https://en.wikipedia.org/wiki/FreedomBox

That's a common assumption, but I wonder how true it really is. I've certainly talked with friends in their 20s and maybe early 30s -- people who have grown up with the Internet and ubiquitous mobile devices -- and had them express a sentiment that was more frustration than ambivalence. Sometimes they did find it creepy that they'd be tracked around with ads, or that their phone was doing things based on where they were or what they had planned to do later. However, they've never known technology to work any other way and assume there's nothing they can do about it, and they value the social aspects of sharing stuff online so they keep using these services.

I very much like the idea of creating a "home internet box" which is a self-contained fanless machine connected to an UPS -- and it contains router, firewall, own website, own mailserver, own private Dropbox, a universal P2P node (BitTorrent / IPFS) etc., but as others have pointed out, our current stack of network technologies is way too bloated and full of incomplete standards

It used to be common that your ISP would provide you with an email address, web hosting, and so on as part of your package. Everyone could set up a basic web site by just FTPing an HTML file up to their ISP's server, and then yourname.yourisp.com would show it to everyone, or you could get your own domain name and use that instead. Likewise for sending and receiving mail. Many countries set up their legal/regulatory frameworks to foster competition between ISPs, and so in practice we had a relatively decentralised Internet. You obviously still had the equivalent of today's lock-in problem if you relied on the email or web address your ISP gave you rather than your own domain, but you didn't have to.

It doesn't really take having some magic box in everyone's home to provide this sort of flexibility, though such a box would be no bad thing IMHO. We just have to stop doing so much through a tiny number of centralised service providers and social networks, and develop standards for interoperability and federation. The whole Internet was built on those principles, so I'm pretty sure we could do it for sharing data like mail and photos, and there are many interesting possibilities in terms of searching for data as well.

One of the other provisions in the new EU rules that come into effect in 2018 is effectively a right to export data from one controller so it can be processed by another, so people could potentially migrate all the data they've given to sites like Facebook or Instagram or Twitter or GitHub to some other competing service (assuming such a service exists). It will be interesting to see how that one plays out and whether it is effective in breaking the lock-in effects that have allowed so few companies to become so dominant in recent years.

I'd argue that how did the modern people end up indifferent to the growing centralization and surveillance is largely irrelevant. The sad result is still there. We all have anecdotal evidence and mine isn't more important than yours -- that's a fact. My point is that the result is still there and it's not changing for the better with time.

> It used to be common that your ISP would provide you with an email address, web hosting, and so on as part of your package.

But those required tech expertise in order to be utilized. It's my view that ISPs stopped offering these because they were expenses, and the services these expenses offered were barely if ever used than more of 1-2% of their customers. If we have a "magical box" at home it should definitely be much farther ahead in terms of user-friendliness; say, WordPress / Ghost / any-site-tech with a wizard-like Next->Next->Next cycle (with some checkboxes / theme previews along the way).

> We just have to stop doing so much through a tiny number of centralised service providers and social networks, and develop standards for interoperability and federation.

I want you to know that I am 100% on your side first. But honestly, using the "just" word for these mega challenges is slightly naive.

First of all, most people hate the thought of "scouring through the net" for their news or daily fix of meaningless updates. There's a very good reason why the social networks are a successful format and that's not only because of corporate interests -- people like having only one source, it makes it simple for them and they love it. You and I disagree, but we don't speak for humanity at large, and the humanity at large seems to love to have a narrower view.

Secondly, advertisement supports a large part of the internet. I don't believe for a second that a serious decentralization effort will not be SABOTAGED by ad providers (maybe even including Google). They'll most likely plant paid trolls and fake news writers and then start shouting: "LOOK! DECENTRALIZATION IS BAD! Come back to us at Google, we have AI-backed fact checking!" OK, let me put my tinfoil hat away. Even if that never happens (that's a stretch IMO) we still have thousands of ad companies who will do their damnest to make their centralized website customers (namely Facebook et al) even more appealing than before and try to make the decentralized services look behind with the times, non-trendy, slow, user-unfriendly or whatever -- so the teenagers and the young people would continue to flock to them. In short, there's a lot of economical inertia behind the centralization and it won't be easy to kill it because there's a lot of financial interest there and the people holding such amounts of capital historically have never given up their wealth sources peacefully.

Thirdly, standards for interoperability and federation are attempted for probably decades now. I am not an expert in the field -- not in these standards, and not in the ego wars in the OSS communities -- but it's my opinion the pissing contests in the OSS communities are a huge impediment. Have you taken a look at the KDE / GNOME wars years ago? It's as shameful piece of the human history as any genocide; I'd even dare saying it's much more shameful because there are no lives on the line, not even any money on the line, just some basement dweller's ego and nothing else.

If we're to be able to resist centralization and surveillance, us the people who are against it absolutely positively must forgo any ego and become very scientific; there's already a pretty good consensus about most of what a decentralized hosting service must do (reference: see IPFS; seriously, do it, it'll take you a long time but IMO you'll emerge even better informed than before) but when it gets to the details, people either start flaming each other, or a dictator of an OSS project decides they don't care what any random person thinks and just moves forward without any scrutiny or feedback consideration.

This must stop. The agents who benefit from the centralization and surveillance are without a doubt dying of laughter how us "the opponents" are much more busy fighting amongst each other instead of coming together as one and offering an open and ad-free alternative to their services.

Finally, laws, EU or otherwise, sorry to say it bluntly, don't amount for shit. History has proven that if a big player has deep enough pockets then they'll get things their way, laws or not. Let's not go there. I think deep down all of us know the laws target the citizens and not the companies, 99.9% of the time.

That said, I really don't think developing standards for interoperability and federation is such a big deal in the grand scheme of things. After all, modern networking -- including the Internet -- is built on numerous such standards, carefully designed and documented, widely implemented and effective. If we can develop a stack of protocols for totally unrelated systems to talk to each other, from the lower levels of LANs up through things like TCP/IP and SSL to application level details like sending email between SMTP servers or requesting web pages using HTTP, surely we could standardise sharing content like messages and photos from friends without relying on some mysterious centralised service.

I don't know whether most people do prefer to have only one source for their information; I'd like to see more data before forming any strong view on that one. But let's assume you're right for the sake of argument. Is that a problem? We've had systems that collected and combined multiple streams of data for ease of reference for a long time, from the earliest days of e-mail lists with digests and Usenet newsgroups and RSS feeds up to modern Web-based aggregators like Reddit, the Facebook news feed, and indeed the site you're reading right now. Modern smartphones already combine even these feeds from multiple sources into a single stream of news and communications for ease of access. Is it really so far-fetched that we could cut out the middle-man in some of these cases and move back to a more peer-to-peer, decentralised system with neutral infrastructure?

I admit I have no scientific sources. This is just a gut feeling birthed from my numerous interactions with people during my whole life. I also happen to believe that not everything can be measured scientifically and there are a lot of things "all people know but almost nobody will admit in an official survey" and that "almost everyone prefers buying only one newspaper" is one of them -- but that would go wildly off-topic and I'll stop right here.

> Is that a problem?

Of course it is a problem. If we assume there are malevolent people who would want to suppress certain kinds of news (and with Trump, Kim Jong-un et. al. in power I don't think anyone can doubt the existence of these people anymore) it's much easier for them to bribe or coerce a single entity to censor things. For a true free speech, we need a fully anonymous but attack-resilient immutable decentralized network (sorry to keep repeating myself but... like IPFS). Good luck DDoS-ing or bribing/coercing that. It's made to be resistant against planting fake data, man-in-the-middle attacks, and DDoS -- right from the get go.

Admittedly IPFS isn't still there, for example it lacks automatic replication and the fact that there are already organizations whom you must pay so they "pin" (replicate) your content is telling me IPFS might eventually lose its credibility as well :( again though, off-topic. Sorry, you caught me in a very chatty mood.

>Is it really so far-fetched that we could cut out the middle-man in some of these cases and move back to a more peer-to-peer, decentralised system with neutral infrastructure?

In technical terms, it is not far-fetched at all. We're actually very close to it. Man, I'd love to work on that, only if that was my main source of income. I would pour a lot of energy and heart into such a work.

In economical and general reality terms however, it's almost impossible. As I mentioned, I am convinced there will be a lot of resistance from agents who would be negatively impacted in the pockets or their data collection. But you know what, if I am wrong, I'll be the happiest little panda.

Were all invented long ago and were all first of their kind. Creating a new standard when there are no wide spread alternatives is easy, doing the same where everyone is already invested is hard. E.g. that's why payment systems suck universally.

Even with payment systems, we've seen multiple contactless payment technologies become established very rapidly in recent years, and developments like Chip-and-PIN cards a few years before that. Of course online payment processing is also a much more developed and competitive industry today than it was even five years ago, which again is partly because both the technical and the regulatory frameworks have opened up in recent years. SEPA in Europe is a good example here.

Also, I'd argue HTTP/2 is not such a huge improvement as many make it out to be, but I can't deny it's some improvement compared to 1.0/1.1 -- that's a fact.

GSSAPI and Kerberos, for example, both predate SSL (Kerberos by nearly a decade if I have my dates right). SMTP was originally intended only to transit mail protocols across networks, clearly evidencing that there were internal (incompatible) mail protocols before then. UUCP and FTP were commonly used before SMTP to transfer messages; it took over a decade after its invention for SMTP to finally see off UUCP, and a few more years for X.400 (invented more or less concurrently) to fade away as a potential competitor.

I think his general point was -- even if there were some ugly corners of the technology, people were like "you know what, this is the N-th try and we really REALLY need this tech, let's move forward with it and fix the problem later". I think we all know how that usually ends, don't we?

It ends with a lot of legacy baggage and huge economic pressure to not change anything. So we come to our present dilemmas (outlined in the original post).