Security and accessibility/simplicity are almost always at odds with each others. It's a tradeoff that needs to be made. You are entitled to dislike the current trend and prefer making security optional. But you can't possibly be surprised if most people are happy to prioritize their privacy and security over "the barrier of access to disruptive counter-corporate/counter-state information".

HTTP 1 is on a depreciation path and HTTP3 requires TLS, which would mean getting the blessing of a trusted (typically corporate) root cert every 90 days to continue letting random people access my website.

In the US, states recently passed anti-abortion laws which also banned aiding and abetting people seeking the procedure. That would cover domain names and certs if any relevant tech companies had headquartered in those states - or if passed as federal law.

Trans rights are actively heading in that direction, and supporters are the very same that lambasted NYT and others as "fake news" that needed to be banned while pushing narratives of contrived electoral processes.

Fear of political regression is real in America, without even looking internationally.

Societal and technical systems evolve together. With the depreciation of HTTP1, future cheap middleware boxes will likely effectively enforce using HTTP3 and consolidate the tech landscape around a system that is far more amenable to authoritarian control that the prior generation of protocols.

It's fair and valid to call out such scenarios when discussing international technical standards. These protocols and the consequences will be around for decades in an ever evolving world.

This is disingenuous.

The "most" in your strawman here is just companies like Google who want to a) bend to those who want to DRM the entire web b) hide and lock away their tracking traffic from those being tracked c) make ad blocking impossible.

Please explain why OC "can't be surprised."