
Solid – Reshape the web as we know it - yarapavan
https://solid.inrupt.com/
======
AndrewKemendo
Context here: [https://www.fastcompany.com/90243936/exclusive-tim-
berners-l...](https://www.fastcompany.com/90243936/exclusive-tim-berners-lee-
tells-us-his-radical-new-plan-to-upend-the-world-wide-web)

Discussion:
[https://news.ycombinator.com/item?id=18101702](https://news.ycombinator.com/item?id=18101702)

------
nulbyte
After reading what little documentation is available and installing a single-
user solid server myself, I wonder if this is how people felt when the World
Wide Web was first invented. I find myself asking: Okay, now what? Except I
think even the World Wide Web, when it was first invented, at least had a demo
that worked.

Solid doesn't even seem to work. Following instructions for "learn[ing] how to
install and run your own Solid server," I successfully installed a single-user
solid server. Great, now I have a single-user setup that is supposed to give
me control over my data. So how do I authenticate as the single user? No clue.
This thing is so secure, not even I can get my data!

I would have expected something more useful from the inventor of a technology
that so many people can use today without having to think much about it.

EDIT: I deleted and started over. I still don't know what happened, but now at
least I can create an account and login. Still not quite sure what I can do,
now.

~~~
gfodor
AFAICT there are literally no apps to try this on. Why did they decide to
announce this and publicize it before a basic, well-polished, example was
ready? The pod signup process is using vanilla bootstrap, there wasn't even a
visual design pass.

~~~
kjetilk
Well, I guess we just asked the opposite question: Is there any reason to keep
this sub-surface any longer, and we didn't find any such reason... :-)

So, it is just "release early, release often". So, the code and the spec has
been out there for a long time. I mean, some of this stuff is _really_ old. Us
geeks have been thinking about decentralized social networking since the dawn
of ages, and it seems like the rest of the world is starting to wake up to its
necessity too. So, I think the timing is pretty OK now.

Like, Linux didn't come with a well-polished example either... It wasn't even
intended to out-do Minix. :-)

I guess you could say that we could say even more clearly that this is a
prototype, and we have a roadmap where it will stay a prototype for some time.
But we are seeing people finding it interesting that we're actually not trying
to engineer something from the ground, we are seeing what kind of impact we
can have with pretty well tested Web technologies. I suspect we have a lot
less development to do to have a great social impact than you'd have to do if
went full P2P.

At the same time, there is a large graveyard out there of failed decentralized
social networks, so we are under no illusion that this is going to be easy. It
is going to be pretty hard.

Still, I don't see any reason why we should be sub-surface any longer.

~~~
jellicle
It would be good to have a set of demo applications that do something that
can't be done by competitors.

I read the website and I don't really get it. If I give an app read access to
my data, they've got a copy. Maybe they don't have the canonical copy, the
original, but they've certainly got A copy. How do I have control?

As far as I can tell you've reinvented Facebook with a better API. Why
wouldn't someone just embrace and extend to take control? "Oh yes, we made
some changes to our PODs so you won't get full functionality with other
people's PODs. You can just move your data to our company with a click of a
button, CLICK HERE, and everything will work great! Also, we no longer support
exports of data, sorry. But we'll take really good care of your data, we
promise!"

Maybe I'm dumb and I just don't get it, that's certainly possible. But maybe
you're not doing a good job of explaining it.

------
nabla9
The w3.org site describing solid is much better (even if some links don't
work):

[https://www.w3.org/community/rww/wiki/SoLiD](https://www.w3.org/community/rww/wiki/SoLiD)

[https://www.w3.org/DesignIssues/LinkedData.html](https://www.w3.org/DesignIssues/LinkedData.html)

inrupt.com site is just marketing hype and crap experience.

~~~
lazarljubenovic
Was just about to say that after reading for a minute I understood nothing
about the material. It was just a random array of buzzwords.

------
dandare
I hat websites like this: after reading for 3 minutes I learned that Solid is
revolutionary, game changing and whatnot, but I have aboslutely no idea what
it is. Very frustrating experience.

~~~
hpcjoe
This early 2010s sitcom clip [1] comes to mind when reading about this. Many
of the same buzzwords were used, in the same way. Notice the lack of substance
in the product discussion, and the literal dancing around what it
(Jabberwocky) was.

Who needs a product, when you have a presentation.

[1] [https://youtu.be/spyJ5yxTfas](https://youtu.be/spyJ5yxTfas)

------
chongli
_applications_ :(

Does anyone else feel nostalgia for the pre-"web app" days of the internet?
I'm talking about personal sites on Geocities and web rings built on
communities of shared interest.

 _The browser_ was an application for navigating hyperlinked information.
Other applications include email clients, news readers, FTP clients, and IRC
clients. You never had to download a megabyte of minified JavaScript just to
read a 500-word article; you never would, since it took about ten minutes to
download a megabyte on a blazingly fast 14.4 modem.

~~~
wpietri
I don't. For me to get a nostalgia rush I need to go down to the Computer
History Museum and see yet older stuff. Nostalgia isn't a function of quality,
but of age.

Douglas Adams expressed this well:

“I've come up with a set of rules that describe our reactions to technologies:

1\. Anything that is in the world when you’re born is normal and ordinary and
is just a natural part of the way the world works.

2\. Anything that's invented between when you’re fifteen and thirty-five is
new and exciting and revolutionary and you can probably get a career in it.

3\. Anything invented after you're thirty-five is against the natural order of
things.”

For me the stage that came after this is, "Well, change is going to happen, so
either I need to get off the merry-go-round or I need to learn to like it."
Geocities and FTP clients are as dead as fan-fold, green-and-white line
printer paper, and for the same reason: we found better ways to serve the same
needs.

Justifying one's nostalgia by pining for the days of 14.4 kbps modems doesn't
make a lot of sense. If they were good, then surely my first modem, a 300-baud
acoustic coupler was better. Although I feel a tug of nostalgia when I see
one, it wasn't better. Optimizing to save a resource we have in abundance
makes as much sense as depression-era grandparents saving bits of string for
possible reuse. It wastes that most precious of non-renewable resources: your
time.

~~~
Moru
Except that a lot of things was instantaneous just 20 years ago. I can't
believe how slow even new smartphones are when I'm trying to make a
phonecall... Every press of a button feels slow, there have to be animations
scrolling screens left and right instead of instantly activating something.
Every time I'm using something new and flashy, I feel like I'm stuck in sirup.

~~~
throwawaymath
I don't recall anything on the internet being instantaneous 20 years ago.
Surely you're misremembering?

I also don't find that new smartphones have much touch-based interface
latency; but even so, that kind of latency doesn't have anything to do with
the internet, nor the halcyon days of late 1998. To my recollection browsing
the web in the late 90s was far more exciting but also far less useful than
today.

The modern internet has a lot of inefficiency, but I don't see how you could
seriously claim it's slower than what we had 20 years ago. Sometimes heavy web
applications are relatively slow because they're underoptimized, but that's
less of a technology failing and more of a developer failing. Most websites
load spectacularly faster, and perform better, than all but completely static
HTML websites from two decades ago despite having much larger byte footprints.

~~~
sanderjd
Yep - I remember very carefully planning which mp3s I wanted so that I could
dedicate my small window of modem time each day to download them because each
one took 10-30 minutes. Sometimes I was able to get through a full game of Age
of Empires before disconnecting due to lag or because my dad needed to make a
phone call. I find long page loads due to excessive javascript as annoying as
the next person, but I'm much happier with the internet in 2018 than 1998.

~~~
Moru
Ok, maybe I was spoiled with 100 Mbps connection at the time but I was mainly
talking about Apps. They were not web-based, all written in C, some form of
BASIC or Assembler.

------
jchanimal
The goals are laudable, and sometimes a backwards-looking implementation can
get traction faster than a forward-looking one. But the reliance on Pods and
URL location-based identifiers roots it firmly in the past.

I think the future is the robust content addressable distributed web. Which
could give developers the same flexibility, and users the same friendly
experience, but with everything virtualized in a peer to peer mesh. I’d like
to see the developer smoothness of Solid married to future-proof content
identifiers like this:
[https://github.com/ipld/cid/blob/master/README.md](https://github.com/ipld/cid/blob/master/README.md)

~~~
abeppu
Would the content-addressable distributed web really "give ... users the same
friendly experience"?

I'm a bit outside my wheelhouse, and I don't fully understand what Solid means
when they say "You own your data", but with content-addressable strategies,
often users _don't_ really have ownership once something is published in the
sense that you can't delete or change something if anyone else is serving a
copy.

~~~
hobofan
Very much depends on the concept of ownership, doesn't it? ;)

I mean, you own it, but so does everyone else. I think the traditional(?)
concept of ownership you are referring to, that allows people to "delete"
information is very unnatural and feels akin to trying to reverse entropy. You
can't unring a bell, and you can't delete data from the world.

~~~
nnq
The human concepts of ownership implies a very important right that people
tend to overlook: the _right to DESTROY it_ , to undo it, to "take back what
you said".

This is important, because for physical artifacts having the right to
destroy/demolish means having the right to create new things in its place (if
I inherit a historical monument castle and I can't f demolish it to a pile of
sand by my liking, than that's a scam, I don't really own it; also I might
want to demolish it for aesthetic/informational reasons too, to "wipe" a part
of its history from the human collective knowledge base).

And for informational artifacts, the right to "undo" or "take back" is also
important, because the fact that what you say/publish is there to haunt you
forever will have a chilling effect... lots of interesting things will go
unsaid unwritten.

 _You have to burn books /libraries/things from time to time, otherwise
everyone becomes afraid to write new books or build new things!_

And on a physical level death has the same liberating effect. You know you're
gonna die sometime anyway, so you can enjoy that cigarette, it increasing your
risk of an incurable cancer by 1e-3 percent will not have consequences that
will haunt you forever... Death and destruction are necessary for true
freedom, at least for the kind of freedom _I_ want to have.

Things like _block-chain /graphs_ combined with _content adressability_ bring
significant limitations to _FREEDOM._ Endless responsibility and
accountability for everything you've done and said would make life of all
creative and disruptive people a living hell. Heck, if you're not free from at
least some of the consequences of your actions, then why do anything at all,
why even carry on living.

And on:

> You can't unring a bell, and you can't delete data from the world.

Yes you can, if you _kill_ someone, a part of the information that is in their
head and haven't been shared with anyone yet will be lost forever. That's a
good thing imo. If everyone who's heard the bell is dead and hasn't told about
it to anyone... has the bell truly rung? The information that it has is
irrecoverable now. And you can thank your friend entropy for that
impossibility to recover this data and for the liberating effect that this can
sometimes have ;)

~~~
danShumway
> _than that 's a scam, I don't really own it_

Legally speaking then, you don't own information about yourself like your
address or past actions. The government won't let you erase that information.
The only way to make your friends and family forget it is to kill them, which
is obviously highly illegal.

Even with efforts like Right to Be Forgotten, Europe isn't positing that you
actually _own_ information about yourself in the same way that you're doing
here. Right to Be Forgotten is a) balanced against public interest, and b)
only applies to information access and indexing. Right to Be Forgotten doesn't
mean that you can demand a newspaper burn all copies of an article it wrote
about you.

The reality is that "ownership" means different things in different contexts.
There's not a single definition. When we talk about "owning" data or
Intellectual Property, we don't mean it in the same way that you "own" a
wrench.

How can you own something that is inside my head?

~~~
nnq
> How can you own something that is inside my head?

 _If I put it there, I own it, and I should be able to destroy all proof that
it 's not purely a fabrication of your imagination._ (Sure, you can still know
it and use it to guide _your_ decision, but it shouldn't be legally valid any
more, and there should be no way for you to convince others it's true.) Yeah,
obviously if it's in the heads of other people too, it would be more accounts
in favor of that information being authentic, increasing the _probability_
that I am lying about that in a legal situation. But key thing would be that
it's a probability. I can destroy the certainty. That could swing depending on
context, maybe I'm more trustworthy than the group of people arguing for the
authenticity of that piece of information.

Obviously there's great deal of criminal activities that can be protected by
going too far with this, so it's a question of "tweaking the dial" until we
get the right amount of informational "light" and "darkness". As Jung said,
there are some who need light, and some who thrive in the shadows...

~~~
myWindoonn
There's two problems. First, there's a basic argument from the outside that
you're fucking with historicity for no good reason other than that you think
that you're more important than humanity.

Second, from the inside, this simply isn't how memes work. Memes are
_designed_ to propagate and survive on their own. If your ideas are at all
good or interesting to society, and they manage to become memetic, then you
have zero recourse, just as if you were Patient Zero for some new plague. You
shared it, and unsharing is impossible, regardless of how moral you might
believe unsharing to be.

Seriously, take some time and think about it: How many of your ideas and
concepts are actually original to you? Almost none of them, right? And if
you're honest with yourself, pretty much every concept seem inextricably
linked to others. Really, what matters is the _structure_ between ideas, and
that can't be shared, since it's private to each person's mind.

Anyway, if this doesn't sway you, I'm okay with it; you're purely a
fabrication of my imagination.

------
dkoston
What’s not clear to me is how this will work from a data storage and access
standpoint.

In order to have a permissions system, you have to have permissions. For
example: read:photos, write:photos, read:running_data, etc

In order to do that, there are a few hurdles:

    
    
      - You have to define ACLs for every type of data stored in everyone’s POD. 
      - More complex is to define what parts of what data certain ACLs give access to. For example: I may want to provide heart rate data from my runs, workouts, and temperature data but not GPS. That’s getting very granular 
      - Since every app will have different or possibly new types of data, having a central standard for data types and ACLs will be tough. 
      - You’ll also need a mapping mechanism for where the data is stored and how it’s named and the formats that are being used. Even within a single app, you can denotmalize data and store it in multiple places for different purposes.
    
    

I like the principle of this but it seems very challenging to adopt. I look
forward to seeing someone solve the above challenges.

~~~
kjetilk
Right, so that's one of the reasons why Solid is built on top of Linked Data
and RDF, we need the power of these technologies to support those advanced use
cases.

The Web Access Control spec is here: [https://github.com/solid/web-access-
control-spec](https://github.com/solid/web-access-control-spec) . In
principle, we could support really granular data ACLs based on that spec, the
ACL applies to a URL, and you can give any datapoint a URL, so problem solved.
In practice, it may become a bit cumbersome, I suppose it remains to be seen
how you'd do it in practice, but I think we have a really good start there,
there's lots of stuff that can be realized now.

There's a wealth of academic research that applies to these problems, the
problem of the Semantic Web community has been that it has been strong on the
academic stuff, but not very focused on truly useful stuff that can be done
right now (to quote AaronSw). That's one of the things that Inrupt sets out to
change. But the good thing is that we're not setting out to solve really hard
problems in the dark, since we have that academic research, we know pretty
well what's hard and what should be within reach.

~~~
dkoston
Thanks for the thoughtful reply. I think this is a good start and the question
still remains as to how usable it will be.

We’ve seen this issue on mobile where users give access to certain
capabilities on their phone and then are surprised at how apps use them
(camera, mic, location, etc).

The challenge is how to describe these things in the way that the average user
can understand and trust.

ACLs, capabilities, etc are generally easy for developers to consume but much
harder for the average person to understand.

My main thought is that there will need to be some standardization of data and
how it is consumed for this to take off. If a consumer is providing access to
their location data in 15 different ways for 15 different apps, how are they
even suppposed to keep track and understand that?

Standardization of ACLs/access has become standard on mobile and the
permissions are very coarse so they aren’t overwhelming but it often leads to
unwanted results. I’ve yet to see someone implement ACLs in a way that is
easily consumable by the average user.

As noted, I’d love to see that happen. It’s a tough problem to solve but one
that would benefit all users.

------
mlthoughts2018
Maybe I am just naive, but this all seems terrible. There are paragraphs of
ideology everywhere for every aspect of this and nothing boils down to any
understandable description of what engineering mechanisms I can use or how it
solves the problems laid out.

I really want to like this, but if I spend 15 minutes clicking the guides, the
“build a solid app on your lunch break” link, and going all over the site, and
I still don’t have the foggiest idea of the actual engineering mechanisms,
something is wrong.

It is hard for me to believe some consortium of really knowledgeable web
architects and inventors made this. It feels like a PR website with attractive
purple colors to make me feel cozy. But I want to know _really_ how it works!

~~~
mtrn
> Maybe I am just naive, but this all seems terrible.

I do have most respect for TBH and I would consider everything he thinks and
writes about, but this does not sound too good to me either.

The idea of linked data and semantic web has been around for almost two
decades now and I have yet to see an application, technique or site that
amazes me. On the contrary, most of the things in this space I have seen are
bloated, unusable or simply unnecessary - whereas every paper sounds like
revolution is around the corner. In that combination, it is the worst of both
worlds: academic output, that claims practicality and fails to deliver.

Peter Norvig put it best, when he said: "The semantic web is the future of the
web and always will be."

A recent discussion touches upon a few problems:
[https://news.ycombinator.com/item?id=18023408](https://news.ycombinator.com/item?id=18023408).

~~~
jacobsimon
Maybe I'm missing something, but what does this have to do with the semantic
web and why is everyone discussing that? Solid appears to be a decentralized
identity platform.

~~~
msbarnett
The proposal here seems to be that data, as Linked Data (as RDF, specifically)
be exposed directly to the web, manipulated by rich front ends written in JS
using an RDF parser. The marketing speak is so thick that it’s impossible to
discern much of the technical detail, but presumably the server side is an LDP
server backed by something (triplestore?).

RDF, LDPs, and Linked Data in general are all child projects of the Semantic
Web movement, and nigh-on inseparable from it in practice. The venn diagram of
their user communities is one circle.

------
yarapavan
His blog post announcing solid - [https://medium.com/@timberners_lee/one-
small-step-for-the-we...](https://medium.com/@timberners_lee/one-small-step-
for-the-web-87f92217d085)

~~~
detaro
One would think that after a few years of working on this he'd have built a
place to post content using it.

EDIT: at least there's the original outside medium on their project page, but
seems like just a static squarespace page: [https://www.inrupt.com/blog/one-
small-step-for-the-web](https://www.inrupt.com/blog/one-small-step-for-the-
web)

------
osrec
On a basic level, it seems to be the same old web, but rather than Facebook or
some other company storing your data, you store it on a pod, and give the app
access to it. Which is fine, until one day you share a bit too much, or you
'create' personal data in connected apps, which the app obviously has access
to anyway. Not sure what this solves. Also, I can imagine lots of "pods as a
service" popping up, which is kinda scary, because now it's not just your
social life that's stored in one place, but ALL your personal data, including
medical records and whatnot. Perhaps I've missed something, but they need to
elaborate more on the underlying concepts driving this idea, as, like others,
I'm not convinced of its validity.

~~~
juanuys
That said, I'd be happy if the NHS (National Health Service in the UK) can
just point to my POD instead of asking for paper forms to be filled in each
and every time you change your GP.

------
ttt111222333
How does this solve problems of data leaks? Let's say some social network uses
this Solid framework and you login with your Solid POD. Can't the social
network then just save your data into a database? Now when the social network
gets hacked millions of personal data is still released into the wild?

What I'd like to see, is every device run a small process which can read the
user's data. Html then has a syntax that can be interpreted like

{{ solid://mydata/name }}

{{ solid://mydata/profile.jpg }}

{{ solid://mydata/age }}

etc.

That data is on the user's device encrypted. Apps can never read your data,
they can only tell your device to display that data.

That way developers cannot read your data, store them in their own databases,
and then accidentally get their own database hacked and we are back to square
one.

I'd like the data on your device to be encrypted and have some type of
homomorphic encryption such that if an app were to show average age of users,
then an app would be able to run some sort of `select average(age) from users`
but since the encryption is homomorphic, the app never learns information
about any individual user. This would apply for machine learning operations
too, so that we could get netflix style recommendations of movies, without a
company ever learning what movies we liked, our age, etc.

However, I don't know the first thing about homomorphic encryption so I guess
I just have to wait until some great soul builds something like this for us.

------
dgudkov
I like the idea. It's basically an encapsulated portable personal "wiki" for a
user (persona) with an open data model that can be accessed by external apps
based on permissions.

What it doesn't solve is the problem how this data is going to be used by
those who access it. I wish there was some kind of digital contracts that only
allow using personal data in a way permitted by the user.

~~~
azeirah
Have you heard of the concept of "homomorphic encryption"? It allows someone
to perform computations on encrypted pieces of data, without actually ever
having access to the raw data itself.

I have no idea how realistic or how "possible" this technology is for in the
near future, but this seems to be a great match for technologies like these.

~~~
kjetilk
Yup, it is. Though, I'm not sure about homomorphic encryption, but there has
been some work on encryption in the academic community that has very clear
application to Solid. Here's a paper written by some friends of mine:
[http://epub.wu.ac.at/5818/1/10.1007_978-3-319-58068-5_37.pdf](http://epub.wu.ac.at/5818/1/10.1007_978-3-319-58068-5_37.pdf)

------
jeremyt
I might suggest taking a look at Blockstack and Urbit, which are efforts to do
the exact same thing through two completely different approaches.

------
JepZ
Two years ago I wrote a little Progressive Web App which stores its data in an
offline cache (browser) and syncs to my Nextcloud via WebDAV. IMHO that has
pretty much the same advantages that Solid proclaims.

I mean, in spirit I seem to value the same things as Solid (decentralized, own
your data, etc.), but what I don't understand is why it has to introduce so
many abstract/new names when it wants to be 'simple'?

Building on top of the Semantic Web concepts isn't going to help either as it
has enough disadvantages of its own (e.g., complex standards without adding
any real value).

~~~
Karrot_Kream
ActivityPub suffers from this problem as well but has become widely used.

------
Animats
Who's "Inrupt"? The main Solid site is
[https://solid.mit.edu/"](https://solid.mit.edu/").

Inrupt is not in Crunchbase. They don't have a business address on their site.
They try to get people to sign up without giving terms and conditions first.
And they want you to give them access to all your personal information. Right.

~~~
tuukkah
A company of some respected people it seems: [https://www.inrupt.com/meet-the-
inrupters/](https://www.inrupt.com/meet-the-inrupters/)

~~~
Animats
Theranos had an impressive collection of names, too.

------
sarreph
Please correct me if I’m missing something that technically prevents this, but
once you grant a 3rd Party access to your data (via a SolidPOD), what’s to
stop them scraping it and keeping it for themselves in order to build a
profile on you?

------
hendzen
Seems like a better marketed, but less-technically well thought out version of
Sandstorm ([https://sandstorm.io](https://sandstorm.io)). Perhaps they should
have acquired the IP from Kenton Varda.

~~~
jaimeyap
I had the same thought. The hard parts really are the containerization of
apps, and the auth and permissions model. Sandstorm as far as I know is the
best thought out attempt at tackling those problems.

------
quotemstr
Solid appears to use TLS client certificates for authentication. (Granted,
they're working on some kind of OAuth integration too.) WebID-TLS appears to
have the same severe drawback that HTTP authentication does: the UI is
provided by the browser, and so can't be customized, branded, or tweaked in
any meaningful way by authentication providers. The TLS certificate dialog my
browser presented just now attempting to use the "hello world" live demo also
appeared to be extremely intimidating for non-technical users: for example, it
presented long strings of hex numbers.

I don't think Solid is going to get any meaningful adoption until the signup
and authentication flows resemble those of major current social platforms,
which have enjoyed years of usability optimization.

------
kstenerud
I don't get it...

What is a pod and what's so great about it? Something about controlling your
data... Storage space... Secure USB stick for the web? So I can mount it and
add/remove files from it? Like dropbox or something?

I clicked "Get a solid pod" and it asked me to register, which I did, after
which it dumped me into some kind of "home page". Clicking "get started with
solid and data browser" brings up instructions for creating notes and
calendars and text files in a very primitive interface. There's no link to get
back to the "home page" and the back button doesn't work because it's force-
forwarding from an interim url.

So is it like a primitive owncloud? What's it supposed to do that's valuable?
What am I even looking at?

~~~
weavejester
My reading of it is that it's a database you control that you can allow third-
party web applications to use. So instead of the web application storing your
data on their servers, they store it on yours.

From the perspective of the end user it's useful because retain control over
your data, so there's no barriers to switching to a competitor, for instance.

------
pulkitsh1234
So, I need to ensure that my POD(s) are up and running just to access other
services (which will read data from my POD) ? Isn't that a step backwards ? or
am I missing something ? Will the data be cached somewhere, so the services
are accessible even if PODs go down ?

If people can't run their own POD servers reliably, then they need to use some
other cloud POD providers (Inrupt, as mentioned on the website). Which means
your data is now with a third-party.

    
    
        Solid changes the current model where users have to hand over personal data to digital giants in exchange for perceived value
    

Won't Inrupt become one of those digital giants (in context of Solid) with
access to numerous PODs of people who cannot reliably host them ?

------
tannhaeuser
I really would like to support this, but I seem to miss the big picture.
Looking at the github repos, Solid appears to be mostly about giving a second
life to TBL's and W3c's failed pet projects, notably semantic web, linked
data, RDF, SPARQL, JSON-LD.

~~~
TuringTest
What's wrong with bringing those back to life? Their organizing features have
been unmatched by any application we have today, except maybe wikis.

They didn't fail for not being useful, but because their engineering was
clunky and their demands on resources were way beyond the hardware of the
time. Also those systems were too complex for the classic programming
techniques. Now that we have a better understanding of reactive programming
and async dependencies, maybe we can finally build the tools ecosystem to take
advantage of homoiconic data, and these systems can take off.

------
TeMPOraL
[https://solid.inrupt.com/how-it-works](https://solid.inrupt.com/how-it-works)

Ok, I like it. Throw in some homomorphic encryption in the future, and maybe
we can reverse all this SaaSS nonsense of today.

I love the data stays owned by the user. It's how it should be. I hope the
system has some provisions against applications encrypting the data on on
user's POD.

~~~
tommoor
That page doesn't explain how it works at all :(

~~~
TeMPOraL
Yeah :(. I just finished browsing the page and unfortunately, there's
surprisingly little technical details about anything. Oh, you can build a
client app with Angular. Cool. I'd much prefer to know _how_ it all works.

------
sctb
Previous discussions (before the adoption by Inrupt):

[https://news.ycombinator.com/item?id=16355311](https://news.ycombinator.com/item?id=16355311)

[https://news.ycombinator.com/item?id=12280764](https://news.ycombinator.com/item?id=12280764)

------
auggierose
Something like Solid probably needs a strongly inforced GDPR in place.
Otherwise big actors can just access all the private pods and cache them in
their own big data stores, and we are back to square one.

------
usaphp
But what prevents an app that you gave permission to from copying your data
and selling it to third parties, just like Facebook does?

------
espeed
See [https://solid.mit.edu](https://solid.mit.edu)

------
detritus
Well I feel like an idiot, I populated my 'pod' with a couple of personal
details, and now have no idea how to undo what I've done* and haven't received
a confirmatory email to my address so now have some 'thing' on public space I
have no control over, no understanding of and no ability to delete.

Not a great start.

* Ostensibly I've over-written with nonsense details, but a cursory check in another browser, not signed in, shows the same original information.

What a mess.

~~~
usaphp
Why do you populate your personal details in the “thing” you don’t understand
and have no control over in the first place?

~~~
detritus
Yep, an entirely valid point and the reason I called myself an idiot - I used
my real name and my email and I stupidly assumed I'd have some immediate
control over public visibility, or at worst, the ability to undo what I'd
entered or nix the thing entirely.

Given the sign-up asks for both details and I assumed there might be some
potential for further use here for a platform created by a trusted party, I
unthinkingly stumbled with the minimum.

I usually - which is to say always - don't, but here did.

Not looking for sympathy or sanctimony, just relaying my experience.

------
avivo
Paging Kenton Varda and the company/product/system he and his team created
that does something very similar called Sandstorm:
[https://sandstorm.io/](https://sandstorm.io/). (Kenton also led the protocol
buffers team at Google which is their main format for data interchange).

I'm curious how this is different.

~~~
kentonv
Hello... you paged?

It looks like Solid has progressed since the last time I really looked into
it. But, from what I recall, Solid focuses on standardizing data formats and
storage... but not compute. That is, all of your personal data is stored in
some central location chosen by you, and then web apps can access that data
(if you give them permissions). The web apps themselves still run on their own
servers, controlled by the respective developers.

I'm skeptical of this model because:

1) If the code still runs on the developers' servers, there is no way to place
technical restrictions on what they can do with your data. They can make a
complete copy of whatever data you give them access to, they can store
additional telemetry on the side, etc.

2) I think developers will resist standardized data formats because it makes
it hard to develop new features. If you want to build any feature that
requires storing additional data, it needs to be supported by the format.
Perhaps the formats are extensible, but if multiple vendors do not agree on
the extensions, then your data is no longer portable, defeating the purpose. I
find it hard to imagine that any developer will voluntarily restrict
themselves in this way without a huge incentive, and I don't see what that
incentive is. (Certainly, not enough people care about data sovereignty for
that to be an incentive.)

My opinion is that data sovereignty efforts must focus not just on storage,
but on compute. The servers on which code actually runs should report to the
user, not to the developer. Developers should build apps, which run on the
user's servers. This way, developers are still free to create whatever data
formats they want, but the user ultimately controls the storage. Other
developers can attempt to develop "compatible" software which can read the
same data, but this doesn't hold anyone back from adding new features to their
own software.

But my own attempt to create such a platform didn't work out. So, you know,
you shouldn't necessarily listen to me...

~~~
mwcampbell
Reading this comment, I'm saddened again that Sandstorm failed, and that you
had to abandon it to work on something that, while technically interesting,
doesn't advance end-user freedom as Sandstorm tried to.

And I'm ashamed that I didn't do more to get behind Sandstorm sooner. I
suppose this is too little, too late, but I just signed up for the Oasis
power-user plan. I suppose if a few thousand of us did that, then you and a
handful of other people could work on Sandstorm full-time again.

~~~
kentonv
Thank you for your kind words.

FWIW, while my current day job (Cloudflare Workers) is not immediately aiming
to solve the same "political" problem as Sandstorm, it turns out we have to
solve many similar technical problems, in that we are building a massively
distributed platform for applications. For example, we'd like it if an
application built on Cloudflare can store each user's data in the closest
Cloudflare location to that user. That means applications need to be designed
to treat each user's data as a separate unit that can independently migrate.
If we succeed in getting applications to do that, then it becomes a much
smaller technical step to say, OK, now let's store the data on the user's own
machines.

It may turn out that this is a much better technical basis for what Sandstorm
wanted to do, while making the "political" problem far less ocean-boiling.
That's my hope, anyway.

------
qwerty456127
Not simple enough to attract anybody but geeks. The landing page of a project
with ambitions to replace the existing web should target simple users and let
them get in, see and access the value in a matter of a click on a very visible
button labeled in a very obvious way rather than requiring them to learn how
it works (the majority of people bringing money to the internet have no idea
of how it works and little desire or capacity to learn that) and expecting
them to get a clue they are supposed to click a button with a mysterious label
"get a POD" and making them decide if they want their free pod to be provided
by a commercial or a non-commercial entity (I bet they will rather click
"apps" but there seems to be nothing there). Geeks like us are probably going
to love it but geeks alone can't replace the web and fill it with economic
value, we are to attract ordinary users.

------
codehenge
Interesting idea, but I'm interested in the security implications. Now I have
a Pod that has all my data in it, and I can host this pod anywhere I want.
Great, but its now the single target for getting all data on me.

I get that its great when its working and secure, and I can control it. But
exploits happen, and now all my data is in one place.

~~~
chippy
I believe (from scanning the website quickly) that you _can_ host your own
pod, but you can also put your data with third party. Currently, it offers 2
free options from a commercial provider and a community provider.

So in terms of security, you can choose to trust a 3rd party with hosting your
data, keeping the apps etc up to day or you can host it yourself. I'm not sure
what's better!

~~~
codehenge
You are correct, but in this world I'm choosing a SINGLE third party to host
ALL of my data. There's no distribution of risk, my data portfolio is
undiversified, etc. They get hit, its all over.

In fairness, I guess I could have a bunch of pods like financial, social,
pictures... or even a pod for each service: facebook_pod, bank1_pod, etc...and
host them all with different third parties to try to minimize risk. But this
gets incredibly cumbersome.

------
Waterluvian
I don't quite understand "how". It all sounds magical.

~~~
blincoln
I could be wrong, because I'm also a little bemused by the lack of specifics
on the site, but it sounds like the Pod stores sort of "quanta of shareable
information" (photos, essays, one's phone number, etc.), and makes them
accessible via authenticated APIs.

So instead of posting a photo on Facebook, Twitter, and Instagram, one would
(ideally) authorize Facebook, Twitter, and Instagram to read photos stored on
the Pod with a "shared publicly" tag (or similar), and then anything with that
tag would show up automatically in one's feed on all three sites, and (if also
authorized) push reactions and comments back to the Pod.

If I'm understanding correctly, it sounds like a neat idea. I'll be interested
to see how well it does.

------
albertgoeswoof
How is this different from [https://tent.io](https://tent.io) ?

Exactly the same principle, but it failed to get adoption. Perhaps because
users don’t care where their data is stored, and most can barely comprehend
it?

------
holdenc
I like the spirit of this, but expecting average internet users to buy fancy
hard-drives to store their data for apps that don't exist yet, simply to be
free of the cloud, is way optimistic.

Also, having a Solid pod does not prevent the worst kinds of personal data
abuse, such as identity tracking and brokering of tracked data. I don't care
that Facebook stores my photos, but I do care that they've built a profile
around the contents of them.

------
ilaksh
Seems to be a rebranding of Linked Data. Need convincing that Linked Data is
key to decentralized applications.

I do think that the Semantic Web is still a cool idea though.

------
keithnz
One advantage is you can build up your data and different apps can re-use that
data. Presumably you have to grant permission to use that data but apps could
easily ask for access to much more data than it needs? This seems a little
dangerous because people just say "Yes" when they want to use something. Or
does it have a strategy for dealing with this?

------
WiseWeasel
The (initial) killer app for this has to be warez. Messaging and publishing
seem like compelling uses, but to get people to bust out the credit card to
some pod host each month before there's a sufficient network built up to make
those attractive, there's going to have to be a lot of pirated content
available somehow.

------
traverseda
I'm on mobile, so please excuse my innacurracie, but from memory how it works
is pretty simple. A solid server is sort of like Dropbox. everything is a
file, and you can give apps read-write access to a "folder".

It also recommends the use of some XML thing so that all your "contact"
objects are the same format.

~~~
coder543
Sounds about right. Even if we imagine that developers adopt this technology
for some reason, what's to stop them from also keeping copies of any data they
are granted access to? or just using it for auth and giving you no direct
access to your data? It all seems too idealistic, since developers derive
little benefit from the added complexity.

------
jv22222
The "Centralized to Decentralized Recursion" is a bit like Moore's Law.

It works for all aspects the digital ecosystem. Clients, Data, Bandwidth,
Storage, etc.

Centralized -> decentralized -> centralized -> decentralized -> centralized ->
decentralized -> centralized -> decentralized -> etc.

------
coldtea
From the visionaries that gave us RDF and the Semantic Web.

------
thefounder
This sounds good but in practice is hard to implement. Even for email clients
we started to display generic/html pages to handle the authentication because
we couldn't agree on a standard api/protocol. I doubt we will move into
semantic web anytime soon.

------
henryluo
Yes, Solid is something to looking forward to.

Many years ago, we face the vendor lock-in problem from the software giants,
due to proprietary data formats. Thanks to Berners Lee, W3C, XML and open
source community, that is less of a problem today.

But now we face the problem of vendor lock-in, not due to proprietary formats,
but due to cloud-service lock-in. With all the software giants, Microsoft,
Google, Facebook, Amazon, ... offering their services primarily as cloud
services, this cloud lock-in issue is going to become more severe in years to
come.

It's a new war the software industry needs to fight. It cannot be addressed
just by one person, one project, one organization. It needs collaboration from
the entire community.

------
gobengo
I gave this talk[0] a few weeks ago at MyData 2018 about ActivityPub. Dmitry
was going to come and talk about Solid on the same panel, but couldn't make it
last minute. So I spoke a bit about Solid at the end too, and compared and
contrasted.

Kim Hamilton Duffy gave an illuminating talk right before me about
"Decentralized Identifiers and Self Sovereign Identity Standards"[1]

lmk if any feedback or questions

[0]
[https://www.youtube.com/watch?v=ikCumzhfV9k](https://www.youtube.com/watch?v=ikCumzhfV9k)

[1]
[https://www.youtube.com/watch?v=KsIM0zq37fU](https://www.youtube.com/watch?v=KsIM0zq37fU)

------
ronreiter
I don't understand.

HTML5 is on the way to become this. You have permissions, local storage,
indexedDB, and a ton of APIs. Anything else you need you can just submit it to
the HTML5 working group (e.g. shared data)

------
hellofunk
Maybe I've been programming too long, and I saw Solid POD and I read "a solid
pile of data." Perhaps that was the intended play on words. I never saw the
english word "pod".

~~~
troymc
It's like two peas in a pod.

Or a pod of whales.

[https://www.merriam-webster.com/dictionary/pod](https://www.merriam-
webster.com/dictionary/pod)

~~~
hellofunk
I didn't say I don't know what "pod" means, I meant I did not see that word,
only the acronym POD, when reading about this product.

------
redecentralize
There's a broader set of problems with the whole 'personal data store' space
and a lack of evidence of user research to address big problems users have and
incentive for companies / app developers that would drive the necessary
adoption for impact. [https://medium.com/@shevski/how-solid-is-tims-plan-to-
redece...](https://medium.com/@shevski/how-solid-is-tims-plan-to-
redecentralize-the-web-b163ba78e835)

------
m12k
So it's Diaspora meets a CMS? I thinking the issue here will be the chicken
and egg problem - how do you bootstrap something like this without a killer
app to drive adoption? After a certain critical mass adopts a system like
that, all web applications start getting pressured toward supporting it too,
but how do you ever build that critical mass to begin with? The whole point of
the system is to prevent vendor lock-in, so what's the vendor's incentive to
help make it popular?

~~~
tuukkah
I'm thinking the incumbents of each field that has a vendor lock-in problem
could gather around this common platform and provide an open ecosystem as an
alternative to all the monopolies that don't respect their users.

------
minton
In order for apps to make use of your POD data you’d have to give them access
to it and once they have it you’re back to the same experience as pre-Solid,
right? What am I missing?

------
juancampa
I like this and I'm in favor of decentralization. However, it's hard to
imagine decentralized beating centralized when centralization has such a huge
economic incentive. We need to create an environment where people and
developers are incentivized to use/build decentralized systems. Maybe through
law? Like a carbon tax would incentivize people to buy EVs. Data tax.

------
kgwxd
Tim Berners-Lee may have invented the web, the wonderful, inclusive, open-to-
everyone web. But his new focus is DRM for everyone. DRM is the complete
opposite. Horrible, exclusive, open-to-money. It started with supporting EME,
now this. I hate that he gets to use his own name to promote this, even more
now that there's a "Sir" prefix.

------
rkagerer
Can someone clear this up for me?

"This Solid POD can be in your house or workplace, or with an online Solid POD
provider of your choice."

"you never have to sync, because your data stays with you"

If you choose to keep custody of your own "pod", how are you supposed to
achieve redundancy without some kind of sync / backup process?

------
ohiovr
I don’t want anyone to be custodian of my data since a hard drive costs so
little and my data is supposed to be so valuable. There is always an incentive
to break in and steal it. or just use it in unscrupulous ways like tge
multitrillion dollar grift system we call the tech industry does daily.

------
EugeneOZ
Content is editable when it's allowed to be edited. We have "guestbooks",
"chats", boards, commentaries, forums, even wiki-sites long time ago, so this
issue is solved, "Solid" doesn't sound revolutionary in this scope.

------
z3t4
The hard part is ID, you need either a centralized authority _or_ a standard
specification.

~~~
rhencke
Solid uses the latter.

WebID-TLS: [https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-
respec.ht...](https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html)

WebID-OIDC: [https://github.com/solid/webid-oidc-
spec](https://github.com/solid/webid-oidc-spec)

------
amingilani
Honestly, for something this long in the works I was expecting a UI less...
retro?

I hesitate to call it outright bad, but I have no idea what to do after I
create a pod. And I'm someone who knows how to write Solidity.

------
booleandilemma
So is the idea that we're going to swing back in the direction of personal
websites again? Pretty much like an Angelfire 2.0?

What separates this technology from everyone just making their own websites?

------
transfire
Hello World example
[https://github.com/melvincarvalho/helloworld](https://github.com/melvincarvalho/helloworld)

------
carlsborg
Is the protocol open and documented? I couldn’t see it.

------
Spivak
So how is a pod different than a self-hosted database?

~~~
erikb
Yeah, and how do people know which format the data has you put inside.

------
narrator
I really have to ask the perennial VC question: "Why Now?" . What changed that
makes this technology ready for mass adoption?

------
juskrey
Now remove Berners' name from this PR tide and try to make sense from all of
that. Looks like another VC pump and dump project

------
xte
Mh, can someone explain how is different this idea from old Plan9 model,
except from the big limitation of "web" tech?

------
spurgu
One idea on top of this would be to store hashes of your files on a
blockchain, to be able to prove original ownership.

------
darepublic
I have had a similar idea about the future of the Web. Instead of navigating
to websites that give you both data and presentation, how about sites that
only give you data adhering to a defined convention. Then you can consume this
data in a common ui and visualization platform that can merge data from
various sources for you and answer questions and visualize info on the fly.

~~~
nerdponx
Hm sounds reasonable. There can be a standardized markup language, maybe like
a simplified SGML or something?

~~~
jackfraser
Hahaha, right? You're just going to rediscover the same path that lead us here
to start with.

------
evbots
This sounds like Blockstack. They've been in production with this for at least
a year now.

------
techntoke
Let me know when they have a new browser that doesn't use HTML and JavaScript.

------
dumbfoundded
It seems like steemit.com may be a better model. On steemit, all of the data
is public on a blockchain. As a result, things you share are public but not
locked into any one application. Many apps exist using the same underlying
structure but serve completely different purposes (See dtube)

------
tomrod
How does this compare to Urbit?

------
hobofan
Disclaimer: This comment contains some self-promotion (as we are working on a
related solution)

Solid overall looks very interesting, and I can very much empathize with the
"decouple data and applications" magic aspect of it (even though they're not
doing a great job describing it). My personal experience has been that with a
good linked-data approach, building apps can become a lot easier, as linked
(more specifically semantic data) mimics traditional information gathering
much better, where you start with a small information point, and then enrich
the data by just adding more and more related data points to it. I also found
that a linked-data approach lends itself better to adaptive UIs, where one
entity might be missing data, that another one has.

All that being said, I feel like Solid made some (non-)decisions that might
lead it down the same path as the things that were tried in the last Semantic
Web hype:

\- Solid is using the same old linked-data formats, that are largely URL
based. The problem with URL based systems is that the content behind those
URLs might at any point disappear, or change. That makes it especially hard if
you try to achieve some semantic conciseness, where the data you entered keeps
at one point in time is guaranteed to keep its semantic meaning forever. \- In
a world where most application developers think about data models on the level
of database tables, RDF/JSON-LD is too low level and verbose when trying to
use it for building something sophisticated. W3C also standardized a higher
level format, OWL2 (which can also be expressed in RDF(S)), which provides a
nice abstraction level in its native form.

Those are some of the lessons I've learned while working on Rlay[0], where
among other things we've built a content-addressable adaptation of OWL2[1] for
the decentralized web. We had to cut some small parts out of the specification
so that the semantic stability of concepts is guaranteed when adding
additional concepts to the worldwide ontology everyone is sharing, but overall
the expressiveness is the same.

Content-addressability has many nice side-effects, but the one I like the most
when it comes to Semantic Data is that it allows for a much more organic
evolvement of the concepts people are using. If you decide to add a new
property to a concept, you can just do that, get a new content-addressing-hash
and start using that instead of the old one. No need to add it to the de-facto
centralized schema repository that is schema.org.

I hope I didn't go off on too many tangents here. I've been meaning to write a
blog post about the topics I touched on for a long time, but never really got
around to it. Well at least this comment exists now.

[0]: [https://rlay.com](https://rlay.com) [1]: [https://github.com/rlay-
project/rlay-ontology](https://github.com/rlay-project/rlay-ontology)

------
Dowwie
Looks like an MVP (Minimum Viable Product) with a sharp landing page to
attract attention

------
zygotic12
Again

------
Cort3z
> Step 2: add jQuery

....

------
theyoungwolf
blockstack?

------
amelius
Please change "solid" to "Solid" (note capital) in the title.

------
gcb0
how is any of this different than "hotlinking" the A or IMG tag in html?

it adds absolutely nothing besides that.

