dtdt1's comments

Encryption is not widely used because people are more afraid of losing/forgetting their encryption_secret_keys/passwords than others accessing their data. Plus almost all users trust large cloud companies like Google, Amazon, MSFT. Catering to the small minority that are worried about encryption with a usable key management product (which is what is lacking today) is not financially viable since they expect a open source solution.

I expect the situation to get qualitatively better when software obfuscation hits mainstream.

Since most users reuse passwords or use variants of it, we should push the industry towards something like PCI DSS for storing passwords and other user metadata. While PCI had credit card vendors to push it through, how can we do the same for user passwords and metadata? Maybe industry consortium of the big players volunteering to use one. If compliance is expensive, new startups need not use it and consequently users will use a 'less important' password for these class of websites. Or they will use a 'Stripe' for identity.

If internet access regulation can be compared to railway regulation it seems like providing a fast lane service is a fair option from the ISP point of view. The only wrinkle is when the ISP is a monopoly, in which case the definition of the tiers and the pricing in the individual tiers must be regulated.

Cloud computing is here to stay and it is the vendors of enterprise gear and the IT department who are nervous. This is not to say that enterprise gear is at fault, just that building robust, large scale distributed systems has been made easier in the last 5 years and the skeleton crew of devops is much cheaper per user considering the 50% enterprise gear margins and the IT department. Ofcourse, a conspiracy nut would say that theRegister sells a large portion of its advertisement to traditional hardware vendors.