
Inrupt, Tim Berners-Lee's Solid, and Me - 9nGQluzmnq3M
https://www.schneier.com/blog/archives/2020/02/inrupt_tim_bern.html
======
virtualritz
I recently got introduced to a company called Polypoly. They are working on
exactly the same, in the EU.

They have an interesting setup as a collective. Users of the software
automatically become members of the collective. The website talks of automatic
partake in economic success.

Curiously they also use the idea of self-hosted pods to hold the users private
data and they even use the term 'pod' for this.

When the founder, Thorsten Dittmer, gave me his elevator pitch he almost use
the same line of reasoning as Schneier.

Basically: 25 years ago, we technologists (while reading Gibson, mind you)
thought that the web will bring freedom, understanding and equality to the
world. We were wrong. Now we have to fix our mistake because we're the only
ones who have a chance at doing this.

It is probably not exaggerated to call these sorts of companies the biggest
threats to the business models of the Googles and FBs of today.

[1] [https://www.polypoly.eu/en/home-en](https://www.polypoly.eu/en/home-en)

~~~
rohan1024
We humans have a tendency where: we invent something, exploit it only to
realise at later point the mess that has happened and then correct our path.

I see lot of negative comments on this thread but solid/polypoly is the
beginning of that path correction for web. They might not succeed but
something with the same underlying idea is going to.

~~~
pjmorris
Dave Winer is fond of quoting John Gilmore, "The Net interprets censorship as
damage and routes around it." It feels to me like the current breach of
privacy in exchange for 'free' services might now begin to be interpreted as
damage.

~~~
erikpukinskis
I think in the eyes of “The Net”, as anthropomorphized by Winer, privacy might
look like a form of censorship.

------
koevet
As much as I like the idea (and the people behind it), I have an hard time
seeing how this can succeed.

The idea of pod reminds me of the self-hosting movement: people -including
myself - host a bunch of services to avoid sharing fundamental data, like
email, GPS-history or contacts.

Still, "self-hosters" interact with all the big personal data hoarder out
there (FB, Google, the many ad and tracking companies) which expose them to
the same abuses as any other internet user.

Basically, I don't really see a company like FB play ball with these guys, for
two reasons:

1) the privatization of data would be a existential threat to their business
model

2) the majority of internet users are oblivious to the data collection tactics
employed by half the internet and I can't picture folks raising pitchforks for
"pods" to become a standard.

But I also hope to be dead wrong!

~~~
atoav
≥ 2) the majority of internet users are oblivious to the data collection
tactics employed by half the internet and I can't picture folks raising
pitchforks for "pods" to become a standard.

Usually purely technical solutions to societal problems won't bring you far.
It is still not bad to have them, because they essentially show what would be
possible, if we just wanted. Helps in discussion as well if of all people Tim
Berners-Lee was part of it.

However: we have issues of education around the topic and our jurisdictive
let's the big internet corps get away with too much. Starting with taxes and
privacy down to the societal effects their algorithms have.

What ad networks do is the digital equivalent of filming and spying on people
who walk by your storefront. What they do, how they do it and the effects it
has on society are wrong. Online Advertisement is probably one of the big
drivers of the political division we are seeing lately, because controversial
topics produce more engagement and more engagement is what people selling ads
want.

If you'd explain the current practise to common folk, most of them clearly
don't think is okay. This means both education and media isn't doing their
job.

~~~
kmlx
> What ad networks do is the digital equivalent of filming and spying on
> people who walk by your storefront. What they do, how they do it and the
> effects it has on society are wrong.

wait a minute. i know there are currently startups that offer this exact type
of analytics. and from what i know these types of analytics are extremely
beneficial to both consumers and store owners. what exactly is the problem
here?

~~~
anoncake
If analytics are beneficial to customers, why aren't they opt-in but instead
businesses try hard not to let them even opt out?

~~~
kmlx
this question makes no sense.

since on street analytics are already beneficial to everyone, consumers and
providers, why should they be opt-in? they should be, and currently are,
automatic opt-in with an option to opt-out. you are walking on the street, so
any privacy is gone just from walking outside of your home.

~~~
anoncake
What doesn't make sense is to consider never leaving the house a realistic
option. Nor does the phrase "automatic opt-in".

And I hope this:

> since on street analytics are already beneficial to everyone, consumers and
> providers, why should they be opt-in?

is a joke. It's pure authoritarianism.

------
Nokinside
I wish them well.

Problem with their approach is that their marketing pitch is all wrong.

There is no demand for what they are selling because there is no value in what
they are selling. The value comes from network effect and at the beginning
there is no value, just cost. Mainstream users don't care and companies either
don't care or don't like of that kind of talk.

Inrupt should start with completely different sales pitch and product idea.
They should delay the privacy talk and user owned data until they are bigger.

Start with smaller IoT companies. Provide and market actual services they
want. Mostly they want automatic data management, cloud services on cheap.
They want to avoid any EU privacy hassles. Handle all that, I18n and internet
user interfaces for them. Provide mobile and desktop clients. Just provide
simple apis and ready made interfaces for companies to use.

Once the protocol and pods become normal users start to discover that they own
the data and third party uses and products for that data may emerge.

~~~
cmiles74
I would go further and recommend two or three targeted websites.

Maybe one targeted at developers who would like to cater to a more security
conscious market, small though that may be, and get some applications in the
field.

Another site for the public focused more on what they can do, maybe promoting
applications. I understand they want to get word out on their larger cause but
it's just so abstract for most people. IMHO, get people using the apps built
on the platform until the sharing of data between those apps becomes a
compelling reason of its own.

Perhaps another targeted at the public in general that speaks in more concrete
terms to advantages they can provide. This would be an uphill battle but
things like the Target and Eqifax Brach clearly show the current model has
problems.

------
bluesign
This kills the innovation or puts too much power to the first innovator.

\- if solid will dictate a protocol for data, it should cover the common
denominator: so if you have your email on gmail now, lets say solid is
covering basic email structure, i can move my email data to another provider,
but about my filters? On other tiny stuff that gmail builds on email

\- if i invent something new in a chat app, lets say stickers. I implemented
that. (Should I ask solid to update protocol for this) Now all other chat apps
supporting solid, has to follow my lead? Interoperability will be hell to
manage.

\- even with the limited number of browsers, we couldn't manage to unify the
protocol. Protocol stuff is real hard.

~~~
Vinnl
> but about my filters? On other tiny stuff that gmail builds on email

All that is data, so those, too, could be stored in your Pod and brought along
with you.

> Should I ask solid to update protocol for this

No, interoperability can be achieved through your data model, which is yours
to decide - Solid doesn't dictate the shape of your data. But as you noted,
only competing apps using the same data model will be interoperable - stickers
won't suddenly appear without the developer implementating them.

(Disclosure: I also work for Inrupt, but views are my own.)

~~~
brongondwana
Speaking of email in particular, I'd be keen to chat to you lot about the JMAP
protocol, which is hoping to provide some of the "modern data model" around
email (and we're now working on Calendars)

~~~
Vinnl
The best thing there would probably be to reach out to the Solid community in
general, through either the forums [0] or the chat [1].

[0] [https://forum.solidproject.org](https://forum.solidproject.org)

[1] [https://gitter.im/solid/chat](https://gitter.im/solid/chat)

~~~
brongondwana
Thanks, I sent an email :) Being as how I'm into email and all that.

------
fuubi
I am very excited about Solid. That motivated me to write my thesis about a
decentralised wiki, where Solid is its foundation. For further information,
you can have a look at my work journal
([https://ma.parrillo.eu](https://ma.parrillo.eu)).

~~~
black_puppydog
I'm very excited about your thesis! It's great you found a topic that you
love. Keep at it!

Any chance we can get rss for that blog of yours? :)

~~~
fuubi
Thank you very much. It is on my todo list :). I will add it tomorrow.

------
gorgoiler
This sounds great. I imagine a world where gmail had a setting whereby they
had to use _my_ storage for their service, mounted over the internet using
SSHFS or something. This would be fantastic! No more IMAP syncing to backup my
data. My data would already be _my data_.

Even if the “pod” is a virtual one in a data center, as long as the webmail
provider is a different company to the pod provider, the data access is
granular enough, and the terms of service enforce that the data is stored in a
way that’s readable by me, this can only be a good thing.

Perhaps legislation could help here? What if the service company starts
encrypting the data they store on my pod and refuses to give me the key? It
would be good to wield the power of a regulator against bad actors who do this
and any other shady rule bending.

Very exciting.

~~~
matlin
I totally agree. And I'm currently building a tool to gather all of your data
into one database and let developers create a way to interface with it. It
solves the problem that you're describing but could also greatly simplify
development. Very soon, I'll be releasing a CLI to index all of your data from
platforms like Gmail, Spotify, etc. If you want to get notified when it's
ready drop your email at [https://www.aspen.cloud](https://www.aspen.cloud)

------
borjamoya
The problem I have with these sort of initiatives is that they don't solve the
real problem. Here's the thing: I want to own some of my data, but I don't
want to own most of it, because it shouldn't be collected in the first place.

Solid and other alike work in theory, but in practice I have some serious
doubts. I believe that instead of owning your data is far much better to
camouflage or destroy your data before it gets out there.

~~~
gorgoiler
One positive aspect of Inrupt could be it would make it easier to clamp down
on nefarious data overcollection because you’d actually be able to see all the
data Google et al were collecting on you in the first place.

Google Takeout exists, but Inrupt turns the tables and essentially makes
Takeout the standardized real time default rather than an optional extra. It
could be the foundation for new work to protect consumers, not the be all and
end all.

~~~
GordonS
Hmm, I wonder about this. Consider that company A requests and is granted
access to some of your data - what's to stop them selling that data on to
company B?

Regulation could form part of the solution, but I'm wondering if anything can
be done from a technical standpoint.

------
TeeWEE
Solid's goal is nice but its solution ia based on RDF and semantic web. Those
technologies failed to take off for a web 3.0. I dont see this going to take
off either. Turtle is just another syntax for RDF because XML is too
verbose....

Anyway i do see a lot of value in IPFS, its solving a different problem, but
it's related. It could allow for storing private data encrypted in a non
centralized way, having the pinned copy owned by you.

I dont think the data format is going to be Solid based.

~~~
mehh
I'm not sure that because Semantic Web didn't work that implies the
technologies don't work.

The Semantic Web isn't the technologies it was an initiative.

Having said that the technologies you mentioned do have developer experience
problems. Some think devs just don't understand them, which is partially true,
but having a fugly toolchain doesn't help!

~~~
patrec
> It is not hard to imagine your Web-enabled microwave oven consulting the
> frozen-food manufacturer's Web site for optimal cooking parameters.

This is Berners-Lee being visionary about the potential of a world-wide
network of computers. The problem is not just the terrible technical
implementation, it's also that the vision behind all this semantic web stuff
was one of soulless dorks who saw the world's population spend their days
semantically marking up All The Things to get the most of their web-enabled
microwaves.

Everything I have seen Berners-Lee prominently involved in sucks at every
level from micro to macro. Take urls: url query strings separators conflict
with html escaping, the port syntax conflicts with the IPv6 syntax (which came
first) and finally urls are not even self delimiting, so Tim hatched the
aesthetically compelling workaround to write them as
<URL:[http://example.com>](http://example.com>).

~~~
mehh
>It is not hard to imagine your Web-enabled microwave oven consulting the
frozen-food manufacturer's Web site for optimal cooking parameters. >This is
Berners-Lee being visionary about the potential of a world-wide network of
computers.

That sounds very much like the sort of stuff that gets spouted by the IoT
crowd too though isn't it?

>The problem is not just the terrible technical implementation, it's also that
the vision behind all this semantic web stuff was one of soulless dorks who
saw the world's population spend their days semantically marking up All The
Things to get the most of their web-enabled microwaves.

Well, aren't there a huge mass of developers spending their lives writing
custom code for every damn API, and then integrating with more custom code.
And each time eventing new poor ways of describing the things and
relationships?

------
andretti1977
Sorry but what happens when i grant access to a company? It will collect the
data i granted access to and then resell them to other companies and buy data
from other firms too so my data will be spread around exactly as now so even
if i like the idea, what's the advantage? Am i missing something?

~~~
theK
Well for one your data lives in a place where you can govern it. Nowadays your
data lives in all places you use (Facebook, Gmail, Twitter). Ever tried taking
stock of your data lately? It can take weeks to do it for all services and
importing the exports into a self hosted alternative is nigh impossible.

Still one risk I am seeing is that services might still want to intern you
once you have given than access to your data. EG: a Foto app needs access to
your photos which you grant but also introduces social commenting features
which don’t trickle back into your pod. So you as a consumer are still
incentivized to use the proprietary service. Web Giants 1 Solid 0

EDIT: I am still supporting the idea of getting SOLID out to the masses
though!

~~~
mkl
As soon as you grant access to some data in your pod to someone, they can make
a copy and then it's out of your control. I don't see how you can govern it
unless you just never grant access.

~~~
erikpukinskis
You still control the original and they control the copy.

If it’s hosted on their service you don’t control anything.

~~~
mkl
The copy is identical, so I think functionally there's no difference between
those. Your data is out of your control either way.

------
rtpg
I remember reading about solid and not getting it, and Schneier here made a
perfect pitch in a paragraph.

It would be great for all ambitious projects to have this kind of
communicator.

------
hobofan
As much as I like the ideas behind SOLID, I just don't seeing it panning out.
The semantic data model is exactly the same as the one 10 years ago when it
didn't catch on.

One of my biggest pet peeves there is that the default mode of operation is
using a de-facto centralized ontology that is mutable and non-versioned. How
is someone supposed to build up a semantic database when the semantics can be
changed any time from under you?

~~~
mehh
You don't have to use a single Ontology for your data. You can pick and choose
a range of Ontologies or parts of, and the version of which that you like.

I would argue its more flexible than getting data from a source where you
pegged against the APIs schema and version for the data you ingest, and the
way they happen to have defined their API. Also, there being no reference to
the object and fields beyond that companies API, i.e. much harder for data
integration and discovery.

Even if API just used schema.org for defining their objects that would help
IMHO

------
miki123211
My problem with all those pro-privacy apps is that privacy has a price[0], and
a price most consumers (me included) are not willing to pay.

There are, essentially, two business models on the web. One is to provide the
services for free and sell ads, the other is to charge for the services
directly. To earn substantial amounts on ads, you need to track consumers
massively.

As a consumer, I definitely prefer being tracked than paying for all the
services I use. That's the stance of most consumers. If there's a free
alternative with a lot of tracking and a paid alternative with good privacy,
the free alternative will win. That's how the free market works. Privacy has a
price, and a price most consumers are not willing to pay. Forcing them to pay
it for some antiquated notion of privacy is just... wrong.

~~~
Jasper_
Radio, TV and magazine ads were minimally tracked and worked for years. The
only people telling us we need tracked ads to make money are people selling
tracked ads.

~~~
chongli
Radio, TV, and magazines all have the same thing in common: from the user
perspective, they’re read-only. As broadcast media, their scaling models work
differently than social media, which includes the storage and/or transmission
of user-created data.

If Google, Facebook, et al had no costs whatsoever involved in scaling their
businesses, then they could be replaced by non-profits providing the services
pro-bono.

------
shubham001
There is a similar project by Rob Pike called Upspin. It is pretty
interesting. That also looked very promising.
[https://upspin.io/](https://upspin.io/)

~~~
threatofrain
Is it still a living living (2x for emphasis) project? It was announced years
ago and since then there hasn't been much word.

~~~
frou_dh
Commit activity suggests it's been in maintenance mode for approx 2 years.

Adoption was probably low, despite it receiving some initial hype,
particularly inside the Go community.

------
andrewrothman
I have mixed feelings about Solid. I really love the ideas behind it, and
having Tim Berners-Lee (big name in tech) at the helm is a huge plus. However,
I have some trouble with some of the technical choices, like RDF/Turtle. Given
that most web developers are familiar with JSON, and many web APIs / services
talk JSON exclusively, I feel like that should be the default recommended
choice. Given that there is a lot of semantic web data already in RDF, I think
that format should be supported, but not encouraged going forward.

I also think it's clear that Google and Facebook are not going to want to give
up control of this data, and are highly incentivized to provide the best and
cheapest services they can to keep users on their platforms. People are used
to keeping their stuff in Google Drive, and wouldn't move it unless there was
an easy way to do so and a good reason to even think about doing that.

I'm excited to see where it goes though, as centralization is a big problem on
the web today. I try to self-host my own personal data but it's so hard to
work with it in nice consumer apps. For example, I'd love to see CalDAV and
CardDAV supported in Android, but for now I need to use DAVx⁵ to sync my info,
and it doesn't seem to show up in Outlook for Android after years of requests
to Microsoft for the feature.

I'd really like to hear other thoughts on this, as I'd love to see Solid
succeed. Anyone working on Solid in this thread?

~~~
Vinnl
Note that currently, the Solid spec mandates both RDF/Turtle and RDF/JSON
(JSON-LD). That said, it's perfectly possible for an app to read/write any
data format they choose, but RDF deals with some challenges regarding data
discovery and interoperability, and allows for more granular updates with
smaller payloads.

(I also work at Inrupt, though views are my own.)

------
acarrera94
Like many others on this thread, I have a hard time seeing how it can succeed.
I’ve been following anytype.io for a while and it seems like a much better
solution that comes with a built in product. No need for pods since they live
individually on each device. And it’s based on IPFS, which seems to be a much
more established protocol for dealing with this sort of data.

It’ll be released later this year and hopefully it lives up to the hype.

------
austincheney
I am not quite sure of the problem they are trying to solve as it isn’t
directly stated. I suspect they are concerned about non-public data hoarding
and the resulting centralization on an otherwise public and distributed
platform.

If my assumption is correct here are some potential alternative approaches:

* Private platform reliant upon anonymity and public data. The value is the application delivering the best decision(s) returned from a consideration of available data, what some people might think of as AI. The better AI is more valuable than holding data.

* Private platform fully divorced from both data and anonymity. The data is what a person or organization already holds and what they are willing to expose in a private relationship to somebody they know and trust. The relationship is more valuable than the data or the application. This is something like WhatsApp mixed with a tiny operating system that works more like Bit Torrent than using a central service. I am working on something like this.

* Public platform reliant upon mixins of various public data. This is the semantic web of the prior decade. It never took off because nobody wanted to expose their data. Data is king, especially when the corresponding automation isn’t a valued portable commercial product.

* Tiny portable data driven application architecture. Applications need only enough data to perform their functional task at any given moment. The value is purely driven by the application’s output regardless of where data on the fly comes from. This is something like Siri, but more specific to a given task.

In order for ideas like these to be commercially viable data must become a
commodity or at least less valued than almost everything else. This is hard
because there are very real fears (such as lost privacy) around treating data
as a traded commodity and because in many cases software, as a business
practice, is still in the dark ages.

------
FreeHugs

        Everyone's pod would be on a computer they own
    

Why? Hardware is hard. Why not just encrypt it and let it live in the cloud?

    
    
        If you want your insurance company
        to have access to your fitness data,
        you grant it through your pod.
    

Or just give them a key that can decrypt your fitness data?

~~~
hugodutka
What you are suggesting sounds similar to
[https://blockstack.org/](https://blockstack.org/).

For me the problem with this approach is trusting that encryption will keep
your data safe indefinitely. I worry that current encryption algorithms will
become crackable at some point in time, let’s say in 50 years. I wouldn’t like
for my current medical records to become publicly available then.

------
cmiles74
I would like to see some time-based permission scheme, for instance the
ability to share my credit card information with Amazon for the next five
minutes as well as the ability to share my address with Amazon for the next
year.

My hope is that this could eventually be built out to support discrete
identities, perhaps one for personal use and another for work and a third that
is meant to remain anonymous.

A PKI based infrastructure comes to mind, that would provide the ability to
revoke access. Technically I don't see a way to force systems to stop using
revoked data but maybe the revocations could be used to provide legal proof
that a specific company no longer has access to specific data.

~~~
anderspitman
The obvious way (to me) to attempt this is with regulation. If you log
everything on your pod, you know by what time Amazon should have forgotten
your info. If you can prove at a later date that they still have that
information, there should be big fines. Also, engineers implementing systems
that ignore regulation would be culpable.

------
matlin
I definitely agree with this sentiment but I think rather than reinvent the
wheel we should be applying current web standards to users instead of
businesses. If every user had their own static IP, sever, and SSL Cert,
database, DNS entry, etc, we'd be able to create the web that Tim originally
envisioned. And until now that would be prohibitively expensive and complex
but could be real possibility now.

------
thinkloop
I wonder how much data sharing we would actually do if this did exist. For
example, your Facebook friends list is not your Twitter follows, nor your
YouTube subscribees, nor your phone contact list, etc. There's some overlap
but essentially they're different lists. Isn't a lot of stuff like that?

It still would be nice to have control and visibility of all that data
automatically.

------
ComodoHacker
Actually people don't want to self-host anything. They want their data to live
"somewhere in the cloud", accessible on demand. At most they wish this cloud
to be "trusted" or "secure" or "privacy-respecting".

Until we find a viable business model for trusted and privacy-respecting
cloud, we can't move on.

~~~
Vinnl
Such a cloud provider could be the one that hosts your Pods...

(Disclosure: I also work for Inrupt, but views are my own.)

------
4gotunameagain
While I haven't studied their idea enough to be able to argue about it's
effectiveness and/or flaws, I am glad that they are doing it, being who they
are.

It really looks like we need a central paradigm shift. A free world designed
for educated academics cannot survive the greed and stupidity of the whole
world it seems.

------
sn41
Somehow, Semantic Web and associated ideas does not seem to have panned out in
practice. I wonder whether HTML is the ASCII of the web world - clearly just
intended as a first step and supposed to be obsolete over time, but proving to
be a survivor, and a hurdle against future improvements due to wide adoption.

~~~
tannhaeuser
I think HTML wasn't supposed to become anything - by the time TBL got HTML 0.9
or so out of the door, it was based on SGML which, in turn, was the meta-
language invented to capture and evolve all kind of text notations (also
covering, for example, Wiki syntaxes such as markdown and MediaWiki used for
writing large portions of text we're reading on the web today, even though
SGML was intended to generalize ad-hoc syntaxes of older text processing
systems). What killed HTML as a representation format covering contemporary
digital text was the introduction of CSS (as an arguably unnecessary
additional syntax on top of mighty SGML) and JavaScript, and the relative
stagnation of HTML in the presence of these other two languages that, once
present in the stack, could be used for all the presentational tricks people
were asking for. Maybe the problem was also that HTML parsing was hard-coded
into browsers and couldn't be changed easily enough in the presence of the
first wave of web content at scale around 1993-5. Also, there just wasn't a
blueprint how to evolve a language for describing static text into one for
"modern UI experiences", so a Turing-complete language had to be used for
tinkering until such a time where the idioms for digital text presentation
were better understood. IMHO, if anything, the web has stopped at that point,
and JavaScript and CSS are hurdles for future improvements rather than the
declarative HTML core.

------
Barrin92
I'm sceptical about the economics of this. The first problem is the obvious
idea of everyone storing their pod as many people have pointed out which is
unfeasible, as inrupt itself points out.

The next step is that someone is supposed to host your pod in the cloud, but
if this is supposed to protect your privacy the pod has to be encrypted. So
then the question is how is the host making money? Charging people upfront for
storage in a trade-off for privacy or control has proven to be a deal almost
nobody is willing to make, we already have privacy respecting, more expensive
services, they're largely fringe. Pods are a technical solution that only make
this more complicated.

the fundamental issue that I think breaks this entire idea is that it vastly
overrates how many people care about control or privacy.

------
fulafel
> at this point, I feel that I should only work on things that matter to
> society

I wish more people in tech did this.

~~~
tchaffee
Don't they already? The people in society pay for what matters to them. I
think the real truth trying to get out here is that we wish what matters to
society were different.

~~~
pencilcode
That is a simplistic view. People also pay for what society values, ie
systemic pressures, which is why different cultures and in different epochs
value things differently. Eg before people would give a monthly donation to
church because they believed it would help getting into heaven.

~~~
tchaffee
Fair point. And I'm responding to the simplistic idea that any one individual
knows what is best for society. Those who "feel that I should only work on
things that matter to society" are not immune to those systemic pressures
either. I do think it's a good idea to not just chase money and to work for
companies aligned with your own values. But that's about the best you can do.
What's aligned with your own values might be someone else's idea of working on
things that don't matter to society.

------
max_
>If you want your insurance company to have access to your fitness data, you
grant it through your pod.

What if the insurance companies (or any other company) retain a copy of your
fitness data after granting them access.

Won't we end up in the same world we are running away from?

------
rhythnic
I was looking into Solid for a bit, but stopped as my concerns grew, must of
which are expressed in other comments.

Recently I've been enamored with the Dat Protocol and the Beaker Browser. I
like that it's a peer to peer protocol that uses local data storage. In
addition, it makes it almost effortless to publish and scale a web application
or site. It doesn't have Solid's strength in access control, but that's not to
say that Dat's access control won't evolve. At this time, Dat's access control
is very simple, basically share by link.

In addition, I would like to Linux handsets like Pinephone become better and
more widely used.

~~~
mark_l_watson
I shared a little of your scepticism on Solid when I heard tali’s on it at the
Distributed Web Conference about three years ago, but I wish the success.

Thanks for mentioning the Beaker Browser. I enjoyed playing with it in the
past, and I will check it out again.

------
scribu
> If you want your insurance company to have access to your fitness data, you
> grant it through your pod.

Why would the insurance company trust that data? Since you're in control of
the pod, you could alter it, no?

~~~
Vinnl
There's some work going on related to that in the community - if you're
interested, the search term to use is "Verifiable Credentials". I'm not that
up-to-speed about it, unfortunately, but it's about solving that potential
problem.

(Disclosure: I also work for Inrupt, but views are my own.)

------
olah_1
All I care about is that decentralized data projects somehow utilize our
existing, real life, social networks.

I want a family to all be able to "friend" each other and seed each others'
data. And just because you're seeding each others' data, that doesn't mean you
necessarily have read or write permissions on that data.

People want to know whose data they are re-hosting and they should have an
incentive to host it. Linking seeding to our existing relationships solves for
both.

------
fossuser
One benefit to this model is it fixes the way we currently handle things like
contacts.

Right now if you have my phone number on your phone and my number changes you
have stale data. If I don't want you to have my number anymore there isn't a
great way to do much about that.

If you're allowing/removing access to a pod you host then when you update your
phone number all of the people with access will get that updated information.
You can also more easily remove access from people.

------
mcguire
" _Your data lives in a pod that is controlled by you. Data generated by your
things -- your computer, your phone, your IoT whatever -- is written to your
pod. You authorize granular access to that pod to whoever you want for
whatever reason you want._ "

Whereupon they copy your data, aggregate it with other sources, and continue
on their merry way. Security theater in action.

I wonder what the backup scheme looks like.

------
drummer
> Your data is no longer in a bazillion places on the Internet, controlled by
> you-have-no-idea-who. It's yours. If you want your insurance company to have
> access to your fitness data, you grant it through your pod.

Nothing stops a third party to record the data once you gave access and sell
it. Even after you remove access they can keep their copy. So what use is this
pod thing?

~~~
bobwaycott
Perhaps this can eventually combine with companies having to agree to a T&C or
EULA type of contract to have access to your data. Such a contract can
prohibit copying, at the user’s discretion, or stipulate that revoking access
must result in deletion of all copies of that data, automatically.

Some other mechanism can then be put in place to detect and deal with bad
actors. Perhaps there could even be some sort of verification of compliance,
whereby services/companies must undergo a process that requires proving these
systems/processes are in place and operational.

This does nothing for the results of what a third party does with your
data—such as models trained with your data—but there are options for removal
of data. Of course, it’s ultimately up to users to be cautious about sharing
their data.

------
naner
Projects like this never seem to pan out. It solves a problem people should
care about but most aren't motivated to act on.

~~~
kick
It doesn't actually solve the problem, which is something you would have
imagined they would have thought out from the beginning.

They basically admit, outright, that their proposed solution doesn't solve the
problem:

 _The ideal would be for this to be completely distributed. Everyone 's pod
would be on a computer they own, running on their network. But that's not how
it's likely to be in real life. Just as you can theoretically run your own
email server but in reality you outsource it to Google or whoever, you are
likely to outsource your pod to those same sets of companies. But maybe pods
will come standard issue in home routers._

Imagine you're an average user: you don't know much, but you've maybe read one
of the billion news articles about how Google reads the context of every inbox
on their service. Now some guy comes up and tells you that you should put
_all_ of your data in the hands of Google.

Totally a good idea.

And can you imagine how bad it would be if this came standard in home routers?

Congratulations, it's 2058 and there are over three billion routers & modems
released in 2025 that haven't been patched since, but instead of just being a
minor issue like it was when routers and modems did relatively little back in
the 2010s, they're containing all of their users' personal data. And that's
not even getting into how bad of a concept it is to have a family sharing a
single access point for their data.

~~~
Vinnl
Note that Solid certainly doesn't dictate you should keep all your data
together. For example, it is perfectly possible to have e.g. a 'work' Pod and
a 'personal' Pod. Additionally, data within a single Pod need not necessarily
be physically stored together.

But yes, Solid doesn't solve all problems, and I don't think it even solves
(or will solve) one problem by itself. But I certainly believe it can be part
of a solution, and I believe even more strongly that we desperately need one,
which is why I'm happy we're at least _trying_.

(Disclosure: I also work for Inrupt, but views are my own.)

------
pavlov
Is Inrupt on a big PR push right now? I just saw an article about them in the
FT, and now another.

This quote from the post suggests that the timing of this personal news is
externally managed: “I joined the Inrupt team last summer as its Chief of
Security Architecture, and have been in stealth mode until now.”

------
BlueTemplar
This is great, but shouldn't they also mention how metadata (like IPs) is
almost as important (if not more so) than data, and the Internet is designed
around the absence of privacy related to the personal information stored in
the metadata ?

------
michael-ax
none of our file-systems support semantic access, e.g. you can't give handles
to your apps, no!, they have to use archaic paths .. or constructions
jails/vms/docker/etc to isolate them. that is a backwards stone-age
hierarchical foundation.

and 'protocol' is somehow going to make that better? I don't think that's
possible. users have never had to think about more than paths.

lets give them semantics to map file-systems to applications, [perhaps] in the
same way a functional package manager would 'give' you/the os access to the
right versions of those applications.

------
luord
It's not often that I read about something and think "holy crap, that's
genius", and that's exactly what solid is.

Then again, given who's directing it, it should come as no surprise in
hindsight.

------
ahasani
Inkandswitch is also working on similar problem
[https://news.ycombinator.com/item?id=19804478](https://news.ycombinator.com/item?id=19804478)

------
max_
Lots of comments about how "no one wants this". But we already have things
like Dropbox, Mega, Drive, iCloud where it makes complete sense for users.

~~~
pbkhrv
Grassroots-level adoption was key for things like Dropbox, IMHO - it solved a
real need for individual people and it worked well and was easy to use. Same
for Docker - developers adopted it in droves, and then enterprises followed.

Inrupt is trying to bootstrap a two-sided marketplace of sorts: product
builders won't care until enough potential customers demand support for the
"data pods", and regular people won't care until "data pods" solve real
everyday problems for them.

Hopefully Inrupt's team has enough business-savvy people on it to find ways to
gain traction to slog through some of the tough early stages of the product
adoption cycle.

------
zuckluni
I'm more pessimistic. The internet and the apps we use frequently are like a
public utility. The space is undergoing an era of massive consolidation and
centralization.

This happened with railroads, and electricity, in the past. That period of
consolidation was never followed by counterbalanced period of
_decentralization_ , a period of people operating their own mini-rail-car
services, or micro power plants (solar, but...you know...).

It _was_ followed by steady decline in prices of tickets, expansion in size of
monopolies and steady decline in quality of service.

But you know, electricity and railroads became "democratized" just not in a
"democratic" way. It's democratized because everyone can use a bit of it for
basically nothing.

Then, the companies that made their fortunes often moved onto other high
growth industries and the public became inured to the dilapidation, because
the _product_ had basically stagnated.

I don't see this company making any statement that suggests to me it can bring
about some other possible future.

~~~
BlueTemplar
Public utilities often end up nationalized.

------
polyphonicist
> Even if you do hand your pod over to some company, it'll be like letting
> them host your domain name or manage your cell phone number. If you don't
> like what they're doing, you can always move your pod -- just like you can
> take your cell phone number and move to a different carrier. This will give
> users a lot more power.

The domain name analogy scares me rather than reassures me. Sure, DNS was
created in good faith to be as distributed as possible, but is it? There are
recent stories that show that individuals do not have as much control on
domain names as one would ideally like. See these stories -

\- Sinkholed:
[https://susam.in/blog/sinkholed/](https://susam.in/blog/sinkholed/) (domain
name hijack by German authority by accident)

\- The duck tape holding the internet together:
[https://medium.com/thisiscala/the-duct-tape-holding-the-
inte...](https://medium.com/thisiscala/the-duct-tape-holding-the-internet-
together-12118be60ff1) (loss of control on domain name due to registrar error)

While the idea behind Solid sounds solid but the moment they talk about
outsourcing pod hosting to third-party pod hosting providers, I get worried.
Would it lead to walled gardens of pods? (Example GMail for emails) Would they
add non-standard convenience features to create vendor lock-ins (Example
GitHub for Git)? Would they abuse their power due to vendor lock-in (Example
Sourceforge for SVN)?

~~~
onion2k
I think the phrase "perfect is the enemy of good" applies here - expecting
something to _never_ go wrong just means you'll never ship anything. Pods
_will_ break in ways that no one can foresee. That's not good, but giving up
and not trying would be worse, so users and businesses will have to deal with
those problems as best they can.

Don't forget that millions of domain transfers happen every year without going
wrong. There are cases like the ones you linked to, but those are the
exceptions rather than the rule, thankfully.

