| Thanks for the clarification and to be clear, I don't doubt your personal intent or FOSS background. The concern isn't bad actors at the start, it's how projects evolve once they matter. History is pretty consistent here: WhatsApp: privacy-first, founders with principles, both left once monetization and policy pressure kicked in. Google: 'Don’t be evil' didn’t disappear by accident — it became incompatible with scale, revenue, and government relationships. Facebook/Meta: years of apologies and "we'll do better," yet incentives never changed. Mobile OS attestation (iOS / Android): sold as security, later became enforcement and gatekeeping. Ruby on Rails ecosystem: strong opinions, benevolent control, then repeated governance, security, and dependency chaos once it became critical infrastructure. Good intentions didn't prevent fragility, lock-in, or downstream breakage. Common failure modes: Enterprise customers demand guarantees - policy creeps in. Governments demand compliance - exceptions appear. Liability enters the picture - defaults shift to "safe for the company." Revenue depends on trust decisions - neutrality erodes. Core maintainers lose leverage - architecture hardens around control. Even if keys are user-controlled today, the key question is architectural:
Can this system resist those pressures long-term, or does it merely promise to? Most systems that can become centralized eventually do, not because engineers change, but because incentives do. That’s why skepticism here isn't personal — it's based on pattern recognition. I genuinely hope this breaks the cycle. History just suggests it's much harder than it looks. |