Tim Berners-Lee asks everyone to do new biz a Solid and let him have another crack at fixing the Web's privacy Inventor of the world wide web, Tim Berners-Lee, is having another crack at fixing the internet’s biggest problems with the launch of a new enterprise server. The Inrupt Enterprise Solid Server is the first product from a company the inventor started two years ago in response to the problem of personal data online, where tech …
I hope I'm reading this right (I've been working on similar for my own amusement and may be overlaying my ideas). Its largely a set of standards. So Australia can demand a backdoor in a product, but as you have a personal server you control you can then add on the encryption to block it. It doesnt even have to be in your country.
As for the "would require massive and widespread adoption" this is a problem even FB started with. All it takes is a product (and that only needs to be surprisingly simple) and the instructions on how to set one up at home (click here and choose which router you have and this is how to configure it...) and there's two or three hundred people in my town of 2000 who would jump at it.
Those 200 people would jump at it, and course it would also require online services to adopt it as well.
I guess that unlike some 'adoption dilemmas' (i.e, I'm not buying this gizmo until it's supported by devs, devs won't bother supporting it until people have bought it) there's a low cost of entry (some time, possible a small hosting fee) to early adopting users.
I'm assuming as well that the likes of Google won't be interested in this, but the hundreds of smaller services and retailers we interact with online might be.
(And personally, I'd be happy in principal for smaller online companies to have access to market reports derived from my anomynised data - otherwise small companies find it hard to compete on quality, service and value because they are at a disadvantage in terms of market data compared to Amazon et al. )
It doesnt need to be an image - you can do this at app level.
It needs (D)DNS so that applications can find your Pod. In principle yes, you could run a pod as an app on a smartphone, but somewhere along the line either the app developer or someone else (EFF? Mozilla?) would need to offer DDNS-as-a-service that the app could subscribe to, and you'd get a personal <bob-jones.mozilla-pods.org> subdomain or something.
You'd still retain your data, but let someone else signpost to your "server". Having the technical chops to buy a domain and set up some DDNS is obviously way beyond most users.
There would need to be an ecosystem of DDNS providers whose service can be subscribed to via third party Pod-Server apps (so you download the app and pick a DNS provider in the app - anything more complex and people will drop off the moment you ask them to "Go to X, create an account, blah, blah").
Eh?
P2P dude. You only need those with the savvy and resources to have directory servers set up, everyone else like your granny can turn their device on and grab a directory copy from one of these places as a seed and join the network. From there your granny's device can receive broadcasts over the network to find other peers to collaborate with and remain connected and up to date.
Why the fuck would everyone need a domain name?
P2P dude.
Have you read the spec? You seem to be confusing P2P with DHT. Solid is neither a blockchain nor a torrent-like protocol. It's built on the web. The Solid Protocol spec defines a Pod as an HTTP1.1 server. It uses HTTP URIs throughout - focussed on location (server/folder/file), not data/content (as per IPFS URIs or BitTorrent for instance). The reason we use FQDNs for HTTP URIs is that IPs are not user-friendly.
Although they talk about P2P, it's still a client-server (or rather, server-server) relationship between the application accessing your Solid Pod. It's no different to an application server contacting a database server for data. This means you need some useful form of static addressing for your Pod, particularly if it's an app on a mobile device and the IP address is changing regularly.
Now, there is reference to IPFS and BlockStack on the website, but it's made clear that Solid is designed to be compatible with distributed and blockchain systems. It is not built on them and the protocol does not use them. It's possible that a Solid Pod implementation might use IPFS as the storage layer instead of using the local hard drive or a network share. Applications would still query it using HTTP URIs, but the Pod would then go get the data from IPFS and serve it back to the application.
All the reference implementations and showcase apps have you specify your Pod (using domain name) in order for you to log in. It's the same basic concept as having an email address (user@service), but as a (possibly self-hosted) identity & storage platform with rights management layered on top for API access by third-party applications.
Only other people using it would need to adopt the services. Its mostly going to be peer to peer and your ISP need do nothing. All you need outside your home/office is DNS or DDNS*. It doesnt replace the current web, but it allows people to sidestep it if they desire, and many do. For social networking which most people want there is no need for some bloke to come and shout over your shoulder in the pub,
*and only if your home hosting - Id imagine many would be happy to have it in the cloud once its been shown to be secure.
Something like this sounds more like a national utility service.
Nations could invest in the infrastructure where the business case is weak protecting citizens data whilst empowering safe and responsible data sharing.
Although that would require nations to do this altruistically and not try to corrupt the process for their own means.
Fuck all chance of that I suppose.
I think countries would jump at the chance! It is TBL's idea so it must be a great idea and full of freedom etc!
But what you really get is a national identity service via the backdoor without the government having to argue (and fail again) for implementing it. If you can get big tech to pay for it even better.
In a few years companies will start to let you use it as valid ID, then the government will let you use it as a form of ID and a short while later it will be the only ID you can use. Which neatly allows correlation of all your personal data with all the private data the government holds on you.
Well, there is scope for one to hold one's own medical data. The owner can then authorise parts of said data to be released to, for example, a travel insurance company on an as required basis. The insurance company sees that you don't have X,Y and Z health conditions and sets your premium, then it has no further requirement for (and this no further access to) your data
One issue I see is the likelyhood of bad actors and scammers sending phishing emails or faked interfaces to get data from individuals. Some people might want to use an app store style walled garden, where an organisation vets 3rd party modules.
Targetting the 'computer wiz' of families might be a good way to go. It would need to be doable for the mildly tech literate, not just the already trained server admin.
"Alright guys. I've set up a few old computers to run this thing. I'll have one in my cupboard and mom will have one in hers. They'll be the same, so we have a backup. All you have to do is [describe process]. I think it should work, but let's just test it out and see how it goes."
It'll need to be easy to use, and be able to work on some hand-me-down laptops at first. Get it adopted, and then advise on upgrading personal servers.
It would need to be doable for the mildly tech literate
Not just doable by them, they would have to care enough to do it, and they don't. Let's be honest, the vast majority of internet users don't give a damn about protecting their data if they can get "free stuff" instead. Until they're scammed out of the contents of their bank account, of course, and then it must be the bank's fault, never theirs.
I applaud TBL for his perseverance, but tbh I don't think he's on a winner here.
Good. I will welcome every idea that improves the privacy of my data.
Now tell me how that impacts Google's data hoovering, because I don't see that it changes anything there.
And if Google doesn't adopt it, well let's just say that it won't have much impact.
What will happen to 'precious data' when (possibly decades away) the boat sinks?
All data is precious (for values of precious).
Those values of precious go negative. Eh? What? Yes. 'Amazon books marketing' sent me emails in Chinese I presume -- All of hieroglyphs -- (I deleted it obviously.) -- But it goes to show that just the taint of a 'relationship' can be a lure.
PS Go to merlinsmallbone.shop for great books about interesting people in interesting situations.
Gosh! Did I write that? Yes I did. Welcome to the shillnonet.
I'd say it was rather different.
There was always control over what people wrote and printed for public consumption by virtue of the cost of production: hand-setting type might be cheaper than paying monks to make laborious copies, but it it was still expensive relative to the earnings of an average worker. This meant that the value was very clearly in the content: if the content were not valued, it would not be possible to cover the costs of production. Of course there was also ephemeral personal writing - but it was never intended to be shared widely and usually sparing and to the point.
What has happened now is that the cost of "publication" has fallen dramatically, to the point at which it is almost, but not quite, free. The value in the content is now equally low - noone is really going to pay to see your aunt Betty paddling at Brighton or your thoughts on the state of the world. Because nobody wants your content (or, at least, your content specifically - millions of other thoughts are available), it has to be paid for by you, but because that cost is relatively low, you can pay for it by agreeing to have your personal data exploited for profit. The telling thing is that very few people would be prepared to pay the price in actual cash.
It's not so much a technical phenomenon as a social one - and I don't think a technical fix is the answer.
But that is *exactly* the issue we are seeing.
Somebody invents writing. Hey, people can communicate with each other, stop that! Well, at least it's difficult as you need to grow loads of papyrus and grind up the ink, so it's difficult for people to use this annoying technology.
Hey, somebody's invented paper, stop that! Well, at least reproduction is long and tedious, so it's difficult to use this annoying technology.
Hey, somebody's invented the moveable type printing press, dammit, now somebody can produce a whole book in ten minutes and now any peasant can afford to communicate any information they like, dammit, STOP IT!!!! STOP THINKING FOR YOURSELVES!!!!!!! DO WHAT WE TELL YOU!!!!!!!!!!!!!!!
People have their own space and can allow access to areas of it to particular persons or orgs with pre agreed cut off dates, so people keep control of their data and others have time limited access to it. Sort of cleans up that whole data responsibility problem. Out here in Spain, everyone has a digital ID and world+dog always wants original copies, so it makes a lot of sense. Probably the only ever good use for that blockchain malarkey.
As long as the advertisers and middle-men can legally pilfer users' private web browsing data they'll continue doing so. There's simply no market for the product TBL is selling at the moment.
I don't see this problem being solved in any case because governments (even so called "democratic" governments) find it handy to keep tabs on their population so they won't outlaw this practice.
Tim may be the inventor of the Web as we know it, but he's merely coasting on his illustrious past to grab VC monies to start one silly enterprise after the other.
Whatever happened to the Semantic Web, which he was pushing for well over a decade? Why don't I hear him promoting HORNET (High Speed Onion Routing Network; a Tor-like network with the speed of the regular internet)?
Two problems as far as I can see: First, this isn't a way to protect data, it is a way to share data.
Second, the data is kept in a big database which Tim Berners-Lee can access (if he can't, how can anyone else?).
How come people promoting so-called privacy enhancing technologies always want a big database? In some cases it is because they want to charge for it, in others the reason is more nefarious - but a big database of secrets is never needed, it is just another copy of private or secret data, and it breaks the second law of security - "Stuff you don't have can't be taken from you".
Sharing secret or private data is almost never to the advantage of the user - sharing medical records between surgery and clinics, and some credit reference data, are about the only exceptions I can think of, and these are well serviced already
Shame on you, Berners-Lee.
"That leads immediately to the question of whether it would be hosted for free"
My data has value. Without my permission and even when I don't have an account, Facebook is stealing that value via industrial scale, surreptitious slurping.
If I had an account, I would sign a contract agreeing that Facebook hosts my data in return for its value.
In neither case is it "hosted for free". Banks claimed for years that their current accounts (checking accounts) are "free" and it was always a lie. Now that interest rates are approaching zero, they may have a case.
It's early days for this, but I've signed up. Tim's been banging on about it for a while, so give it a chance.
Not really clear about this proposition. It sounds like a proposition for "Data in Storage".
*
So what about all the snoops (you know, GCHQ, NSA, and who knows who else) listening in to "Data in Motion"? So they listen to the metadata (Who? IP address? Host? Host Account?) and collect the "Data in Motion".
*
By the time the data is "Data in Storage".....the game is already over!!!!!!!!
*
Please explain why I just haven't understood.
Why would I want to upload all my personal data anyway, even if I can have fine controls on who can access it? Won't that just add to the pool of data that facebook and google etc steal and collate from us anyway? As far as I'm concerned, the less my personal data finds its way onto the web the better.
You might not stop Google or whoever slurping. But consider this scenario:
You want to open a bank account*
Your bak wants identification and things like how long have you lived at your house.
The bank is apt to go to credit reference agancies like Equifax which are great slurpers of data (leaf back through a few days of el Reg to see the report about the ICO). At present you have no option but to allow thee agencies to have records on you and to let them sell them to anyone who wants to buy.
If you've just moved to the address you might not have been there long enough to meet the bank's requirements.
Something like this could allow you to satisfy the bank's checks. You could exert your rights as a data subject (assuming you live in a jurisdiction that allows those rights) to tell the credit agencies to delete their records on you.
*Even worse, some people are now finding their bank accounts frozen because of misidentification leading to suspicions of money laundering.
I have talked about this concept since the 90s. The network is the meeting place, not corporate servers.
The "pod" gets built into a users gateway/router as a small, secure web server. Young people use phones theses days (so I'm led to believe).
Everyone with internet or a phone gets a personal domain name. Now everyone can be contacted by their name/address.
No more anonymity, get over it, just behave yourselves, be real !
Instead of a user filling in forms on each and every service/company they interact with,
they fill in their data in their own "pod" then allow access to each service/company.
Now the user only has to update their personal data once and all services/companies get access to current data.
The publication of this data gives the owner legal rights and ability to restrict access.
I can do this today by forwarding my router internal ports 80 and 443 to my pc and setting up a fairly simple web server.
But security wise it would be more sensible to have the router or a small, secure IoT server on the local network doing the work.
I have a Rock64 setup at present doing just that.
The main resistance will be companies "ownership" of peoples personal data, which they make a lot of money from.
This will eventually kill Facebook, Google, Amazon, Oracle, clouds, ISPs, and will empower individuals.
A level playing field. A cloud is just a mass of equal water particles in the air, so I guess it will become a real cloud.
If you've killed ISPs your router will become invisible as it's your ISP who connects you to the net. Your will not only have to keep your ISP, you'll also have to persuade them to give it a static address or add a DDNS provider to your list of dependencies.
Using the phone is an even bigger problem. You no longer have an individual identity, your phone does. Lose it or get it nicked and you can start looking for a cardboard box to live in.
Everyone with internet or a phone gets a personal domain name. Now everyone can be contacted by their name/address.
It is part of the design spec of Solid that WebIDs are portable between devices/Pods. You can't tie identity to a single device because devices die, get lost/stolen/damaged. On the odd occasion when you might tie some sort of auth to a device (RSA/U2F/FIDO hardware keys), they invariably come in pairs specifically for account recovery and migration to a new set in case you lose one.
No more anonymity, get over it, just behave yourselves, be real !
For 4Chan trolls and QAnon, it's easy to have sympathy with this view.
For political activists in Iran or Russia, anonymity is not about behaving themselves, it's about being able to voice their opinions without being chopped into many pieces.
This will eventually kill Facebook, Google, Amazon, Oracle, clouds, ISPs, and will empower individuals.
ISPs? How do individuals connect to one another without ISPs? Oh, Peer-to-Peer? Fair enough - what's your Layer1?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
