Google is evil, and if we need to wrestle about that, I will. I'd like to see your red-team skepticism about their intentions and your attempt to consider how this may be a trojan horse or a false-compromise. Google is famous for making moves that look neutral or even good from many angles that are ultimately centralizing power in the hands of capitalists. With good reason, we should doubt why they are doing this. It does appear that the core intuition (if I understand correctly) in WebBundles //can// be used to improve decentralization of information power, but I suggest we should paranoically imagine how it may be exploitable by Google (that is our duty here).
I have some limited experience and a ton of skin in the game on this one. For several years, my wiki has had some of the properties of a prototype of a WebBundle, including an attempt at enabling cryptographic verification (https://philosopher.life/#Cryptographic%20Verification). My goal is to emit one huge all-inclusive html file with the signature wrapped around it (I sign and push/sync up to every minute). This enables me to distribute my wiki across many networks, even sneakernets, without losing one of the fundamental keys to my voice. I'm a second-class citizen on the internet compared to a large corporation, and I have to be able to effortlessly abandon or accept the losses of rented end-points (I really don't own my domain, access-point, or server...they are merely rented: I do own my private key though). In some sense, I have the opportunity to agnostically treat the methods of distribution as a lame middlemen pipeline (what we always hoped the internet infrastructure would really be). I give up my ability to control how my wiki is distributed in some sense as I enable anyone to pass around the signed wiki as a proxy. I happily lose the ability to check whether or not I want to send my signed wiki to any individual in many cases, and I lack interactive control of a session; it feels like I become a far more passive participant of the web, being incentivized to provide the read-only information valuable to ML and disincentived from relying upon dynamic real-time exchanges. I appreciate being able to prevent people from putting words in my mouth while also enabling users of my wiki to acquire and run the site offline, as they see fit, with maximum privacy and anonymity.
There's the context I have. From what I can tell, from a grassroots p2p practice, the reason that the signature "works" is because a user has maintained an old copy of the wiki or even just the public key that they do trust. They've chosen by hand to trust it's me that signed it. I'm not convinced that Google intends to maximize the automation and decentralization value of that kind of verification. It seems an incidental possibility at best (perhaps there's their quasi plausible deniability in seeking a monopoly).
They aim to be more than merely a very large peer, and I'm begging you to question that more openly with me. This feels like a disruptive feint only seeking decentrality in name. Perhaps their move weakens the powers of many web infrastructures that would otherwise continue to centralize, but I think they will continue to attempt to take over whatever power vacuums arise in that space (I assume they can see how to make money off this far better than I can too). When I see, for example, Dat become a first-class citizen of Chrome and when I see them empower client-side archiving, search, and moderation to users of their infrastructure (while taking Firefox and web standards off the leash), I'll begin to believe they intend to enable a p2p web. For now, I see them building an AMPed blackhole walled-garden where they aim to be the root server of trust and authority on what is salient while allowing the highest paying bidders to have degrees of access or control over our data, minds, and lives.
