Just one comment on this: “I think that Solid can enable a future where you don’t need to trust your POD provider, but right now, the shortest path to that is to install it on your own hardware. Beyond that, it will require quite a lot of work, but I certainly see the value of thinking in that direction”
I agree, but building on top of open source software already, might not be as difficult as one might think. Pushing security off into the future leads to problems later - look at DNS, SMTP, HTTP etc where the security had to be bolted on and it has taken decades to do so and it is not complete in many cases. e.g. spoofing senders, while humorous back in the 1980s, is still causing problems today with spam, phishing etc and while there have been proposals to deal with it, none have succeeded and now there are tons of bolt-on techniques to deal with suspicious emails, spam or whatever. Adding it in early, will save a world of hurt later.
Ditto for decentralization for DNS, and distributed PODs - having central points of failure or (perhaps worse) central points of pressure (e.g. from governments around the world) is already a problem. If someone in China or Russia wants their POD at MIT, they shouldn’t have to worry about a government hack from China, Russia, the US, UK, Iran, France or anywhere. Likewise, if someone from the US wants their POD in Australia, one shouldn’t have to trust the Australian government. Whatever the jurisdiction if the POD is solely located there, it is at risk from the government of that jurisdiction to be either hacked or taken down with no automatic network backup. When the contents are plaintext, it will make it easy for a government to say “delete this POD or we’ll take your entire server offline.” One doesn’t want to build a new system while leaving the issues of censorship, centralized control, and surveillance unaddressed.
I think it is clear that having a POD in plaintext on a server will mean they will be hacked and lost at some point either through API bugs or more likely server problems in the software (e.g. many including heart bleed) or hardware (e.g. Spectre, meltdown). The lesson since the 1970s is that security needs to be built-in and even then won’t be perfect, but at least there will be a default.
There are decentralized domains and decentralized hosting so you don’t get tied to a particular provider or lose your POD if a provider goes down, is hacked, or is taken down.