But extensions are no good if most people don’t use them. Take end-to-end encryption in eMail. It’s a good feature that has been around for multiple decades, but most people don’t use it. Since most people don’t use it, there’s no point in using it. So you have the network effect right inside your system.
When e.g. WhatsApp made every chat end-to-end encrypted it took a single update and went so smooth and easy that most people wouldn’t have noticed if it wasn’t for a big modal telling the useres that it was introduced.
Introducing breaking changes or new features to a federated system with lots of hosts and lots of different software implementations is certainly not impossible, but it’s much more difficult than on a centrally managed system.
You could argue it’s a good thing that no entity is able to force everyone into using every new extension. But true. You then have issues with people and politics. You could just do a lookup on a keyserver and do opportunistic encryption. That wouldn’t harm anyone. (If done right.) Gmail could implement that and a major part of email users would have e2ee overnight and benefit from that.
Regarding WhatsApp. I remember shaking my head about WhatsApp when people started using it. As far as i remember (i might be wrong) It was widely open, unencrypted and everyone could impersonate anyone they had the phone number of. I don’t remember why it got so popular. But I’m glad they implemented encryption and fixed that.
With email I’m at least theoretically able to do something myself. With WhatsApps issues, there is no way to do anything about it. You just have to accept it’s quirks, because only Meta could implement something. For example I’d like to use it on my computer. And have a different identifier than my phone number. And stop it leaking metadata to Meta. How does a non-federated platform like WA help me with that?
For a new and federated protocol you could start with mandatory end to end encryption. And you then design the protocol so that changes won’t be breaking. And if you do it right it’ll be okay if people don’t adopt extensions. Things will still work. Maybe someone can’t do video calls or show emoji reactions. Maybe the cutting edge AR or VR stuff doesn’t work. But at least you have a fallback to send encrypted text data or arbitrary data-files. That should be enough.
The thing is that for some features to have any benefit you actually need everyone on board. Security is just that.
If you have to basically have a fallback-backdoor built right into your system to deal with those who don’t participate in the security system, an attacker just needs to force the fallback and nothing is secure anymore.
And sure, Gmail could just force encryption, but then (a) would everyone complain about one big actor abusing their market power, as happens a lot e.g. with Chrome and (b) the whole point of using email is that it’s a service that’s super stable and “just works”. If I can’t send an email to my dentist about an appointment, then it’s worthless. So something like that could hurt Gmail’s market share.
But all in all, my point was that open systems with lots of actors with the power to decide stuff makes implementing important changes more difficult, because you have to convince much more people to follow suit.
But extensions are no good if most people don’t use them. Take end-to-end encryption in eMail. It’s a good feature that has been around for multiple decades, but most people don’t use it. Since most people don’t use it, there’s no point in using it. So you have the network effect right inside your system.
When e.g. WhatsApp made every chat end-to-end encrypted it took a single update and went so smooth and easy that most people wouldn’t have noticed if it wasn’t for a big modal telling the useres that it was introduced.
Introducing breaking changes or new features to a federated system with lots of hosts and lots of different software implementations is certainly not impossible, but it’s much more difficult than on a centrally managed system.
You could argue it’s a good thing that no entity is able to force everyone into using every new extension. But true. You then have issues with people and politics. You could just do a lookup on a keyserver and do opportunistic encryption. That wouldn’t harm anyone. (If done right.) Gmail could implement that and a major part of email users would have e2ee overnight and benefit from that.
Regarding WhatsApp. I remember shaking my head about WhatsApp when people started using it. As far as i remember (i might be wrong) It was widely open, unencrypted and everyone could impersonate anyone they had the phone number of. I don’t remember why it got so popular. But I’m glad they implemented encryption and fixed that.
With email I’m at least theoretically able to do something myself. With WhatsApps issues, there is no way to do anything about it. You just have to accept it’s quirks, because only Meta could implement something. For example I’d like to use it on my computer. And have a different identifier than my phone number. And stop it leaking metadata to Meta. How does a non-federated platform like WA help me with that?
For a new and federated protocol you could start with mandatory end to end encryption. And you then design the protocol so that changes won’t be breaking. And if you do it right it’ll be okay if people don’t adopt extensions. Things will still work. Maybe someone can’t do video calls or show emoji reactions. Maybe the cutting edge AR or VR stuff doesn’t work. But at least you have a fallback to send encrypted text data or arbitrary data-files. That should be enough.
The thing is that for some features to have any benefit you actually need everyone on board. Security is just that.
If you have to basically have a fallback-backdoor built right into your system to deal with those who don’t participate in the security system, an attacker just needs to force the fallback and nothing is secure anymore.
And sure, Gmail could just force encryption, but then (a) would everyone complain about one big actor abusing their market power, as happens a lot e.g. with Chrome and (b) the whole point of using email is that it’s a service that’s super stable and “just works”. If I can’t send an email to my dentist about an appointment, then it’s worthless. So something like that could hurt Gmail’s market share.
But all in all, my point was that open systems with lots of actors with the power to decide stuff makes implementing important changes more difficult, because you have to convince much more people to follow suit.