Things like private photo/video sharing and private blogs can be done as long as the other people have network access to the same data store. I cryptographically sign an authorization for S3 to serve certain directories of encrypted files to my family/friends/whomever and include a copy of the symmetric key to each picture/video/blog post encrypted asymmetrically for that user.

I think the PGP/GPG web-of-trust thing can handle identity, although it’s more likely for someone like google to make it popular and go with a global approach rather than a distributed mechanism. (Or perhaps a federation of large corporate/government entities with a tenuously involved group of popular OpenID servers.) You could probably shoe-horn social networking into this framework, but it seems diametrically opposed to why people seem to use myspace/facebook in the first place. Unless the whole encrypted side of things lets a shady underworld flourish that people secretly want, but are afraid to expose that side of themselves on such a public forum…

A document search index can be stored in an encrypted form remotely; assuming we’re talking keywords/faceted data (and not something weird like an XPath search over every HTML e-mail you’ve ever received), you will only need random access to a small subset of the data. If latency is more of an issue than bandwidth, you can begin speculative fetching of portions of the index as the user types (slowly) on their mobile phone. (Information leakage from the random access might be a problem, and you would still need to own/control a more powerful/connected system.)

Additionally, intelligent caching can be used to keep e-mails you are likely to care about locally, namely recent e-mails and e-mails historically of interest or involving contacts you care about. A search index for a larger set of e-mails (perhaps still avoiding e-mails you are likely to totally not care about) could also be cached on the device.

Given the current trends of 1) faster mobile phone internet, 2) ever-larger solid-state storage, and 3) everyone carrying a cellphone, I think this is all reasonable.

I do recognize Joe Shaw’s point that e-mail is currently wildly insecure by default, but it doesn’t always have to be that way.

There is another axis of compromise. If you are willing to pay money (a shocking concept, I know) then you can have reliability and retain functionality and freedom — today this is called a VPS but who knows what it may evolve into. PC “system administration” isn’t that hard today, so there is hope that servers can be made equally easy.

I’m not even sure that offline matters that much for most people and most applications. We’ll have wifi in planes shortly, and I got net access via cell in the middle of the swamp of central Florida a couple months ago. (I got there via swamp buggy, but I ‘watched’ game 3 of the world series on my blackberry.)

The work in maintaining a web browser: finding a device with a web browser is easy, and requires approximately no work. Within 2-3 years, your TV will have it (via Wii or something else), your phone will have it (via iphone or gphone or blackberry or something else), and every computer you own will practically boot into it. It will take effort to find a device with a display that does not have a competent web browser. The data will be stored remotely, so the most failure-prone part of the device (the hard drive) will be irrelevant. If for some reason the browser in one device doesn’t work, you’ll just pick up the browser in one of the other two devices within reach.

Note that p2p only solves some problems- in particular, if you want to store data elsewhere, you have difficulty with search or performance or data security- you don’t get all of them. If you don’t want to your own data elsewhere, you then run into the same problems you’ve currently got- to reliably access from anywhere, you’ve got to have always-on and high-bandwidth from whereever your primary host is- either home (which makes it your problem) or colo (which means you’ve got to contract with a colo.)

I do agree with you that anyone who wants to advance freedom would be best off dropping everything else they are doing and working on solving self-hosting p2p. Or at least, some solution where data is controlled by the user instead of the service- openauth and openid seem potentially promising here.