back to article Tim Berners-Lee asks everyone to do new biz a Solid and let him have another crack at fixing the Web's privacy

Inventor of the world wide web, Tim Berners-Lee, is having another crack at fixing the internet’s biggest problems with the launch of a new enterprise server. The Inrupt Enterprise Solid Server is the first product from a company the inventor started two years ago in response to the problem of personal data online, where tech …

  1. steviebuk Silver badge

    And if there is

    Any encryption involved. Expect Australian to demand a backdoor. Which will then be exploited by some bad people, exposing all the data.

    1. Tom 7 Silver badge

      Re: And if there is

      I hope I'm reading this right (I've been working on similar for my own amusement and may be overlaying my ideas). Its largely a set of standards. So Australia can demand a backdoor in a product, but as you have a personal server you control you can then add on the encryption to block it. It doesnt even have to be in your country.

      As for the "would require massive and widespread adoption" this is a problem even FB started with. All it takes is a product (and that only needs to be surprisingly simple) and the instructions on how to set one up at home (click here and choose which router you have and this is how to configure it...) and there's two or three hundred people in my town of 2000 who would jump at it.

      1. Dave 126 Silver badge

        Re: And if there is

        Those 200 people would jump at it, and course it would also require online services to adopt it as well.

        I guess that unlike some 'adoption dilemmas' (i.e, I'm not buying this gizmo until it's supported by devs, devs won't bother supporting it until people have bought it) there's a low cost of entry (some time, possible a small hosting fee) to early adopting users.

        I'm assuming as well that the likes of Google won't be interested in this, but the hundreds of smaller services and retailers we interact with online might be.

        (And personally, I'd be happy in principal for smaller online companies to have access to market reports derived from my anomynised data - otherwise small companies find it hard to compete on quality, service and value because they are at a disadvantage in terms of market data compared to Amazon et al. )

        1. Flywheel Silver badge

          Re: And if there is

          Maybe release a version as a Raspberry Pi Image and watch the system take off. There's no reason why there shouldn't be mass adoption, especially if people can easily set one up for themselves and elderly/clueless relatives.

          1. Tom 7 Silver badge

            Re: And if there is

            It doesnt need to be an image - you can do this at app level.

            1. rg287 Silver badge

              Re: And if there is

              It doesnt need to be an image - you can do this at app level.

              It needs (D)DNS so that applications can find your Pod. In principle yes, you could run a pod as an app on a smartphone, but somewhere along the line either the app developer or someone else (EFF? Mozilla?) would need to offer DDNS-as-a-service that the app could subscribe to, and you'd get a personal <bob-jones.mozilla-pods.org> subdomain or something.

              You'd still retain your data, but let someone else signpost to your "server". Having the technical chops to buy a domain and set up some DDNS is obviously way beyond most users.

              There would need to be an ecosystem of DDNS providers whose service can be subscribed to via third party Pod-Server apps (so you download the app and pick a DNS provider in the app - anything more complex and people will drop off the moment you ask them to "Go to X, create an account, blah, blah").

              1. Anonymous Coward
                Anonymous Coward

                Re: And if there is

                Eh?

                P2P dude. You only need those with the savvy and resources to have directory servers set up, everyone else like your granny can turn their device on and grab a directory copy from one of these places as a seed and join the network. From there your granny's device can receive broadcasts over the network to find other peers to collaborate with and remain connected and up to date.

                Why the fuck would everyone need a domain name?

                1. rg287 Silver badge

                  Re: And if there is

                  P2P dude.

                  Have you read the spec? You seem to be confusing P2P with DHT. Solid is neither a blockchain nor a torrent-like protocol. It's built on the web. The Solid Protocol spec defines a Pod as an HTTP1.1 server. It uses HTTP URIs throughout - focussed on location (server/folder/file), not data/content (as per IPFS URIs or BitTorrent for instance). The reason we use FQDNs for HTTP URIs is that IPs are not user-friendly.

                  Although they talk about P2P, it's still a client-server (or rather, server-server) relationship between the application accessing your Solid Pod. It's no different to an application server contacting a database server for data. This means you need some useful form of static addressing for your Pod, particularly if it's an app on a mobile device and the IP address is changing regularly.

                  Now, there is reference to IPFS and BlockStack on the website, but it's made clear that Solid is designed to be compatible with distributed and blockchain systems. It is not built on them and the protocol does not use them. It's possible that a Solid Pod implementation might use IPFS as the storage layer instead of using the local hard drive or a network share. Applications would still query it using HTTP URIs, but the Pod would then go get the data from IPFS and serve it back to the application.

                  All the reference implementations and showcase apps have you specify your Pod (using domain name) in order for you to log in. It's the same basic concept as having an email address (user@service), but as a (possibly self-hosted) identity & storage platform with rights management layered on top for API access by third-party applications.

              2. Dan 55 Silver badge

                Re: And if there is

                Apropos of the example address you've given, to be honest this is the kind of thing Mozilla should be doing as they could actually get a (small) critical mass started if they included it in Firefox. Instead of dicking about with Halloween themed VR chatrooms.

          2. AVee

            Re: And if there is

            Another route for mass adoption would be to get it integrated into consumer broadband routers. You have one anyway, and it's always connected as well. While I don't have an issue with running a Pi (or something silmilar) for most people it still will be a barrier.

            1. Doctor Syntax Silver badge

              Re: And if there is

              I'd wondered about that, especially as the last two routers I've had came with a USB connector for storage. It would require the ISP to provide a fixed address or at least to maintain a DNS service for the router and that, in turn would tie the ID to the ISP.

        2. Tom 7 Silver badge

          Re: And if there is

          Only other people using it would need to adopt the services. Its mostly going to be peer to peer and your ISP need do nothing. All you need outside your home/office is DNS or DDNS*. It doesnt replace the current web, but it allows people to sidestep it if they desire, and many do. For social networking which most people want there is no need for some bloke to come and shout over your shoulder in the pub,

          *and only if your home hosting - Id imagine many would be happy to have it in the cloud once its been shown to be secure.

    2. Doctor Syntax Silver badge

      Nothing unique about Australia

      Expect every govt. to demand access.

    3. Adelio Silver badge

      Re: And if there is

      To be honest i do not want ANYBODY to have access to ANY of my data!

  2. 0laf Silver badge
    Big Brother

    Something like this sounds more like a national utility service.

    Nations could invest in the infrastructure where the business case is weak protecting citizens data whilst empowering safe and responsible data sharing.

    Although that would require nations to do this altruistically and not try to corrupt the process for their own means.

    Fuck all chance of that I suppose.

    1. Wellyboot Silver badge

      Requiring user interaction won't help it get adopted either.

      a pity :(

    2. BazNav

      National Utility Service

      I think countries would jump at the chance! It is TBL's idea so it must be a great idea and full of freedom etc!

      But what you really get is a national identity service via the backdoor without the government having to argue (and fail again) for implementing it. If you can get big tech to pay for it even better.

      In a few years companies will start to let you use it as valid ID, then the government will let you use it as a form of ID and a short while later it will be the only ID you can use. Which neatly allows correlation of all your personal data with all the private data the government holds on you.

      1. Dave 126 Silver badge

        Re: National Utility Service

        Well, there is scope for one to hold one's own medical data. The owner can then authorise parts of said data to be released to, for example, a travel insurance company on an as required basis. The insurance company sees that you don't have X,Y and Z health conditions and sets your premium, then it has no further requirement for (and this no further access to) your data

        One issue I see is the likelyhood of bad actors and scammers sending phishing emails or faked interfaces to get data from individuals. Some people might want to use an app store style walled garden, where an organisation vets 3rd party modules.

    3. fidodogbreath Silver badge

      Infrastructure won't matter unless governments also mandate use of the systems. Companies (sorry, "brands") today see customer data as a core asset. They will not give that up unless forced to do so.

      Probably fuck all chance of that, too.

  3. Anonymous Coward
    Anonymous Coward

    Targetting the 'computer wiz' of families might be a good way to go. It would need to be doable for the mildly tech literate, not just the already trained server admin.

    "Alright guys. I've set up a few old computers to run this thing. I'll have one in my cupboard and mom will have one in hers. They'll be the same, so we have a backup. All you have to do is [describe process]. I think it should work, but let's just test it out and see how it goes."

    It'll need to be easy to use, and be able to work on some hand-me-down laptops at first. Get it adopted, and then advise on upgrading personal servers.

    1. Phil O'Sophical Silver badge

      It would need to be doable for the mildly tech literate

      Not just doable by them, they would have to care enough to do it, and they don't. Let's be honest, the vast majority of internet users don't give a damn about protecting their data if they can get "free stuff" instead. Until they're scammed out of the contents of their bank account, of course, and then it must be the bank's fault, never theirs.

      I applaud TBL for his perseverance, but tbh I don't think he's on a winner here.

  4. Pascal Monett Silver badge

    So there is now a pod server for privacy

    Good. I will welcome every idea that improves the privacy of my data.

    Now tell me how that impacts Google's data hoovering, because I don't see that it changes anything there.

    And if Google doesn't adopt it, well let's just say that it won't have much impact.

    1. Doctor Syntax Silver badge

      Re: So there is now a pod server for privacy

      Google and al the other usual suspects.

  5. Peter Prof Fox

    And the Titanic sinks?

    What will happen to 'precious data' when (possibly decades away) the boat sinks?

    All data is precious (for values of precious).

    Those values of precious go negative. Eh? What? Yes. 'Amazon books marketing' sent me emails in Chinese I presume -- All of hieroglyphs -- (I deleted it obviously.) -- But it goes to show that just the taint of a 'relationship' can be a lure.

    PS Go to merlinsmallbone.shop for great books about interesting people in interesting situations.

    Gosh! Did I write that? Yes I did. Welcome to the shillnonet.

  6. J.G.Harston Silver badge

    I think part of the problem they're trying to address is that inventing the internet is akin to inventing writing, and you're trying to control how and what people write. And inventing the web is akin to inventing the printer.

    1. Warm Braw Silver badge

      I'd say it was rather different.

      There was always control over what people wrote and printed for public consumption by virtue of the cost of production: hand-setting type might be cheaper than paying monks to make laborious copies, but it it was still expensive relative to the earnings of an average worker. This meant that the value was very clearly in the content: if the content were not valued, it would not be possible to cover the costs of production. Of course there was also ephemeral personal writing - but it was never intended to be shared widely and usually sparing and to the point.

      What has happened now is that the cost of "publication" has fallen dramatically, to the point at which it is almost, but not quite, free. The value in the content is now equally low - noone is really going to pay to see your aunt Betty paddling at Brighton or your thoughts on the state of the world. Because nobody wants your content (or, at least, your content specifically - millions of other thoughts are available), it has to be paid for by you, but because that cost is relatively low, you can pay for it by agreeing to have your personal data exploited for profit. The telling thing is that very few people would be prepared to pay the price in actual cash.

      It's not so much a technical phenomenon as a social one - and I don't think a technical fix is the answer.

      1. J.G.Harston Silver badge

        But that is *exactly* the issue we are seeing.

        Somebody invents writing. Hey, people can communicate with each other, stop that! Well, at least it's difficult as you need to grow loads of papyrus and grind up the ink, so it's difficult for people to use this annoying technology.

        Hey, somebody's invented paper, stop that! Well, at least reproduction is long and tedious, so it's difficult to use this annoying technology.

        Hey, somebody's invented the moveable type printing press, dammit, now somebody can produce a whole book in ten minutes and now any peasant can afford to communicate any information they like, dammit, STOP IT!!!! STOP THINKING FOR YOURSELVES!!!!!!! DO WHAT WE TELL YOU!!!!!!!!!!!!!!!

  7. xyz Silver badge

    Had a similar idea

    People have their own space and can allow access to areas of it to particular persons or orgs with pre agreed cut off dates, so people keep control of their data and others have time limited access to it. Sort of cleans up that whole data responsibility problem. Out here in Spain, everyone has a digital ID and world+dog always wants original copies, so it makes a lot of sense. Probably the only ever good use for that blockchain malarkey.

    1. fidodogbreath Silver badge

      Re: Had a similar idea

      We could call it MySpace!

  8. StrangerHereMyself Bronze badge

    Stupid idea

    As long as the advertisers and middle-men can legally pilfer users' private web browsing data they'll continue doing so. There's simply no market for the product TBL is selling at the moment.

    I don't see this problem being solved in any case because governments (even so called "democratic" governments) find it handy to keep tabs on their population so they won't outlaw this practice.

    Tim may be the inventor of the Web as we know it, but he's merely coasting on his illustrious past to grab VC monies to start one silly enterprise after the other.

    Whatever happened to the Semantic Web, which he was pushing for well over a decade? Why don't I hear him promoting HORNET (High Speed Onion Routing Network; a Tor-like network with the speed of the regular internet)?

  9. JDPower Bronze badge

    "Tim Berners-Lee asks everyone to do new biz a Solid"?

    I know Reg like to do oh so clever headlines, but can you at least have them make some sort of sense, grammatically or otherwise.

    1. Graham 32

      Re: "Tim Berners-Lee asks everyone to do new biz a Solid"?

      I can't parse "do new biz a Solid". No idea what they're going for. I can only guess it's meant to be funny. Assuming toilet humour, "solid" might mean "poo" but it still can't make sense of it.

      1. Def Silver badge
        1. JDPower Bronze badge

          Re: "Tim Berners-Lee asks everyone to do new biz a Solid"?

          Hmmm, thanks, never heard of it. Still the Reg putting attempts at being 'clever' above being in any way sensical though

  10. Peter Fairbrother 1

    Yet another way for people to share (and steal) data.

    Two problems as far as I can see: First, this isn't a way to protect data, it is a way to share data.

    Second, the data is kept in a big database which Tim Berners-Lee can access (if he can't, how can anyone else?).

    How come people promoting so-called privacy enhancing technologies always want a big database? In some cases it is because they want to charge for it, in others the reason is more nefarious - but a big database of secrets is never needed, it is just another copy of private or secret data, and it breaks the second law of security - "Stuff you don't have can't be taken from you".

    Sharing secret or private data is almost never to the advantage of the user - sharing medical records between surgery and clinics, and some credit reference data, are about the only exceptions I can think of, and these are well serviced already

    Shame on you, Berners-Lee.

    1. JDPower Bronze badge

      Re: Yet another way for people to share (and steal) data.

      You haven't understood it.

  11. Ken Moorhouse Silver badge

    Novell

    I think Novell offered this service or something similar. I had a Novell-issued card (credit card sized) with my login code on it, which I suppose was an extension to their Directory Services.

  12. Doctor Syntax Silver badge

    How is the pod protected against an attack from the server's manager? Unless it's protected a compromised server or the server's owner subject to some form of compulsion can open it up like a tin of sardines.

    1. Mike 125

      >How is the pod protected against an attack from the server's manager?

      Same way any site protects data: encryption and authentication. This guy's on board: Bruce Schneier.

      1. Doctor Syntax Silver badge

        Man in the middle attack on server?

  13. Mike 125

    It is not hosted for free.

    "That leads immediately to the question of whether it would be hosted for free"

    My data has value. Without my permission and even when I don't have an account, Facebook is stealing that value via industrial scale, surreptitious slurping.

    If I had an account, I would sign a contract agreeing that Facebook hosts my data in return for its value.

    In neither case is it "hosted for free". Banks claimed for years that their current accounts (checking accounts) are "free" and it was always a lie. Now that interest rates are approaching zero, they may have a case.

    It's early days for this, but I've signed up. Tim's been banging on about it for a while, so give it a chance.

  14. Anonymous Coward
    Anonymous Coward

    solutions

    There is also the solution of not putting PII on the internet. Of course the governments will still publish your tax records, arrest record, marriage, property records, driving record. I give up.

    1. Anonymous Coward
      Anonymous Coward

      Re: solutions

      Don't forget Companies House. Anyone in the world can freely see my full name, address, date of birth and copies of my signature. Free gifts to identity thieves.

  15. Anonymous Coward
    Anonymous Coward

    Sorry Tim, you're 20 years too late

    There are plenty of other options and being the father or the web only gives you so much currency. Its a worthy idea but he's been peddling it for a few years now and its gained zero traction so I don't hold out much hope.

  16. Anonymous Coward
    Anonymous Coward

    Data in Storage vs. Data in Motion

    Not really clear about this proposition. It sounds like a proposition for "Data in Storage".

    *

    So what about all the snoops (you know, GCHQ, NSA, and who knows who else) listening in to "Data in Motion"? So they listen to the metadata (Who? IP address? Host? Host Account?) and collect the "Data in Motion".

    *

    By the time the data is "Data in Storage".....the game is already over!!!!!!!!

    *

    Please explain why I just haven't understood.

  17. Anonymous Coward
    Anonymous Coward

    Am I missing something here?

    Why would I want to upload all my personal data anyway, even if I can have fine controls on who can access it? Won't that just add to the pool of data that facebook and google etc steal and collate from us anyway? As far as I'm concerned, the less my personal data finds its way onto the web the better.

    1. Doctor Syntax Silver badge

      Re: Am I missing something here?

      You might not stop Google or whoever slurping. But consider this scenario:

      You want to open a bank account*

      Your bak wants identification and things like how long have you lived at your house.

      The bank is apt to go to credit reference agancies like Equifax which are great slurpers of data (leaf back through a few days of el Reg to see the report about the ICO). At present you have no option but to allow thee agencies to have records on you and to let them sell them to anyone who wants to buy.

      If you've just moved to the address you might not have been there long enough to meet the bank's requirements.

      Something like this could allow you to satisfy the bank's checks. You could exert your rights as a data subject (assuming you live in a jurisdiction that allows those rights) to tell the credit agencies to delete their records on you.

      *Even worse, some people are now finding their bank accounts frozen because of misidentification leading to suspicions of money laundering.

  18. Neurons for Kryton
    Coat

    More simples...

    Dorthy (double) clicks her heels together saying there's no place like my home screen. Suddenly Google, Facebook, Windows 10 et all, disappear in a puff of green smoke and normality returns back to Kansas !

  19. bigtreeman

    Confluence

    I have talked about this concept since the 90s. The network is the meeting place, not corporate servers.

    The "pod" gets built into a users gateway/router as a small, secure web server. Young people use phones theses days (so I'm led to believe).

    Everyone with internet or a phone gets a personal domain name. Now everyone can be contacted by their name/address.

    No more anonymity, get over it, just behave yourselves, be real !

    Instead of a user filling in forms on each and every service/company they interact with,

    they fill in their data in their own "pod" then allow access to each service/company.

    Now the user only has to update their personal data once and all services/companies get access to current data.

    The publication of this data gives the owner legal rights and ability to restrict access.

    I can do this today by forwarding my router internal ports 80 and 443 to my pc and setting up a fairly simple web server.

    But security wise it would be more sensible to have the router or a small, secure IoT server on the local network doing the work.

    I have a Rock64 setup at present doing just that.

    The main resistance will be companies "ownership" of peoples personal data, which they make a lot of money from.

    This will eventually kill Facebook, Google, Amazon, Oracle, clouds, ISPs, and will empower individuals.

    A level playing field. A cloud is just a mass of equal water particles in the air, so I guess it will become a real cloud.

    1. Doctor Syntax Silver badge

      Re: Confluence

      If you've killed ISPs your router will become invisible as it's your ISP who connects you to the net. Your will not only have to keep your ISP, you'll also have to persuade them to give it a static address or add a DDNS provider to your list of dependencies.

      Using the phone is an even bigger problem. You no longer have an individual identity, your phone does. Lose it or get it nicked and you can start looking for a cardboard box to live in.

    2. rg287 Silver badge

      Re: Confluence

      Everyone with internet or a phone gets a personal domain name. Now everyone can be contacted by their name/address.

      It is part of the design spec of Solid that WebIDs are portable between devices/Pods. You can't tie identity to a single device because devices die, get lost/stolen/damaged. On the odd occasion when you might tie some sort of auth to a device (RSA/U2F/FIDO hardware keys), they invariably come in pairs specifically for account recovery and migration to a new set in case you lose one.

      No more anonymity, get over it, just behave yourselves, be real !

      For 4Chan trolls and QAnon, it's easy to have sympathy with this view.

      For political activists in Iran or Russia, anonymity is not about behaving themselves, it's about being able to voice their opinions without being chopped into many pieces.

      This will eventually kill Facebook, Google, Amazon, Oracle, clouds, ISPs, and will empower individuals.

      ISPs? How do individuals connect to one another without ISPs? Oh, Peer-to-Peer? Fair enough - what's your Layer1?

  20. J.G.Harston Silver badge

    Why do I need to give my data to somebody else to look after it. I already look after it myself, in a folder at the back of the drawer of my filing cabinet.

  21. Dan-in-Korea

    Blockchain domans and protonmail encrypted emails

    Could they both work within the inrupt system?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021