Comment Protocol of the week (Score 1) 111
No protocol survives first contact with its userbase. The needs of your users tend to change over time. Security wasn't a huge overriding concern when SMTP and POP3 first became popular. If your organization was bitten by the recent Exchange bug, you might find yourself asking, "why doesn't email support an easy, universal, cross-organizational E2E encryption?" When protocols can't be extended, they can't grow to meet new needs. It is a foolhardy endeavor to release a spec that can't easily be extended.
We should take a step back here and decide what the problem really is with the web.
If the problem is that pages are too large, we should find ways to make them smaller and more responsive. It is possible, even in 2021, to make JavaScript-less pages that are highly portable, are fast to render, and are still usable even with CSS disabled. We don't need an entirely new protocol to serve them. The original browser had very simple pages. If browser makers stopped catering to bigger and badder JavaScript usage and started making "use more CPU time than X" an optional permission, we might see some downward pressure on document complexity. If browser makers built a Markdown renderer into their products, it might be easier for people to write simple documents.
If the problem is rampant, exploitative commerce: such activity can fester in almost any environment, regardless of whether or not the protocol favors it. We humans are clever and are very good at figuring out how to make a quick buck—even or especially at someone else's expense. If you find this activity objectionable, you might find some refuge in aggressively declaring your space to be non-commercial, like the original ARPANET, AMPRNet, or the modern-day Wikipedia. You'd have to police it, of course. You could also encourage commerce to take place in a less exploitative manner. These things might better be addressed through policy than protocol design. I like my protocols to be neutral carriers, thankyouverymuch.
If the problem is centralization, which leads to overwhelming control and/or surveillance by either non-state or state entities... we'll need to be very clever and inventive. Your average "home server on a DSL line" simply cannot meet the uptime, latency, and throughput demands of a Slashdotting. The average connection owner simply cannot compete with cloud services here, and your protocol will end up getting all cloud-ified if it becomes popular. Rather than fight the centralization, we could embrace it. What if datacenters sold "shares," such that the public could become an owner-operator with voting rights and a true say in that datacenter's operations? What if infrastructure was operated for the public good in the public trust? We could have centralized infrastructure with decentralized ownership. We should also invest in technologies which keep sensitive plaintext data off of the cloud and in our hands, where it belongs.
These ideas might not all be good ideas, but they have a common theme. Poor design, commercialization, and centralization are all human-factors issues. Technological solutions to human behaviors—like that alarm clock you keep ignoring—are generally doomed to failure. A Code of Conduct is a much better way to police bad contributors than a profanity filter.
Sometimes protocols are a necessary adaptation. Onion-routing is probably the best technological solution to mass surveillance we've been able to devise thus far. TLS helps keep some of the prying eyes at bay. But neither of these protocols really address bad behavior by actors who are operating inside the protocol. Onion-routing won't prevent illegal commerce. TLS won't prevent Cloudflare from stealing all your secrets off the other end of the wire. As developers, we must understand that our ability to fix human problems with bigger and badder technology is fundamentally limited. We need human solutions for our human problems.