In the early days, the internet was seen as a massively playfield-leveling and decentralizing force ("the net interprets censorship as damage and routes around it"), not a massively centralizing one (Facebook is the world's only newspaper).
In a model where everything is decentralized and leveled , no player is big enough to worry about.
The economics sub-discipline of economic geography was being developed at about the same time as Eternal September.
The key insight (one of the key insights) from that research is that as the absolute cost of transport goes down, previously insignificant differences in cost become important. This leads to to the development of "hubs" - centralization.
(Here we're talking about information transport, and the cost being time per bit.)
But as you say, at the time the tech world could never have believed that centralization was the default expectation, nor designed things to compensate.
The internet observation is an adaptation of the original work on goods trade to other transport forms. I forget where I first read it--sorry! Maybe someone like Clay Shirky, but not the man himself.
Additionally, would they have been listened to?
Any web site that knows your identity and has cookie for you could set up procedures to exchange their data with the companies that buy advertising space from them, synchronizing the cookies they both have on your computer. This possibility means that once your identity becomes known to a single company listed in your cookies file, any of the others might know who you are every time you visit their sites. The result is that a web site about gardening that you never told your name could sell not only your name to mail-order companies, but also the fact that you spent a lot of time one Saturday night last June reading about how to fertilize roses. More disturbing scenarios along the same lines could be imagined. There are of course many convenient and legitimate uses for cookies, as Netscape explains. But because of the possibilities of misuse we recommend disabling cookies unless you really need them. https://web.archive.org/web/19970713104838/http://www.junkbu...
(Disclosure: I work in a part of Google that's descended in part from DoubleClick. Speaking only for myself.)
(I personally remember thinking exactly that, that cookies allow universal tracking, as soon as I learned of the concept, but I don’t want to put too much stock into that belief because of the possibility of hindsight bias and misremembering.)
Only in the past decade has there been serious consideration for encryption and security on the internet.
Before Let's Encrypt was launched in 2014, HTTPS was the exception, rather than the norm. It was only in 2016 that greater than 50% of internet traffic was encrypted.
Secure DNS is still very much a work in progress.
BGP was built with the assumption of good actors, and doesn't include any security mechanisms.
Email still doesn't have any good options for E2E encryption.
They almost certainly did, and considered it acceptable at the time.
An origin server could create a Set-Cookie header to track the path of a user through the server. Users may object to this behavior as an intrusive accumulation of information, even if their identity is not evident. (Identity might become evident if a user subsequently fills out a form that contains identifying information.) This state management specification therefore requires that a user agent give the user control over such a possible intrusion... --https://datatracker.ietf.org/doc/html/rfc2109#section-7.1
Now with GDPR prompts we’ve come full circle, but instead get the UI of the web site instead of the user agent, allowing all kinds of dark patterns to be exploited and requiring re-prompts all the time for those of us who don’t allow the page to keep cookies in the agent.
