Little changes over time, so you don't see the end game right away. Signed exchanges and further hacking up / hiding the URL will come. This change only hides some of the URL, with a hover action that shows it again.
Disconnecting content authorship and publishing with hosting so that literally anyone can host web content securely is fantastic!
* Want to bootstrap your IPFS network? You can safely and securely host a huge chunk of the web from big publishers on day 0.
* Want to compete with AMP? Now you can because AMP isn't special anymore!
* Are you a small ISP that wants to cache web pages close to your customers to reduce bandwidth usage?
* Archiving website has never been easier since they're already bundled and packed.
We've already reached the point where the content you're seeing and the server you're connecting to are completely disconnected. Signed exchanges just democratize the process instead of requiring every publisher to pick a CDN.
Not to mention, the decentralized web also means more privacy concerns. In the old model, the only entity that knows you downloaded a particular file is the server you talk to. With AMP, Google is now involved with that data flow. This is a third reason why people hate AMP, but it could be worse. Google is at least still a moderately trustworthy entity for a lot of people. However, what about Archive.org? What about Amazon, Facebook, ByteDance, or Brave Software? Each entity has far different trust implications compared to Google. You may trust them more or less. Just signing the web content only validates that the content itself hasn't been tampered with, not that the place you got it from is going to have your privacy interests in mind.
It's the SUM of the pieces that point to Google's endgame, not the individual pieces themselves.
I have an idea.
Move forward with signed exchanges, and then prohibit them from being used to obscure the content source (more specifically, require the 3rd party to reveal themselves)
A site that uses Cloudflare as a CDN isn't cloudflare.com/site/nyt.com. The whole point of these things is that if you have some vested interest in being a CDN for chunks of the web for your users you don't have to set up a partnership with them and proxy their site or have their certs you just download the bundle and go.
I detest AMP, but I'm very much looking forward to signed exchanges.
My biggest concern is that the request will go to a google-owned server, where google can fully track me, and my browser would be lying to me about being on a non-google estate I might assume be free from Google’s tracking.
Site-owners will now also be forced to buy into Google Analytics since they have no requests in their own server-logs to analyse.
It’s a power-grab. And obviously google is doing this to increase their ability to do full internet-wide tracking.
I'm not exactly sure what the fear here is. You're only getting to the page by clicking a link in Google Search and then your browser fetches a bundle from Google's servers.
In your ideal world you would click a link in Google Search, telling Google what you're looking at, and then connect to the site via Cloudflare, and the source site's servers telling them too?
The flip side to these is that your browser can actually act as your agent with this. If you find yourself a nice privacy-respecting CDN then your browser can try to pull from there when you click any link and you now have way less exposure.
