An incredibly large amount of the complexity that exists in today's internet infrastructure could be eliminated if we didn't have to worry about security/trust. No need for HTTPS, encryption, or even passwords for that matter (in a perfect world where everyone is who they say they are). No need for certificates, no need for public/private keys, no need for ASLR, etc.

Of course, these protect against more than just malicious behavior, they also provide safeguards against human error. However, in a world where malicious behavior didn't exist, many of their designs could have probably been far simplified..

Hmm, for web forms this has been overcomplicated for the past decade...without needing to worry about security even.

In a trusted world, you still need to worry about order of operations, resource exhaustion, and redundant resiliency...as these are forms of addl complexity perhaps we should get rid of the internet itself...

Distributed systems localize all complexity and don't suffer the same sorts of security issues... The answer to "who is this" is still a problem if only we could program based upon how they behave versus who they are...

In a world where components themselves acted independently of their masters intentions, you might be able to make this work. Computers would have to act very differently, almost self computing systems.

Perhaps what I'm describing is a world run by robots, and so in the absence of proof they would treat us better than we do ourselves, perhaps a bit of consistent pain is worthwhile.

i did not refer to plain security measures. all security measures you listed can be and, in fact, are well hidden under the hood, so the end user does not have to worry about them.

i was more about the insane consequences of today's web's abilities: it wants to do anything and everything with user's computer, it's basically an independent OS. there is no Line Of Death anymore, no clear boundary what user can trust as he trust the OS vendor and locally installed and audited software vendors, and on the other side, trust as an unknown 3rd party on the web.

see "paypal.com" vs "paypaI.com", unicode look-alike chars, public suffix list, etc type of tricks; domain names were invented to be consumable by end users, but as they are sold and used, it's not the case anymore. so users nowadays should not be pressured to watch domain names with bleeding eyes. see "url bar padlock" issue; several survey demonstrated that users do not understand and do not care how the padlock feels.

users can not confidently Ctrl-C anything on any website anymore. using "clever" JS APIs web devs mine bitcoin by visitor's CPU, DDoS other online resource by visitor, store CSAM on visitor's computer, trigger epilepsy in visitors.

then in top of all these, engineers want to solve complexity problems by putting more complexity in it (like solving civilaztional problem with more technology). some suggest to build in an AI which watches if something appears on the screen which looks like a window but is not?! come on! why not just don't let untrusted code do anything on your screen and computer?

I understand client-side scriptng is made very powerful and enables many wonders for the entertaining of the masses. It may be a maintainable path to provide a general-purpose language to the "App Web", where users can run programms with on-click installation (ie. loading a web app on a web site in the web browser). in this case browser vendors and users should prepare for the possible abuses what the general purpose in-browser computing environment enables.

but on the other hand, many users with reasonable usecases expect there should be a "Docu Web" just as the WWW was born to be (with neccessary improvements and modernizations of course - i don't advocate for "Mosaic 1.0 experience") with no accidental transition to the "App Web". this other web, the "Docu Web", should be free of any complexity which may lead to become "App Web" again: i imagine a library/bookstore/newspaper store/journal/shared notes/etc network but online.

so that you don't need to worry that: a jumpscare pops out of a book when turn to page 123; or other library visitors inserts pages in the book you read; or the last week newspaper shows you different articles than to your neighbour; or someone read your mails because you watched his audiovisual report before; or the librarian pushes certain authors and suppresses others based on bribe. sorry for the seemingly absourd analogies, but there were (and are) times when these were possible on the "All-in Web" due to inconsiderate government and adaptation of standards.