> Email and web browsing relies on “deny lists” rather than “allow lists”. So anything goes but you block bad addresses, rather than nothing until you get permissions/trust/credibility.
But this is fundamental to an open Internet. Yes going whitelist-only would stop bad actors but it would also hand over the entire internet to the megacorps with no avenue for individual success.
I don’t think that’s necessary. We could create open trust networks/protocols that don’t rely on megacorps. In fact it’s probably exactly the megacorps who wouldn’t want this to happen because they benefit from the relative trust they have on their closed environments.
Eg certs. Let’s Encrypt equivalent for credibility, where I can trust you as we interact more, and borrow from your trust networks. Send spam and you reduce your cred. (Letscred.com is available right now if anyone is very bored :)
Gotta be tested very carefully so you don’t end up with a black mirror episode, of course.
Email as it is presently is a constant opening to phishing and spear fishing. Browser exploits are common too but it's harder (not impossible) to make them personal. And phishing doesn't have to rely on a browser exploit - a fake login page is enough.
It's logical to have a whitelist (or disallow) email links but still allow browsers to follow links.
But this is fundamental to an open Internet. Yes going whitelist-only would stop bad actors but it would also hand over the entire internet to the megacorps with no avenue for individual success.