To change that, we need to change how profits are generated in the internet.

⇒ ads must end.

Well, it looks like “passkeys” are about to get a huge push with Apple, etc., behind them. I’d ideally love to be able to implement a frictionless authentication process like that that also enables people to derive and use their own private keys automatically.

Barring that, my current flow is to generate a Diceware passphrase that all other key material is derived from (signing, encryption, ssh keys, etc.) and which you’re expected to keep in your password manager.

But yes, the whole idea of small web relies on people owning and controlling their own keys (ideally, without knowing what keys are or how they work), so they can have ownership/control of their online identities and be able to communicate both privately (end to end encrypted) and publicly.

I’d welcome any movement to interoperate on such a system.

Passwordless authentication would become a huge cake once people realize they can just get rid of managing passwords.
Apple has taken the big bite, really big as they would build that in the OS.
Also they got dibs on the name "passkeys", for me it could be cool general name, but now everybody would associate "passkeys" with Apple.