
Own your own data - dalek2point3
http://newsoffice.mit.edu/2014/own-your-own-data-0709
======
kentonv
Funny that half the comments so far are people linking to their own projects
in this space.

Yep, me too.

Try a demo: [https://demo.sandstorm.io/demo](https://demo.sandstorm.io/demo)

And here's the code: [https://github.com/sandstorm-
io/sandstorm](https://github.com/sandstorm-io/sandstorm)

~~~
amirmc
I take that as a positive sign. I'll be trying Sandstorm out soon and wish you
well with the crowd funding (I'll be contributing once I'm at my desktop).

~~~
kentonv
Thank you!

------
jmathai
I've spent the last 3 years in this space[1]. 2 of those were with a
fellowship from the Shuttleworth Foundation[2].

I applaud all the efforts to free up and decentralize data. I believe it's the
future but the way we're approaching it is making that a very distant future.

My suggestions are simple. Data ownership will not be solved by technology.
Focus and practice on framing the solution in a way that people connect with.
Build that into the fabric of your team. And be prepared to spend a lot of
time figuring out how you can describe what a world where you own your data
looks like and how it is drastically better than today's world.

It's all too easy to get caught up in writing code.

[1] [https://github.com/photo/frontend](https://github.com/photo/frontend)

[2]
[https://www.shuttleworthfoundation.org/fellows/current/jaise...](https://www.shuttleworthfoundation.org/fellows/current/jaisen-
mathai/)

~~~
amirmc
> _" Data ownership will not be solved by technology"_

I would say 'data ownership will not be solved by technology _alone_ '.

I think it's completely wrong to think we can deal with any of the data
ownership issues _without_ understanding how the current technology got us
here and what new technologies we need. However, I do agree that throwing some
tech out there and expecting it to take off is not going to happen. There is
the hard work (as with _any_ new solution) of defining and selling the
benefits.

~~~
jmathai
I agree with that. I think the technology is the easy part. If we knew there
was demand for a specific solution then there are plenty of folks who can
build it. In fact I think we have built the technology on numerous occasions
(i.e. Diaspora, OpenPhoto/Trovebox, OwnCloud, etc.) --- finding the market,
describing it in a way that connects with people and being at the right spot
at the right time are the difficult parts.

~~~
amirmc
I disagree. The technology needs to be fundamentally different _before_ we can
have viable, distributed, alternatives.

We've had crypto for a while and yet nobody encrypts their email by default
(or even shares keys). We've had the option to self-host for a long time but
few people do. Why? IMHO it's because doing any of these things means you have
to become a sysadmin to some degree. Very few people will put up with that for
long.

There need to be tools which solve the fundamental (and common) problems of
creating distributed systems/applications -- identity, connectivity/sync,
deployment. With those tools, new and robust alternatives can be built with
the end-user at the centre of their network. _Without_ those new tools, we're
simply using band-aids.

~~~
lloeki
> _Why? IMHO it 's because doing any of these things means you have to become
> a sysadmin to some degree_

I long wished that the App Store model could/would be applied to server stuff.

Imagine the following scenario:

\- Buy a Mac Mini (or whatever Airport Server or enhanced Time Capsule)

\- get Mail Server.app/Calendar Server.app from the App Store

\- have a couple dialogs which configure the sandboxed app with DNS details as
provided by DNS provider (which configures a full-blown imap+smtp server, and
the remote access) and possibly my email details as provided by my email
provider (which configures a fetcher and a smarthost instead)

\- physically authorize user devices to accounts via NFC or BT LE/iBeacon. No
login/password shingamajig needed! account creation/mapping on the spot!

\- download boatloads of personal services from blog to photo management to
microblogging to instant messenging to Gitlab to Tor node to whatever
innovation came by, some possibly communicating in a decentralized way,
possibly without even a need for a DNS record (global zeroconf, DHT, alt DNS,
onion routing).

If I can do it with a few debconf-set-selection on dovecot and postfix (plus a
few API calls on Gandi to set MX, SPF and whatnot), there's no reason it can't
be done automatically for everyone. Of course this is not meant to serve
medium to big enterprises (for which the options that actually prevent
complete automation exist), but individuals and SOHO really don't need much.
People used to think setting up a PC and all its individual apps was a
needlessly complicated and/or boring affair (and it was!), now we have built
them trivial management. There's no reason our servers could not be treated
the same, we just have to stop thinking about the 'old ways' and start with an
open mind. I just want you to realise that we tech folks have been doing this
for years already just like we did set up and fix computers for everyone for
years and we don't have to any more (or way less) thanks to iOS, and Android
but also Mac App Store, and soon Chrome Store and Windows Store.

It's a huge endeavor and opportunity to bring such a platform to market, at
the right time, with the right pitch, but it _has_ happened before, just on
the client-side of things.

~~~
icebraining
From what I understand, a NAS box from Synology actually provides one of the
closest experiences to that ideal. It comes with a Package Center[1], which is
like an App Store for server applications, and like Android it can install
from the standard source or from manually added repositories.

Then you get a panel to configure the new application, usually in a consumer-
friendly way, like this iTunes Server[2].

[1] [https://www.synology.com/en-
us/support/tutorials/500](https://www.synology.com/en-
us/support/tutorials/500)

[2] [https://www.synology.com/en-
us/dsm/app_packages/iTunesServer...](https://www.synology.com/en-
us/dsm/app_packages/iTunesServer_landing)

------
orbifold
One thing that is missing from most homes is symmetrical internet access. As
long as most people can download data significantly faster than upload them,
data hosted in the cloud has advantages. Ideally eventually internet
connections would become symmetric and fast enough for everyone to have their
own low power server with a static ipv6 address at home, with which they can
sync all their data. Of course this does not solve the problem that most sever
software has complicated configuration and open source alternatives often lack
the polish of commercial products. But as soon as there is a switch to ipv6
and symmetric internet access, I see little reason why a decentralized
solution would not win.

------
amirmc
I'm in favour of making it easy for individuals to own their 'digital' life.

However, simply having a 'data store' isn't enough. You need to have a system
that actually _runs_ some infrastructure for you and then 'data collection' is
an obvious side-effect. There are number of projects I'm involved with that
take different approaches to this, including technical infrastructure for
distributed systems and personal clouds [1,3] as well as business models and
market places [2]. Systems like these can provide benefits to end-users that
include resilience and flexibility -- it's not just about privacy.

[1] [http://nymote.org/blog/2013/introducing-
nymote/](http://nymote.org/blog/2013/introducing-nymote/) and
[http://openmirage.org/wiki/overview-of-
mirage](http://openmirage.org/wiki/overview-of-mirage)

[2] [http://hubofallthings.com/what-is-the-
hat/](http://hubofallthings.com/what-is-the-hat/)

[3]
[https://news.ycombinator.com/item?id=8020635](https://news.ycombinator.com/item?id=8020635)

------
selectout
This is an idea/concept that has been around for awhile but nobody has been
able to execute (well) on it. I like the initial work brought forth through
this team and will definitely continue to watch with a close eye.

I think this is a natural progression to the future that the industry doesn't
want to happen. Best of luck to the team though and everyone else working on
similar projects!

------
hyperliner
Owning your own data sounds good. Unfortunately, once you share a piece of
data, it's out there forever.

What we all need is to have our own personal servers that validate tokens.
Then we would just give out these one-time use tokens to people or
institutions. Does the bank need a SSN? Well, here is an auto-generated token.
Bank stores that, but to validate it, it calls your personal little server,
which checks for use.

Unfortunately, systems are built which require personal information. So
eventually, for example, the government or a third party service to get credit
reports needs your actual SSN. Then you are hosed.

Alternatively, all information could be free, but ALL systems would require
your personal server for "permission to use." That of course is highly
complicated.

The problem is everybody / every app thinks they _need_ some piece of
information. It bothers me when I go to a weekend clinic to take my son and
they ask for an SSN. Why? I am going to pay you and walk out of here. "We need
to send the report to your real pediatrician." well, just send it. It's not
like they wont be able to file it.

I hope somebody smart comes up with a definitive solution, but a lot of
processes, people's attitudes and systems need to be recreated from scratch.

~~~
judk
The more people complain and refuse to let their SSN be cusomter id, the more
vendors will backoff.

OTOH, there are so many "legitimate" SSN abusers that it's a lost cause.

------
weilu
Why has nobody mentioned [https://unhosted.org/](https://unhosted.org/) yet?

~~~
black_puppydog
That's what I thought. They have been around for a while, too, haven't they?

------
infocollector
This space is not easy to penetrate. VCs are not interested because there is
no easy short term money in it. Large companies are not interested because
they would like something with market traction (impressive prototype stage) to
buy. Developers who are in this space know well that this requires way more
money than you can raise from Kickstarter. It would be great if all of the
people who posted on this page did a google hangout and joined hands (or at
least a subset). I think this is bigger than any of these projects
individually. Succeeding in this space means something as big as Google,
Facebook and Apple. If you are interested in the hangout idea and would like
to meet up with other similar project founders (or like minded people),
perhaps you can drop me a message (with your email) and we can get started?

~~~
kentonv
The trick is to find a working bootstrapping strategy.

Our approach with sandstorm.io is to make sure it's easy to port existing open
source apps. Even with just the platform we have now and the apps we're
porting, I feel like Sandstorm is already a product useful enough to stand on
its own. Crowdfunding (as we're doing;
[http://igg.me/at/sandstorm](http://igg.me/at/sandstorm)) can't pay for a
revolution, but can pay for the MVP, which can then pay for the next
iteration, and so on.

"Joining hands" sounds nice in theory but in practice more developers simply
does not equal more productivity. At the early experimental stage, it's
important to have many small teams iterating quickly on different approaches;
a single large team will simply spend all its time arguing and will get
nowhere (a lesson I have unfortunately learned the hard way). I am happy to
see lots of people working on solutions to this problem because it makes it
more likely that one of them will succeed. :)

~~~
infocollector
Thanks for the comment. I agree that in practice more developers don't equal
more productivity. And I agree that things happen better in small teams. But I
still don't see the point of not talking to each other, and learning from each
other. One reason I suggested what I suggested is this:

If you just run some one else's Linux applications on linux boxes, and call it
a personal data store, you have a bunch of problems to solve:

1\. No cohesion in UIs 2\. No cohesion in APIs 3\. A crappy user experience.
4\. Code Maintenance

As soon as you think of solving these problems, you'll see the problem of
scale, of the number of programmers needed to do things (both frontend and
backend).

I still think that the people interested in this should talk to each other(,
and perhaps try a divide and conquer approach -- whenever possible), compared
to just trying to patch each other's code to make it work in a small team.

I hope you agree, that this is not an easy problem to solve technically. At
least I think so.

~~~
kentonv
I think all of the problems you bring up are indeed hard problems, and
important ones to work on, but they are also problems that exist already, in
the current ecosystem of open source web apps, and even often in proprietary
apps. About the only way you get "cohesion" on the web today is by limiting
yourself entirely to services from one company (Apple; Google), and even then
it's far from seamless. Yet, somehow we make progress.

So our goal is not to solve these problems, but to incrementally improve the
state of the world. Clearly, the first thing that needs to happen in order for
open source and decentralized web apps to be viable is there has to be a way
that common, non-technical users can actually _use_ them. Sandstorm is trying
to offer a solution for that, and we think we're pretty close. As much as
possible, we actually try to stay out of the question of UI or API standards.
IMO that's a problem that can only be solved organically.

------
exodust
I like the idea of owning and controlling the permissions of all my data at
the source, then those settings applying everywhere on the internet - in all
the different social media services and systems out there.

Stored in the cloud space of my choice. Continually updated as I live my life,
my data would be something I own that I could selectively share to social
media services or other individuals or systems with fine-grained control over
the whole lot.

Services like Facebook would need to change how they worked. Facebook would
not disappear it would just shift its focus to offering a place to use your
data.

Taking back the data keys would be a cool direction to evolve, and fun having
new responsibilities of managing your own living-breathing data, be it stored
in the cloud, your phone, or an encrypted USB stick- up to you.

------
mrb
My proposal in this space is unique: decentralized AND built on an existing
protocol, email! See:

[http://blog.zorinaq.com/?e=76](http://blog.zorinaq.com/?e=76)

You don't even need special software to set it up. Standard email
autoresponder features make it work (see my demo).

~~~
overdrivetg
Is there some reason this is better than being built on an existing protocol,
http!?

"It is quite technical to set up, but in the future if the technology becomes
more popular we could imagine webmails making it easier to set up."

The problem is adoption, and this seems to have the same problems as any other
approach there, maybe more.

Interesting thought, good luck if you keep pursuing it - sorry to be a downer
but it seems like a long-shot IMO.

~~~
mrb
_" Is there some reason this is better than being built on an existing
protocol, http!?"_

Yes: not everybody has a web space to publish HTTP data, but everybody has
email. So intuitively building something on email has better chances of
gaining adoption.

------
jchrisa
This is great. Assuming something like this becomes the new normal, I feel
like the next problem is micro-payments so that people can get paid for their
data.

------
lifeisstillgood
This, or something like this, is my best guess at dealing with the "loss" of
privacy.

THere are some exciting ideas coming out of (of all places) UK local
government, looking at ways to tame the crazy number of proprietary apps that
think they should own the database at the centre of their world - simply by
forcing the data into the app then back again.

~~~
mozboz
Can you provide a reference to, or a better description of the 'ideas coming
out of UK local government' please?

~~~
lifeisstillgood
Hard to remember - some devs / architects I met at LGA conference are trying
to reduce their internal app footprints and move to a database is not the cow
nor yours model.

------
lsjroberts
I suggest viewing a related idea Indie: [https://ind.ie](https://ind.ie)

------
asdad
We have been working on something similar for a few years now:
[https://register.blib.us](https://register.blib.us)

------
ejain
Having control over your data and paying someone to host the data are not
mutually exclusive.

------
fred_durst
Has someone already coined this movement the "functional cloud"?

