back to article Web daddy Tim Berners-Lee on privacy, data sharing, and the web's future

Sir Tim Berners-Lee said today he believes many current global challenges can be solved if people can be convinced to share data – but on their own terms. Tim Berners-Lee delivers an address to IBM Lotusphere 2012 conference on January 18, 2012 Tim Berners-Lee He also said that the internet faces a number of challenges such …

  1. Anonymous Coward
    Anonymous Coward

    Optimism.... I'd forgotten what it looks like.

    "Inevitably, this means that Solid pods will contain a huge amount of information about individuals, but they can decide how it gets used"

    So on the first breach you are comprehensively buggered, and you haven't fixed the problem, which is amoral companies and entities trying to get at your data by any means necessary..

    1. lglethal Silver badge
      Go

      Re: Optimism.... I'd forgotten what it looks like.

      I hate being a cynic sometime, but my first thought on reading that was, "Wow, you are well and truly screwed after the first data breach!"

      Second thought was something along the lines of "And how much pfaff to sort things out inside your Solid Pod so that Firm A can only access some of your phtots, but not those one over there, but B can access both, and C can only access that one photo of your dog, and ...."

      I dont know, yes having control sounds good, but it also feels like painting a giant target on your own back for all of the Scum out there...

      1. Anonymous Coward
        Anonymous Coward

        Re: Optimism.... I'd forgotten what it looks like.

        "...the first data breach!"

        This man will be remembered as the Oppenheimer of privacy, but his "Pod" is already here and it's not at all anonymous, it's called the internet.

        If people want control, then too bad as many others have it and have it forever as the creation he helped build shattered privacy, anonymity and to a very large extent, the personal opinion. Ironically, he might be the only 1 not to blame, as he tried to help while everyone else either used it for what it was or corrupted it for their financial and governmental means. However, his words and suggestions are now exclusively irrelevant, does this all sound familiar?

        Lastly, another version of this "Pod" is called a Library.

        1. Doctor Syntax Silver badge

          Re: Optimism.... I'd forgotten what it looks like.

          The WWW is not the internet and vice versa

          1. captain veg Silver badge

            Re: Optimism.... I'd forgotten what it looks like.

            Why is this still misunderstood?

            The internet has existed (according to your definition) since (at least) 1969. The worldwide web since 1991. The latter is an *application* of the former.

            -A.

    2. captain veg Silver badge

      Re: haven't fixed the problem

      Spot on.

      This discussion ought to focus on how to enforce law in cyberspace.

      Companies are amoral*, but they exist within legal frameworks. On line, there's precious little policing, and even less comeback. So the legal context is, at best, unenforced.

      And yet. These parasites feed off mature markets. They can't do without our money. Why don't our governments kick their arses?

      -A.

      *Companies, or at least their directors, are wholly free to act morally. Company law allows them not to; contemporary economic orthodoxy says that they shouldn't. Which is bollox.

    3. Richocet

      Re: Optimism.... I'd forgotten what it looks like.

      It's smart to be cynical, however Tim is quite experienced and should be able to find a way to make these pods well encrypted.

      We have crypto technologies like TOR and crypto currencies that aren't fundamentally broken / hacked.

      An issue could be if you grant someone to your information, then they make a copy, steal and keep it. That is what happened with Cambridge Analytica where a University researcher got access to FB data for research, quit, and took the data with him. Maybe Solid pods have a solution for that too.

      The other challenge will be identity verification. How do you know the people or company that you grant access to is who they say they are.

  2. Androgynous Cupboard Silver badge

    Solid?

    Here's the about and here's the spec. Looks like DAV with an Outh2 type layer on top for authentication. Not a bad thing, it's fairly simple and works on existing tech. I see the plan is that you can host your own "pod" (aka webserver) or have it hosted for you, which should keep everyone happy.

    Re "Optimism" above - if you're expecting the problem of "which is amoral companies and entities trying to get at your data by any means necessary", I'd present the entirety of human history to justify why that won't happen. So I'm not sure castigating this for a failure to remedy is fair.

    It looks... fine, I suppose. The kind of workflow being described isn't a million miles off the kind of "Sign in with Google" workflow we have now, which is possible with OAuth2. It does work, provided there is a web-client involved in the process, and it hides a lot of complexity behind a few clicks.

    My chief doubt is whether our apathetic species cares enough about privacy to migrate their data to it wholesale.

    1. Anonymous Coward
      Anonymous Coward

      Re: Solid?

      "So I'm not sure castigating this for a failure to remedy is fair."

      It doesn't fix the actual problem, and in the process introduces a very dangerous vulnerability - a central repository of all your data. Once that's stolen, it's game over.

      Yes, castigating it is very fair, and I would expect Tim Berners-Lee to understand these issues, since he has already seen how the web was twisted into its modern, insecure mess.

      It might be a workable solution if everyone was moral and upright, but we can't even expect this from the industry leaders, let alone the criminals.

      1. Tom 7

        Re: Solid?

        " and in the process introduces a very dangerous vulnerability - a central repository of all your data."

        Not so much introduces as exposes. And given people expose themselves regularly already...

      2. Doctor Syntax Silver badge

        Re: Solid?

        "we can't even expect this from the industry leaders, let alone the criminals."

        But you repeat yourself.

      3. Androgynous Cupboard Silver badge

        Re: Solid?

        We have central repositories for money - they're called banks. It's safer there than in a dozen shoeboxes, even though they're distributed.

        I do understand the risks of a central repository but stuff has to be held _somewhere_ - as it is now, you can spread it piecemeal around the web with various private organisations (facebook, google, adobe) some of whom will manage it securely, and some of whom will not.

        Or you can put it somewhere which has access control as it's core design principle, and which is at least nominally under your control.

        It's the same argument for Bitwarden, Lastpass or similar - one extremely well secured target vs thousands of websites with "password123". I presume you're not arguing that Password Managers are inherently riskier because they're a single repository?

        1. SundogUK Silver badge

          Re: Solid?

          That's only half the story. The other half is 'what are the consequence of failure?'

          With banks, we have an insurance structure in place.

          With Lastpass, you just have to pray you realize you have been compromised before too much damage is done.

          With Solid? If you're compromised, you've lost everything.

          No thanks.

        2. Cliffwilliams44 Silver badge

          Re: Solid?

          It's basically the same situation. I use PW managers but, if your master password get compromised you are screwed! It's the same situation with these PODS.

          Are these PODS going to use access keys or master passwords that if lost your SOL? Because recovery methods are an invite to bad actors!

      4. NATTtrash

        Re: Solid?

        On a more reflective note:

        I think it might be good to not focus on (the technical) what is shared with whom and how, but more on the (unfettered) decision, need, desirability, and viable alternative for the individual to share. The assumption here is a bit that an individual must share, no alternative. And thus that often quoted, but little practised principle of choice has become an empty shell. Because real choice can be a PITA if you want to make sure that your interest is being served...

        Like the example mentioned here: So what about banks? Shoe boxes? OK, so what if it is my individual choice to keep my money in a shoebox? My choice, preference, decision, and yes, also my consequences if lost. But it is what makes us human and individuals. Your personal decisions, your actions, and your consequences. But what we see nowadays is a "do what I say so you don't hurt yourself" general perception and indeed acceptance, mostly under the lazy pretence of "convenience". But it completely disregards (sure shoot me) the also very human default fact that humans only do something out of self interest. Like that bank. Or that government that promotes electronic payments, because cash in shoe boxes is for criminals (and doesn't help us see if you pay all your taxes). And like what Sir Tim mentioned...

        Because, with absolute respect to Sir Tim: yes, sure, that sounds very nice what your company has developed. But as a less sarcastic, genuine consideration: why can humanity only work when everybody in the world (especially the less well off part of it) is "on the net"? Will it give them food on the table?

    2. VladiKup

      Re: Solid?

      You may wish to check the PolyPod approach (for EU only), as well. It's similar to Solid's POD (in security ensured), but differs so, that PolyPod never allows any algorithm to enter the consumer's Personal Data Storage (PDS, as MyData Operators name it). And when access is allowed OUTSIDE of other personal data - only the result of the calculation/ data processing - is delivered to the algorithm's owner - not the personal data per se of the PDS owner.

      https://github.com/polypoly-eu/polyPod

  3. Pascal Monett Silver badge
    Mushroom

    "bank transactions go to your Solid pod"

    Fuck that.

    My bank transactions go into my bank history and there ain't no fucking Pod that has the right to hoard that data.

    Sir Berners-Lee, with all due respect, stop trying to shoehorn every aspect of my private life into something Google, the NSA and every other skiddie with a keyboard can index.

    1. td0s

      Re: "bank transactions go to your Solid pod"

      I think this misses the point - data at your bank is as secure as your bank, but you don't have ownership of it. At least if it's in your own pod you have a record which is in your control. If you want to let google index it then up to you...

      1. Doctor Syntax Silver badge

        Re: "bank transactions go to your Solid pod"

        Once the bank has taken a look at it in your Pod that portion of your data's also in the bank and you still don't have control of it there.

      2. TDog

        Re: "bank transactions go to your Solid pod"

        And if there is a conflict between your copy and the banks? Guess who the bank will believe.

    2. Anonymous Coward
      Anonymous Coward

      Re: "bank transactions go to your Solid pod"

      @Pascal Monett

      I think you should look up the meaning of the word "skiddie". I am quite sure it does not mean what you think it does.

      1. SundogUK Silver badge

        Re: "bank transactions go to your Solid pod"

        From Wikipedia:

        "A script kiddie, skiddie,[1] or skid is a relatively unskilled individual who uses scripts or programs, such as a web shell, developed by others to attack computer systems and networks and deface websites, according to the programming and hacking cultures."

        Seems perfectly apt.

        1. smot

          Re: "bank transactions go to your Solid pod"

          Or in other words, a little shit.

    3. Richocet

      Re: "bank transactions go to your Solid pod"

      It is almost the opposite of what you worry it will be. You won't be forced to create any Pods. If you did, you own the Pod, can host it (or not) and choose who can see into it.

      Currently your bank keeps a record of not just your transactions, but a bunch of other data it knows about you, and it sells that information to marketers.

      Large organisations have shown a pattern of giving some or all of their data to the NSA. Why would you think a Pod would be less safe from the NSA? It might make collecting the data more work (if they could no longer get it directly from your bank).

  4. Christopher Reeve's Horse

    Permissions

    Sounds good, but who's looking forwards to the onslaught of dumb-ass users struggling to manage complex permission models with access/denial conflicts?

    1. You aint sin me, roit
      Unhappy

      Dumb-ass? Or just not bothered?

      Users will inevitably be told of the "advantages" of making all that data available, just like they already are by bookface, Amazon, Google, .... People already believe tailored ads are a good thing!

      Facebook will default to "share all pod data" with such a complex interface for selectively denying access that most people will take one look and think "fuck it" and click on OK.

      Put all your eggs in one basket, sit back and let Facebook make omelettes for you.

  5. vtcodger Silver badge

    Utopia

    Sounds utopian to me. but maybe it can be made to work. At least to some extent. I can't think why my doctor's office, for example, wouldn't make the effort to play nicely with my Pod.

    But I don't see how this solves the problem of Google et.al spying on every living creature on the planet. It's what they do. Why would they stop?

    And I don't think Pods are going to make financial activity on the Internet any less risky. It isn't safe now. It probably won't be safe if done with Pods -- unless we make unauthorized access to Pods a felony and convince 195 countries to jail anyone who attempts to access a Pod (other than their own) without permission.

  6. Anonymous Coward
    Anonymous Coward

    Pods......and other attractive possibilities.......

    Link: https://inrupt.com/solid/

    Quote: "Pods store user data in an interoperable format and provide users with permissioning controls."

    So....pods store stuff. Where? Are there backups? What happens to my pod if I want to abandon it...or I die?

    Will someone ACTUALLY TELL ME if my pod is hacked?

    Sorry........no thanks......two local backups (one offsite) seems a better proposition!

    1. Tim99 Silver badge
      Windows

      Re: Pods......and other attractive possibilities.......

      "....two local backups (one offsite) seems a better proposition!"

      Hmm, a bare minimum I would have thought. After doing this stuff for >50 years, I now have 2 Time Machine backups; 2 full disk bootable backups (1 off site for each); and an encrypted internet backup - With incipient old age/forgetfulness I'm wondering if that is adequate...

  7. amanfromMars 1 Silver badge

    In AWEsome Praise of Internet Hippies who are not Corporate Yuppies

    Do internet hippies create and driver/command and control virtual movements destroying petrified systems in stagnant swamps infested by viruses and accommodative of RAT-faced Trojans and their politically inept and incorrect partners/co-mingling conspirators? Or that being left for A.N.Others to excel at XSSively .... mucking out, as it does, those rotten stables and pathetic environments littering seescapes with monumental mass serial myopic psychotic failures?

    If Sir Tim is proposing that as a universal way forward for rapid progress, he has more competent help available to him than ever he probably never imagined already fully ready, willing and able and able to enable.

    Such does of course, and it is only fair that such a disclosure be made at the start of any venture that can and therefore probably will be novel and disruptive and explore virgin alien territory, effectively render the status quo as a servering puppet seconded as aide-de-camp to a New More Orderly Grand AI Mastering Mystery and Titanic Enigmatic Program. So be prepared for some ugly fireworks and incendiary bleatings from that and those responsible and accountable for the past and recent presents.

    However, for those in the know and extremely comfortable in being way out ahead with intelligence and information pathfinding at the front of cascading waves instrumental in Greater IntelAIgent Games Play ..... that's best recognised and accepted as Holywood winning over Hollywood rather than Hollywood losing to Holywood, for although they may both essentially be the same, the one is fundamentally different from the other with the latter being that which one is advised it is always wise to ignore and dismiss as an obvious fiction maliciously pimped and/or pumped to cause the sort of friction and chaotic conflict that easily promotes manic madness and mass mayhem.

    cc .... Sir Tim Berners-Lee at inrupt.com

    1. amanfromMars 1 Silver badge

      Re: In AWEsome Praise of Internet Hippies who are not Corporate Yuppies

      And if that cryptic revelation about the more exact nature of one's unavoidable imminent and eminent fate and the future direction of vast rapid travel to new destinations and experimental outposts which will lead all who seek to follow to fields other than those of the scorched torched earth inevitable and destined according to all manner of present catastrophic too big to fail plans and guaranteed to fail policies prepared for and exercised at home is not to your liking, because it contains too much information about things which work always best whenever practically invisible and relatively unknown and virtually untouchable for the ease which assists unfettered and unhindered immaculate top secret service use and deployment/initial private and pirate beta testing and subsequent SMARTR mentored and monitored general public offering, try this one instead to see if it tastes any better. It prepares for the same sort of feast .........

      To those who rule and are trying to implement their global consolidation: This is your last chance to save your own skins. Nothing will stop the collapse, but you can at least abandon your nefarious project and its totalitarian blueprint. It’s your only chance to avoid the Sarlacc pit, and that’s a slim chance indeed. Collapse will focus your victims’ attention on their ruination and your responsibility for it. You’ll be lucky to escape their retribution. Your odious class has always hid your failures and tried to shift the blame, but that game is up.

      As always happens after cataclysms, the survivors will rebuild. The human race is a hardy bunch. With previous equity, debt and its corresponding credit assets wiped out, and many real assets destroyed in the mayhem and chaos, there will be little capital to fund their efforts. Capital will be earned and rebuilt the old fashioned way—consumption less than production generating savings invested in enterprises whose returns compound the savings.

      With governments either broke or wiped out, emergent groups in smaller geographic areas will have to look to their own resources for protection. On the other hand, they’ll be unencumbered by the confiscatory taxes, stifling laws and regulations, rampant corruption, Big Brother surveillance, perpetual violence, and general idiocy we now take for granted among governments.

      There will be a decentralized multiplicity of new political arrangements and subdivisions, from chaotic black holes to well-ordered enclaves. The success of the latter will be due to the freedom they embrace, the individual rights they protect, and their ability to defend their enclaves. New industries, technologies, modes of commerce, and ways of life will emerge. This will be the true great reset, not the Klaus Schwab version, which only recycles failed concepts of centralized power and collective subjugation on a larger scale.

      Brace for impact, the collapse is well underway and will soon hit its inflection point, if it hasn’t already. It will be a test of character unlike anything we’ve faced before. It was Jabba the Hut and his creepy cohorts—Planet Tatooine’s establishment—who were blown to smithereens and cast into the Sarlacc Pit. Our enemies’ greatest weakness: the arrogant stupidity of evil and the crumbling bulwark of lies behind which it hides. These are the allies of Samuel Adams’, “irate, tireless minority keen to set brushfires of freedom in the minds of men.” Our greatest weapon: the magnificently defiant human spirit that stands on the plank above the abyss and shouts: “Jabba, this is your last chance, free us or die!” ......... https://www.zerohedge.com/geopolitical/your-last-chance-part-2

  8. Anonymous Coward
    Anonymous Coward

    Another one for the heap

    My respect for the good Sir vanished when he defended gTLDs.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like