The (sorry) state of the www

The web today isn't the way more content-centric and naive-but-simple web we used to have in the 90s and early 2000s, but has developed a much stronger focus on tracking and trying to influence what people think instead of being a source of more or less freely and actively shared information. Additionally, a lot of sites seem to care today more about presentation than content, resulting in many shiny, but bloated and less useful sites.

The bloat is comical sometimes; even heavily used sites that would benefit directly from leaner approaches somehow find it normal to use insane amounts of resources, leading to pointlessly increased traffic, CPU load, energy consumption and ultimately carbon footprint. e.g. a standard slack web chat session with no more than 50 users easily uses up 250-500MB of RAM (in addition to the already heavy browser requirements). Loading slack on my laptop takes longer than booting the OS. I find it hard to justify the need for this kind of bloat for a chat. We talk about exchanging a few bytes of text between people in real time, with optional message history, something we do for 30+ years on way less beefy machines.

Also, more and more gets centralized, distributed and managed by a few big players in the field, who additionally make it hard for independent services to exist. This same centralization happens for other common, non-web services: for example, running your own mailserver today is more often than not a constant battle to not be blacklisted as a spam source, because many relays just consider @gmail.com and other big ones as the only trustworthy sender domains (which is ironic at best), no matter how clean your record is, how careful you set up everything for spam heuristics (like PTR records, DKIM, etc.).

Shining through in all paragraphs above is a feeling that seems to underlie this all, namely it all haven gotten more and more about power. In some areas it surely always was somewhere about power, but from the end user perspective it is so much more invasive now, and the content so much more shallow by average, and the positive enthousiasm over this big pool of information of the early web is now either gone or comes with a bitter after-taste.

Not to mention that there are so many things with the web that are broken to begin with, its tech's ever growing complexity will always be error prone, leading to all kinds of vulnerabilities, breaches and scams. Its one way links will always break eventually leading to frustration, and not to mention all the resources and energy wasted by all the useless bloat of the nowadays rapid-development web frameworks and often intentional content-hiding style.

I don't seem to be the only one that is worried about this development so here's a collection of links looking at this from plenty of different angles:

Another worrisome thing going on, IMHO, is the push by many of the big players for DNS-over-HTTPS (DOH). They seem to propagate the claim that this is needed because DNS is insecure. Although a valid point at the time of writing, they ignore the fact that the latter is addressed by things like dnscrypt with DNSSEC. Besides the fact that pushing operating system level services like a name resolver into an application (e.g. a browser, where you would for example set the DoH resolver in Firefox via config option network.trr.uri) is insane to begin with, they seem to have strong reasons to push for DoH, probably motivated again by power and tracking reasons. Why wouldn't they be interested in overriding the globally by default decentralized ISP provided resolvers (which most peoples' system would get via DHCP if not overridden), and instead getting a grip on the majority of all DNS lookups by sending them by default to one or a few big players? Data is money after all. I don't want to even think about the massive single point of failure such a centralization would also be.

There are claims that this would somehow free you from those apparently evil ISPs that censor your requests. Sure, this might happen (as is the case with kinda every coffee shop or hotel uplink), but they don't mention how tasty it would be for them to resolve things for you that bypass your OS-level resolver, where you could setup per-domain blacklists to block trackers, adservers, malicious stuff, etc..

Wouldn't it be too nice for companies like Cloudflare to receive in a centralized way a major number of name lookups, by being the default resolver in one or more of the already few major browsers? Would you trust this US company, that already encourages people to give them their certificates to play man-in-the-middle, to know more about your browsing habits? Would you trust Google with their Chrome browser having even more insight into your live (and control over what you can access), but defaulting Chrome to use their resolvers? What a coincidence that that's a company that makes money by tracking you for targeted advertising... not. A quote that reflects my worries from the comments under this DoH intro:

Brett Glass: So, Mozilla intends to hack users' DNS, redirecting their queries away from their ISPs (which are trustworthy and with which they have a business relationship) to an untrustworthy VPN vendor - Cloudflare. Those users are not Cloudflare's customers, and so the only way Cloudflare can monetize this service is to spy on users and sell their personal information. In short, Mozilla is supporting, aiding, and abetting privacy invasion - probably in exchange for money from Cloudflare. Not only unethical but probably actionable by the FTC.

Some links specifically about DoH and the debate around it:

To me this feels like it's all in line with the "Death of Transit" presentation linked to above in the first bullet point list: another worrisome development mainly supported by some internet megacorps longing for even more centralization and control.

As a closing line to avoid misinterpretation: my intro text as well as the articles in the first bullet point list are about the web as a content source, and not about the web's reinvention of the thin-client/mainframe model, which is what webapps basically are.

UPDATE (2019-06-03): Added a detailed and interesting opinion article to the DoH article list