[candiodari]

Oh yeah ... I see it now. Instead of the "do you accept cookies" in your face idiocies we now need to identify ourselves using 2 factor authentication on every website.

That sounds SO great.

Obviously there are no realistic security measures that are 100% effective. All this will amount to is further cementing the power of large internet companies. You know this, so why ask for it ?

[mhjas]

"Do you accept cookies" is only relevant because there isn't a separate login mechanism in HTTP. Actually knowing whether you are sharing data with the website, and what website that is, would be a major improvement. Security measures don't have to be 100% effective. Just like road safety you should focus removing the impact of flaws, not to prevent flaws as such. A separate authentication mechanism would remove a large amount of security issues, including potentially phishing and password leaks entirely. These common security issues of compromising the system of the user or the company would simply not have the same impact anymore.

A not insignificant part of the large Internet companies power comes from that they are the only ones who can handle, or people trust to handle, security. It isn't that hard today to create your own e-mail system or smart phone. But managing those systems, especially for a reasonable cost at scale, is just beyond what most new entrants in the market can handle.

[candiodari]

Government mandated authentication mechanism. This question is almost a joke: what could go wrong ?

Everything can go wrong.

> A not insignificant part of the large Internet companies power

So it's about breaking the power of large internet companies ? Figures. Can we please do that WITHOUT destroying the web ? The last regulation that tried to break the power of large internet companies was the GPDR, and that has significantly entrenched the position of the large internet companies instead, while creating a ridiculous amount of inconvenience for everybody. This ... will do the same.

People WANT to share that data. Or perhaps I should say, they want the things that happen when they do. Quick searches that get them the products they want, on Google, on Amazon, on clothing shops and on tons of small webshops. Even the obnoxious image ads. People want them.

That means that a login mechanism will just be an extra hurdle with zero of the effects you want.

[gkya]

Taking an argument to its extreme is bound to make it seem ridiculous. Certain websites require certain levels of security. Not every govt building has troops with war grade guns waiting them.

[candiodari]

Perhaps, but would you have said the same if I put a comment about "accept cookies" nonsense in a pre-GPDR discussion ?

So ... perhaps not.