This whole episode is giving me flashbacks to the ActiveX days.

The tyranny of the default.

“Here mum, I’ve installed Firefox for you, it’s better than Chrome in every way!”
“My knitting circle website doesn’t work, I can’t download patterns, it says I need Chrome”

Internet Explorer was effectively abandon-ware for a decade after Microsoft used their OS pseudo-monopoly to crush Netscape.
It took another tech giant abusing THEIR monopoly to relegate IE to the trash heap it should have already been on.

Comforting and Terrifying.
Comferrifying?
Terriforting?

So you won’t use your banks website?
Or your utilities (gas/water/electricity/internet)?
You won’t let your kids use the portal at their school for submitting assignments?
Your government sites for renewing your drivers license or scheduling hard refuse pickup?

I can think of lots of reasons that will force me to have chrome installed if this goes ahead.

The US (which is where I assume you are), has the second largest one in the world in current operation:
https://en.wikipedia.org/wiki/Bath_County_Pumped_Storage_Station

Short answer, it scales fine.
Now you need to find someone to pay for it.

The Back to the Future trilogy is good for a re-view.

Yes, but you would be seeing ALL posts from everywhere your instance knows about.

I kind of like the idea of being on lemmy.world, filtering to say aussie.zone and getting it to show me local.
Or being able to simply get a list of every community on another instance.

These are cool ideas.

The annoying thing to me is that it’s taken a further 13 years to reach a point where another social network is feasible.
I’m not saying there haven’t been attempts like diaspora and the early mastadon etc, but now we’re actually reaching a critical mass of participants where a move is worth it.

The same is true of Signal. I’ve been using it for nearly a decade, but it’s only in the last 2 years that people haven’t rolled their eyes when I mention it’s my preferred comms app.

JavaScript (TypeScript) has access to cookies (and thus JWT). This should be handled by web browser, not JS. In case of log-in, in HTTPS POST request and in case of response of successful log-in, in HTTPS POST response. Then, in case of requesting web page, again, it should be handled in HTTPS GET request. This is lack of using least permissions as possible, JS should not have access to cookies.

JavaScript needs access to the cookies, they are the data storage for a given site.
To protect them, the browser silos them to the individual site that created them, that’s why developers haven’t been able to easily load cross domain content for years, to mitigate XSS attacks.
The security relies on the premise that the only valid source of script is the originating domain.
The flaw here was allowing clients to add arbitrary script that was displayed to others.
You’re dead right that only the way to fix this is to do away with JavaScript access to certain things, but it will require a complete refactor of how cookies work.
I haven’t done any web dev in a few years, this might even be a solved problem by now and we are just seeing an old school implementation. 🤷

20 years of professional developer experience and some outsider knowledge of what Facebook has done in the past.

I’m not a cheap whore Meta, I expect to get PAID.

I’m only one voice screaming in the darkness, but I want to be clear.
These are not risks. These are certainties.
And the only thing we can do about it is refuse to participate in their bad faith actions, for whatever good that will do.

Maybe the client is faster/prettier/can show videos/uses less data/integrates with their phone better.
Maybe it’s got features that clients here lack such as the ability to host larger images or video.
Maybe the user is sick of responding to conversations over there and it not being federated, so they are ignored.
Maybe using the Threads app is just faster (because it’s local instead of batch federating).

If I was in charge of product design for Threads, I would be literally crawling the issue listings for Lemmy/Kbin and the associated clients looking for complaints and implementing solutions for those problems.
Then I would make a list of every limitation within the system and make sure Threads exceeds that baseline.

And then when I had made the software better in every measurable way (because I am paying a large team of developers to target those pain points), I’d start adding features that ActivityPub doesn’t, especially if ActivityPub instances would find those features hard to implement.

I’d make damn sure that every time ActivityPub changes from a source outside Meta, I’d drag my heels on implementing that feature, so that instance hosts are forced to choose between implementing the new version, or maintaining compatability with Threads.

Why would a user here move there?
Because their spouse/coworker/friend tried to send something for the 50th time and the message just never came through.

Threads will mainstream threads.
Any good content here will be available to the Threads users, who will be oblivious to where it is coming from.
Eventually, Meta will take steps to break compatability, and lots of the most prolific contributors from here will move to Threads exclusively (for a host of valid reasons).
When it is no longer in Meta interest to federate, they will stop.

The fediverse will continue, but it will be weakened by it’s temporary reliance on Threads (who could afford to host large images/videos/etc, have lower latency, etc etc).

Individual instance owners can do literally whatever they like.
Put up ads.
Charge a subscription.
Anything.

Let’s say instance A is hosting a community that everyone on instances B and C love to participate in.
But A want’s to earn some money so they start charging access to their local users.
This doesn’t effect users of B and C at all, because the data is federated.
The owner of A get’s grumpy and defederates B and C.
The users on B and C find somewhere else, either on one of their instances, or on D.

Everybody wins.

I’m not goin to shit on Briar, I hope they build out their dream.

It’s fundamentally not as easy to use.
My Grandma already has a phone with a full addressbook.
If she’s told to install Signal, it’ll just work as a drop in replacement for iMessage.

Briar meanwhile suggests sharing your contact info using another such as signal: https://briarproject.org/quick-start/#:~:text=When you choose “Add contact at a distance”%2C Briar,choose a nickname for them.

Briar is chasing different goals.

That single point of failure is to facilitate ease of use, with minimal reduction in security.
The messages are e2e encrypted and the server is designed in such a way that attempting to listen in would bring it down.
The signal org doesn’t even have your address book.

If your concern is “I don’t like signal”, you’re not going to make much traction.