I recently got introduced to a company called Polypoly. They are working on exactly the same, in the EU.
They have an interesting setup as a collective. Users of the software automatically become members of the collective. The website talks of automatic partake in economic success.
Curiously they also use the idea of self-hosted pods to hold the users private data and they even use the term 'pod' for this.
When the founder, Thorsten Dittmer, gave me his elevator pitch he almost use the same line of reasoning as Schneier.
Basically: 25 years ago, we technologists (while reading Gibson, mind you) thought that the web will bring freedom, understanding and equality to the world.
We were wrong.
Now we have to fix our mistake because we're the only ones who have a chance at doing this.
It is probably not exaggerated to call these sorts of companies the biggest threats to the business models of the Googles and FBs of today.
> 25 years ago, we technologists […] thought that the web will bring freedom, understanding and equality to the world. We were wrong.
This is not hyperbole. Every time some new stupidity hits the internet I have a moment where I recall having these conversations with people, and I wonder, if I still knew those same folks, how that conversation would go today.
I think, in a way, all of these devs had a simpler understanding of group dynamics. We had all of these small, mostly self policing communities. Everyone should have this! But big communities don’t have the same dynamics.
The cynical saw things like this coming, and thankfully some organized early. The EFF, for instance, turns thirty this summer. Wow.
But even I would not have guessed... this. Maybe if we had there’d be more EFFs and they’d have deeper pockets.
If you’re 25 and reading this, know that at least some of us are sorry.
We humans have a tendency where: we invent something, exploit it only to realise at later point the mess that has happened and then correct our path.
I see lot of negative comments on this thread but solid/polypoly is the beginning of that path correction for web. They might not succeed but something with the same underlying idea is going to.
Yep, the web is awesomely resilient in the long term to subversion. FB / Google etc. could completely privatize the entire internet and I guarantee people would work out something like PingTunnel[1] to get around it.
Sure, might need to operate at 1980's modem speeds for a while, but there will still be a link.
I have faith that the net will self-correct, but it might take longer than any of our lifetimes to do so. Such is the evolution of technology.
Dave Winer is fond of quoting John Gilmore, "The Net interprets censorship as damage and routes around it." It feels to me like the current breach of privacy in exchange for 'free' services might now begin to be interpreted as damage.
> thought that the web will bring freedom, understanding and equality to the world. We were wrong. Now we have to fix our mistake because we're the only ones who have a chance at doing this.
SOME thought the web would bring those good things. Likewise 25 years later I see this initiative as fixing some issues, but technology is fundamentally neutral (some might say “chaotic neutral”) and cannot bring freedom, understanding and equality. Those things must be regained every day. But I am optimistic about our prospects.
As much as I like the idea (and the people behind it), I have an hard time seeing how this can succeed.
The idea of pod reminds me of the self-hosting movement: people -including myself - host a bunch of services to avoid sharing fundamental data, like email, GPS-history or contacts.
Still, "self-hosters" interact with all the big personal data hoarder out there (FB, Google, the many ad and tracking companies) which expose them to the same abuses as any other internet user.
Basically, I don't really see a company like FB play ball with these guys, for two reasons:
1) the privatization of data would be a existential threat to their business model
2) the majority of internet users are oblivious to the data collection tactics employed by half the internet and I can't picture folks raising pitchforks for "pods" to become a standard.
≥ 2) the majority of internet users are oblivious to the data collection tactics employed by half the internet and I can't picture folks raising pitchforks for "pods" to become a standard.
Usually purely technical solutions to societal problems won't bring you far. It is still not bad to have them, because they essentially show what would be possible, if we just wanted. Helps in discussion as well if of all people Tim Berners-Lee was part of it.
However: we have issues of education around the topic and our jurisdictive let's the big internet corps get away with too much. Starting with taxes and privacy down to the societal effects their algorithms have.
What ad networks do is the digital equivalent of filming and spying on people who walk by your storefront. What they do, how they do it and the effects it has on society are wrong. Online Advertisement is probably one of the big drivers of the political division we are seeing lately, because controversial topics produce more engagement and more engagement is what people selling ads want.
If you'd explain the current practise to common folk, most of them clearly don't think is okay. This means both education and media isn't doing their job.
> What ad networks do is the digital equivalent of filming and spying on people who walk by your storefront.
Which is also legal, at least in the UK, and not many people have a problem with it. I think well-known, major abuses will need to occur before people take this seriously.
Some of the new JCDecaux digital signage I've seen in Berlin definitely seems to have a camera lens on its top. There's no posted notice concerning video recording, but I wonder if it's just a lens with no camera, a camera but not attached to the rest of the device, or only disabled in software.
I've worked on JCDecaux smart signage. The camera is used for analytics purposes using computer vision (people counting, attentiveness, demographic data, dwell times, etc.). Nothing is recorded. In some cases, processing even happens at the edge.
> Nothing is recorded. In some cases, processing even happens at the edge.
If the data is not processed at the edge, how is nothing recorded? This smells like extremely minced words.
IANAL (definitely not a German one) but I'm almost certain that even post-2017 it's still illegal to take video in a public space and send it elsewhere, without a sign, even if that video is not in some sense "preserved" elsewhere.
If data stays in RAM and is not written to permanent storage, I think you can reasonably say it’s not recorded.
Frankly, I think you could even persist it to disk as long as it was pruned within 24 hours and reasonably say it’s not recorded.
Otherwise I’m not sure how you can argue ANY data is “unrecorded”. Writing to a hardware buffer in the camera module would seem like “recording” to me by the strict standard.
If I go and record a stranger in the street today in Germany I am quite certain that would be illegal even if I delete the recording within 24h.
And I studied Film in Germany and had to deal with precisely this a hundred times. If WallDecaux is doing this, it is at least a legal grey area, unless they operate on private property, look at their own private property and have a sign that says there is a camera in operation.
Another theory that could place it in a loophole: It may be performing object detection without recording what we think of as normal video. Similar to self-driving technology and object recognition, useful data can be derived without actually recording the traditional thought of “HD video in color”.
> What ad networks do is the digital equivalent of filming and spying on people who walk by your storefront. What they do, how they do it and the effects it has on society are wrong.
wait a minute. i know there are currently startups that offer this exact type of analytics. and from what i know these types of analytics are extremely beneficial to both consumers and store owners. what exactly is the problem here?
What does a filmed image give you that isn't reflected by sales numbers?
The goal of tracking isn't to make and sell better products, the goal is to create an environment in which the product you already got gets sold more. So essientially people who track you want to manipulate you into buying shit you don't need at prices you wouldn't pay unless manipulated.
Tracking people who would buy your product anyways isn't all that interesting: you've already got them.
since on street analytics are already beneficial to everyone, consumers and providers, why should they be opt-in? they should be, and currently are, automatic opt-in with an option to opt-out. you are walking on the street, so any privacy is gone just from walking outside of your home.
My best guess if it does succeed it will be in the public sector or highly regulated industries, probably in the EU and not the "consumer web" as we know it.
Things like bank account information (PSD2), health care records, smart energy meters.
It just needs to be there and be good enough, so when the time comes and people are upset enough for whatever reason, regulators can instruct FAANG to use it.
Usage meanwhile by non-US public sector, corporations (worried about industrial espionage), ethical consumers, could be enough to get it to that sate.
What I was told by the Polypoly.eu guys is that they were pushing for and helping with the policy making that led to the GDPR.
They said that once it gets weaponized, using e.g. ML, it becomes /very/ effective at protecting an individual's privacy.
Think seeing some picture of yourself drunk at a stag night in a strip club on FB and marking it for being moved to your private pod (for memory's sake) or deleted (because you hold a leadership position and the picture doesn't resonate 'enough' with your carefully crafted social archetype).
Now the pod software will ask FB to remove the picture with a timeframe X in compliance with GDPR.
Including each and every copy of the content they hold.
All this happens automatically.
This also triggers a process that checks if the data has disappeared from the public after timeframe X has passed.
If not, the whole thing gets added to a class action lawsuit bundle by an AI. This also happens automatically.
When the lawsuit reaches critical mass, it gets filed in Brussels. Automatically.
Regarding 2):
This is indeed a big problem still. But even more so is why people use e.g. FB in the first place.
I think it will require some sort of services running atop the the pod infrastructure to make up for the loss of convenience the disappearance of certain data from platforms like FB has on end users.
And I see a missing piece here, at the end, in the approaches of Inrupt/Polypoly.
Facebook is not the social network but an advertising company. Their product is not the data but ads.
1) They will play ball because they can incorporate the pod data into their advertising platform. They may even start hosting pods for the people who trust them. Pods allow them to sell advertisement for all the people who refuse to create facebook accounts.
2) People will instantly care once you can sell your data and make money. Facebook and other advertising companies will pay for the data. Insurance companies will reduce fees for people who have pods.
The last bit is what has me most concerned, services getting more expensive because everyone is expected to subsidize with their data. I guess then it’ll just be time to build something that drips realistic data about me to the pod.
I wouldn't necessarily equate "distributed data ownership" with privatization of data, but more to the ability for more people to leverage said data more in their favor as apposed to what the digital overlords like FB et al. just allow people to do on their platforms (and their platforms only).
I think as long a some internet users at the margins get exposed to the downsides of the asymmetrical relationship they have with bulk data collection mostly benefiting the few (and have the ability to subvert it to any degree) the digital overlords are facing a death by 1000 cuts rather than the swift blow everyone seems to expect.
Will Inrupt be the thing that brings the digital overlords to their knees? Probably not, that will be best achieved by the digital overloads themselves overtime by creating the conditions for people to even want to pursue and allocate resources for ideas (like those that Inrupt invokes in some) in the first place.
One way Inrupt approach could work is through Trans-national regulations (e.g. EU).
I still believe that a major change in the way data collection tactics are carried out should come from "below" (the people) rather than some incompetent digitally-challenged politician.
Practically, if all the technical challenges of Inrupt are sorted out - and I see many - this could become a standard enforced by "enlightened" governments.
This would probably take a lot of lobbying and can only work if
>I still believe that a major change in the way data collection tactics are carried out should come from "below" (the people) rather than some incompetent digitally-challenged politician.
This is the only way as far as i'm concerned, if something is to be long lasting. People have to be living it in practice because of the inherit cost/benefits of system over another, no matter what any particular government makes a diktat for. Right now, most people are cost/benefits skewed towards the fb's (but that is slowly changing to me beacause the cost of computing continues to decline, while the knowledge of such increases at the same time as people at the margins experience higher perceived costs with the fb's).
>This would probably take a lot of lobbying and can only work if
Thats still playing the game of the giants… why play that game if trying to something new? Probably there are cheaper ways to subvert it, while making the giants pay increasing lobbying costs for ends that chip away at their power.
> 1) the privatization of data would be a existential threat to their business model
> 2) the majority of internet users are oblivious to the data collection tactics employed by half the internet and I can't picture folks raising pitchforks for "pods" to become a standard.
Both of your points are spot on.
Since #1 would only change if forced, I believe it would need to start with #2 ... which I think requires a _permanent_ social change in the perception of companies that behave like FB... Something even more potent than their recent political meddlings, something so incompatible with western political ideologies and human rights that such companies become pliable and change their business model merely to survive.
I'm not sure what the instigator for such a change is yet, but it will need to make everyone very upset...
> the majority of internet users are oblivious to the data collection tactics employed by half the internet
I agree with this, but it's even worse: the majority of the remaining internet users who do have a clue about data collection, either don't care, or accept it as inevitable.
Yep, I have dabbled in self hosting and have a systems running at home for decades. Unfortunately self-hosters also have to be their own blue team, doing own vulnerability management, patching testing and it's relentless.
I don't think it's an existential threat to FAANG. Because they could request access to your data to perform their AI/analytics on it to then be able to deliver you value-added personalized services.
Most likely these sort of brokered accesses will be the purview of third-party data brokers who will handle your pods for you.
Why would people accept their data to be harvested?
I guess money could be an incentive, which is quite interesting because it would fundamentally revert the power dynamics between the big data abuser and the people.
>Why would people accept their data to be harvested?
Same as always, to get services free of charge. If I want my photos to be searchable, I'm going to have to let someone run their AI on them.
As an iPhone user, I have my photos in iCloud. I'm paying for it through high device prices and storage fees.
But as Apple's business model is to sell expensive devices, they won't let me securely share my photos with my wife who doesn't own any Apple devices.
So I also upload all my photos to Google Photos where I'm benefitting from a far better AI as well.
If my photos were stored in a Solid pod, I could grant access to various service providers who use various different business models, but it would be far more flexible and easier to switch.
That's what I'm hoping for. Not sure if it will ever come to pass, but it's worth a try.
> If I want my photos to be searchable, I'm going to have to let someone run their AI on them.
In the next month or so, that won't be true anymore if you use PhotoStructure to host your photos and videos. Disclaimer: I'm the author.
PhotoStructure is software you run, on hardware you own. It runs on desktops, docker, or headless servers, like your NAS. Your library is stored in a cross-platform, open format, so you're free to change how you host your library. I'm still enrolling beta users to try it for free in exchange for their feedback. Later this year, rather than being ad-supported, a subscription will enable advanced features (like automatic tagging based on image content).
(and as the Solid framework becomes more useable, I'll definitely try to support it).
To add another item to your list, when you're in Apple News and maybe you're reading a free online publication like The Hill, there's no obvious access to Safari, and when you try to share the link it's an Apple News link. There used to be an easy way to get to Safari until recently.
But what if pods are inherently "closed" as you imagine, but a company would actually have to pay a fee to access some of the data and run whatever algo they want.
Would this create a society where low income persons would be perennially targeted by intrusive ads?
That society doesn't need to be created because it already exists. What Solid would do is give all of us a bit more flexibility to set our own priorities than we have now.
People on low incomes will always have fewer options and less flexibility. If we want to change that, we must change income inequality. No technology or business model will ever change that.
Problem with their approach is that their marketing pitch is all wrong.
There is no demand for what they are selling because there is no value in what they are selling. The value comes from network effect and at the beginning there is no value, just cost. Mainstream users don't care and companies either don't care or don't like of that kind of talk.
Inrupt should start with completely different sales pitch and product idea. They should delay the privacy talk and user owned data until they are bigger.
Start with smaller IoT companies. Provide and market actual services they want. Mostly they want automatic data management, cloud services on cheap. They want to avoid any EU privacy hassles. Handle all that, I18n and internet user interfaces for them. Provide mobile and desktop clients. Just provide simple apis and ready made interfaces for companies to use.
Once the protocol and pods become normal users start to discover that they own the data and third party uses and products for that data may emerge.
I would go further and recommend two or three targeted websites.
Maybe one targeted at developers who would like to cater to a more security conscious market, small though that may be, and get some applications in the field.
Another site for the public focused more on what they can do, maybe promoting applications. I understand they want to get word out on their larger cause but it's just so abstract for most people. IMHO, get people using the apps built on the platform until the sharing of data between those apps becomes a compelling reason of its own.
Perhaps another targeted at the public in general that speaks in more concrete terms to advantages they can provide. This would be an uphill battle but things like the Target and Eqifax Brach clearly show the current model has problems.
This kills the innovation or puts too much power to the first innovator.
- if solid will dictate a protocol for data, it should cover the common denominator: so if you have your email on gmail now, lets say solid is covering basic email structure, i can move my email data to another provider, but about my filters? On other tiny stuff that gmail builds on email
- if i invent something new in a chat app, lets say stickers. I implemented that. (Should I ask solid to update protocol for this) Now all other chat apps supporting solid, has to follow my lead? Interoperability will be hell to manage.
- even with the limited number of browsers, we couldn't manage to unify the protocol. Protocol stuff is real hard.
> but about my filters? On other tiny stuff that gmail builds on email
All that is data, so those, too, could be stored in your Pod and brought along with you.
> Should I ask solid to update protocol for this
No, interoperability can be achieved through your data model, which is yours to decide - Solid doesn't dictate the shape of your data. But as you noted, only competing apps using the same data model will be interoperable - stickers won't suddenly appear without the developer implementating them.
(Disclosure: I also work for Inrupt, but views are my own.)
Speaking of email in particular, I'd be keen to chat to you lot about the JMAP protocol, which is hoping to provide some of the "modern data model" around email (and we're now working on Calendars)
Not saying this is not hard, but I assumed (without having read into it) that the protocol solid itself is much more low-level than that.
What you're describing sounds more like owncloud's level of operation: we host email / we host pictures
I'd expect Solid (or any competing protocol) to provide very low-level access to "data" in some form. A third party (let's call them smail) would then provide the service "send and receive email" (to stay with your example, although I'm unsure email is a good fit). Crucially, the value that service adds would not be hosting and backing-up of your email, but rather just the interface and functionality. Ideally, all the data would still be hosted on your pod. When smail does indexing of your email, they load them from your pod (after you granted them access to that data) and do their thing. The difference to now being that at any time, you could choose a different provider that provides a different interface to the same underlying data.
As I said, I didn't read into it, but that's what I would expect.
"Crucially, the value that service adds would not be hosting and backing-up of your email, but rather just the interface and functionality"
Yeah but doesn't that create a problem, vendor lock-in.
Let's imagine we managed to separate data into 2 parts (which I suppose pretty hard), content and meta-data ( by meta i mean service specific information )
Let's say, if I label an email in gmail, it is meta (service specific data), should gmail store this in my pod?
- if gmail will store this on their data center, it would lead to vendor lock in.
- if gmail will store this in my pod, in a service specific container. Can they use their own spec? Or will they store this with data with extensions ( XMPP all over again )
Now imagine they chose the second one, I migrated to smail (imagine they decided to go for folders instead of labels), do they have to do some migration on my data? What if I go back to gmail again? Or I decide to use gmail one day, smail another?
Tbh email is the most easiest situation here, as it has some kind of global standard, Twitch vs Youtube case would be more complicated.
I think of solutions like Solid more like traditional filesystems. Many file formats exist for things like images, and yet there are lots of apps that work with these formats.
I imagined it more like a schemaless database. Apps could save and use whatever data in your pod without any protocol changes.
> i can move my email data to another provider, but about my filters? On other tiny stuff that gmail builds on email
The other provider would provide those integrations, or a superior competitor will.
> Now all other chat apps supporting solid, has to follow my lead?
I don't think there is any mandatory integration. I think apps can choose the level of integration they implement. Maybe a feature of your app is that it purposely removes/ignores stickers, so you don't integrate. Another app may be all about stickers and even lets you augment and modify them, so it integrates heavily.
"I imagined it more like a schemaless database."
schemaless database would destroy the system immediately. All providers putting their own meta-extensions will make my pod trash
"The other provider would provide those integrations"
Yeah but imagine I moved from gmail to let's day new competitor smail, let's say they implemented filters too. Now they have 2 options, import my gmail filters, make new data structure as their own, or all the time support gmail filter structure with its limitations.
In both cases there is no happy ending, supporting N different data structures is not easy work. Cloning of the data is more disaster in the end.
> All providers putting their own meta-extensions will make my pod trash
This is the way the world is now except that you don't even have the data. Otherwise you bring up some good points. I imagine the answer is that sites will be incentived to cooperate with each other creating informal mini standards along the way. Sites that disagree with the standards can build their own data structures but won't be able to leverage existing networks, so it better be worth it. Eventually you could have different flocks of semi-interrelated apps that each act on various parts of the shared data structure.
The first innovator has already come and went along with dozens of others. It’s not a new idea.
If Solid wins the market, they will have earned their position by overcoming incredible odds and offering something millions of people want.
This thread is full of people arguing how unlikely that is, so if it comes to pass, it will say something much more about Solid than “they were first”.
I am very excited about Solid. That motivated me to write my thesis about a decentralised wiki, where Solid is its foundation. For further information, you can have a look at my work journal (https://ma.parrillo.eu).
Great to see someone with experience with Solid. I have few questions, maybe you can answer.
I saw on your blog about wiki data model example. Let's say you built a Solid app around that one. Put on a website like superwiki.com, allowing users to create their wiki pages.
Now then later, wikipedia came to scene, published another data model, and made another Solid app, put on wikipedia.org.
- How will I move let's say my data from superwiki to wikipedia?
- Does wikipedia then have to somehow implement some import functionality?
- Or Solid has to have a protocol (standard) for wiki entries?
> How will I move let's say my data from superwiki to wikipedia?
Your data is not on superwiki, but on your Pod. So you can connect Wikipedia to your Pod, see your data in their app, but it's still in your Pod, rather than having been moved.
> Does wikipedia then have to somehow implement some import functionality?
As follows from the previous answer: no, because the data never moves to Wikipedia. However:
> Or Solid has to have a protocol (standard) for wiki entries?
No, apps define their own data model, so Wikipedia will have to understand Superwiki's data model. Ideally, they agree on a common standard for this, using that standardisation either as a selling point or as a way to comply with future regulations. But of course, an app could also just unilaterally imitate the other's data model, just like e.g. browsers imitated each others' extension API or bookmarks data model.
(Disclosure: I also work for Inrupt, but views are my own.)
I understand data is not moving but if data structures are different there has to be some kinda merge or cloning of the data.
So basically I am at Wikipedia and Superwiki's mercy for interoperability.
What is the value of having(hosting my own data) if I cannot move.
"unilaterally imitate the other's data model" sounds good at the beginning, but what will happen when superwiki is constantly evolving its data structure, and wikipedia also at the same time developing features. And now imagine this with N Actors instead of 2.
Regulations maybe can help on basic data , but for extended data there will be a lot of conflict. (ex: I can move my friend list, but can't move let's say special data I assigned to them in one app)
> What is the value of having(hosting my own data) if I cannot move.
The value of having your own data is, precisely, that you have your own data; nothing more and no less.
Furthermore, and although I'm no expert in Solid's and other implementations, it's quite likely that you, or other technologists, can more easily help you achieve the interoperability you so desire if your data is not locked away behind thousand APIs and rate-limits; after all you do have your data in your pod. Think of Instagram, what if all your data was stored locally? Even if it was stored in a really messy JSON schema or whatever you can think of; it's still trivial to massage that data to import it into Wikimedia, or iterate through it and send it in batches to your email, or remove it, etc.
I'm not sure how solid plans to keep applications from stealthily generating derivatives of the data they manipulate. I can imagine some sort of separation would have to happen at the browser level where the "app" provides a scaffold and the browser replaces in your data.
> I'm not sure how solid plans to keep applications from stealthily generating derivatives of the data they manipulate. I can imagine some sort of separation would have to happen at the browser level where the "app" provides a scaffold and the browser replaces in your data.
I don't believe Solid will be able to "enforce" anything - worst case, apps can just not use Solid. I see Solid as the technology that enables apps to respect your control of the data, but the incentives for implementing that has to come from elsewhere, e.g. customer demand or legislation.
(Again, personal views, not necessarily Inrupt's.)
Correct, you are at the mercy that both Wikis are interoperable. But, each of the N actors can have its model and only agree on an abstraction, which the interoperability is based on. Let's assume an application provides a new feature, which deviates from the abstraction model. As an example, that feature could be of a "like" counter. The counter would then only be visible in a subset of application.
Since the underlying data structure is a graph, every application can attach arbitrary information to an node. But the application only retrieves the necessary bits. Furthermore, I think that apps must be able to handle missing bits to some extent.
I hope this is not confusing. If it helps, one could think of Solid to be the GraphQL endpoint, where the clients send queries expressed as SPARQL and only get back the requested bits of information.
My understanding and expectation are that it’s up to various actors to build processes/apps that use what data you have and make available to them in ways that are meaningful for their service. You then get the benefit of having YourData in services X, Y, and Z. In your example, your data has a Superwiki presence and a Wikipedia presence, which may not be identical, as its up to Superwiki and Wikipedia to present your data in their own meaningful way.
Assuming each service has the capability to create and store data, that new data is still yours, and other actors could request access to it.
I think this will result in various actors taking on the burden of keeping up with the Joneses—which, I think, would eventually coalesce into similar services establishing their own versions of shared data schemas with their own unique value-adds on top. Of course, these value-adds are likely still your data, and it should create somewhat of a feedback loop for similar, even competing, services. You likely would only be bothered to grant additional data access as the shape of that data changes.
Hey, great that you're interested in Solid! It might be me not having paid attention, but I think I haven't come across this earlier. It might be interesting to share this on the forum as well, to get the community's input: https://forum.solidproject.org
The problem I have with these sort of initiatives is that they don't solve the real problem. Here's the thing: I want to own some of my data, but I don't want to own most of it, because it shouldn't be collected in the first place.
Solid and other alike work in theory, but in practice I have some serious doubts. I believe that instead of owning your data is far much better to camouflage or destroy your data before it gets out there.
One positive aspect of Inrupt could be it would make it easier to clamp down on nefarious data overcollection because you’d actually be able to see all the data Google et al were collecting on you in the first place.
Google Takeout exists, but Inrupt turns the tables and essentially makes Takeout the standardized real time default rather than an optional extra. It could be the foundation for new work to protect consumers, not the be all and end all.
Hmm, I wonder about this. Consider that company A requests and is granted access to some of your data - what's to stop them selling that data on to company B?
Regulation could form part of the solution, but I'm wondering if anything can be done from a technical standpoint.
If users could see the data that was collected about them, like solid proposes, some of it would never be collected anyway. And if it was, it could easily be destroyed, revoked access to, etc
This sounds great. I imagine a world where gmail had a setting whereby they had to use my storage for their service, mounted over the internet using SSHFS or something. This would be fantastic! No more IMAP syncing to backup my data. My data would already be my data.
Even if the “pod” is a virtual one in a data center, as long as the webmail provider is a different company to the pod provider, the data access is granular enough, and the terms of service enforce that the data is stored in a way that’s readable by me, this can only be a good thing.
Perhaps legislation could help here? What if the service company starts encrypting the data they store on my pod and refuses to give me the key? It would be good to wield the power of a regulator against bad actors who do this and any other shady rule bending.
I totally agree. And I'm currently building a tool to gather all of your data into one database and let developers create a way to interface with it. It solves the problem that you're describing but could also greatly simplify development. Very soon, I'll be releasing a CLI to index all of your data from platforms like Gmail, Spotify, etc. If you want to get notified when it's ready drop your email at https://www.aspen.cloud
Sorry but what happens when i grant access to a company? It will collect the data i granted access to and then resell them to other companies and buy data from other firms too so my data will be spread around exactly as now so even if i like the idea, what's the advantage? Am i missing something?
Well for one your data lives in a place where you can govern it. Nowadays your data lives in all places you use (Facebook, Gmail, Twitter). Ever tried taking stock of your data lately? It can take weeks to do it for all services and importing the exports into a self hosted alternative is nigh impossible.
Still one risk I am seeing is that services might still want to intern you once you have given than access to your data. EG: a Foto app needs access to your photos which you grant but also introduces social commenting features which don’t trickle back into your pod. So you as a consumer are still incentivized to use the proprietary service.
Web Giants 1
Solid 0
EDIT: I am still supporting the idea of getting SOLID out to the masses though!
As soon as you grant access to some data in your pod to someone, they can make a copy and then it's out of your control. I don't see how you can govern it unless you just never grant access.
It might make it easier to regulate. If you revoke access and can prove you own the pod the data originated from, it provides a way for a sort of "individual DMCA".
> Well for one your data lives in a place where you can govern it.
Only until you've shared it though, right? Whoever you allow to access it can copy it (and some will be required to do so by law), and you no longer have any control over what they do with it.
I may misunderstand it, but isn't it basically OAuth/"Sign on with X and control what they see" for all your data, not for authentication? It's convenient, but I don't know that it gives you (long term) control. I'd still like that for synchronization, but I don't see the big value.
Solid's goal is nice but its solution ia based on RDF and semantic web. Those technologies failed to take off for a web 3.0. I dont see this going to take off either. Turtle is just another syntax for RDF because XML is too verbose....
Anyway i do see a lot of value in IPFS, its solving a different problem, but it's related. It could allow for storing private data encrypted in a non centralized way, having the pinned copy owned by you.
I dont think the data format is going to be Solid based.
> Turtle is just another syntax for RDF because XML is too verbose....
I'm not so sure that alone should be dismissed - html was "just" a simpler docbook. And json too, if you squint, is just a dumbed down xml - in the sense that both represent graph/documents.
[ed: and xml was just a simpler sgml].
Both json and html dropped some important features from xml/sgml, but I think the resulting simplicity (both good and bad) had a hand in the success of first the web, and later the "json-rest" web 2.0.
(I have a hard time calling it REST as it retains quite few of the benefits of rests, and modern SPAs aren't really REST at all, but rather "move able code" - more architecturally like office documents with rich macros than REST).
I am inclined to be skeptical of semweb technologies as well, and certainly I think there are many in the Solid community that look at it as a sort-of second chance for it.
However, I do think many of the reasons I think it failed the first time around might not apply in the case of Solid, where it's used for modeling just personal data stored in a place under the user's control - which comes with its own unique challenges for which it might actually be a good match. I'm on a phone with bad WiFi now, but happy to dive into that more later if anyone's interested.
(Disclosure: I also work for Inrupt, but views are my own.)
Glad to hear you like it! The plan is to charge for a hosted version. (You could still have your own mirror if you want). We want to keep our incentives aligned with those of our users.
Turtle is a very nice format to read and write RDF in. There is no same XML serialization of RDF. RDF/XML is very annoying and unintuitive to write and parsing it into triples requires a lot of work so you need a special library anyway. You might as well start with Turtle then.
That being said, it's easy to convert from one format to another: you'll get the same triples. So just use what you like.
I'm not sure that because Semantic Web didn't work that implies the technologies don't work.
The Semantic Web isn't the technologies it was an initiative.
Having said that the technologies you mentioned do have developer experience problems. Some think devs just don't understand them, which is partially true, but having a fugly toolchain doesn't help!
> It is not hard to imagine your Web-enabled microwave oven consulting the frozen-food manufacturer's Web site for optimal cooking parameters.
This is Berners-Lee being visionary about the potential of a world-wide network of computers. The problem is not just the terrible technical implementation, it's also that the vision behind all this semantic web stuff was one of soulless dorks who saw the world's population spend their days semantically marking up All The Things to get the most of their web-enabled microwaves.
Everything I have seen Berners-Lee prominently involved in sucks at every level from micro to macro. Take urls: url query strings separators conflict with html escaping, the port syntax conflicts with the IPv6 syntax (which came first) and finally urls are not even self delimiting, so Tim hatched the aesthetically compelling workaround to write them as <URL:http://example.com>.
>It is not hard to imagine your Web-enabled microwave oven consulting the frozen-food manufacturer's Web site for optimal cooking parameters.
>This is Berners-Lee being visionary about the potential of a world-wide network of computers.
That sounds very much like the sort of stuff that gets spouted by the IoT crowd too though isn't it?
>The problem is not just the terrible technical implementation, it's also that the vision behind all this semantic web stuff was one of soulless dorks who saw the world's population spend their days semantically marking up All The Things to get the most of their web-enabled microwaves.
Well, aren't there a huge mass of developers spending their lives writing custom code for every damn API, and then integrating with more custom code. And each time eventing new poor ways of describing the things and relationships?
From what I understand, SemWeb is/was pretty much TBL's pet project at W3C, and the one thing he was interested tinkering with. SemWeb such as RDF, SPARQL, OWL, etc. isn't terrible to work with, and has found it's niches; for example I'm working right now on a project making heavy use of graph DBs and SPARQL for biochem, and the standardization has profoundly helped F/OSS and commercial software funding in that area, and has helped funding research (eg. identifying tractable fragments of first order logic with OWL/2). But OTOH the SemWeb stack feels very much a design-by-comittee, with lots of "reuse" of other unrelated W3C tech such as XML, and I don't think it will ever become mainstream apart from things such as Wikimedia's public data sets published as RDF where it seems a good fit.
The more problematic side with TBL's SemWeb love affair is that it has resulted in web core standardization to become neglected at W3C. For example, W3C HTML was last published in 2017 as a recommendation (with plans to merely "bless" WHATWG snapshots going forward, which however hasn't happened so far). Likewise, the SVG2 effort (with little but still welcome additions/cleanup compared to SVG1.1) has stalled, etc.
As much as I like the ideas behind SOLID, I just don't seeing it panning out. The semantic data model is exactly the same as the one 10 years ago when it didn't catch on.
One of my biggest pet peeves there is that the default mode of operation is using a de-facto centralized ontology that is mutable and non-versioned. How is someone supposed to build up a semantic database when the semantics can be changed any time from under you?
You don't have to use a single Ontology for your data.
You can pick and choose a range of Ontologies or parts of, and the version of which that you like.
I would argue its more flexible than getting data from a source where you pegged against the APIs schema and version for the data you ingest, and the way they happen to have defined their API. Also, there being no reference to the object and fields beyond that companies API, i.e. much harder for data integration and discovery.
Even if API just used schema.org for defining their objects that would help IMHO
It’s 20 years, not a decade. It’s like Sir TBL felt bad about not being able to capitalize more on its first invention (the Web), then spend the remaining of its life trying to reinvent it with a technology stack that got epsilon adoption.
My problem with all those pro-privacy apps is that privacy has a price[0], and a price most consumers (me included) are not willing to pay.
There are, essentially, two business models on the web. One is to provide the services for free and sell ads, the other is to charge for the services directly. To earn substantial amounts on ads, you need to track consumers massively.
As a consumer, I definitely prefer being tracked than paying for all the services I use. That's the stance of most consumers. If there's a free alternative with a lot of tracking and a paid alternative with good privacy, the free alternative will win. That's how the free market works. Privacy has a price, and a price most consumers are not willing to pay. Forcing them to pay it for some antiquated notion of privacy is just... wrong.
Radio, TV and magazine ads were minimally tracked and worked for years. The only people telling us we need tracked ads to make money are people selling tracked ads.
Radio, TV, and magazines all have the same thing in common: from the user perspective, they’re read-only. As broadcast media, their scaling models work differently than social media, which includes the storage and/or transmission of user-created data.
If Google, Facebook, et al had no costs whatsoever involved in scaling their businesses, then they could be replaced by non-profits providing the services pro-bono.
> My problem with all those pro-privacy apps is that privacy has a price[0], and a price most consumers (me included) are not willing to pay.
For anyone who wasn't aware:
WhatsApp was killing it even as they were shouting from the front of their app and their web page that they were a paid product.
And they hadn't even started monetizing API access etc.
Edit: just looked at this and it checks a number of boxes:
- no blockchain (as far as I can see)
- no coin (again AFAICS)
- smart people
- a real problem that has been bothering me
I guess I might be happy to stand in line to pay for the product when this materializes just as I was happy when I finally could pay for WhatsApp (I was an early adopter and got it for free the first few months and paid later).
As a consumer we don't get that choice. Most of the products we want are not available for purchase, and often when they are they still track us and use our data against us.
The notion that there are two business models on the web is a myth, at least for consumers. Only in B2B services do you ever see things available for sale or a fee without data collection and tracking attached.
Nobody is forcing anyone to pay for anything. If a paid product gains enough momentum to crush free products, then it is the free market in action yet again. Short of rough men threatening to do violence upon you, nobody is being "forced" to pay for anything.
I think your point is largely valid today, but there is push for a regulatory regime to force some of those privacy invading, but "free" options to either be greatly curtailed or eliminated. Without getting into whether such a push is valid or not, should it succeed... the rough men threatening violence won't be coming to force you to buy something... but they will come to stop those from offering you a product that you might choose to use. In that event, we shouldn't confuse the outcomes as being free market outcomes.
How would you even begin to imagine a free market around this? To get even the slightest approximation you’d first need to abolish copyright and patents and any other distortions enabling hoarding of imaginary capital, probably need to take a stab at the very definition of a corporation even.
Whatever market there is to speak of currently has very little resemblance to a free market in any case.
What looked like acceptance for a while was mostly ignorance, and that's changing fast as people start facing consequences. I prefer a world where no one is tracked or profiled, because every step down that road increases the difficulty of turning back exponentially. This is not about convenience, this is about creating a future no one wants to live in.
I have mixed feelings about Solid. I really love the ideas behind it, and having Tim Berners-Lee (big name in tech) at the helm is a huge plus. However, I have some trouble with some of the technical choices, like RDF/Turtle. Given that most web developers are familiar with JSON, and many web APIs / services talk JSON exclusively, I feel like that should be the default recommended choice. Given that there is a lot of semantic web data already in RDF, I think that format should be supported, but not encouraged going forward.
I also think it's clear that Google and Facebook are not going to want to give up control of this data, and are highly incentivized to provide the best and cheapest services they can to keep users on their platforms. People are used to keeping their stuff in Google Drive, and wouldn't move it unless there was an easy way to do so and a good reason to even think about doing that.
I'm excited to see where it goes though, as centralization is a big problem on the web today. I try to self-host my own personal data but it's so hard to work with it in nice consumer apps. For example, I'd love to see CalDAV and CardDAV supported in Android, but for now I need to use DAVx⁵ to sync my info, and it doesn't seem to show up in Outlook for Android after years of requests to Microsoft for the feature.
I'd really like to hear other thoughts on this, as I'd love to see Solid succeed. Anyone working on Solid in this thread?
Note that currently, the Solid spec mandates both RDF/Turtle and RDF/JSON (JSON-LD). That said, it's perfectly possible for an app to read/write any data format they choose, but RDF deals with some challenges regarding data discovery and interoperability, and allows for more granular updates with smaller payloads.
Like many others on this thread, I have a hard time seeing how it can succeed. I’ve been following anytype.io for a while and it seems like a much better solution that comes with a built in product. No need for pods since they live individually on each device. And it’s based on IPFS, which seems to be a much more established protocol for dealing with this sort of data.
It’ll be released later this year and hopefully it lives up to the hype.
I am not quite sure of the problem they are trying to solve as it isn’t directly stated. I suspect they are concerned about non-public data hoarding and the resulting centralization on an otherwise public and distributed platform.
If my assumption is correct here are some potential alternative approaches:
* Private platform reliant upon anonymity and public data. The value is the application delivering the best decision(s) returned from a consideration of available data, what some people might think of as AI. The better AI is more valuable than holding data.
* Private platform fully divorced from both data and anonymity. The data is what a person or organization already holds and what they are willing to expose in a private relationship to somebody they know and trust. The relationship is more valuable than the data or the application. This is something like WhatsApp mixed with a tiny operating system that works more like Bit Torrent than using a central service. I am working on something like this.
* Public platform reliant upon mixins of various public data. This is the semantic web of the prior decade. It never took off because nobody wanted to expose their data. Data is king, especially when the corresponding automation isn’t a valued portable commercial product.
* Tiny portable data driven application architecture. Applications need only enough data to perform their functional task at any given moment. The value is purely driven by the application’s output regardless of where data on the fly comes from. This is something like Siri, but more specific to a given task.
In order for ideas like these to be commercially viable data must become a commodity or at least less valued than almost everything else. This is hard because there are very real fears (such as lost privacy) around treating data as a traded commodity and because in many cases software, as a business practice, is still in the dark ages.
For me the problem with this approach is trusting that encryption will keep your data safe indefinitely. I worry that current encryption algorithms will become crackable at some point in time, let’s say in 50 years. I wouldn’t like for my current medical records to become publicly available then.
I agree but I think just having your own VM in the cloud solves this. If each user has their own IP then you can basically get E2E encryption between users with SSL so you don't need to worry about encryption as a developer or user. I really don't like the idea of assuming people have access and relying on bulletproof encryption on a completely decentralized system. I would much rather trust a cloud provider that I'm paying for.
I'd rather pay for hardware I own than someone else's. (I accept the 'hardship'.) And that I can unplug should problems arise. (The cloud is okay for public things.)
I would like to see some time-based permission scheme, for instance the ability to share my credit card information with Amazon for the next five minutes as well as the ability to share my address with Amazon for the next year.
My hope is that this could eventually be built out to support discrete identities, perhaps one for personal use and another for work and a third that is meant to remain anonymous.
A PKI based infrastructure comes to mind, that would provide the ability to revoke access. Technically I don't see a way to force systems to stop using revoked data but maybe the revocations could be used to provide legal proof that a specific company no longer has access to specific data.
The obvious way (to me) to attempt this is with regulation. If you log everything on your pod, you know by what time Amazon should have forgotten your info. If you can prove at a later date that they still have that information, there should be big fines. Also, engineers implementing systems that ignore regulation would be culpable.
I definitely agree with this sentiment but I think rather than reinvent the wheel we should be applying current web standards to users instead of businesses. If every user had their own static IP, sever, and SSL Cert, database, DNS entry, etc, we'd be able to create the web that Tim originally envisioned. And until now that would be prohibitively expensive and complex but could be real possibility now.
"Your data lives in a pod that is controlled by you. Data generated by your things -- your computer, your phone, your IoT whatever -- is written to your pod. You authorize granular access to that pod to whoever you want for whatever reason you want."
Whereupon they copy your data, aggregate it with other sources, and continue on their merry way. Security theater in action.
I wonder how much data sharing we would actually do if this did exist. For example, your Facebook friends list is not your Twitter follows, nor your YouTube subscribees, nor your phone contact list, etc. There's some overlap but essentially they're different lists. Isn't a lot of stuff like that?
It still would be nice to have control and visibility of all that data automatically.
Actually people don't want to self-host anything. They want their data to live "somewhere in the cloud", accessible on demand. At most they wish this cloud to be "trusted" or "secure" or "privacy-respecting".
Until we find a viable business model for trusted and privacy-respecting cloud, we can't move on.
While I haven't studied their idea enough to be able to argue about it's effectiveness and/or flaws, I am glad that they are doing it, being who they are.
It really looks like we need a central paradigm shift. A free world designed for educated academics cannot survive the greed and stupidity of the whole world it seems.
Somehow, Semantic Web and associated ideas does not seem to have panned out in practice. I wonder whether HTML is the ASCII of the web world - clearly just intended as a first step and supposed to be obsolete over time, but proving to be a survivor, and a hurdle against future improvements due to wide adoption.
I think HTML wasn't supposed to become anything - by the time TBL got HTML 0.9 or so out of the door, it was based on SGML which, in turn, was the meta-language invented to capture and evolve all kind of text notations (also covering, for example, Wiki syntaxes such as markdown and MediaWiki used for writing large portions of text we're reading on the web today, even though SGML was intended to generalize ad-hoc syntaxes of older text processing systems). What killed HTML as a representation format covering contemporary digital text was the introduction of CSS (as an arguably unnecessary additional syntax on top of mighty SGML) and JavaScript, and the relative stagnation of HTML in the presence of these other two languages that, once present in the stack, could be used for all the presentational tricks people were asking for. Maybe the problem was also that HTML parsing was hard-coded into browsers and couldn't be changed easily enough in the presence of the first wave of web content at scale around 1993-5. Also, there just wasn't a blueprint how to evolve a language for describing static text into one for "modern UI experiences", so a Turing-complete language had to be used for tinkering until such a time where the idioms for digital text presentation were better understood. IMHO, if anything, the web has stopped at that point, and JavaScript and CSS are hurdles for future improvements rather than the declarative HTML core.
I'm sceptical about the economics of this. The first problem is the obvious idea of everyone storing their pod as many people have pointed out which is unfeasible, as inrupt itself points out.
The next step is that someone is supposed to host your pod in the cloud, but if this is supposed to protect your privacy the pod has to be encrypted. So then the question is how is the host making money? Charging people upfront for storage in a trade-off for privacy or control has proven to be a deal almost nobody is willing to make, we already have privacy respecting, more expensive services, they're largely fringe. Pods are a technical solution that only make this more complicated.
the fundamental issue that I think breaks this entire idea is that it vastly overrates how many people care about control or privacy.
Don't they already? The people in society pay for what matters to them. I think the real truth trying to get out here is that we wish what matters to society were different.
That is a simplistic view. People also pay for what society values, ie systemic pressures, which is why different cultures and in different epochs value things differently. Eg before people would give a monthly donation to church because they believed it would help getting into heaven.
Fair point. And I'm responding to the simplistic idea that any one individual knows what is best for society. Those who "feel that I should only work on things that matter to society" are not immune to those systemic pressures either. I do think it's a good idea to not just chase money and to work for companies aligned with your own values. But that's about the best you can do. What's aligned with your own values might be someone else's idea of working on things that don't matter to society.
Buyer beware. I don't want that. I like the fact that there are building regulations where some official decided what was good for me because I don't have the time or knowledge to work it out.
You pay for those building regulations in the form of the tax revenue required to pay that official, along with the system that enforces it. I agree with you that it's money well spent.
Exactly. He has decided to take on what he has decided on his own is better for society. Which is fine. As long as you are aware that much of society has different priorities and might ignore your improvement. Altruistic is something I deeply align with. It doesn't guarantee you're getting it right.
I was looking into Solid for a bit, but stopped as my concerns grew, must of which are expressed in other comments.
Recently I've been enamored with the Dat Protocol and the Beaker Browser. I like that it's a peer to peer protocol that uses local data storage. In addition, it makes it almost effortless to publish and scale a web application or site. It doesn't have Solid's strength in access control, but that's not to say that Dat's access control won't evolve. At this time, Dat's access control is very simple, basically share by link.
In addition, I would like to Linux handsets like Pinephone become better and more widely used.
I shared a little of your scepticism on Solid when I heard tali’s on it at the Distributed Web Conference about three years ago, but I wish the success.
Thanks for mentioning the Beaker Browser. I enjoyed playing with it in the past, and I will check it out again.
There's some work going on related to that in the community - if you're interested, the search term to use is "Verifiable Credentials". I'm not that up-to-speed about it, unfortunately, but it's about solving that potential problem.
(Disclosure: I also work for Inrupt, but views are my own.)
All I care about is that decentralized data projects somehow utilize our existing, real life, social networks.
I want a family to all be able to "friend" each other and seed each others' data. And just because you're seeding each others' data, that doesn't mean you necessarily have read or write permissions on that data.
People want to know whose data they are re-hosting and they should have an incentive to host it. Linking seeding to our existing relationships solves for both.
One benefit to this model is it fixes the way we currently handle things like contacts.
Right now if you have my phone number on your phone and my number changes you have stale data. If I don't want you to have my number anymore there isn't a great way to do much about that.
If you're allowing/removing access to a pod you host then when you update your phone number all of the people with access will get that updated information. You can also more easily remove access from people.
> Your data is no longer in a bazillion places on the Internet, controlled by you-have-no-idea-who. It's yours. If you want your insurance company to have access to your fitness data, you grant it through your pod.
Nothing stops a third party to record the data once you gave access and sell it. Even after you remove access they can keep their copy. So what use is this pod thing?
Perhaps this can eventually combine with companies having to agree to a T&C or EULA type of contract to have access to your data. Such a contract can prohibit copying, at the user’s discretion, or stipulate that revoking access must result in deletion of all copies of that data, automatically.
Some other mechanism can then be put in place to detect and deal with bad actors. Perhaps there could even be some sort of verification of compliance, whereby services/companies must undergo a process that requires proving these systems/processes are in place and operational.
This does nothing for the results of what a third party does with your data—such as models trained with your data—but there are options for removal of data. Of course, it’s ultimately up to users to be cautious about sharing their data.
It's step one. Step two is to utilize applicatonis/companies that have your privacy in mind. The fact that you own/control the data empowers you to choose rather become stuck.
It doesn't actually solve the problem, which is something you would have imagined they would have thought out from the beginning.
They basically admit, outright, that their proposed solution doesn't solve the problem:
The ideal would be for this to be completely distributed. Everyone's pod would be on a computer they own, running on their network. But that's not how it's likely to be in real life. Just as you can theoretically run your own email server but in reality you outsource it to Google or whoever, you are likely to outsource your pod to those same sets of companies. But maybe pods will come standard issue in home routers.
Imagine you're an average user: you don't know much, but you've maybe read one of the billion news articles about how Google reads the context of every inbox on their service. Now some guy comes up and tells you that you should put all of your data in the hands of Google.
Totally a good idea.
And can you imagine how bad it would be if this came standard in home routers?
Congratulations, it's 2058 and there are over three billion routers & modems released in 2025 that haven't been patched since, but instead of just being a minor issue like it was when routers and modems did relatively little back in the 2010s, they're containing all of their users' personal data. And that's not even getting into how bad of a concept it is to have a family sharing a single access point for their data.
Note that Solid certainly doesn't dictate you should keep all your data together. For example, it is perfectly possible to have e.g. a 'work' Pod and a 'personal' Pod. Additionally, data within a single Pod need not necessarily be physically stored together.
But yes, Solid doesn't solve all problems, and I don't think it even solves (or will solve) one problem by itself. But I certainly believe it can be part of a solution, and I believe even more strongly that we desperately need one, which is why I'm happy we're at least trying.
(Disclosure: I also work for Inrupt, but views are my own.)
Yeah there are so many moving parts, and so many things vying to be the weakest link.
If we step back and consider what we all have today, it’s amazing we actually have a functional internet. It’s amazing that the script kiddies who are prepared to destroy things for the lols haven’t turned the internet into a dysfunctional cesspit already?
One bit of good news is that Schneier is an authority on the out-of-date router and related problems. I guess whatever they come up with will at least understand the wider threat landscape.
That’s why the protocol is open, so there will be multiple players. They will naturally converge like we currently have but that’s not what’s game changing. The game changer is the visibility and control of what data is collected about you.
Is Inrupt on a big PR push right now? I just saw an article about them in the FT, and now another.
This quote from the post suggests that the timing of this personal news is externally managed:
“I joined the Inrupt team last summer as its Chief of Security Architecture, and have been in stealth mode until now.”
This is great, but shouldn't they also mention how metadata (like IPs) is almost as important (if not more so) than data, and the Internet is designed around the absence of privacy related to the personal information stored in the metadata ?
none of our file-systems support semantic access, e.g. you can't give handles to your apps, no!, they have to use archaic paths .. or constructions jails/vms/docker/etc to isolate them. that is a backwards stone-age hierarchical foundation.
and 'protocol' is somehow going to make that better? I don't think that's possible. users have never had to think about more than paths.
lets give them semantics to map file-systems to applications, [perhaps] in the same way a functional package manager would 'give' you/the os access to the right versions of those applications.
Grassroots-level adoption was key for things like Dropbox, IMHO - it solved a real need for individual people and it worked well and was easy to use. Same for Docker - developers adopted it in droves, and then enterprises followed.
Inrupt is trying to bootstrap a two-sided marketplace of sorts: product builders won't care until enough potential customers demand support for the "data pods", and regular people won't care until "data pods" solve real everyday problems for them.
Hopefully Inrupt's team has enough business-savvy people on it to find ways to gain traction to slog through some of the tough early stages of the product adoption cycle.
I'm more pessimistic. The internet and the apps we use frequently are like a public utility. The space is undergoing an era of massive consolidation and centralization.
This happened with railroads, and electricity, in the past. That period of consolidation was never followed by counterbalanced period of decentralization, a period of people operating their own mini-rail-car services, or micro power plants (solar, but...you know...).
It was followed by steady decline in prices of tickets, expansion in size of monopolies and steady decline in quality of service.
But you know, electricity and railroads became "democratized" just not in a "democratic" way. It's democratized because everyone can use a bit of it for basically nothing.
Then, the companies that made their fortunes often moved onto other high growth industries and the public became inured to the dilapidation, because the product had basically stagnated.
I don't see this company making any statement that suggests to me it can bring about some other possible future.
> Even if you do hand your pod over to some company, it'll be like letting them host your domain name or manage your cell phone number. If you don't like what they're doing, you can always move your pod -- just like you can take your cell phone number and move to a different carrier. This will give users a lot more power.
The domain name analogy scares me rather than reassures me. Sure, DNS was created in good faith to be as distributed as possible, but is it? There are recent stories that show that individuals do not have as much control on domain names as one would ideally like. See these stories -
While the idea behind Solid sounds solid but the moment they talk about outsourcing pod hosting to third-party pod hosting providers, I get worried. Would it lead to walled gardens of pods? (Example GMail for emails) Would they add non-standard convenience features to create vendor lock-ins (Example GitHub for Git)? Would they abuse their power due to vendor lock-in (Example Sourceforge for SVN)?
I think the phrase "perfect is the enemy of good" applies here - expecting something to never go wrong just means you'll never ship anything. Pods will break in ways that no one can foresee. That's not good, but giving up and not trying would be worse, so users and businesses will have to deal with those problems as best they can.
Don't forget that millions of domain transfers happen every year without going wrong. There are cases like the ones you linked to, but those are the exceptions rather than the rule, thankfully.
On the domain name analogy, there are now decentralized DNS initiatives like handshake.org that are trying to make domain names truly distributed, which may make for a better analogy for solid. I agree that DNS in its current implementation is not well distributed as you've pointed out.
They have an interesting setup as a collective. Users of the software automatically become members of the collective. The website talks of automatic partake in economic success.
Curiously they also use the idea of self-hosted pods to hold the users private data and they even use the term 'pod' for this.
When the founder, Thorsten Dittmer, gave me his elevator pitch he almost use the same line of reasoning as Schneier.
Basically: 25 years ago, we technologists (while reading Gibson, mind you) thought that the web will bring freedom, understanding and equality to the world. We were wrong. Now we have to fix our mistake because we're the only ones who have a chance at doing this.
It is probably not exaggerated to call these sorts of companies the biggest threats to the business models of the Googles and FBs of today.
[1] https://www.polypoly.eu/en/home-en
This is not hyperbole. Every time some new stupidity hits the internet I have a moment where I recall having these conversations with people, and I wonder, if I still knew those same folks, how that conversation would go today.
I think, in a way, all of these devs had a simpler understanding of group dynamics. We had all of these small, mostly self policing communities. Everyone should have this! But big communities don’t have the same dynamics.
The cynical saw things like this coming, and thankfully some organized early. The EFF, for instance, turns thirty this summer. Wow.
But even I would not have guessed... this. Maybe if we had there’d be more EFFs and they’d have deeper pockets.
If you’re 25 and reading this, know that at least some of us are sorry.
I see lot of negative comments on this thread but solid/polypoly is the beginning of that path correction for web. They might not succeed but something with the same underlying idea is going to.
Sure, might need to operate at 1980's modem speeds for a while, but there will still be a link.
I have faith that the net will self-correct, but it might take longer than any of our lifetimes to do so. Such is the evolution of technology.
[1:] https://www.mit.edu/afs.new/sipb/user/golem/tmp/ptunnel-0.61...
[EDIT]: Add link
SOME thought the web would bring those good things. Likewise 25 years later I see this initiative as fixing some issues, but technology is fundamentally neutral (some might say “chaotic neutral”) and cannot bring freedom, understanding and equality. Those things must be regained every day. But I am optimistic about our prospects.
The idea of pod reminds me of the self-hosting movement: people -including myself - host a bunch of services to avoid sharing fundamental data, like email, GPS-history or contacts.
Still, "self-hosters" interact with all the big personal data hoarder out there (FB, Google, the many ad and tracking companies) which expose them to the same abuses as any other internet user.
Basically, I don't really see a company like FB play ball with these guys, for two reasons:
1) the privatization of data would be a existential threat to their business model
2) the majority of internet users are oblivious to the data collection tactics employed by half the internet and I can't picture folks raising pitchforks for "pods" to become a standard.
But I also hope to be dead wrong!
Usually purely technical solutions to societal problems won't bring you far. It is still not bad to have them, because they essentially show what would be possible, if we just wanted. Helps in discussion as well if of all people Tim Berners-Lee was part of it.
However: we have issues of education around the topic and our jurisdictive let's the big internet corps get away with too much. Starting with taxes and privacy down to the societal effects their algorithms have.
What ad networks do is the digital equivalent of filming and spying on people who walk by your storefront. What they do, how they do it and the effects it has on society are wrong. Online Advertisement is probably one of the big drivers of the political division we are seeing lately, because controversial topics produce more engagement and more engagement is what people selling ads want.
If you'd explain the current practise to common folk, most of them clearly don't think is okay. This means both education and media isn't doing their job.
Which is also legal, at least in the UK, and not many people have a problem with it. I think well-known, major abuses will need to occur before people take this seriously.
If the data is not processed at the edge, how is nothing recorded? This smells like extremely minced words.
IANAL (definitely not a German one) but I'm almost certain that even post-2017 it's still illegal to take video in a public space and send it elsewhere, without a sign, even if that video is not in some sense "preserved" elsewhere.
Frankly, I think you could even persist it to disk as long as it was pruned within 24 hours and reasonably say it’s not recorded.
Otherwise I’m not sure how you can argue ANY data is “unrecorded”. Writing to a hardware buffer in the camera module would seem like “recording” to me by the strict standard.
And I studied Film in Germany and had to deal with precisely this a hundred times. If WallDecaux is doing this, it is at least a legal grey area, unless they operate on private property, look at their own private property and have a sign that says there is a camera in operation.
wait a minute. i know there are currently startups that offer this exact type of analytics. and from what i know these types of analytics are extremely beneficial to both consumers and store owners. what exactly is the problem here?
What "extreme benefits" do I derive from being filmed and analyzed by stores I happen to walk past?
this is already happening and it's already providing value.
What does a filmed image give you that isn't reflected by sales numbers?
The goal of tracking isn't to make and sell better products, the goal is to create an environment in which the product you already got gets sold more. So essientially people who track you want to manipulate you into buying shit you don't need at prices you wouldn't pay unless manipulated.
Tracking people who would buy your product anyways isn't all that interesting: you've already got them.
since on street analytics are already beneficial to everyone, consumers and providers, why should they be opt-in? they should be, and currently are, automatic opt-in with an option to opt-out. you are walking on the street, so any privacy is gone just from walking outside of your home.
And I hope this:
> since on street analytics are already beneficial to everyone, consumers and providers, why should they be opt-in?
is a joke. It's pure authoritarianism.
Things like bank account information (PSD2), health care records, smart energy meters.
Usage meanwhile by non-US public sector, corporations (worried about industrial espionage), ethical consumers, could be enough to get it to that sate.
What I was told by the Polypoly.eu guys is that they were pushing for and helping with the policy making that led to the GDPR. They said that once it gets weaponized, using e.g. ML, it becomes /very/ effective at protecting an individual's privacy.
Think seeing some picture of yourself drunk at a stag night in a strip club on FB and marking it for being moved to your private pod (for memory's sake) or deleted (because you hold a leadership position and the picture doesn't resonate 'enough' with your carefully crafted social archetype).
Now the pod software will ask FB to remove the picture with a timeframe X in compliance with GDPR. Including each and every copy of the content they hold. All this happens automatically.
This also triggers a process that checks if the data has disappeared from the public after timeframe X has passed.
If not, the whole thing gets added to a class action lawsuit bundle by an AI. This also happens automatically.
When the lawsuit reaches critical mass, it gets filed in Brussels. Automatically.
Regarding 2): This is indeed a big problem still. But even more so is why people use e.g. FB in the first place.
I think it will require some sort of services running atop the the pod infrastructure to make up for the loss of convenience the disappearance of certain data from platforms like FB has on end users.
And I see a missing piece here, at the end, in the approaches of Inrupt/Polypoly.
1) They will play ball because they can incorporate the pod data into their advertising platform. They may even start hosting pods for the people who trust them. Pods allow them to sell advertisement for all the people who refuse to create facebook accounts.
2) People will instantly care once you can sell your data and make money. Facebook and other advertising companies will pay for the data. Insurance companies will reduce fees for people who have pods.
I think as long a some internet users at the margins get exposed to the downsides of the asymmetrical relationship they have with bulk data collection mostly benefiting the few (and have the ability to subvert it to any degree) the digital overlords are facing a death by 1000 cuts rather than the swift blow everyone seems to expect.
Will Inrupt be the thing that brings the digital overlords to their knees? Probably not, that will be best achieved by the digital overloads themselves overtime by creating the conditions for people to even want to pursue and allocate resources for ideas (like those that Inrupt invokes in some) in the first place.
I still believe that a major change in the way data collection tactics are carried out should come from "below" (the people) rather than some incompetent digitally-challenged politician.
Practically, if all the technical challenges of Inrupt are sorted out - and I see many - this could become a standard enforced by "enlightened" governments.
This would probably take a lot of lobbying and can only work if
This is the only way as far as i'm concerned, if something is to be long lasting. People have to be living it in practice because of the inherit cost/benefits of system over another, no matter what any particular government makes a diktat for. Right now, most people are cost/benefits skewed towards the fb's (but that is slowly changing to me beacause the cost of computing continues to decline, while the knowledge of such increases at the same time as people at the margins experience higher perceived costs with the fb's).
>This would probably take a lot of lobbying and can only work if
Thats still playing the game of the giants… why play that game if trying to something new? Probably there are cheaper ways to subvert it, while making the giants pay increasing lobbying costs for ends that chip away at their power.
Assassinated mid-comment by rival lobby. RIP koevet, we hardly knew ye.
> 2) the majority of internet users are oblivious to the data collection tactics employed by half the internet and I can't picture folks raising pitchforks for "pods" to become a standard.
Both of your points are spot on.
Since #1 would only change if forced, I believe it would need to start with #2 ... which I think requires a _permanent_ social change in the perception of companies that behave like FB... Something even more potent than their recent political meddlings, something so incompatible with western political ideologies and human rights that such companies become pliable and change their business model merely to survive.
I'm not sure what the instigator for such a change is yet, but it will need to make everyone very upset...
I agree with this, but it's even worse: the majority of the remaining internet users who do have a clue about data collection, either don't care, or accept it as inevitable.
Most likely these sort of brokered accesses will be the purview of third-party data brokers who will handle your pods for you.
Lots of food for thought.
Same as always, to get services free of charge. If I want my photos to be searchable, I'm going to have to let someone run their AI on them.
As an iPhone user, I have my photos in iCloud. I'm paying for it through high device prices and storage fees.
But as Apple's business model is to sell expensive devices, they won't let me securely share my photos with my wife who doesn't own any Apple devices.
So I also upload all my photos to Google Photos where I'm benefitting from a far better AI as well.
If my photos were stored in a Solid pod, I could grant access to various service providers who use various different business models, but it would be far more flexible and easier to switch.
That's what I'm hoping for. Not sure if it will ever come to pass, but it's worth a try.
In the next month or so, that won't be true anymore if you use PhotoStructure to host your photos and videos. Disclaimer: I'm the author.
PhotoStructure is software you run, on hardware you own. It runs on desktops, docker, or headless servers, like your NAS. Your library is stored in a cross-platform, open format, so you're free to change how you host your library. I'm still enrolling beta users to try it for free in exchange for their feedback. Later this year, rather than being ad-supported, a subscription will enable advanced features (like automatic tagging based on image content).
(and as the Solid framework becomes more useable, I'll definitely try to support it).
Come on Apple.
Also, regardless of any privacy settings, Apple News keeps showing me Amazon ads for stuff I bought on Amazon. It drains my battery as well.
So I'm not really keen on using it anyway.
Would this create a society where low income persons would be perennially targeted by intrusive ads?
People on low incomes will always have fewer options and less flexibility. If we want to change that, we must change income inequality. No technology or business model will ever change that.
Problem with their approach is that their marketing pitch is all wrong.
There is no demand for what they are selling because there is no value in what they are selling. The value comes from network effect and at the beginning there is no value, just cost. Mainstream users don't care and companies either don't care or don't like of that kind of talk.
Inrupt should start with completely different sales pitch and product idea. They should delay the privacy talk and user owned data until they are bigger.
Start with smaller IoT companies. Provide and market actual services they want. Mostly they want automatic data management, cloud services on cheap. They want to avoid any EU privacy hassles. Handle all that, I18n and internet user interfaces for them. Provide mobile and desktop clients. Just provide simple apis and ready made interfaces for companies to use.
Once the protocol and pods become normal users start to discover that they own the data and third party uses and products for that data may emerge.
Maybe one targeted at developers who would like to cater to a more security conscious market, small though that may be, and get some applications in the field.
Another site for the public focused more on what they can do, maybe promoting applications. I understand they want to get word out on their larger cause but it's just so abstract for most people. IMHO, get people using the apps built on the platform until the sharing of data between those apps becomes a compelling reason of its own.
Perhaps another targeted at the public in general that speaks in more concrete terms to advantages they can provide. This would be an uphill battle but things like the Target and Eqifax Brach clearly show the current model has problems.
- if solid will dictate a protocol for data, it should cover the common denominator: so if you have your email on gmail now, lets say solid is covering basic email structure, i can move my email data to another provider, but about my filters? On other tiny stuff that gmail builds on email
- if i invent something new in a chat app, lets say stickers. I implemented that. (Should I ask solid to update protocol for this) Now all other chat apps supporting solid, has to follow my lead? Interoperability will be hell to manage.
- even with the limited number of browsers, we couldn't manage to unify the protocol. Protocol stuff is real hard.
All that is data, so those, too, could be stored in your Pod and brought along with you.
> Should I ask solid to update protocol for this
No, interoperability can be achieved through your data model, which is yours to decide - Solid doesn't dictate the shape of your data. But as you noted, only competing apps using the same data model will be interoperable - stickers won't suddenly appear without the developer implementating them.
(Disclosure: I also work for Inrupt, but views are my own.)
[0] https://forum.solidproject.org
[1] https://gitter.im/solid/chat
What you're describing sounds more like owncloud's level of operation: we host email / we host pictures
I'd expect Solid (or any competing protocol) to provide very low-level access to "data" in some form. A third party (let's call them smail) would then provide the service "send and receive email" (to stay with your example, although I'm unsure email is a good fit). Crucially, the value that service adds would not be hosting and backing-up of your email, but rather just the interface and functionality. Ideally, all the data would still be hosted on your pod. When smail does indexing of your email, they load them from your pod (after you granted them access to that data) and do their thing. The difference to now being that at any time, you could choose a different provider that provides a different interface to the same underlying data.
As I said, I didn't read into it, but that's what I would expect.
Yeah but doesn't that create a problem, vendor lock-in.
Let's imagine we managed to separate data into 2 parts (which I suppose pretty hard), content and meta-data ( by meta i mean service specific information )
Let's say, if I label an email in gmail, it is meta (service specific data), should gmail store this in my pod?
- if gmail will store this on their data center, it would lead to vendor lock in. - if gmail will store this in my pod, in a service specific container. Can they use their own spec? Or will they store this with data with extensions ( XMPP all over again )
Now imagine they chose the second one, I migrated to smail (imagine they decided to go for folders instead of labels), do they have to do some migration on my data? What if I go back to gmail again? Or I decide to use gmail one day, smail another?
Tbh email is the most easiest situation here, as it has some kind of global standard, Twitch vs Youtube case would be more complicated.
I imagined it more like a schemaless database. Apps could save and use whatever data in your pod without any protocol changes.
> i can move my email data to another provider, but about my filters? On other tiny stuff that gmail builds on email
The other provider would provide those integrations, or a superior competitor will.
> Now all other chat apps supporting solid, has to follow my lead?
I don't think there is any mandatory integration. I think apps can choose the level of integration they implement. Maybe a feature of your app is that it purposely removes/ignores stickers, so you don't integrate. Another app may be all about stickers and even lets you augment and modify them, so it integrates heavily.
"The other provider would provide those integrations"
Yeah but imagine I moved from gmail to let's day new competitor smail, let's say they implemented filters too. Now they have 2 options, import my gmail filters, make new data structure as their own, or all the time support gmail filter structure with its limitations.
In both cases there is no happy ending, supporting N different data structures is not easy work. Cloning of the data is more disaster in the end.
This is the way the world is now except that you don't even have the data. Otherwise you bring up some good points. I imagine the answer is that sites will be incentived to cooperate with each other creating informal mini standards along the way. Sites that disagree with the standards can build their own data structures but won't be able to leverage existing networks, so it better be worth it. Eventually you could have different flocks of semi-interrelated apps that each act on various parts of the shared data structure.
If Solid wins the market, they will have earned their position by overcoming incredible odds and offering something millions of people want.
This thread is full of people arguing how unlikely that is, so if it comes to pass, it will say something much more about Solid than “they were first”.
I saw on your blog about wiki data model example. Let's say you built a Solid app around that one. Put on a website like superwiki.com, allowing users to create their wiki pages.
Now then later, wikipedia came to scene, published another data model, and made another Solid app, put on wikipedia.org.
- How will I move let's say my data from superwiki to wikipedia? - Does wikipedia then have to somehow implement some import functionality? - Or Solid has to have a protocol (standard) for wiki entries?
Your data is not on superwiki, but on your Pod. So you can connect Wikipedia to your Pod, see your data in their app, but it's still in your Pod, rather than having been moved.
> Does wikipedia then have to somehow implement some import functionality?
As follows from the previous answer: no, because the data never moves to Wikipedia. However:
> Or Solid has to have a protocol (standard) for wiki entries?
No, apps define their own data model, so Wikipedia will have to understand Superwiki's data model. Ideally, they agree on a common standard for this, using that standardisation either as a selling point or as a way to comply with future regulations. But of course, an app could also just unilaterally imitate the other's data model, just like e.g. browsers imitated each others' extension API or bookmarks data model.
(Disclosure: I also work for Inrupt, but views are my own.)
So basically I am at Wikipedia and Superwiki's mercy for interoperability.
What is the value of having(hosting my own data) if I cannot move.
"unilaterally imitate the other's data model" sounds good at the beginning, but what will happen when superwiki is constantly evolving its data structure, and wikipedia also at the same time developing features. And now imagine this with N Actors instead of 2.
Regulations maybe can help on basic data , but for extended data there will be a lot of conflict. (ex: I can move my friend list, but can't move let's say special data I assigned to them in one app)
The value of having your own data is, precisely, that you have your own data; nothing more and no less.
Furthermore, and although I'm no expert in Solid's and other implementations, it's quite likely that you, or other technologists, can more easily help you achieve the interoperability you so desire if your data is not locked away behind thousand APIs and rate-limits; after all you do have your data in your pod. Think of Instagram, what if all your data was stored locally? Even if it was stored in a really messy JSON schema or whatever you can think of; it's still trivial to massage that data to import it into Wikimedia, or iterate through it and send it in batches to your email, or remove it, etc.
I'm not sure how solid plans to keep applications from stealthily generating derivatives of the data they manipulate. I can imagine some sort of separation would have to happen at the browser level where the "app" provides a scaffold and the browser replaces in your data.
> I'm not sure how solid plans to keep applications from stealthily generating derivatives of the data they manipulate. I can imagine some sort of separation would have to happen at the browser level where the "app" provides a scaffold and the browser replaces in your data.
I don't believe Solid will be able to "enforce" anything - worst case, apps can just not use Solid. I see Solid as the technology that enables apps to respect your control of the data, but the incentives for implementing that has to come from elsewhere, e.g. customer demand or legislation.
(Again, personal views, not necessarily Inrupt's.)
Since the underlying data structure is a graph, every application can attach arbitrary information to an node. But the application only retrieves the necessary bits. Furthermore, I think that apps must be able to handle missing bits to some extent.
I hope this is not confusing. If it helps, one could think of Solid to be the GraphQL endpoint, where the clients send queries expressed as SPARQL and only get back the requested bits of information.
Assuming each service has the capability to create and store data, that new data is still yours, and other actors could request access to it.
I think this will result in various actors taking on the burden of keeping up with the Joneses—which, I think, would eventually coalesce into similar services establishing their own versions of shared data schemas with their own unique value-adds on top. Of course, these value-adds are likely still your data, and it should create somewhat of a feedback loop for similar, even competing, services. You likely would only be bothered to grant additional data access as the shape of that data changes.
(Apologies if you already posted there.)
Any chance we can get rss for that blog of yours? :)
Solid and other alike work in theory, but in practice I have some serious doubts. I believe that instead of owning your data is far much better to camouflage or destroy your data before it gets out there.
Google Takeout exists, but Inrupt turns the tables and essentially makes Takeout the standardized real time default rather than an optional extra. It could be the foundation for new work to protect consumers, not the be all and end all.
Regulation could form part of the solution, but I'm wondering if anything can be done from a technical standpoint.
Even if the “pod” is a virtual one in a data center, as long as the webmail provider is a different company to the pod provider, the data access is granular enough, and the terms of service enforce that the data is stored in a way that’s readable by me, this can only be a good thing.
Perhaps legislation could help here? What if the service company starts encrypting the data they store on my pod and refuses to give me the key? It would be good to wield the power of a regulator against bad actors who do this and any other shady rule bending.
Very exciting.
Still one risk I am seeing is that services might still want to intern you once you have given than access to your data. EG: a Foto app needs access to your photos which you grant but also introduces social commenting features which don’t trickle back into your pod. So you as a consumer are still incentivized to use the proprietary service. Web Giants 1 Solid 0
EDIT: I am still supporting the idea of getting SOLID out to the masses though!
If it’s hosted on their service you don’t control anything.
Only until you've shared it though, right? Whoever you allow to access it can copy it (and some will be required to do so by law), and you no longer have any control over what they do with it.
I may misunderstand it, but isn't it basically OAuth/"Sign on with X and control what they see" for all your data, not for authentication? It's convenient, but I don't know that it gives you (long term) control. I'd still like that for synchronization, but I don't see the big value.
Anyway i do see a lot of value in IPFS, its solving a different problem, but it's related. It could allow for storing private data encrypted in a non centralized way, having the pinned copy owned by you.
I dont think the data format is going to be Solid based.
I'm not so sure that alone should be dismissed - html was "just" a simpler docbook. And json too, if you squint, is just a dumbed down xml - in the sense that both represent graph/documents.
[ed: and xml was just a simpler sgml].
Both json and html dropped some important features from xml/sgml, but I think the resulting simplicity (both good and bad) had a hand in the success of first the web, and later the "json-rest" web 2.0.
(I have a hard time calling it REST as it retains quite few of the benefits of rests, and modern SPAs aren't really REST at all, but rather "move able code" - more architecturally like office documents with rich macros than REST).
However, I do think many of the reasons I think it failed the first time around might not apply in the case of Solid, where it's used for modeling just personal data stored in a place under the user's control - which comes with its own unique challenges for which it might actually be a good match. I'm on a phone with bad WiFi now, but happy to dive into that more later if anyone's interested.
(Disclosure: I also work for Inrupt, but views are my own.)
https://book.peergos.org
https://github.com/peergos/peergos
That being said, it's easy to convert from one format to another: you'll get the same triples. So just use what you like.
The Semantic Web isn't the technologies it was an initiative.
Having said that the technologies you mentioned do have developer experience problems. Some think devs just don't understand them, which is partially true, but having a fugly toolchain doesn't help!
This is Berners-Lee being visionary about the potential of a world-wide network of computers. The problem is not just the terrible technical implementation, it's also that the vision behind all this semantic web stuff was one of soulless dorks who saw the world's population spend their days semantically marking up All The Things to get the most of their web-enabled microwaves.
Everything I have seen Berners-Lee prominently involved in sucks at every level from micro to macro. Take urls: url query strings separators conflict with html escaping, the port syntax conflicts with the IPv6 syntax (which came first) and finally urls are not even self delimiting, so Tim hatched the aesthetically compelling workaround to write them as <URL:http://example.com>.
That sounds very much like the sort of stuff that gets spouted by the IoT crowd too though isn't it?
>The problem is not just the terrible technical implementation, it's also that the vision behind all this semantic web stuff was one of soulless dorks who saw the world's population spend their days semantically marking up All The Things to get the most of their web-enabled microwaves.
Well, aren't there a huge mass of developers spending their lives writing custom code for every damn API, and then integrating with more custom code. And each time eventing new poor ways of describing the things and relationships?
The more problematic side with TBL's SemWeb love affair is that it has resulted in web core standardization to become neglected at W3C. For example, W3C HTML was last published in 2017 as a recommendation (with plans to merely "bless" WHATWG snapshots going forward, which however hasn't happened so far). Likewise, the SVG2 effort (with little but still welcome additions/cleanup compared to SVG1.1) has stalled, etc.
It would be great for all ambitious projects to have this kind of communicator.
One of my biggest pet peeves there is that the default mode of operation is using a de-facto centralized ontology that is mutable and non-versioned. How is someone supposed to build up a semantic database when the semantics can be changed any time from under you?
I would argue its more flexible than getting data from a source where you pegged against the APIs schema and version for the data you ingest, and the way they happen to have defined their API. Also, there being no reference to the object and fields beyond that companies API, i.e. much harder for data integration and discovery.
Even if API just used schema.org for defining their objects that would help IMHO
There are, essentially, two business models on the web. One is to provide the services for free and sell ads, the other is to charge for the services directly. To earn substantial amounts on ads, you need to track consumers massively.
As a consumer, I definitely prefer being tracked than paying for all the services I use. That's the stance of most consumers. If there's a free alternative with a lot of tracking and a paid alternative with good privacy, the free alternative will win. That's how the free market works. Privacy has a price, and a price most consumers are not willing to pay. Forcing them to pay it for some antiquated notion of privacy is just... wrong.
If Google, Facebook, et al had no costs whatsoever involved in scaling their businesses, then they could be replaced by non-profits providing the services pro-bono.
For anyone who wasn't aware:
WhatsApp was killing it even as they were shouting from the front of their app and their web page that they were a paid product.
And they hadn't even started monetizing API access etc.
Edit: just looked at this and it checks a number of boxes:
- no blockchain (as far as I can see)
- no coin (again AFAICS)
- smart people
- a real problem that has been bothering me
I guess I might be happy to stand in line to pay for the product when this materializes just as I was happy when I finally could pay for WhatsApp (I was an early adopter and got it for free the first few months and paid later).
The notion that there are two business models on the web is a myth, at least for consumers. Only in B2B services do you ever see things available for sale or a fee without data collection and tracking attached.
Whatever market there is to speak of currently has very little resemblance to a free market in any case.
Adoption was probably low, despite it receiving some initial hype, particularly inside the Go community.
I also think it's clear that Google and Facebook are not going to want to give up control of this data, and are highly incentivized to provide the best and cheapest services they can to keep users on their platforms. People are used to keeping their stuff in Google Drive, and wouldn't move it unless there was an easy way to do so and a good reason to even think about doing that.
I'm excited to see where it goes though, as centralization is a big problem on the web today. I try to self-host my own personal data but it's so hard to work with it in nice consumer apps. For example, I'd love to see CalDAV and CardDAV supported in Android, but for now I need to use DAVx⁵ to sync my info, and it doesn't seem to show up in Outlook for Android after years of requests to Microsoft for the feature.
I'd really like to hear other thoughts on this, as I'd love to see Solid succeed. Anyone working on Solid in this thread?
(I also work at Inrupt, though views are my own.)
It’ll be released later this year and hopefully it lives up to the hype.
If my assumption is correct here are some potential alternative approaches:
* Private platform reliant upon anonymity and public data. The value is the application delivering the best decision(s) returned from a consideration of available data, what some people might think of as AI. The better AI is more valuable than holding data.
* Private platform fully divorced from both data and anonymity. The data is what a person or organization already holds and what they are willing to expose in a private relationship to somebody they know and trust. The relationship is more valuable than the data or the application. This is something like WhatsApp mixed with a tiny operating system that works more like Bit Torrent than using a central service. I am working on something like this.
* Public platform reliant upon mixins of various public data. This is the semantic web of the prior decade. It never took off because nobody wanted to expose their data. Data is king, especially when the corresponding automation isn’t a valued portable commercial product.
* Tiny portable data driven application architecture. Applications need only enough data to perform their functional task at any given moment. The value is purely driven by the application’s output regardless of where data on the fly comes from. This is something like Siri, but more specific to a given task.
In order for ideas like these to be commercially viable data must become a commodity or at least less valued than almost everything else. This is hard because there are very real fears (such as lost privacy) around treating data as a traded commodity and because in many cases software, as a business practice, is still in the dark ages.
For me the problem with this approach is trusting that encryption will keep your data safe indefinitely. I worry that current encryption algorithms will become crackable at some point in time, let’s say in 50 years. I wouldn’t like for my current medical records to become publicly available then.
My hope is that this could eventually be built out to support discrete identities, perhaps one for personal use and another for work and a third that is meant to remain anonymous.
A PKI based infrastructure comes to mind, that would provide the ability to revoke access. Technically I don't see a way to force systems to stop using revoked data but maybe the revocations could be used to provide legal proof that a specific company no longer has access to specific data.
Whereupon they copy your data, aggregate it with other sources, and continue on their merry way. Security theater in action.
I wonder what the backup scheme looks like.
It still would be nice to have control and visibility of all that data automatically.
Until we find a viable business model for trusted and privacy-respecting cloud, we can't move on.
(Disclosure: I also work for Inrupt, but views are my own.)
It really looks like we need a central paradigm shift. A free world designed for educated academics cannot survive the greed and stupidity of the whole world it seems.
The next step is that someone is supposed to host your pod in the cloud, but if this is supposed to protect your privacy the pod has to be encrypted. So then the question is how is the host making money? Charging people upfront for storage in a trade-off for privacy or control has proven to be a deal almost nobody is willing to make, we already have privacy respecting, more expensive services, they're largely fringe. Pods are a technical solution that only make this more complicated.
the fundamental issue that I think breaks this entire idea is that it vastly overrates how many people care about control or privacy.
I wish more people in tech did this.
What if the insurance companies (or any other company) retain a copy of your fitness data after granting them access.
Won't we end up in the same world we are running away from?
Recently I've been enamored with the Dat Protocol and the Beaker Browser. I like that it's a peer to peer protocol that uses local data storage. In addition, it makes it almost effortless to publish and scale a web application or site. It doesn't have Solid's strength in access control, but that's not to say that Dat's access control won't evolve. At this time, Dat's access control is very simple, basically share by link.
In addition, I would like to Linux handsets like Pinephone become better and more widely used.
Thanks for mentioning the Beaker Browser. I enjoyed playing with it in the past, and I will check it out again.
Why would the insurance company trust that data? Since you're in control of the pod, you could alter it, no?
(Disclosure: I also work for Inrupt, but views are my own.)
I want a family to all be able to "friend" each other and seed each others' data. And just because you're seeding each others' data, that doesn't mean you necessarily have read or write permissions on that data.
People want to know whose data they are re-hosting and they should have an incentive to host it. Linking seeding to our existing relationships solves for both.
Right now if you have my phone number on your phone and my number changes you have stale data. If I don't want you to have my number anymore there isn't a great way to do much about that.
If you're allowing/removing access to a pod you host then when you update your phone number all of the people with access will get that updated information. You can also more easily remove access from people.
Nothing stops a third party to record the data once you gave access and sell it. Even after you remove access they can keep their copy. So what use is this pod thing?
Some other mechanism can then be put in place to detect and deal with bad actors. Perhaps there could even be some sort of verification of compliance, whereby services/companies must undergo a process that requires proving these systems/processes are in place and operational.
This does nothing for the results of what a third party does with your data—such as models trained with your data—but there are options for removal of data. Of course, it’s ultimately up to users to be cautious about sharing their data.
They basically admit, outright, that their proposed solution doesn't solve the problem:
The ideal would be for this to be completely distributed. Everyone's pod would be on a computer they own, running on their network. But that's not how it's likely to be in real life. Just as you can theoretically run your own email server but in reality you outsource it to Google or whoever, you are likely to outsource your pod to those same sets of companies. But maybe pods will come standard issue in home routers.
Imagine you're an average user: you don't know much, but you've maybe read one of the billion news articles about how Google reads the context of every inbox on their service. Now some guy comes up and tells you that you should put all of your data in the hands of Google.
Totally a good idea.
And can you imagine how bad it would be if this came standard in home routers?
Congratulations, it's 2058 and there are over three billion routers & modems released in 2025 that haven't been patched since, but instead of just being a minor issue like it was when routers and modems did relatively little back in the 2010s, they're containing all of their users' personal data. And that's not even getting into how bad of a concept it is to have a family sharing a single access point for their data.
But yes, Solid doesn't solve all problems, and I don't think it even solves (or will solve) one problem by itself. But I certainly believe it can be part of a solution, and I believe even more strongly that we desperately need one, which is why I'm happy we're at least trying.
(Disclosure: I also work for Inrupt, but views are my own.)
If we step back and consider what we all have today, it’s amazing we actually have a functional internet. It’s amazing that the script kiddies who are prepared to destroy things for the lols haven’t turned the internet into a dysfunctional cesspit already?
One bit of good news is that Schneier is an authority on the out-of-date router and related problems. I guess whatever they come up with will at least understand the wider threat landscape.
This quote from the post suggests that the timing of this personal news is externally managed: “I joined the Inrupt team last summer as its Chief of Security Architecture, and have been in stealth mode until now.”
and 'protocol' is somehow going to make that better? I don't think that's possible. users have never had to think about more than paths.
lets give them semantics to map file-systems to applications, [perhaps] in the same way a functional package manager would 'give' you/the os access to the right versions of those applications.
Then again, given who's directing it, it should come as no surprise in hindsight.
Inrupt is trying to bootstrap a two-sided marketplace of sorts: product builders won't care until enough potential customers demand support for the "data pods", and regular people won't care until "data pods" solve real everyday problems for them.
Hopefully Inrupt's team has enough business-savvy people on it to find ways to gain traction to slog through some of the tough early stages of the product adoption cycle.
This happened with railroads, and electricity, in the past. That period of consolidation was never followed by counterbalanced period of decentralization, a period of people operating their own mini-rail-car services, or micro power plants (solar, but...you know...).
It was followed by steady decline in prices of tickets, expansion in size of monopolies and steady decline in quality of service.
But you know, electricity and railroads became "democratized" just not in a "democratic" way. It's democratized because everyone can use a bit of it for basically nothing.
Then, the companies that made their fortunes often moved onto other high growth industries and the public became inured to the dilapidation, because the product had basically stagnated.
I don't see this company making any statement that suggests to me it can bring about some other possible future.
The domain name analogy scares me rather than reassures me. Sure, DNS was created in good faith to be as distributed as possible, but is it? There are recent stories that show that individuals do not have as much control on domain names as one would ideally like. See these stories -
- Sinkholed: https://susam.in/blog/sinkholed/ (domain name hijack by German authority by accident)
- The duck tape holding the internet together: https://medium.com/thisiscala/the-duct-tape-holding-the-inte... (loss of control on domain name due to registrar error)
While the idea behind Solid sounds solid but the moment they talk about outsourcing pod hosting to third-party pod hosting providers, I get worried. Would it lead to walled gardens of pods? (Example GMail for emails) Would they add non-standard convenience features to create vendor lock-ins (Example GitHub for Git)? Would they abuse their power due to vendor lock-in (Example Sourceforge for SVN)?
Don't forget that millions of domain transfers happen every year without going wrong. There are cases like the ones you linked to, but those are the exceptions rather than the rule, thankfully.