| Part of what excites me is that it decentralizes where assets have to come from. Yes it means Google can serve stuff, which will help some all operators at who knows exactly what cost of privacy. But what absolutely electrifies me is that I can share content with other people: even in an offline scenario I can give then a webbundle with a site if the site supports it, and the friend's browser can crytographically check everything out, & trust that the bundle is from the bundler. > Right now, requests on the web are kind of p2p. Today's web is decentralized, because there are many domains. But there is little peering among peers: everything is client-server. This, imo, enables a much more p2p web. It enables a distributed web. Where even if an endpoint is under attack, the web can go on. Where folks who fall over the edge (go offline) can still operate. But yes, seems likely Google intends to be a rather large peer among this newly distributed web. I recommend the IETF draft of use cases for getting a taste of what WebBundles is for, which hints at this new distributed architecture, by way of describing characteristics a WebBundled web has, https://wicg.github.io/webpackage/draft-yasskin-wpack-use-ca... |
Google is evil, and if we need to wrestle about that, I will. I'd like to see your red-team skepticism about their intentions and your attempt to consider how this may be a trojan horse or a false-compromise. Google is famous for making moves that look neutral or even good from many angles that are ultimately centralizing power in the hands of capitalists. With good reason, we should doubt why they are doing this. It does appear that the core intuition (if I understand correctly) in WebBundles //can// be used to improve decentralization of information power, but I suggest we should paranoically imagine how it may be exploitable by Google (that is our duty here).
I have some limited experience and a ton of skin in the game on this one. For several years, my wiki has had some of the properties of a prototype of a WebBundle, including an attempt at enabling cryptographic verification (https://philosopher.life/#Cryptographic%20Verification). My goal is to emit one huge all-inclusive html file with the signature wrapped around it (I sign and push/sync up to every minute). This enables me to distribute my wiki across many networks, even sneakernets, without losing one of the fundamental keys to my voice. I'm a second-class citizen on the internet compared to a large corporation, and I have to be able to effortlessly abandon or accept the losses of rented end-points (I really don't own my domain, access-point, or server...they are merely rented: I do own my private key though). In some sense, I have the opportunity to agnostically treat the methods of distribution as a lame middlemen pipeline (what we always hoped the internet infrastructure would really be). I give up my ability to control how my wiki is distributed in some sense as I enable anyone to pass around the signed wiki as a proxy. I happily lose the ability to check whether or not I want to send my signed wiki to any individual in many cases, and I lack interactive control of a session; it feels like I become a far more passive participant of the web, being incentivized to provide the read-only information valuable to ML and disincentived from relying upon dynamic real-time exchanges. I appreciate being able to prevent people from putting words in my mouth while also enabling users of my wiki to acquire and run the site offline, as they see fit, with maximum privacy and anonymity.
There's the context I have. From what I can tell, from a grassroots p2p practice, the reason that the signature "works" is because a user has maintained an old copy of the wiki or even just the public key that they do trust. They've chosen by hand to trust it's me that signed it. I'm not convinced that Google intends to maximize the automation and decentralization value of that kind of verification. It seems an incidental possibility at best (perhaps there's their quasi plausible deniability in seeking a monopoly).
They aim to be more than merely a very large peer, and I'm begging you to question that more openly with me. This feels like a disruptive feint only seeking decentrality in name. Perhaps their move weakens the powers of many web infrastructures that would otherwise continue to centralize, but I think they will continue to attempt to take over whatever power vacuums arise in that space (I assume they can see how to make money off this far better than I can too). When I see, for example, Dat become a first-class citizen of Chrome and when I see them empower client-side archiving, search, and moderation to users of their infrastructure (while taking Firefox and web standards off the leash), I'll begin to believe they intend to enable a p2p web. For now, I see them building an AMPed blackhole walled-garden where they aim to be the root server of trust and authority on what is salient while allowing the highest paying bidders to have degrees of access or control over our data, minds, and lives.