Re-de-centralisation Should Be Our Goal
Put the users in charge, not governments and corporations in charge of users
AT RISK of repeating what's "obvious" (what "goes without saying" often goes unsaid), the Net predates the Web and it wasn't always known as the "Internet" (with capital "I"; not FidoNet or the Russian equivalents). At its core, unlike Social Control Media, centralisation was definitely not the goal. We're talking about post-WW2 "Cold War" times. Nuclear explosions can take out a lot of core infrastructure all at once, so decentralisation was a design choice, even if the military or Army-connected (US Army) interests drove and funded development. In the 90s the Web came along and more people, even outside CERN, got Web browsers in their labs... and universities... and businesses... and eventually homes (dial-up age with plenty of AOL's disposable garbage). The Web's nature was miles better back then, bandwidth aside. In fact, centralisation was barely a thing, except perhaps for root DNS stuff (even DNS is made up or composed in such a way that it's robust to nuclear strikes against "core" or "root" authorities/servers - something that cannot quite be said about most Certificate Authorities/CA schemes). Over time, as more nations got "hooked onto" this Net and Web thing, we've collectively allowed the dream of decentralisation slip away. Regimes wanted tighter control over how we use/access "online things" and also wanted to know everything we do online (so that they can retaliate rather than reward us). The power dynamics effectively got reversed in more and more ways. The Net didn't emancipate us, it served to collectively oppress billions of people (many are still unaware of this because of the false marketing Dr. Andy Farnell spoke of yesterday). In today's Web, the powerful expose us the people; we the people can barely expose the powerful without getting caught, then suffer disproportionate reprisal.
The Web (WWW) is particularly bad in this regard and we've often condemned centralisation in Certificate Authorities because we saw where this most likely leads to. Yesterday I spoke about someone from Intel about UEFI and M.E. at the local old pub. Even he recognises that it's pure B.S. and it has nothing to do with security, it's just more complexity and now they try to rebrand UEFI as "BIOS" (which it is not). In the case of booting sequences, we get more lock-down, DRM-like mechanisms and unnecessary restrictions. Meanwhile, the WWW's evolution is something like: online hopping, online shopping, online snooping, online slopping (slop as in LLM vomit). Over time the Web turned from scientific resources of some of the world's best scientists at CERN into a propaganda machine of racist grandpas like Donald Trump and skinnerbox trash from Bytedance, teaching kids to torch homes and electrocute themselves.
We're still hopeful though because this past week we served over 30,000 Gemini pages per day (on average) and judging by Lupa, Geminispace moves only further away from centralisation. When it comes to the Linux Foundation's near-monopoly in Certificate Authorities, it is down to fifteen now. To quote Lupa today: "2629 (90.7 %) capsules are self-signed, 15 (0.5 %) use the Certificate Authority Let's Encrypt, 256 (8.8 %) are signed by another CA (may be not a trusted one)."
When Lupa says "another CA" it can be one's own. Anybody can create a CA. Whether the Pentagon (or PentaGAFAM) fancies or trusts this CA is another matter. They create a monopoly of "trust", but do you trust those who want back doors in everything, everywhere? It's like a cartel or a cabal for back door access and censorship by remote revocation at the flip of a switch (with "modern" browsers as de facto enforcers; Mozilla is part of this). █