In the same origin paradigm, new experiences have a significant cold start problem.

Any link is safe to click / any app is safe to start using.

But that's largely because it doesn't know anything about you, it starts from zero.

And any data you upload to it is scary, because the app/domain can do anything with that data!

EULAs theoretically constrain this, but not very much in practice because users don't read them and they are non-negotiable.

The privacy model is handled implicitly outside the core model.

It's safe to install an app, but scary to deeply engage with one.

This gives you a cold start problem, especially for experiences that have a network effect, where their quality rises with the amount of overall usage.

A product that is only network effect can't hope to get off the ground.

To get off the ground, you have to have a compelling primary use case that works without the network effect, to give the network time to get going in the background.

Privacy is the primary source of friction in the same origin paradigm.

If you do a lateral approach that handles privacy naturally, then a whole universe of things become viable.