
Tim Berners-Lee envisions a better web - bootload
https://www.wired.com/2017/04/tim-berners-lee-inventor-web-plots-radical-overhaul-creation/
======
aub3bhat
The reason these linked data, semantic web, GNU social projects end up going
no where is because they put principles ahead of product. People want things
they can click/tap/share and use without having to go through a manual/spec.
And when the time arises to build those products one quickly discovers that
the lofty principles don't match the user expectation.

Something like Snapchat that provides a very very weak guarantee of privacy
but has your classmates is immensely more useful to society than a
decentralized federated social network with PGP signed identities filled with
crypto enthusiasts.

~~~
rl3
Mainstream users could use such things so long as the UX was really, really
good.

The problem is not the principled nature of decentralized networks, but that
they have to overcome the same hurdles as centralized networks—how do you
compete with Facebook when they're so entrenched?

~~~
exDM69
> Mainstream users could use such things so long as the UX was really, really
> good.

I'm not so sure. In my experience with encrypted chat apps with non-technical
people, they completely ignore any kind of security in the key exchange.
They'll give you their account number to get in touch but nothing to verify
the key.

I don't see this changing in the near future or at all if fundamentals of
public key systems aren't going to be a part of school curricula. I'm a bit
sad that it's so poorly understood as public key cryptography has really
changed the world in the past few decades (can you imagine going back to a
world without online banking?). The key insight to understand is that
cryptography can't establish trust, only maintain it.

~~~
TheOtherHobbes
Those users see an extra layer of friction for no obvious benefit. "Trust" is
not an issue for them, because they've never experienced someone impersonating
someone else.

The reason the web is broken is because it's a meeting point for the social,
commercial, corporate, personal, academic, and political worlds. All of those
worlds have different demands and requirements.

You can't fix a political problem by applying technology to it. There's a
persistent myth that you can, but the reality is that publicly accessible
technology mirrors the publicly accessible political environment, not vice
versa.

Politically, neither ordinary users nor academic experts have the leverage to
enforce the kind of secure, safe, trustworthy web most of us here would want.

Banks, corporations, governments, and the letter agencies do, which is why
they have an effective monopoly on the practical applications of key security.

A minority of geeks and security specialists get some crumbs from the key
exchange table, but they're a _long_ way from being able to force strong
security into the popular web.

------
syshum
>>On the better web Berners-Lee envisions, users control

I have a hard time taking him seriously at this point, he talks about User
control while at the same time advocating for the Advancement of DRM in HTML5
standard

I can not square these positions, DRM is anti-user. You can not be for User
control while also supporting DRM. Pick one

~~~
hutzlibu
Users want drm.

You don't, I don't, most others here not, but in general, they just want their
movie. And they will use other technology, if the web does not provide what
they want.

So for the html5 to stay relevant, it sadly has to contain it. Even though we
can do without.

~~~
byuu
Why can't HTML5 be relevant without Netflix?

Most gamers use Steam, not WebGL, and the internet hasn't fallen apart.

People can survive using Roku/FireTV/AppleTV/PS4/XB3/standalone PC app for
their streaming movie services. And if Google and Mozilla would allow people
to keep installing third-party plugins like Flash, then they could do that to
watch Netflix inside their browser.

If you become your enemy to defeat him, then you've already lost whatever it
was you were fighting for.

~~~
gsnedders
The difference between games and video is there's precedent for video:
Netflix, e.g., has been on the web since 2007, games never really have. Videos
moving away from the web would be far more noticeable to the average user than
games continuing to not be on the web.

There's good reasons to kill plugins: their security policies are almost
always weaker than browsers and many security attacks on browsers and networks
have used them. EME, even in plugin form, is in many ways better in this
regard, as you can put it in sandboxes with fewer privileges.

~~~
byuu
Removing the web client of Netflix would hurt them a lot more than it'd hurt
Google and Mozilla.

I really don't believe that without EME, Netflix would abandon their web
client. They'd just keep using Flash, which I am fine with, since I don't use
their web player anyway.

But of course, Google _wants_ EME, so naturally they're going to push for
forcing out Flash.

> EME, even in plugin form, is in many ways better in this regard, as you can
> put it in sandboxes with fewer privileges.

I can't imagine anything you could sandbox in EME that you couldn't sandbox in
an external plugin system designed accordingly. EME itself are plugins. Just
don't ship them with the browser and enabled by default. That would do a lot
to stop the smaller sites from trying to use EME on their content.

Furthermore, EME brings in the DMCA, and the W3C won't make any strong claims
about requiring researchers to be able to publish vulnerabilities.

~~~
gsnedders
> But of course, Google wants EME, so naturally they're going to push for
> forcing out Flash.

AIUI, the larger reason for wanting EME is to kill Flash and other plugins.

> I can't imagine anything you could sandbox in EME that you couldn't sandbox
> in an external plugin system designed accordingly. EME itself are plugins.
> Just don't ship them with the browser and enabled by default. That would do
> a lot to stop the smaller sites from trying to use EME on their content.

Flash needs access to many, many more OS-level features than any EME plugin
does, as a result of its functionality being a superset of any EME plugin
(okay, _theoretically_ an EME plugin could use them all, but there's no
evidence of any trying to do so). An EME plugin doesn't: need access to any
web cam/microphone (or other devices), unrestricted filesystem access, etc.
All of those are things that Flash can do.

Flash not shipping by default didn't exactly stop smaller sites from relying
on it, though; once a small number of big sites rely on it and it has the
installed userbase it's a relatively weak argument.

> Furthermore, EME brings in the DMCA, and the W3C won't make any strong
> claims about requiring researchers to be able to publish vulnerabilities.

Oh, I'm not claiming EME is good, but I think it's worthwhile understanding
its benefits relative to the historic status quo if you want to argue against
it. (I also have concerns about only worrying about the DMCA: other
jurisdictions have similar laws around DRM and I don't think we should allow
only those in the US to do security work on browsers.)

~~~
byuu
> AIUI, the larger reason for wanting EME is to kill Flash and other plugins.

EME is also a plugin. Specifically, it's the Widevine plugin.

Only now it's installed by default on _everyone 's_ systems. And Chrome is
already playing games and moving the setting from chrome://plugins to being
buried under chrome://settings/content.

That "it runs everywhere by default" will mean even smaller websites will
start using it to strip user freedoms.

Read the comments here:
[https://bugs.chromium.org/p/chromium/issues/detail?id=675596](https://bugs.chromium.org/p/chromium/issues/detail?id=675596)

Website owners are _chomping at the bit_ to stop people from being able to
save offline content.

> Flash needs access to many, many more OS-level features than any EME plugin
> does

Then make EME plugins optional, and don't ship them by default with browsers,
and don't make them officially part of the HTML5 spec. Just because something
is 'inevitable' doesn't mean you have to embrace it, if it's a fundamentally
bad thing. This is usually referred to as 'having principles.'

> Flash not shipping by default didn't exactly stop smaller sites from relying
> on it, though

But it has resulted in many sites using HTML5 video. Especially when Apple
decided not to ship it on iOS.

And right now, I can right-click and save those videos to my hard drive, which
is just lovely for taking videos on the go with me.

------
austincheney
This looks nice, like an evolution of FOAF. It has the proper focus on many of
the key ingredients it will need to be successful: access control, identity,
and the correct goals. Unfortunately, this probably won't work any better than
similar solutions. It is missing something more important, a smart
distribution mechanism. The web is not the answer.

So long as they continue to think in terms of data and delivery the best they
can hope for is Facebook plus privacy. They can do better than this.

------
shakna
Looking at the spec for Solid [0], I'm quite struggling to see what it has
over GNUSocial or the other players in this same field, apart from the name
backing it.

Authentication, transfer of data, and all that look very similar.

[0] [https://github.com/solid/solid-spec](https://github.com/solid/solid-spec)

~~~
mattl
at one point I really tried to get GNU social as GNU/W3C social or GNU/MIT
social. I think another group looking at the problem could have advanced
things a lot by now.

~~~
shakna
Try mastadon's [0] implementation. It's a very nice, rich interface around
GNUSocial, and feels like it goes a lot further, even if it does just rely on
the spec.

[0] [http://mastodon.social/](http://mastodon.social/)

