty elements of human nature out of the dark corners of our societies. After all, people quarrel/fight/kill offline too. We probably just have to learn as a species to not be afraid our own disadvantage but to embrace diversity and make the most of combined forces instead of trying to be just a bit better than our neighbor.


> Similar to harassment, I don't think the internet is the cause here, but merely the filter to bring those nasty elements of human nature out of the dark corners of our societies.

I'd go a step further. Those things to some extent are natural, and in their natural form manageable. But the advertising-driven business models on the Internet serve as amplifiers, and it is they that make "aggressive or polarized discussions" an actual problem.


this - it goes viral


I’m a huge fan of TBL but the solution will not come from governments and corporations, they have nearly every incentive in the opposite direction.

Slowly, slowly people are waking up to the realization that we the people must solve this ourselves, with a solution that cannot be controlled by any one party.

We did this with strong encryption but that was much simpler. The set of memes and values people need to understand will be similar but larger in scope.

It will probably take 10+ years to get there, but we’ll get there faster the more we stop looking up to hierarchical authorities for solutions, and looking around at their fellow netizens.


You're talking about a distributed solution that will never happen. A centralized system will tend to behave more efficiently than a distributed system, and the owners of that centralized system will undercut the distributed system at every stage. Corporatism will block any such movement via pricing, ease of use, marketing, FUD, and legislation.

If you don't include corporations and governments in the model, that model will fail.


A centralized system will tend to behave more efficiently than a distributed system

If that was always true, we literally would not even have the Internet. Centralized, corporate networks like TYMNET died like flies once the open, distributed Internet became widely available.


What? The web isn't distributed. It was built upon major trunks and backbones set up by government projects. All of your data goes through this centralized network of hubs and backbones as it travels around the internet. In the US, the infrastructure was sold to private companies (notably, several of the "baby bells") in the 90s.


I'd say that Internet was a fluke. Some standards - both electrical and software - managed to spread worldwide and solidify against the opposition of the market. This was a time when being compatible with everyone else turned out to be more beneficial than trying to strike out on your own.

It's important however to contemplate on the degree to which Internet is centralized - or getting centralized. As it is today, everything up to transport layer (TCP, UDP) can be considered baseline infrastructure. Very few market players are trying to mess with it, similarly to how most market doesn't mess with the voltage and frequency standards for electrical outlets in your home. But anything above TCP/UDP is up for grabs, and is becoming heavily centralized.

This is the way of the market. You make money by building barriers, not bridges. And the players that make bridges only do so to tear down their competitors' barriers, so that they can replace them with their own barriers.


Riot/Matrix is gaining some momentum due to having E2E encryption, federation and it's ability to bridge with other chat networks like IRC, Discord, Slack, etc.

XMPP failed due to a Linux distro-like approach where each client supported different extensions, making cross-client compatibility poor.

Riot/Matrix instead is more similar to using one of the various distros that are built on top of Ubuntu - so you know it "just works", there's a full feature set you can expect from using any client and all of them are compatible with each other.


Riot/Matrix is a chat standard, but it's not an open standard. I say this with melancholy as the developer of the only federating matrix server other than the reference server developed by the for-profit company (read: for-profit company) that controls the standard. I do it because this has the potential to be a great protocol and facilitate a great UX if the controlling party didn't alienate talent from its ecosystem. Matrix is a lot of gloss, a lot of hype and cheap talk, but under the hood it's deeply insecure and it's entirely controlled by a single person (again, read: a single person). And he is a fraud. He has lied about the userbase on numerous occasions; the company had its funding abruptly cut in 2017. It's now funded by scamcoin sales from a shell called status.im.

Anyway, I think matrix has potential as a traditonal free software community project which can exercise some leverage against the controlling party, so that's why I still work on the Construct: https://github.com/matrix-construct/construct


For anyone who came here disappointed reading this, here is a later response from "the single person" the Matrix guy.

https://news.ycombinator.com/item?id=19418111

To me it seems, that the problem jasonzemos has with Matrix is, that they do things differently than he wants it and he can't change that so he would like to fork it. And have it a community project (with him in charge?)

Not a problem with that per se, but he uses personal insults and lies as it seems to reach his agenda.


> developed by the for-profit company (read: for-profit company)

Isn't this just plain wrong?

Matrix.org is set up as a foundation, which AFAIK is the definition of a non-profit organization

https://matrix.org/blog/2018/10/29/introducing-the-matrix-or...


No. The for-profit company only recently setup that foundation after projects like mine pressured them to do so. They have absolute control over the foundation's board and direction. There are a few minority seats for others -- they are not filled, last I checked.

Nothing I said was wrong.


Can you provide some details on the claim that Matrix is deeply insecure?


If you were able to build a federating server implementation, in what way is it not an open standard?

Also, deeply insecure how?


If you go to matrix.org and look at the list of about a dozen or so servers: you will find that none of them actually work except the reference implementation, and maybe sometimes Construct. Even thus, the phrase "able to build" is questionable. I have spent months reverse-engineering their software and its interactions before, and after, it was at all documented in this so-called standard (by the way, it's just documentation of their software -- errata and all (and rather poor)).

Construct server is the single survivor out of the ones listed and even more who have attempted and given up early which we don't know about. That being said, it is still incomplete.


Doesn't this just sound as a rather complex and young protocol that is still in development? I've never gotten the impression of the New Vector guys deliberately misguiding others out of malice. Does Construct work as a Matrix homeserver or does it not?

Regarding your insecurity claims, is there any particular area where Matrix has concrete weaknesses? Could you elaborate on that point?

As a sidenote: I really appreciate your work and think new homeserver implementations are invaluable.


Whether or not they are deliberarely misguiding is arguable. It's a great example of the classic Incompetence vs. Malice dichotomy: the maxim is that one should never attribute malice to incompetence, and that's where I lean here, slightly. The fact is though that they have little to no interest in third parties writing servers. They love clients, and protocol briges. They love people putting in the effort to present their system to more users on diverse platforms and make them popular; servers are a risk to their interests.

Servers have control. I can quote the CEO of new vector in an argument we had about the insecurities of the protocol and what needs to be done to fix them where he said "good luck talking to your own federation." That reveals a lot.

A popular server controls the federation. It controls the de facto standard. If their server isn't the most popular they lose control. This is how they operate the standard -- on an ad hoc de facto basis. If they lose control they lose velocity and value as a for-profit enterprise. The matrix is all about control, just like the movie, ironically.

The protocol is deeply insecure. It's modeled on ideas robbed from blockchain Merkel trees and directed acyclic graphs for eventual consistency. But they don't use either properly. At the protocol level blocks in the chain are not identified by their hash, they're identified by arbitrary strings. The blocks have hashes but their implementation does not check the hash. Read that again. The DAG allows for arbitrary insertion of blocks into the chain.

Are these backdoors? Probably not. They're just idiots. And they don't give a shit unless, maybe, they're pressed to.


Is the web public or private? People want it both ways but you cannot have both at the same time. This distinction governs policy, security, and enforcement and as result are all less clear than they should be. While this is nebulous the problems spelled out in this letter will continue without serious resolution.

Compare that to email, which is inherently private and as a result far more simple to provide laws and policy around. Email is not always secure, but the platform and concerning laws are very clear.


Does anyone else find it odd that contractfortheweb.org pops up a warning that they're using cookies?


that's part of the problem.

News media has to report on how crazy it has become, but...

"It is difficult to get a man to understand something, when his salary depends upon his not understanding it" -- Upton Sinclair


Maybe Tim could have made this stand before approving WebDRM?

Then at least it would have had some more credibility.


I agree but let's not give any of this more weight. Tim Berners-Lee doesn't have any leverage for anything, he is speaking in the wind. Most of us are.


WebDRM has pretty much zero effect on the web usage.


I think part of the problem is aside from IPFS, little work has been put into decentralization and standardization of content. Dynamic content is based around JavaScript which has and will continue to become a spy tool for marketers. I don't see the Internet improving until there is other options for standardizing dynamic content other than JavaScript, and making it easy to host your content without needing to rely on a centralized cloud platform.


The content on the Internet ranges from "free" to "paid subscription":

1) We have volunteers that curate content and they have limited time. We need to be gracious, courteous, and thankful for their effort.

2) Businesses are providing content and generate revenue via subscription, advertisements, or data mining our input. Put another way, in the last two cases we are the product.

In all cases the content will be biased because humans are biased. We deal with that by reading content from multiple points of view and apply critical thinking and reasoning skills.

We also have to continually remind ourselves that there are people with disruptive agendas - both individuals and collectives funded by nation states that have an agenda. How many times have you been notified that your information has been compromised?... Jurisdictional issues make it hard for law enforcement agencies to track them down and shut them down. The situation reminds me of the caricature of the American West in the 1800s - a free-for-all. To be forewarned is to be forearmed. We need to take security seriously.


Everyone is in the net.

- malicious activity such as hacking and harassment

- problematic system design such as business models that reward clickbait

- unintended consequences, such as aggressive or polarised discussions

These are problems of human evolvement. Education, education, education and not screaming at each other and discussing with the opposition till consensus.


>>> dysfunctional future

More like the dysfunctional present, the best invention that happened recently to the web is Pocket and reader view. I have stopped reading content on the web directly because an average web page is full of tracking and ads, some of them are known attack vectors.


I was watching a documentary on animal intelligence and it seemed to me that once a species gets to a certain level, individuals start cheating and hiding things from each other. This happens with dolphins and chimps, for example.

What humanity has achieved with the internet is the industrialisation of lying, cheating, and faking. An individual's ability to cheat was more or less limited by space (and he had to be convincing). Now a good liar can reach out to millions and he doesn't even have to show his face (and he can reach the credulous easily, so he doesn't even have to be as convincing as before).


I agree with most of what TBL says here (even though I think that a few of the positions he's taken over the past few years have not helped).

From my point of view, the web is clearly degenerating and the rate of degeneration is increasing. From my point of view, this is because of privacy and security issues, not so much what people are using the web to say. For years now, the web has been growing smaller and smaller for me as more and more websites (particularly newer ones) become effectively unusable.

I realized last year that it's entirely possible that I may stop using the web entirely at some point in my lifetime.


Perspectives are fascinatingly different. For me, the biggest issues of the near-dysfunctional web are:

1. registration popups (newsletters, membership) and paywalls that appear when I click on promising links.

2. cookie banners, popups, interstitials that pointlessly require additional actions everywhere, like a stupid second door on a fridge.

3. stuff that is broken because obscure JS / new non-standard browser feature doesn't work, possibly because of ad/tracker blocking.

4. copyright scares and other legal obstacles and uncertainties for publishers (e.g. GDPR) that drive smaller, especially noncommercial publishers away from the web, so users become easy victims of multinational corporations with predatory business practices. This is a much bigger issue than hacking for small publishers.

What do "polarised discussions" even have to do with the web? We have them in every pub. The fact that they're prevalent on the web is a sign that something works, not the opposite.


I disagree with arguments on web becoming centralized. Unless you are acting unethical, there is little control over what you put online. I understand issue starts with the giants but they are brought under regulations inevitably to bring the balance back at some point. I think this thread is contributing to the same cause in natural manner.


> I undertand issue starts with the giants but they inevitably go under regulations to bring the balance back at some point.

Inevitably? As by some law of nature? Or inevitably under the condition that people like Tim Berners-Lee speak out and rally people for the cause?


Anti-trust laws? Without people rallying, of course it wouldn't be possible.


Define "acting unethical" - since on a technical level you control what you render and what you send. Now if you routinely start hacking into everything to erase IP traces that is unethical but literally nobody does that.


> Define "acting unethical"

Criticism of his royal majesty, disrespect of the judiciary, or denial of the inherent evil of the Armenians.


I didn't mean his majesty, but anything takes a hit on basic human rights is simply unethical, with level of which %99 people could tell the difference. If you guys mean "giants crushing competitions", it takes longer for people to recognize, no doubt about it.


It's only dysfunctional for non-commercial users. The ones making making money from it are getting richer than ever.


Oh it is dysfunctional for them too they just don't care


I have not been always been endeared to what TBL thinks the web should be.

https://www.eff.org/deeplinks/2017/07/amid-unprecedented-con...


There are projects working to promote a better future for the web. Scuttlebutt and Dat to name two.


Read the letter, the same angst that really has nothing to do with the web other than highlight it made it easier for the bad actors in society to affect more people faster. you are not going to fix his list of issues until you fix mankind. worse is that not everyone will agree on all the items listed, some may be absolutes but others are far more often a product of where you are in this world.

so yeah, we have a problem, the web just puts it in the face of everyone at once


Sometimes I feel we invented the Krell Big Machine. The way social networking damaged our democracies is shocking.


No mention of the Solid technology from Inrupt that TBL is meant to be touting.


Web is no longer web- it's increasingly becoming a number of sinks.


What did you expect? Everything you open up to commercialism will eventually turn to poo. Look at television and what it was initially meant to be and where its ended up.


[dead]


Hey, why stop there? Dig deeper! Thanks to internet and computers turning the web into a platform for adware and spyware. No, actually, thank electricity.

It's a stupid point of view, where people blame some tech for problems created by those very people.

It's not javascript that makes web slightly slow, but incompetent developers driven by business.

If it wasn't javascript, it would be something else that allows you to run some computations on client side. And it would be the same if not worse. There's a reason web was won by JS, not java or COM or flash. Hell, there just was a post no NY that demonstrated that fonts are potentially turing-complete.

Our behaviour, economy, law, customs, complete lack of culture and education causes slow web, privacy problems and de-decentralisation of internet. Fundamentally, bug is outside of computer, it's just us.


> If it wasn't javascript, it would be something else that allows you to run some computations on client side.

I agree that blaming Javascript the language is incorrect. One of the major problems is that websites are able to run code client-side at all.


Well, we really need to do some client-side computations for really good reasons. And if we hadn't, it would be reinvented pretty quickly.

What we need right now (IMHO): 1. Some easy-to-use on/off capping button for code size, memory consumed, cpu used, resources loaded per tab. Enabled by default, shipped in each major browser, including mobile 2. Cruelly penalise links that abuse client resources in search results of all major platforms 3. Give it a year and watch them raging, but slowly adjusting to new requirements 4. Repeat with lower caps until it's good enough

That's all we realistically can and should do: impose some universal limits and require user conscious action to bypass per webapp.

It must be job, which W3C should be doing already, probably with joint efforts of Google, Microsoft and Apple. If they managed to enforce CORS, they'll be able to that also.


I 100% understand the use case for running code client-side. Personally, though, I disallow it for exactly the same reason why I don't download and execute any programs from random websites -- it presents a security risk that is unacceptable to me.

That limits functionality, of course, but so be it.


In that case use should understand, that you need to find a way to disable all browser media, css and html rendering. Because they all process data from untrusted source.

The thing is, executing javascript is not that much different from rendering all those things, and anytime you allow your computer to do some computations using any program on data from untrusted source, it's a risk. There might be even bugs in decompression library, so let's not download anything.

There were plenty exploits that used html/css parser bugs with no JS at all. I think I even heard about case where guys hacked into car using radio and a bug in mp3 decoder.

And it won't get any better unless we maybe start writing on something more safe, like Rust instead of c/cpp.

The way JS engines are implemented and used makes it an easier and more obvious target, but not really enough to just turn it off by default. Doing so is just a superstition, we could make just a little step further and rip off all our computers IO to be safe.

Running browser in VM might be a better idea, but again, in theory one could escape VM.

Sadly, it feels like we're at least a couple decades away from owning secure systems, if that's even possible. Ha, I just thought, that we might get strong AI before that :)


> In that case use should understand, that you need to find a way to disable all browser media, css and html rendering. Because they all process data from untrusted source

There's a big difference between processing data from an untrusted source and allowing active code from an untrusted source to execute.

> There were plenty exploits that used html/css parser bugs with no JS at all.

True, but I'm not talking about exploits. I'm talking about code running as intended by the authors. Tracking and telemetry scripts are prime examples of what I'm talking about.

> Running browser in VM might be a better idea

That's a larger pain than simply disallowing scripting, and does nothing about things like tracking.


> There's a big difference between processing data from an untrusted source and allowing active code from an untrusted source to execute. With all respect, there's very little difference between code and data.

> That's a larger pain than simply disallowing scripting, and does nothing about things like tracking. Unless you live don't live in EU, your data is guaranteed to be tracked, stored and if any value is found, it's being sold.


> With all respect, there's very little difference between code and data.

I disagree entirely with this. The difference is clear -- data is not operational on its own, it requires something to operate on it. So in terms of trust, I only have to trust the software operating on the data -- and I have many choices of software to use to do that.

Code is operational, and I have to trust the code itself rather than a tool.

> Unless you live don't live in EU, your data is guaranteed to be tracked, stored and if any value is found, it's being sold.

I don't live in the EU, and this is the exact sort of attack that I'm doing my best to protect myself against.


> I disagree entirely with this. The difference is clear -- data is not operational on its own, it requires something to operate on it. So in terms of trust, I only have to trust the software operating on the data -- and I have many choices of software to use to do that.

Well, that's what I strongly disagree with. You either oversimplify it for practical purpose (which exactly what I wanted to point out making this statement) or are simply wrong on a fundamental level. Distinction between data and code is artificial. It really helps us when we programs, but hurts when we think about security issues and that mindset in a way is an exploit itself.

If you look into security-related updates in any mature interpreted language, you'll see that 99% of them are related to data processing, not some restriction being forgotten. Think about good-old stack overflows errors, where your data suddenly becomes a code, or numerous exploits in simple text formats, xml parsers or PDF nightmare.

Real security problems have very little to do with the fact that malicious data was carried by some executable code, they do just find without it. In fact, having so heavily-tested VM that there are, makes daily usage of average computer user much safer that it would be without it.

> I don't live in the EU, and this is the exact sort of attack that I'm doing my best to protect myself against. I didn't mean that new hysteria about being tracked by ads and browsers. It's a toothless issue, that poses no significant threat and we as community could entirely fix it in less than a year, I just don't think anybody's capable really cares. After all, if we can have some GDRP joke and that makes people feel better, why even bother?

I was really pointing that your traffic is compromised at ISP level and if you were a person of any interest, analysis could be bought at black market, just as your SMS could be intercepted without you knowing. It's business.

Oh, and don't let me start about hardware level, which we trust, but as it turns out, should not.


If Java applets had won, then you can be damn sure they would've turned them an adware platform as well.

Don't blame the language, blame the corporations who are given free reign to abuse the public.


First, you have to stop JavaScript.


Last year, 27 people were murdered in India due to shared WhatsApp messages. https://www.wired.com/story/how-whatsapp-fuels-fake-news-and... https://www.nytimes.com/interactive/2018/07/18/technology/wh...

Facebook is used as a platform to attack Rohingya muslims in Myanmar and Sri Lanka. Over 600,000 have been forced to flee the country. https://www.nytimes.com/2017/10/27/world/asia/myanmar-govern...

Politicians have hired companies to mine Facebook data of millions of people for use in their campaigns. https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Ana...

Foreign governments use social media accounts to spread disinformation and destabilize elections. https://en.wikipedia.org/wiki/Russian_interference_in_the_20...

.....But this whole "regulation" thing is clearly overblown. It's not like there are serious consequences to having multiple Big Brothers that not even the state controls. Right?


You clearly don't understand what "big brother" is.

"Dangerous" speech has propagated via numerous means for millennia. For example: ~240 years ago people were fomenting revolt using printing presses.


Big Brother is an all-seeing, all-knowing, totalitarian leader of a society that wields its power for its own sake, using surveillance as a tool towards that end. That's what some massive corporations effectively are today. People think today's Big Brothers are benign because their mission statements seem just or useful, but as I've shown above, there is significant potential for collateral damage.

You're right, and we've needed to control those means numerous times over the millennia. Sometimes just to keep the powerful in power, sometimes to check the powerful, and sometimes to check the surging wave of popular revolt.



Foreign government's use of social media is the most alarming thing in my opinion...

Revealed: Israeli Military Monitors Social Media, Blogs and Forums in Search of 'Security Leaks': https://www.haaretz.com/israel-news/.premium-revealed-israel...

Jewish Internet Defense Force: https://en.wikipedia.org/wiki/Jewish_Internet_Defense_Force


How does encryption work for group chats on WhatsApp? Could Facebook have moderated these messages to prevent the attacks or is the content still hidden to them?


WhatsApp supposedly uses signal protocol, which implies that the messages are e2e encrypted and fb doesn't have any visibility to the contents. Of course like always it is difficult to say what capabilities fb really has.

https://techcrunch.com/2014/11/18/end-to-end-for-everyone/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: