The REST API you linked to requires a local node:

    curl -A "Sia-Agent" "localhost:9980/skynet/portals"

As I understand, there's also a public proxy https://siasky.net/. But being a single domain, it's not decentralized, is it?

So with Skynet, you can either do "easy" or "decentralized", but not "easy and decentralized", right?

That's the crazy thing about Skynet. You can do both "easy and decentralized".

For example, let's say you go to https://skyfeed.hns.siasky.net/ and you make an account (SkyFeed is a decentralized alternative to Twitter built on Skynet). You make some posts, follow some people, then siasky goes down.

So now you go to https://skyfeed.hns.skyportal.xyz/ - skyportal is another Skynet portal run by an independent party. When you log into Skyfeed, all of your previous activity is still visible. Your account and all of its information is hosted on the Sia network, which means siasky is nothing more than an access point, and you don't get any penalties as a user for switching access points.

Sorry, but this is not decentralized at all, as you are at mercy of siasky.net serving you the right code. If siasky.net is compromised it will serve you code which steals the account. This is strictly inferior to normal web, as you need to trust both the app developer and the portal code is served from.

Having multiple mirrors is NOT decentralization.

My criteria for "decentralized web" candidates are:

  * credentials are managed by a trusted component outside of controls of apps, let alone mirrors
  * content integrity is checked before it is used
  * switching between nodes happens automatically in 
    background, there should be no SPoF (i.e. if download 
    through node 1 fails client should automatically retry 
    from node 2 and so on).

I don't think you can achieve this without integrating with a browser.

We're closer than I think you give us credit. The only major component we're missing is that normal browsers don't have the ability to verify that the portal is serving you the right code - which is of course super important.

Once you have that though, the rest can be done within the webapp itself. Credentials are managed by a separate webapp like https://sky-id.hns.siasky.net/, and some apps already have built in failover to try other portals if one is not responding.

With the advent of utreexo, it's even possible to run full blockchain nodes inside of a webapp. Again you need an integrity check on the code served by the portal, but if you have that you can independently do everything else.

The only missing piece is a browser plugin or a dedicated browser that verifies that each piece of content you are served corresponds to the hash you are requesting. This is on the global roadmap, as well as automatic portal switching. The philosophy of the project is absolutely in line with your thinking.

Perhaps like the IPFS browser plugin?

That's fine, you can switch if necessary. Like a backup, you don't need decentralization 99.9% of the time, but the 0.1% of time when you need it, it can save your ass.