Getting people to attach a(ny) value to it is the biggest hurdle by far. I think the complacent attitude is part genuine incapacity in dealing with abstraction (what is a data profile anyway? How is knowledge of my purchase history a risk to me?) and part exceptionalism/denial. People like this tend never to think in terms of power dynamics.
I’m sure there’ll be a carve-out to the mask prohibition. I mean, what if there’s protest action a minister/police department dislikes? They need a way for their agents to don confiscated Nazi paraphernalia before joining the event to poison its media coverage, while remaining unidentifiable as state actors.
The messaging app front I consider to be a long-term stalemate, mainly due to crippling network effects. Another factor is that strange psychology at play when making app decisions, where a person will have page after page of junk apps on their phones, yet utterly balks at the notion of installing a second messenger.
Even if a large actor (say, the EU?) managed to bruteforce some interoperability into being, I wonder whether that would be to the detriment of small apps in terms of undermining (or even eliminating) their privacy protections. I can use the likes of Session or Simplex all day long, but if the other side of the conversation is on a corporate product like Whatsapp… It runs into the same problem as email.
I question whether a lot of people even need sync.
Passwords in general don’t change for long periods of time. Really the only rationale for doing so is confirmed or suspected compromise (two-factor processes make this rarer still). It doesn’t strike me that an almost permanently static input merits regular synchronization.
The alternative is doing a one-off manual sync (copy and paste) between two local DBs, then locally moving one of them to the target device. Zero online connectivity has to dramatically reduce attack surface. Is five minutes’ maintenance per year an unacceptable convenience penalty to pay?