
I invented the web. Here are three things we need to change to save it - perseusprime11
https://www.theguardian.com/technology/2017/mar/11/tim-berners-lee-web-inventor-save-internet
======
ThePhysicist
Surprised that no one mentioned the new EU data protection directive, which
goes a long way to fix the first issue mentioned in the article, the loss of
control over our personal data (only for users in Europe though). I studied it
in detail as I work in data analysis and consult companies on this, and I
honestly think it is one of the best laws produced by the EU so far:

It gives users a multitude of rights such as being informed about exactly
which kind of data a company has about them (and even get a digital copy of
that data), how the company uses that data and for which purposes it is used.
And if you're subjected to algorithmic decision making (e.g. an algorithm
decides if the bank should award you a credit) you have the right to know
which kind of algorithms were used in the process and to contest the decision.
You also have the right to demand the deletion of your personal data and to
revoke the right of a company to process it, as well as to demand correction
of inaccurate data. The legislation also allows for severe fines and
punishments for companies not respecting the regulation (up to 4 % of yearly
turnover of the whole company group), so even companies the size of Google or
Facebook should have strong incentives to follow the regulation.

~~~
Silhouette
_You also have the right to demand the deletion of your personal data and to
revoke the right of a company to process it, as well as to demand correction
of inaccurate data._

This is probably the biggest change. Previously, at least in Europe, the
emphasis has typically been on allowing people to know what data was being
collected and to require correction of inaccuracies, but much less on whether
it was actually allowed to be collected in the first place or allowing data
subjects to require deletion of data.

I'm a little worried about whether the practical implications of this have
been properly considered, which is something the EU has historically been
quite bad at doing when it comes to technology and business laws. For example,
under (65) in the regulation[1], which is primarily about rights to have
personal data deleted and the "right to be forgotten", I see few provisions
for a business keeping personal data that it legitimately collected with the
subject's consent even if the cost of deleting it is prohibitive. An obvious
example would be data that also exists in backups taken during the period of
storing and processing that data, all of which would need to be updated in
non-trivial ways to remove the data from them.

[1] [http://eur-lex.europa.eu/legal-
content/EN/TXT/?uri=uriserv:O...](http://eur-lex.europa.eu/legal-
content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG)

~~~
ThePhysicist
Yes it surely creates some work for companies, but on the other hand what good
would it be if you could just keep personal data around just because it
happens to be on a backup tape? Companies simply have to implement suitable
backup schedules, which will ensure that the data gets deleted within an
acceptable time period (e.g. two weeks), which is doable without actively
erasing any specific data (instead of simply erasing a whole backup version).

~~~
Silhouette
You and I have very different definitions of the word "simply".

Arranging proper backups _at all_ is not something to take for granted when
you're dealing with small businesses that have many other things to do, but
obviously they're important for safeguarding the provision of products and
services to all customers and it's important that any backups that are made
are handled with proper regard to both security and integrity.

Requiring businesses to separate every tiny item of data that might ever be
legally required from every tiny item of data that is collected and used with
consent for reasonable purposes, just in case some customer one day decides to
retrospectively withdraw their consent for some or all of that data, could
easily become absurdly disproportionate. I hope it would go without saying
that incentivizing businesses not to keep backups of all important data
because of the compliance overheads is insane.

However, without such fine-grained separation, two weeks might be far too
short a period to keep backups. To use my own businesses as an example here,
we have accounting and reporting obligations that potentially require several
years of data. The reporting information is typically derived once a year
during reporting season, from straightforward records kept in the main
databases and/or spreadsheets. However, we would probably have to completely
restructure those records and denormalize all kinds of things in order to
delete everything we don't strictly need for some legal purpose, which would
be a huge amount of work.

That's just the structure of the original data. Then you have to consider
things like deduplication in online backup services, where it's practically
impossible to guarantee the complete destruction of all instances of certain
data without destroying all backups that ever involved that data and starting
over.

If this is the situation for small businesses that typically only collect a
small amount of personal data in the first place and for obvious and necessary
purposes, I shudder to think of the implications for organisations that
actually process personal data as part of their main purpose rather than
incidentally. I'm not sure it's reasonable to assume, in general, that it
would even be possible to totally separate legally required data from
everything else in such organisations, and there would surely be a lot of grey
areas.

Now, please don't misunderstand me. I'm all for _reasonable_ regulation to
protect individuals from exploitation. I'm a privacy and civil liberties
advocate, and I run my own businesses the way I hope others would run theirs,
even if sometimes that means not doing things that would probably make us more
money because they also make us feel uncomfortable. But there has to be a
sensible balance, and the EU does not have a good track record of balancing
its business regulations sensibly. (See also: EU VAT, cookie law, various
provisions in the last round of consumer protection rules, etc.)

~~~
ThePhysicist
Companies need to separate personal data from other data as early as possible.
Yes, this requires some work and rethinking of data structures, it is doable
though. Why would it be impossible to do this in your opinion? Do you have a
more concrete example that we can discuss?

In General, I think requiring that companies do not hold on to your personal
data indefinitely is a pretty reasonable regulation. If there were exceptions
e.g. for backup data it would provide a convenient loophole for companies to
keep the data.

Also, if companies keep copies of their personal data lying around it
increases the risk of the data being stolen or leaked into the public. We have
seen that even for the largest companies it's impossible to avoid "losing"
data once in a while, so making sure that this data contains the least amount
of sensitive information possible is very reasonable. The regulation does not
even assume that companies are malicious, it just assumes that sh*t happens
and tries to mitigate potential damage to individuals.

~~~
Silhouette
_Companies need to separate personal data from other data as early as
possible. Yes, this requires some work and rethinking of data structures, it
is doable though. Why would it be impossible to do this in your opinion?_

I'm very wary of making that assumption, because so much data could
_potentially_ be personal data even if it's not obvious. Remember that the
real criterion here is data that is _or could be_ linked to an identified
individual. With the kind of progress being made with data mining and analysis
and the kind of processing power being devoted to those activities today,
there are few safe assumptions any more about what becomes impersonal data
just because it's been "aggregated" or "pseudonymised".

Let's consider a common example. Suppose a business operates a web site, and
like most such businesses it keeps server logs. Those logs are useful for a
wide variety of purposes and some of the data may remain useful for long
periods, to allow analysis of things like how the site is being used or
whether certain patterns are useful for detecting potential threats, or even
to provide evidence that a customer did in fact use the services on the site
during a certain period in the event of a dispute over charges.

In themselves, those logs probably don't inherently contain personal data.
However, each record does have data such as IP addresses within it, which may
be quite easy to link to a specific customer in practice and thus make
everything in that record into personal data.

Now, suppose a customer who has been using that site for a while stops, and
then files a notice to remove all personal data about them that the site
operator isn't legally allowed to keep despite that notice. In order to comply
with that request, must the site operator therefore delete all records based
on the server logs, including any backups or derived data, to which that
customer might be connected?

I can't immediately see why the site operator would be allowed to keep those
records with a literal reading of the new rules. However, removing them would
potentially undermine useful and reasonable business functions such as those
mentioned above. Moreover, the cost of doing so might be substantial, and the
adjustments required so the infrastructure used to process those logs can
support this sort of retrospective editing might also be substantial.

In such a case, I think the balance would usually be too far towards the
individual. The imposition on the site operator is great, both in the effort
to comply with the request itself and in the damaging effects on reasonable
business practices. The risk to the visitor of that potentially identifiable
data being used for typical purposes in connection with server logs is low.
Unless there are other relevant factors that point the other way (perhaps if
the site deals with a particularly sensitive subject) the cost to the site
operator is almost certainly disproportionate to the benefit to the
individual.

~~~
ThePhysicist
IP addresses are an interesting example, as they're explicitly mentioned as
personal data in the directive since in many contexts they're sufficiently
unique to associate them with a given user.

Really would like to discuss this further, if you're interested feel free to
send me a mail (discoverable via my profile)

------
Andrenid
I would truly love a new "web" which is effectively style-free. I think the
existing one is fine to continue for the general public, online shopping,
social networks, etc.. but a parallel information-dense system that uses ultra
light weight browsers that work on every device and platform, accessing
machine-readable data with some standard stylesheet that concentrates in
readability, and the "good" bits of the modern web, without the fluff.

It would be great for technical blogs and news, project sites, wiki type data
stores, discussion forums, etc.

Maybe everything in this "new" web is static, no stylesheets except browser-
side for users to customise themselves.

I'm not sure what the actual answer is but I know the existing web is broken
beyond repair.

~~~
pfraze
I work on Beaker Browser. Version 0.7 will have markdown sites. Here's what
that looks like:
[https://twitter.com/pfrazee/status/840228255529590784](https://twitter.com/pfrazee/status/840228255529590784)

If you ask a layman to differentiate between "the browser" and Facebook, they
might not know the difference. In a lot of ways, Facebook _is_ a browser for a
set of content types like posts, videos, business pages, etc. Same logic
applies to say YouTube: it's a specialized "subbrowser" for videos. If pressed
I think I'd say the only reason YouTube or Facebook aren't browsers is because
they're not decentralized. They browse a fixed set of end points.

AMP project, kind of similar, it's a specialized sub browser for mobile
articles. And it's like what you describe, actually: constrained, but not
decentralized.

I don't think we need a new browser or web to accomplish your ask

Browsers could specialize by running "sub browser" overlay applications. If
you want to a constrained subweb with markdown-only sites, then sure, why not?
It's not that different than a markdown-only publishing service-- the YouTube
of markdown-- except the app logic is on the client side, and it's browsing a
decentralized web

our markdown website feature is built in, but it could be moved to userland as
an overlay, as an app that's triggered when the user turns it on, or goes to a
certain type of site. It may sound like a stretch, but out bigger picture is
to invert the relationship with services to create thick client side apps, in
which case an overlay app is just a particular class of app with a particular
class of permissions

~~~
tuukkah
Could Beaker be distributed as a browser extension for Firefox and Chrome?

~~~
JohnDotAwesome
I think this would constrain the vision of Beaker. I can't point to any
concrete examples (like, where the extension API doesn't support something
beaker does), but I can imagine wanting a less sandboxed environment when
developing the platform for distributed web apps.

------
K0nserv
> Today marks 28 years since I submitted my original proposal for the
> worldwide web. I imagined the web as an open platform that would allow
> _everyone, everywhere to share information_ , access opportunities, and
> collaborate across geographic and cultural boundaries.

Seems to me that the above and the points raised in point 2 sit on opposite
sides of the spectrum. Either you get a free and open internet where everyone
can publish content as they like or you police who and want can be published.
The spread of misinformation seems to be a direct result of the democratic
nature of the internet.

~~~
Razengan
The spread of misinformation is better countered by educating people about the
potential and existence of misinformation, rather than policing the web.

Just like children learning and growing wiser about everyday social deception
etc., as opposed to policing everything people do and say offline.

~~~
elbigbad
Is this just an opinion, or do you have any data on this?

~~~
Razengan
Opinion. I mean we tell kids to be wary of strangers, but we can't assign a
policeman to every stranger.

Easier to teach people that they can be deceived or that bad things can
happen, than to prevent any deception or bad thing from ever occurring.

~~~
scholia
How do you cope with the fact that a large slice of the population seeks out
bad things and refuses good things?

The obvious examples are US news sources such as Fox News, Breitbart and
Infowars [1]. However, it could also apply to fast food eating habits.

[1] [http://uk.businessinsider.com/conservative-media-trump-
drudg...](http://uk.businessinsider.com/conservative-media-trump-drudge-
coulter-2016-8)

~~~
colmvp
I don't know how to reconcile this.

On the one hand, I believe information and speech should be mostly unfiltered.
If people want to spread information that denies the moon landing or climate
change, or extols the existence of teapots revolving about the sun, by all
means. I'd rather know who they are and allow them to publicly exercise their
ignorance. I assume the public would help cause a correction of the zeitgeist.

On the other hand, the fact is that some people become deeply misinformed and
do things against their own interests (e.g. voting for a candidate who
promises to undo systems that benefit the voter), which can effect all of us.
To spare us from going into the rabbit hole of a party politics, I'll just say
I read a recent interview with a voter who wants to get rid of x, even though
x in particular crucially provides them a life-saving benefit of y, which they
want to keep. How does that even make sense? You delve deeper, and realize
that some individuals just listen to the mantra of x being advertised as a
terrible thing by certain media and public figures, which is easier to
understand than to go into the details as to how specifically it's good and
how it specifically could be improved upon.

I'd also add technology, like the internet and smartphones, is affecting our
behavior far faster than we're aware and in some ways, I think we need to
acknowledge our vulnerability. When media companies or groups of websites can
cheaply spread misinformation, it is VERY HARD to combat it, because good
information takes time to produce and interpret.

~~~
Silhouette
Your concerns are entirely fair, but this also isn't a new issue. Tabloid
journalism has been a problem for as long as there have been tabloids. That
phenomenon is well known to be highly influential around election times among
the part of the population who read those tabloids, even though often that
same part of the population will be hurt the most by the measures they are
supporting but don't fully understand.

~~~
scholia
It seems to me that one crucial factor is what you might call "the destruction
of the gatekeepers". In politics, you had systematic lying that was intended
to deceive people, and lies led directly to Brexit in the UK and Trump's
election in the USA.

There's a reasonably good account in "Donald Trump breaks the conservative
media" [http://uk.businessinsider.com/conservative-media-trump-
drudg...](http://uk.businessinsider.com/conservative-media-trump-drudge-
coulter-2016-8?op=1?r=US&IR=T)

In the health field, we've seen systematic lying by the tobacco industry and
the sugar industry, and quite a lot of deception (some no doubt sincere) in
the food industry. The "gluten free" craze is one example.

There's a (possibly apocryphal) quote attributed to GK Chesterton that says
"When men cease to believe in God, they don't believe in nothing but in
anything."

When people cease to believe their governments, their doctors, their honest
fact-checked newspapers and so on, they are easily exploited by snake-oil
salesmen.

~~~
chopin
>their honest fact-checked newspapers

Of which newspapers you are talking? I don't think such a thing exists.

~~~
scholia
The New York Times, The Wall Street Journal, The Washington Post, The LA
Times, the Guardian etc... plus AP and Reuters.

They all have trained journalists, sub-editors, and fact checkers. They all
correct errors when they make them.

------
Oxitendwe
If Tim Berners-Lee really wanted to save the web, he wouldn't support DRM in
our web standards.[1] It's absolutely disgusting as well that they would argue
that "fake news" is somehow a threat to the internet, provide no evidence
whatsoever to explain why, and then link to a panel run by a media company
considered untrustworthy by about half of American voters.[2]

[1] [https://www.w3.org/blog/2017/02/on-eme-in-
html5/](https://www.w3.org/blog/2017/02/on-eme-in-html5/)

[2]
[http://www.rasmussenreports.com/public_content/politics/gene...](http://www.rasmussenreports.com/public_content/politics/general_politics/january_2017/voters_say_media_still_anti_trump)

~~~
tannhaeuser
Yes, and he wouldn't endorse WebAssembly either (which is just a different,
and even worse avenue towards DRM).

~~~
shakna
Isn't WA rather easy to reverse engineer? The VM it runs in isn't overly
complicated, and is open to the public.

Whereas EME is more, trust this native code please, and give it all the access
it asks for?

~~~
tannhaeuser
WA makes it possible to replace entire browser runtimes with proprietary
stuff. For example, you can compile WebKit to WA, with typography rendering
and flow layout on a Web Canvas, and "Save as HTML" and other basic
functionality disabled. I find it very irritating that TBL/W3C is promoting
this and EME. I think W3C should be seen as what it is - a self-proclaimed
standardization company acting in the interest of whoever pays the hefty
membership bills struggling to keep relevant.

~~~
shakna
But still, you can inspect that WA code, and WA doesn't have access to the
DOM. Inspecting the EME packet is a crime in many jurisdictions, and designed
to be difficult.

WA makes sense as what it is intended to do: give a memory efficient
alternative to JavaScript in circumstances that warrant it.

~~~
tannhaeuser
What _are_ circumstances that warrant it _in a web browser_? The things it
makes possible can be had with native apps. What it does make possible is a
new model for software and content sales. Which is precisely why I find it has
no place in a _web_ spec.

~~~
shakna
I wish you were right, but the market has decided that the web is the next
cross-platform framework.

If this has to happen, let's make it work in a way that doesn't let the
stupidest ideas survive. Using WA still requires JS to interact with the user.
Which is far better than the monstrosities that JS is being forced to perform
at the moment.

Some simple, relatively sane things that WA can do, but JS is a bad choice
for:

* Client-side encryption/decryption

* Socket management

------
pdimitar
As much as I'd love to help projects like IPFS (for example), truth is that
most people simply don't care and are entirely clueless on the impact of the
continued centralization and surveillance of the Internet on their lives.
Sitting with random people on a table, they giggle and smirk saying "I've got
nothing to hide, you're too paranoid, bro, cheer up!" and I quickly give up.
They have zero idea about how much info is collected about them. If tomorrow
somebody pulled out that info in a fabricated trial against them, they'll sing
another tune but it will be way too late. Nobody ever listens until it impacts
them directly. Sad reality about Homo Sapiens. Another one is the echo chamber
effect -- people absolutely _LOVE_ their social echo chambers and they can
legitimately punch in you the face if you point them at a source that
disagrees with them.

As a second and last point to the above, I can't afford donating all my free
time to help progress the decentralized internet anymore. I am 37 and I have a
very happy personal life but need to work on my health a lot, I am very tired
and burned out and I am finding myself unable (even if I want) to work for
free without any reward in sight (not even talking about money; I am sure I
wouldn't even be thanked). I imagine many others are in a similar position --
in terms of finances, in the health department, or in their general mental
stance.

I very much like the idea of creating a "home internet box" which is a self-
contained fanless machine connected to an UPS -- and it contains router,
firewall, own website, own mailserver, own private Dropbox, a universal P2P
node (BitTorrent / IPFS) etc., but as others have pointed out, our current
stack of network technologies is way too bloated and full of incomplete
standards -- which in turn are likely full of exploits and dark corners --
that right now the only seemingly appropriate course of action is to get rid
of it all -- except the physical layer protocols -- and start over.

Try making an API app that works with anything else than HTTP and HTML/JSON.
Tell me how that went for you. Try using ASN.1 as a data format, or a
compressed secured IP layer protocol. Yes it's possible but it's much slower
than it should be. Seems us humans always want to have one "universal truth".

It's extremely sad and I am afraid we'll live to see very oppresive times
pretty soon.

~~~
Silhouette
_truth is that most people simply don 't care and are entirely clueless on the
impact of the continued centralization and surveillance of the Internet on
their lives_

That's a common assumption, but I wonder how true it really is. I've certainly
talked with friends in their 20s and maybe early 30s -- people who have grown
up with the Internet and ubiquitous mobile devices -- and had them express a
sentiment that was more frustration than ambivalence. Sometimes they did find
it creepy that they'd be tracked around with ads, or that their phone was
doing things based on where they were or what they had planned to do later.
However, they've never known technology to work any other way and assume
there's nothing they can do about it, and they value the social aspects of
sharing stuff online so they keep using these services.

 _I very much like the idea of creating a "home internet box" which is a self-
contained fanless machine connected to an UPS -- and it contains router,
firewall, own website, own mailserver, own private Dropbox, a universal P2P
node (BitTorrent / IPFS) etc., but as others have pointed out, our current
stack of network technologies is way too bloated and full of incomplete
standards_

It used to be common that your ISP would provide you with an email address,
web hosting, and so on as part of your package. Everyone could set up a basic
web site by just FTPing an HTML file up to their ISP's server, and then
yourname.yourisp.com would show it to everyone, or you could get your own
domain name and use that instead. Likewise for sending and receiving mail.
Many countries set up their legal/regulatory frameworks to foster competition
between ISPs, and so in practice we had a relatively decentralised Internet.
You obviously still had the equivalent of today's lock-in problem if you
relied on the email or web address your ISP gave you rather than your own
domain, but you didn't have to.

It doesn't really take having some magic box in everyone's home to provide
this sort of flexibility, though such a box would be no bad thing IMHO. We
just have to stop doing so much through a tiny number of centralised service
providers and social networks, and develop standards for interoperability and
federation. The whole Internet was built on those principles, so I'm pretty
sure we could do it for sharing data like mail and photos, and there are many
interesting possibilities in terms of searching for data as well.

One of the other provisions in the new EU rules that come into effect in 2018
is effectively a right to export data from one controller so it can be
processed by another, so people could potentially migrate all the data they've
given to sites like Facebook or Instagram or Twitter or GitHub to some other
competing service (assuming such a service exists). It will be interesting to
see how that one plays out and whether it is effective in breaking the lock-in
effects that have allowed so few companies to become so dominant in recent
years.

~~~
pdimitar
_> However, they've never known technology to work any other way and assume
there's nothing they can do about it, and they value the social aspects of
sharing stuff online so they keep using these services._

I'd argue that _how_ did the modern people end up indifferent to the growing
centralization and surveillance is largely irrelevant. The sad result is still
there. We all have anecdotal evidence and mine isn't more important than yours
-- that's a fact. My point is that the result is still there and it's not
changing for the better with time.

 _> It used to be common that your ISP would provide you with an email
address, web hosting, and so on as part of your package._

But those required tech expertise in order to be utilized. It's my view that
ISPs stopped offering these because they were expenses, and the services these
expenses offered were barely if ever used than more of 1-2% of their
customers. If we have a "magical box" at home it should definitely be much
farther ahead in terms of user-friendliness; say, WordPress / Ghost / any-
site-tech with a wizard-like Next->Next->Next cycle (with some checkboxes /
theme previews along the way).

 _> We just have to stop doing so much through a tiny number of centralised
service providers and social networks, and develop standards for
interoperability and federation._

I want you to know that I am 100% on your side first. But honestly, using the
"just" word for these mega challenges is slightly naive.

First of all, most people hate the thought of "scouring through the net" for
their news or daily fix of meaningless updates. There's a very good reason why
the social networks are a successful format and that's not only because of
corporate interests -- people like having only one source, it makes it simple
for them and they love it. You and I disagree, but we don't speak for humanity
at large, and the humanity at large _seems_ to love to have a narrower view.

Secondly, advertisement supports a large part of the internet. I don't believe
for a second that a serious decentralization effort will not be _SABOTAGED_ by
ad providers (maybe even including Google). They'll most likely plant paid
trolls and fake news writers and then start shouting: "LOOK! DECENTRALIZATION
IS BAD! Come back to us at Google, we have AI-backed fact checking!" OK, let
me put my tinfoil hat away. Even if that never happens (that's a stretch IMO)
we still have thousands of ad companies who will do their damnest to make
their centralized website customers (namely Facebook et al) even more
appealing than before and try to make the decentralized services look behind
with the times, non-trendy, slow, user-unfriendly or whatever -- so the
teenagers and the young people would continue to flock to them. In short,
there's a lot of economical inertia behind the centralization and it won't be
easy to kill it because there's a lot of financial interest there and the
people holding such amounts of capital historically have never given up their
wealth sources peacefully.

Thirdly, standards for interoperability and federation are attempted for
probably decades now. I am not an expert in the field -- not in these
standards, and not in the ego wars in the OSS communities -- but it's my
opinion the pissing contests in the OSS communities are a _huge_ impediment.
Have you taken a look at the KDE / GNOME wars years ago? It's as shameful
piece of the human history as any genocide; I'd even dare saying it's much
more shameful because there are no lives on the line, not even any money on
the line, just some basement dweller's ego and nothing else.

If we're to be able to resist centralization and surveillance, us the people
who are against it absolutely positively must forgo any ego and become very
scientific; there's already a pretty good consensus about most of what a
decentralized hosting service must do (reference: see IPFS; seriously, do it,
it'll take you a long time but IMO you'll emerge even better informed than
before) but when it gets to the details, people either start flaming each
other, or a dictator of an OSS project decides they don't care what any random
person thinks and just moves forward without any scrutiny or feedback
consideration.

This must stop. The agents who benefit from the centralization and
surveillance are without a doubt dying of laughter how us "the opponents" are
much more busy fighting amongst each other instead of coming together as one
and offering an open and ad-free alternative to their services.

Finally, laws, EU or otherwise, sorry to say it bluntly, don't amount for
shit. History has proven that if a big player has deep enough pockets then
they'll get things their way, laws or not. Let's not go there. I think deep
down all of us know the laws target the citizens and not the companies, 99.9%
of the time.

~~~
Silhouette
I suspect we agree on more than we disagree on here, at least as far as the
principles go, even if I might lack your flair for the dramatic. :-)

That said, I really don't think developing standards for interoperability and
federation is such a big deal in the grand scheme of things. After all, modern
networking -- including the Internet -- is built on numerous such standards,
carefully designed and documented, widely implemented and effective. If we can
develop a stack of protocols for totally unrelated systems to talk to each
other, from the lower levels of LANs up through things like TCP/IP and SSL to
application level details like sending email between SMTP servers or
requesting web pages using HTTP, surely we could standardise sharing content
like messages and photos from friends without relying on some mysterious
centralised service.

I don't know whether most people do prefer to have only one source for their
information; I'd like to see more data before forming any strong view on that
one. But let's assume you're right for the sake of argument. Is that a
problem? We've had systems that collected and combined multiple streams of
data for ease of reference for a long time, from the earliest days of e-mail
lists with digests and Usenet newsgroups and RSS feeds up to modern Web-based
aggregators like Reddit, the Facebook news feed, and indeed the site you're
reading right now. Modern smartphones already combine even these feeds from
multiple sources into a single stream of news and communications for ease of
access. Is it really so far-fetched that we could cut out the middle-man in
some of these cases and move back to a more peer-to-peer, decentralised system
with neutral infrastructure?

~~~
sly010
> TCP/IP / SSL / SMTP / HTTP

Were all invented long ago and were all first of their kind. Creating a new
standard when there are no wide spread alternatives is easy, doing the same
where everyone is already invested is hard. E.g. that's why payment systems
suck universally.

~~~
Silhouette
As someone who does a fair bit of work in networking fields, I think that's a
pessimistic view. Most people don't see when the underlying infrastructure
develops, in no small part because the standards and compatibility issues are
so carefully considered, but that doesn't mean there aren't newer standards
and protocols being developed all the time. We're now on something like the
fifth mainstream WiFi standard, for example, and while someone buying a new
laptop of getting a new box from their ISP might not know what all the
802.whatever markings mean, they still experience much faster speed and higher
reliability compared to the earlier technology. An example from much further
up the stack is that we're starting to see wider support for Web serving using
HTTP/2, which is a big change from its predecessor.

Even with payment systems, we've seen multiple contactless payment
technologies become established very rapidly in recent years, and developments
like Chip-and-PIN cards a few years before that. Of course online payment
processing is also a much more developed and competitive industry today than
it was even five years ago, which again is partly because both the technical
and the regulatory frameworks have opened up in recent years. SEPA in Europe
is a good example here.

~~~
pdimitar
I like optimistic people (no sarcasm). But I think you're overestimating the
cooperative abilities of Homo Sapiens. Every bank, store and pet garage
invents their mobile payments nowadays. This is very bad and leads to
segmentation of efforts which shouldn't exist in the first place.

Also, I'd argue HTTP/2 is not such a huge improvement as many make it out to
be, but I can't deny it's _some_ improvement compared to 1.0/1.1 -- that's a
fact.

------
mpweiher
The letter:

[http://webfoundation.org/2017/03/web-
turns-28-letter/](http://webfoundation.org/2017/03/web-turns-28-letter/)

Referenced by the W3C, but surprisingly without a direct hyperlink, only by
title. A bit strange considering the organization:

[https://www.w3.org/blog/2017/03/28th-birthday-of-the-
web/](https://www.w3.org/blog/2017/03/28th-birthday-of-the-web/)

------
fiatjaf
Does anyone else see as problem that web browsers are getting so feature-rich?
That means that if anyone wants to write a new web browser he won't be able
to.

~~~
TheRealDunkirk
I don't see this getting better. In fact, I think the next big trick in web
browsers will be to embed a full-blown GUI widget toolkit, so you can run what
would effectively be a Visual Basic 6.0-type program, directly in the browser,
allowing you to bypass all the HTML5/CSS/JS layers we slather on top of
whatever framework we're using to make it approach the same UX as a desktop
app. It's going to take even more bandwidth to deliver this kind of app, but
no one seems to care about that anyway.

~~~
keypress
Can pretty much do all that in a Java applet, and have been able to for a long
time.

~~~
fiatjaf
Java applets are not supported anymore anywhere, I think.

~~~
Silhouette
Business using IE and Safari are still running them fine, and they're still
supported in the latest Firefox ESR (though it will reportedly be the last).
However, with the recent changes in Firefox, no "evergreen" browser now
supports them.

------
tomohawk
It's interesting that one of the great things about the web is the promise of
it distributed nature, and yet his prescribed 'fix' for misinformation sounds
like the establishment of some sort of central authority to regulate content.

~~~
Silhouette
I thought he was saying exactly the opposite:

"We must push back against misinformation by encouraging gatekeepers such as
Google and Facebook to continue their efforts to combat the problem, while
avoiding the creation of any central bodies to decide what is “true” or not."

~~~
tomohawk
Sounds like doublespeak to me. Google and Facebook both took partisan
positions in the past election. Why should we trust them as 'gatekeepers'?

And who gets to decide who the gatekeepers are?

An oligopoly made up of elite companies is no better than a monopoly,
especially when the members are demonstrably partisan.

This whole idea that we need some sort of authority to act as the Ministry of
Truth is misguided.

~~~
Silhouette
_This whole idea that we need some sort of authority to act as the Ministry of
Truth is misguided._

You seem to keep coming back to this point, but the quote I gave before
literally advocates the opposite of creating such an authority.

------
mborch
The new web needs to be distributed in a privacy-preserving sense. Today, you
can't realistically browse the web without getting identified and – generally
speaking – geolocated.

What we need is a model where you pull information you request from
distributed and diverse pools of public domain content.

~~~
amelius
Yes we need more federated services. Email is a great example.

Facebook is a telecommunication medium, which means it should conform to the
telecommunications act, which says that there should be a level playing field,
and an open network.

I guess TBL should best start thinking about the protocols in such open
systems.

~~~
fiatjaf
What about matrix.org?

------
chippy
The current narrative of misinformation as a news item is a new thing, which
arrived in our world during the recent US election process. The issue gets my
suspicion-radar bleeping. The whole narrative smells funny to me.

It's not really a global issue, it's a current affairs issue and one
particular to a specific geography. And its not really an internet issue I
think but a human one.

What I find interesting is that Trump is adopting the narrative that emerged
to criticise him, to criticise media bias in general. That's interesting
because political bias and misinformation can be separated - actual wrong
reporting of facts vs bias of interpretation, but they can be argued to
produce the same effect.

~~~
xienze
My thoughts exactly. The issue of "fake news" being this global menace
appeared seemingly out of nowhere despite the fact "fake news" has been a part
of internet culture for pretty much its entire existence.

------
return0
The web needs more anarchy, not less. Less spoon-feeding people with the
truth, let them bear the brunt of their failures. All the problems he mentions
are political, stemming from too much power in governments which makes
political candidates ruthless.

~~~
qudat
Agreed. This idea that we have an issue with misinformation is ridiculous. The
problem isn't the signal to noise ratio, it's learning how to find the signal
in the noise.

------
kyledrake
I've been getting increasingly concerned about the future of the web as well
[https://arstechnica.co.uk/information-
technology/2017/02/fut...](https://arstechnica.co.uk/information-
technology/2017/02/future-of-the-www-timbl-drm/)

------
fiatjaf
> "It’s too easy for misinformation to spread on the web"

It's too easy for misinformation to spread everywhere.

------
hackuser
The marketplace won't sort out the security issues, any more than it sorted
out unstable banks. Consumers lack the ability to obtain information,
understand the issues, and make good decisions.

Computer systems should be regulated for safety, which includes
confidentiality and integrity, like everything else.

~~~
jMyles
I think you have expressed here a worldview that is completely different than
mine, especially the bit about "consumers."

What does "regulated" mean to you?

~~~
hackuser
I'm not sure it's a matter of view; it's a matter of fact. Consumers do not
have the ability (much less the time!) to understand everything. They can't
reliable figure out which bank is stable, which drug will kill them and which
will heal their particular illness, they can't figure out which electrical
appliance is safe to use and which will electrocute their family, the fire
risks of the various buildings they use, and I don't believe they can
understand IT security much less evaluate the security of products.

No matter what our worldviews, consumers won't obtain more capability and
time. I'm a technical professional and educated person, and I certainly don't
have the time or resources to answer those questions, even the very last one.

> What does "regulated" mean to you?

I don't understand the question. In the case of IT security, I can think of
many ways to do it: Liability for bad security, rules requiring good security
, etc. I don't know enough about regulation to know what works and in what
situations, but some minimal rules and liability sound good.

------
ajdlinux
As commerce has become more mechanised, we've lost the ability to bargain and
haggle in consumer business relationships. Forget about sacrosanct privacy
rights, I can't even choose to pay to opt out of a lot of data collection. We
need better options than all-or-nothing.

~~~
fiatjaf
You are right, but this has nothing to do with bargain. I run a business
that's totally outside the web. I don't bargain. If any customer is bargaining
I just say no.

------
bnolsen
Except for the private data part, I found this not very constructive. Too
political. IMHO biggest problem with the web itself is snooping, tracking all
driving an insane amount of bloat which clogs the internet. Any extra
bandwidth or horsepower is immediately sucked and then some up by advertisers
and tracking. There's nothing lean and mean about it anymore.

The internet exists as an information resource that people need to be able to
sift through themselves, not something that governments or other self selected
groups decide to arbitrarily censor for whatever selfish reasons they have.

------
fiatjaf
> "Political advertising online needs transparency and understanding"

As if that wasn't a problem outside the web. Defenders of democracies like to
dream about "transparency and understanding".

~~~
_yosefk
"Defenders of democracies" live in democracies. Defenders of dictatorships and
monarchies, from Jeremy Corbyn (who had kind words for Castro) to
neoreactionaries, also live in democracies, presumably because they're not
actually stupid enough to believe what they say.

Democracy is a lesser evil, which many people born into it fail to appreciate
because their imagination does not render the greater evils realistically.

~~~
ue_
>Defenders of dictatorships and monarchies, from Jeremy Corbyn (who had kind
words for Castro)

What gives you the impression that Corbyn is against democracy? In fact, he
participates in the 'democratic' system of his own party and of the UK. I
personally refuse to participate at all in the bourgeois democracy, but that
doesn't mean I'm against democracy as a principle.

~~~
_yosefk
I only said he had praise for Castro, a dictator whose soldiers shot people
trying to escape his rule in thd back and drowned their boats. I didn't say he
was against democracy, only that he said very nice things about a dictatorship
that he sure isn't dumb enough to live under.

------
simplehuman
For a start we need to get rid of this ad driven model. But this is not going
to happen because people are addicted to free. Its like a drug.

~~~
gkya
Nope, just that quality content that's worthy of my $$ is mostly produced by
bloggers that don't really ask for money. How many sites are there that are as
good as LWN?

Ad network business is a big balloon soon to explode as the amount of actual
customers you get is so little. Guess most advertisers know this but still
publish ads because they're not too expensive to not do. When is the last time
you willingly clicked an ad? I believe in the past ten years I only willingly
clicked less than five ads.

~~~
diesal11
Advertising isn't just about clicks/conversions. It's also about brand/product
exposure.

~~~
gkya
If the exposure is an ad in a space provided by sth like the deck network,
certainly. But otherwise it's not a positive exposure.

------
curiousgeorgio
It's refreshing to read Berners-Lee's proposed solutions as they point toward
more technical and market-based approaches rather than the typical "we need
more legislation to fix these issues" incantation.

I often hear many of the same people fighting "against government overreach in
surveillance laws" (as Berners-Lee mentions) while at the same time advocating
more legislation to govern information use/misuse on the web. I don't think
it's realistic to expect government overreach to magically work where we want
it and stop right where we don't.

Many of these problems aren't on the forefront of most people's minds (yet),
but as the issues become more publicized and people begin to understand their
importance, then we (as in "the people", not the government) will have a
greater voice - and more importantly, _power_ through informed choices - to
make a difference.

------
toadkicker
I just wanted to add some positive comments here complaining the state of the
web as we know it today vs. the people who are working on the solutions to the
problems. There are well defined paradigms for building distributed systems.
While much of the web was built in the belief these distributed systems would
take root, lots of engineering went into client-server configurations. There
are a ton of psychological reasons why these decisions were made. They don't
have to keep being made though. We can all embrace distributed applications
(some call them serverless applications) and free the web once again. Here's a
lot of great projects that are trying to do just that:
[http://github.com/toadkicker/awesome-
ethereum](http://github.com/toadkicker/awesome-ethereum)

------
nsxwolf
It sounds like he's just trying to put the genie back in the bottle now. First
he creates a system that gives everyone total freedom and now he's like,
whoah, that's way too much freedom.

------
liopleurodon
Tim Berners-Lee. Thank God, I was worried they had interviewed Al Gore

------
sauronlord
He is advocating for censorship.

Misinformation spreads everywhere not just the web. Who decides what is
"misinformation"?

All speech and information is political, because man is a political creature.
Who decides what is "political"?

His first point about losing control of our personal data is right on though.

Even so called "heroes of the web/freedom" are on the "fake news bandwagon".

What the hell have we come to when this is considered enlightening discourse.

We're all in deep shit and this is a taste of things to come this century.

~~~
tim333
He doesn't actually say censorship. He says "by encouraging gatekeepers such
as Google and Facebook to continue their efforts to combat the problem." Just
putting fake stories at 50th place in the search results say rather than #1 is
not censorship.

~~~
sauronlord
Who decides what is fake?

------
perseusprime11
Isn't Facebook the biggest culprit of web? Their walled garden approach and
lack of social network portability is what I feel is killing web more than
anything.

~~~
keypress
Facebook got a foothold, because authoring tools sucked so bad. That's
ignoring the magic of some of their social tooling. But sharing digital
content with your own intended audience could be achieved in a distributed
manner. I know the W3C are trying to tackle that problem. We still need
intuitive and easy publishing and aggregation tools that beat the Facebooks.

~~~
username223
> But sharing digital content with your own intended audience could be
> achieved in a distributed manner.

We almost have the tools now:

* cheap or free blog hosting with easy markup and non-public posts

* self-hosted commenting with a URL field for commenters, enabling discoverability

* friendly RSS readers (I use NetNewsWire)

* password management built into most systems and/or browsers, to keep track of individual logins

There's work to be done to make it more user-friendly, but all the tools are
there.

~~~
keypress
It's the user friendly bit that matters.

------
kahrkunne
Publishing this in The Guardian, what beautiful irony

------
chengiz
Berners-Lee seems to want to stay relevant, I mean he invented the web but
does that give credibility to his announcments and concerns and predictions
_now_? I mean we all know how the semantic web turned out.

------
inetknght
Irony: can't view the page with an adblocker.

~~~
wernercd
No issue with uMatrix/uBlock.

------
Tylerosaurus
I thought Al Gore invented the internet

------
SomeStupidPoint
> Imagine that Big Brother scenario extended to the millions of smart devices
> such as digital thermostats and fire alarms feeding the Internet of Things
> ecosystem, and you have a problem that could eviscerate the privacy of
> billions of people, say security experts.

Is this anything but opportunistic scare-mongering?

"Spy agency own spy tools. Wouldn't it be scary if they used them on you?!?!?"

~~~
wernercd
"Wouldn't it be scary if..." is different than being provably known to
do/use/abuse.

~~~
SomeStupidPoint
I mean, is there any evidence the recent batch of WikiLeaks leaked CIA tools
are being misused? As in, any at all?

As far as I'm aware, the only documented case of inappropriate tool use is
overly broad selection criteria on legitimate pipelines of information (and
related abuse of access to that data) -- the Snowden leaks. That was a doozy
with serious constitutional implications.

But that's substantially different than "they're hackin muh TV!" just because
the CIA developed the ability to as part of their mission to spy, which I dont
believe we've seen evidence of indiscriminate use.

