[lmm]

> the current decision makers only have power because other people trust them voluntarily.

Not really. Plenty of EU citizens don't trust Microsoft, Google or Apple. But there's no practical alternative. The government of an individual EU country has a lot more accountability than that.

[negidius]

They can install an open-source OS/browser and ignore Microsoft, Google, and Apple. There is nothing they can realistically do when they don't trust a government.

Governments ultimately derive their power from their ability to impose their will by violence. That makes them inherently less accountable than organizations that you are free to ignore.

[lmm]

Someone who doesn't trust a government can move countries, particularly in the EU. I'd argue that it's actually easier to avoid a given EU government than to use an OS/browser combination that's not controlled by US entities.

[negidius]

That's frankly ridiculous. Moving countries is expensive, and there are a limited number of countries in the EU and the world. If you can't afford to move or don't trust any of them, you are out of luck.

Installing an open-source OS and browser is free and the options are practically unlimited as anyone is free to create a new alternative.

[lmm]

> Installing an open-source OS and browser is free and the options are practically unlimited

There's what, two and a half real options? Even open-source applications wilfully cut off any non-mainstream OS (see the whole systemd saga). "Anyone is free to create a new browser", sure, but in practice it's now so expensive that even Microsoft had to give up. I've absolutely got more practical choices of country.

[negidius]

I have no idea what you are talking about. There are literally infinite alternatives because you can freely modify any open-source alternative in infinite ways.

No one is going to kick down your door and shoot you if you try to make a new browser or OS from scratch, like they would if you tried to make a new government, but there is really no reason to make a browser from scratch.

Microsoft didn't need to trust Google to fork Chromium, they didn't give up any power to Google and have exactly the same ability to influence web standards as if they had reinvented the browser. If they disagree with a choice the Chromium developers made, they can change it and keep the rest. The same applies to anyone who wants to do the same.

When it comes to certificate authorities, you don't even need to modify the browser or OS because they already allow you to add and remove authorities. The main reason people don't tend to do that is because they have no reason to. If you tried to start a new one, the natural thing to ask would be why I should trust you over the established certificate authorities. If your answer is that I don't have a choice because you have the backing of an army and police force that you will use against me if I don't, it doesn't exactly fill me with confidence.

The current certificate authorities don't need to threaten anyone with violence to secure their position, and they operate with significantly more transparency than any government I know of. Compared to governments, they are also much safer to trust because they rely on consent rather than force. A compromised or malicious certificate authority won't shoot you for trying to replace it, it has no enforcement mechanism beyond inertia.

[lmm]

> When it comes to certificate authorities, you don't even need to modify the browser or OS because they already allow you to add and remove authorities. The main reason people don't tend to do that is because they have no reason to.

They're already starting to make it more difficult. Look at what's happening with DoH where it's harder and harder to choose how your DNS queries get done and you get steered to CloudFlare (who are pretty low on my list of entities I want to trust) instead. Now that browsers have mostly succeeded in forcing HTTPS everywhere, expect them to start turning the screws.

> The current certificate authorities don't need to threaten anyone with violence to secure their position, and they operate with significantly more transparency than any government I know of.

Really? Can I make a FoI request to find out why a CA refused to issue a certificate to a particular entity? Is there a right of appeal if they refuse to issue a certificate on discriminatory grounds?