Comment by gjulianm

> First, early adopters come and verify it. They bring their friends. If it's really secure and they find no serious bugs, more people join. Then, a bridge is created between the services.

That's quite the optimistic path. What if the app starts being used by teenagers, for example? Or by people with less technical abilities?

> This is a problem with a non-federated protocol actively fighting against third-party apps and servers.

Federated services still need to pay for their servers.

> Such backdoor will be quick and easy to fix

Again, pretty optimistic on that.

> and to verify that it's fixed. Unlike with Apple's Pegasus. No system is ever 100% secure.

Pegasus was external malware. What makes you think a Pegasus for federated servers or open source phones can't exist?

> Users are typically very slow to move. See Whatsapp & Facebook. But what's your point?

Security research takes time, probably more time than users need to move from apps.

> There is such legislation already in Europe: GDPR.

And GDPR has accomplished way more in way less time than technical solutions. I wonder why.

> Unfortunately it cannot dramatically change the industry quickly, because of the monopolies and network effects.

Don't those monopolies and network effects affect the technical solutions you propose too?

My point is that of course you need good technical solutions, but just those by themselves are useless, because most people don't have the time and knowledge to reliably distinguish which ones are good and which ones are bad (and "good" and "bad" are relative too), and other differential features (price, capabilities, ease of use) that are easier to notice will weigh more on their decisions.

This is not a problem unique to tech and privacy. Food security, climate, building safety... almost everything you buy has had the similar issue of how to have "things done right" where deciding whether it's done right or not is hard for most people. Almost everything has been solved (or almost solved) with regulation, and just "better products" haven't been enough.