
How solid is Tim’s plan to redecentralize the web? - okket
https://medium.com/@shevski/how-solid-is-tims-plan-to-redecentralize-the-web-b163ba78e835
======
yason
People are lazy and don't care. They're happy to let Facebook host and own
their data if they can comment and like friends' videos for that. That's
basically fine. From what I can learn from the history the web has mostly been
centralised and will continue to be so. To think, all business domains tend to
converge into few large companies/services, and finally into duopolies and
monopolies if left to their own devices.

What I'm worried about is actively preventing decentralized, small-scale or
hackership services.

If some guy has to effectively stop hosting a forum because of GDPR, or I
can't host my own email server, or serve HTTP out of my home box, or get
decent bandwidth for a private virtual network, Tor, I2P or IPFS while Netflix
works at full speed, or do about anything else than initiate HTTP/HTTPS
connections to known big company grade services or be flagged as a malicious
endpoint, then there will not be a decentralised network living within the
same infrastructure as the centralised behemoths. And that is the death people
are talking about.

A marginal decentralised segment of the current internet is still larger than
the whole decentralised internet in its early years. As long as the old ways
of networking can live, develop, and grow along with the FANG & co that's
fine. But it might not be taken for granted, eventually.

~~~
tpxl
>If some guy has to effectively stop hosting a forum because of GDPR

GDPR does not prevent people from hosting forums

~~~
VBprogrammer
The new Copyright Directive may have that effect though.

~~~
s17n
GDPR is worse, actually. Both laws are making site owners liable for hosting
certain types of content (personal information and copyrighted materials,
respectively). However automatically detecting copyrighted materials is
relatively straightforward compared but automatically detecting personal
information is probably impossible.

~~~
nybble41
_> However automatically detecting copyrighted materials is relatively
straightforward_

Sure, that's easy: everything is copyrighted. The difficult part is
determining whether the uploader can legally share the copyrighted material,
which is just as likely to prove impossible to automate with accuracy and
precision as the detection of personal information.

------
zsck
A lot of folks seem to think this kind of technology needs to be marketed or
launched the way a hip Silicon Valley startup should be. I understand how the
argument that critical mass is the necessary ingredient for success would
appeal to people, but it’s not like the Internet succeeded that way. In fact,
it’s probably better if foundational technology like this is developed and
grown more slowly and deliberately. I have no idea if solid will take off the
way the web has, but it stands a fighting chance. More than being a “viable
competitor” to the web, it needs to be a platform that people _want_ to
develop for. As with the web, cloud and mobile ecosystems, the platform that
developers _want_ to support is the one that wins. If you want to see
something like solid take off, play around with it for a bit. Try making it go
and share your experience.

~~~
egonschiele
> the platform that developers want to support is the one that wins.

This is very hard to believe. Developers hate apple, facebook, and countless
other platforms that are doing very well. Adoption is the fundamental problem,
not what developers _want_ to support. The platform with the most users is
what people will develop for.

~~~
zsck
This is pretty clearly not the case. Apple and Facebook are companies, not
platforms. The platforms these companies develop are wildly successful and
loved by developers.

I think you may be too focused on how developers decide a platform that is
already successful. In that case, yes, which one is already adopted the most
deserves strong consideration. However, when it comes to actually _achieving_
adoption, it’s the platform that developers flock to that tend to succeed, all
else being equal. We are talking about relatively fresh terrain here. There
isn’t already a huge federated system like this that has a lot of mainstream
adoption.

~~~
johncolanduoni
> However, when it comes to actually achieving adoption, it’s the platform
> that developers flock to that tend to succeed, all else being equal.

Perhaps, but I struggle to think of two comparable platforms with similar user
adoption and significantly different developer interest, outside of there
being different sets of developers that hate/love each (c.f. iOS and Android).
I'm definitely not aware of any examples indicating a platform can be saved or
damned by developers loving/hating it: e.g. most developers hated developing
for the PS3 initially but it didn't fare badly in the console wars. Xbox One
however did do much worse than the PS4 because fewer users wanted it.

~~~
lelandbatey
Arguably, Linux owning the back end development space so completely is due to
developer preference.

But I think you do have a point. It's not just developer preference, there are
other big factors like feature offered and ease of entry that determine
likelihood of success.

~~~
baq
> Arguably, Linux owning the back end development space so completely is due
> to developer preference.

and why is that possible? it's because the backend is decoupled from where the
users are.

~~~
pjmlp
Because commercial UNIX companies decided it was cheaper to commoditize UNIX
on their hardware than keeping on investing on their own.

Linux would hardly be where it is without the help of Intel, IBM, HP, SGI,
Hollywood studios, ...

~~~
baq
completely agree. i'm just saying it mostly isn't found on the desktop,
neither on the iphone and you could argue neither really on android, so not in
places where 'normal people' look. these people don't look at the backend so
developers are free to pick whatever they want - Linux, Windows, unikernels,
it doesn't matter for the end user.

~~~
pjmlp
Which is also one of the reasons why GNU/Linux failed as desktop OS.

The lack of focus on UI/UX and a full stack experience for frontend developers
(native/web).

Hence why Android and ChromeOS succeed at it, while hiding what kernel they
run on.

------
jillesvangurp
The man deserves credit of course for helping create the first browsers and
promoting the early web and his work for W3C. However, Tim's track record is
not great when it comes to backing new versions of the web. E.g. Semantic Web
never happened and arguably this is his latest attempt at flogging that dead
horse. So, my prediction is that this won't get very far. It seems the website
is a bit hand-wavy on the actual substance or vision and from what I'm seeing
there's not actually a lot there. This looks like a research prototype to me.

I like the idea of decentralized as much as the next geek. However, there's a
tendency of complex decentralized stuff being something that normal people
don't really grasp or see the value of. Also, a lot of this value is not very
tangible or even real. Most p2p systems have a hard time competing against a
well run centralized system.

A lot of these decentralized Facebook/Twitter alternatives are being populated
by people that, well, aren't that social. If you are like that, the empty room
problem (you have no friends until world + dog joins) is not a big problem.
You might even consider that a feature and not a bug. However, solving the
empty room problem really is the key problem for social networks. How do you
get all the social media whores, self pro-claimed influencers, etc. from
endorsing your super duper decentralized platform and wanting to be there?
Mostly that never happens.

~~~
hutzlibu
"Mostly that never happens. "

Might be because there are no decentralized competitors to facebook, who offer
the same possibilities bugfree. Never seen that.

~~~
fjsolwmv
Same isn't good enough. You need a killer app to get people to switch.

~~~
hutzlibu
When you offer the same technical possibilities, but coorporation free, that
is enough difference to get a critical mass of people to join.

Signal for example still can't compete with WhatsApp on everything, but is
good enough now to get some traction.

------
tareqak
Given the tendency for wealth and power to concentrate, is it possible to
design a competitive, and efficient system where all the actors are
sufficiently prosperous without the formation of any
monopolies/duopolies/oligopolies?

Edit: a follow-up thought. If the answer is no or "it's too hard", then is it
possible have something along the same lines, is it possible for the proposed
system to self-correct away from monopolies/duopolies/oligopolies should they
form?

~~~
mLuby
Your second point is the critical one, and I'll add to it — there must be an
_incentive_ to decentralize, and it must outweigh the numerous incentives to
re-centralize.

We need to centralize around protocols/standards and decentralize ownership of
data. If somehow each piece of data on a user were exponentially more
expensive to keep, that might be possible. But that would be a very strange
law…

~~~
lovemenot
>> If somehow each piece of data on a user were exponentially more expensive
to keep, that might be possible. But that would be a very strange law…

Dave and I agree with your diagnosis, and we would like to propose a solution.
Who is Dave? Well you know him, and I know that you know him and I know that
when we both talk about Dave we must be talking about the same person.

(mLuby I probably don't really know you, this is just a hypothetical).

A casual observer could not approach our common understanding by adding more
data. There's so many Daves after all. In fact they'd need to subtract all but
the right data.

So the solution is a protocol in which increased data adds noise faster than
it adds signal. Such a protocol requires 1000s times more plausible yet
incorrect noise for every signal. Digital chaff.

~~~
mLuby
I don't understand. If Eve (who we don't know) adds data like location, age,
interests to her profile on our Dave, people will want to access her profile
on Dave. This creates an incentive for Eve to aggregate as much data on as
many people as possible.

Are you saying that nobody can know _which_ Dave we're talking about unless we
identify him as Dave-with-cell-5551234567? I don't think that's true, since
human social circles are pretty easy to figure out; see the humorous
hypothetical collection of data about US Founding Fathers.
[http://www.newenglandhistoricalsociety.com/phone-spying-
paul...](http://www.newenglandhistoricalsociety.com/phone-spying-paul-revere-
and-colonial-social-networking/)

~~~
lovemenot
Yes. That is what I am saying. And I agree that the protocol must be so
designed that more data does not increase specificity, but rather increases
noise.

------
PhilWright
The problem with your personal data store is that it will be impossible to
stop the large companies like Google/Facebook from simply copying and caching
a copy of all the data they need to access. You give them permission to handle
your email and calendar information and bingo, they have a copy of your entire
set of emails and appointments. If you use multiple services from
Google/Facebook then they will end up with a good copy of your entire dataset
and can mine it of value just like they already do.

~~~
gibsonf1
On the other hand, what would stop the rise of email UX companies that provide
a PAID service that links to your email with the explicit promise of never
caching it? They wouldn't need to mine it to make money as google does, as
they are being paid, even though the per user cost payment could be quite low
to support a profitable email UX company.

~~~
bostonvaulter2
How could you prove/trust that they never cache the data? I think the only way
is if the "app" actually ran on your PDS (Personal Data Store) instead of
somewhere else. Of course that brings other challenges.

~~~
cma
Ideally you'd pay them and that would be part of the contract. Otherwise
demand a legally enforceable promise (via promissory estoppel).

~~~
shareometry
I also think there is a need to figure out how to enable community-controlled
SaaS platforms in addition to this. LibreOffice, for example, has essentially
released an online office suite. But it has decided not to actually operate
and offer this suite to the public in ready-to-use fashion. From what I
understand, it is just too difficult and resource-intensive to do that. So
it's up to companies running paid platforms to do it (or you can spin it up on
your own server/instance and run it yourself). There's nothing inherently
wrong with this. But it seems to me that there's a "next step" to take by
figuring out how to enable fully community-controlled platforms so that a
project like an open source G Suite (running at scale with an iron-clad
privacy guarantee that is backed by community audits) that you can just go
create an account on could become a reality one day. This seems like it would
require a non-profit organization akin to Mozilla. How great would it be to
have a community-controlled non-profit organization operating a trusted cloud
platform, perhaps even audited by a group like the EFF? Very challenging, for
sure. But it seems humanly possible.

------
debacle
Isn't this plan the same as the last plan (the name of which I can't even
remember - app something. There was a kickstarter), just with Tim Berners-
Lee's name attached to it?

My main concern is that this project is DOA for the same reason that the last
few have been - too much of an academic focus tending towards navel-gazing,
not enough network effect to draw hobbyists, and zero money to attract
businesses.

The PDS needs to be a personal cpanel. Something with powertools for the
enthusiast but enough shiny for the tech hipsters to use it even if they don't
know why. It needs to be designed with an Apple-like mindset from end to end,
and willing to make fundamental and architectural compromises (or sacrifices)
for user aesthetic.

That probably wont happen.

If the effort around this was instead used to make something like Mastodon
better, we might see much more widespread adoption of that platform. You could
probably find non-profit funding for sufficient centralized infrastructure to
kickstart a healthy mesh network.

~~~
marktangotango
The issue from a hosting provider is the platform has to be 100% sandboxes;
cpu, heap, network and file system access. Lua is the only runtime that
provides this level of control. SQLite can do massive multi tenancy and
acceptable performance if used correctly.

~~~
teleclimber
Agree it has to be 100% sandboxes. Note that TC39 has a proposal for realms
that is moving along. It is meant to allow sandboxing in JS.

[https://github.com/tc39/proposal-realms](https://github.com/tc39/proposal-
realms)

~~~
abecedarius
See also [https://sandstorm.io/](https://sandstorm.io/)

------
croisillon
"redecentralize founder" writing a post on medium.com, oh the irony

~~~
drngdds
It's like everyone forgot you can host your own blog

~~~
mark_l_watson
It drives me nuts when friends and associates write long form content on other
people’s/organization’s platforms.

The purpose of FaceBook, Twitter, Google+, etc. should be as a place to put a
link to your content in your own domain.

------
Dowwie
These projects could seriously backfire in unanticipated ways. There are a lot
of important matters to explore in this space by law and philosophy wonks. I
think that Solid and the other emerging platforms are more likely to create
new revenue streams for those already in the business of selling PII than
helping individuals protect and manage their PII.

If each of us can control personal information about ourselves, the Supreme
Court may rule in favor of this information as property. __The __problem is
that this is not a realistic scenario. Most of our personal information
involves parties other than ourselves. Counterparties can rightfully stake a
claim to information they helped to create. Why wouldn 't they? There is no
clear breach of ethics by doing so.

So, let's assume the world adopts Solid pods to manage this data. Is each pod
really a single source of truth? Any pod organized by an individual could just
as easily be created by a counterparty, with some modification.

Then, suppose a marketplace exists for this information. Who is dedicating
effort to monetizing their pods? How will individuals, who work for a living,
compete with organizations mandated to maximize pod revenue? Both have legal
claims.

My prediction is that contrary to what Lee, Pentland [2], Mazzucato [3] and
others envision, Solid and its growing number of equivalents will spawn a new
generation of business models and go even further than they do now, by
introducing financial products linked to monetization. The main beneficiaries
are those already monetizing personal information and those who will
securitize them.

[1] [https://enigma.co/](https://enigma.co/)
[2][https://www.technologyreview.com/s/611489/lets-make-
private-...](https://www.technologyreview.com/s/611489/lets-make-private-data-
into-a-public-good/)

------
gibsonf1
It seems the author is missing the point in advocating big government
solutions and government regulation to somehow fix the privacy problem.

Imagine if you owned and controlled all your email vs. gmail reading it all?
For companies, owning their proprietary data is an enormous market. I'm
planning to launch a Solid service on top of Allegrograph in the next month or
two to service my business customers.

~~~
wmf
I don't think they're missing anything. The article mentions that even though
you "own" your data in Solid, companies will still cajole you into
"consenting" for them to data-mine it.

~~~
gibsonf1
For the email example, people will have a choice of paying a small amount for
a cross-platform private/encrypted UX service, or _free_ by allowing a company
to read and datamine all of their email. I'm guessing a surprising number of
people will pay a small amount for privacy given how badly things are going in
the silos today.

And that UX service can easily import a users entire email history from google
and others, and then use the graph to expose relationships and browsing not
currently available in google and other services.

------
dustingetz
Can anyone name one for-profit company that wants to build software on Solid?

~~~
kromem
It's not like the early Internet was a haven of for profit companies in the
early days.

Early on most of the profit was in providing the access, not the content.

~~~
seanhunter
This would be competing against the existing internet though, where there are
a lot of for-profit companies fuelling the content (for the consumer). If I'm
a business I need to decide whether to back a scrappy startup infrastructure
with no users or to go with the established internet with a vast potential
customerbase. If I'm a user I need to decide between the existing internet
with vast swathes of content and huge numbers of different services and this
new network with better protections for my privacy but basically none of the
above.

The early internet was innately disruptive and extremely different from
anything that was there before. This doesn't have that advantage as far as I
can see.

------
ElBarto
In my view Solid is trying to provide a technical solution to a problem that
isn't technical.

The internet and web are already decentralised technical solutions.

But self-hosting is not a feasible solution for people and network effects
mean that they'll gravitate to a few platforms.

That's simply the way it is.

Google, Facebook, etc. naturally emerged and similar near-monopolies will
emerge with any other technology providing a decentralised network, including
Solid.

------
edhelas
By reading the Solid website I was wondering if it was not basically what
OpenID tried to offers 10 years ago? [https://openid.net/what-is-
openid/](https://openid.net/what-is-openid/)

> OpenID allows you to use an existing account to sign in to multiple
> websites, without needing to create new passwords.

> You may choose to associate information with your OpenID that can be shared
> with the websites you visit, such as a name or email address. With OpenID,
> you control how much of that information is shared with the websites you
> visit.

Is Solid having the NIH syndrome?

~~~
frabcus
There are some similarities. But the key difference are:

1) Solid is designed for you to store large, complete sets of data you care
about over the protocol. OpenID is mainly about identity, and the associated
bits of metadata are small and can't be written to by the OpenID protocol.

2) Solid separates the data storage from the application provider. So _all_
your data could be in your Solid personal data store, and none in the
application provider. (This was normal on Microsoft Windows in the 1990s, so
think of it as a cloud version of that model of application development / data
storage).

This is a high level quick answer - correct me if I've misrepresented
something. Quickly looking there are lots of OpenID-related standards that
I've never read or used, and I bet some write data!

~~~
Vinnl
In that sense, I think it's more like
[https://remotestorage.io/](https://remotestorage.io/)

------
amelius
Why didn't we have these problems back in the days when telephony got started?

Shouldn't we go back to some of the core values we had back then?

Also, when the internet started, universities and government institutions were
inventing and running the internet, while companies were just providing the
hardware. Seems like a better model to me in principle, although we need
stricter privacy regulation.

It seems stupid to hand our data to ... the entities that have an incentive to
abuse our data.

------
miguelmota
The average person prefers convenience over decentralization because ‘it just
works’. Decentralized services right now are slower and harder to use so I
don’t see it take off until the usability and performance becomes just as
comparable to centralized services

------
henryluo
Yes, Solid is something to looking forward to.

Many years ago, we face the vendor lock-in problem from the software giants,
due to proprietary data formats. Thanks to Tim, W3C, XML and open source
community, that is less of a problem today.

But now we face the problem of vendor lock-in, not due to proprietary formats,
but due to cloud-service lock-in. With all the software giants, Microsoft,
Google, Facebook, Amazon, ... offering their services primarily as cloud
services, this cloud lock-in issue is going to become more severe in years to
come.

It's a new war the software industry needs to fight. It cannot be addressed
just by one person, one project, one organization. It needs collaboration from
the entire community.

------
mark_l_watson
I enjoyed listening to Tim and others talking about systems like Solid at the
2016 Decentralized Web Conference.

I liken projects like Solid to be similar to permissioned blockchain where
small groups (people or organizations) use a private platform with lighter
weight consensus algorithms than proof of work. Success can be had for small
focused communities if there is enough value for users.

After trying to get friends and family to use a private Apache Wave instance
for shared communication, and failed due to lack of interest on their part, I
now don’t underestimate how difficult it is to move people off of centralized
platforms.

------
jacquesm
Obligatory cynical comment: It won't work. For the simple reason that if it is
successful commerce will find a way in. A large enough group of people will
_always_ be marketed to in one way or another. And once that happens the
budgets will follow and before you know it you are in the next phase of
centralization. I would not know of a way to side-step this effect, unless the
plan is to create something that only few people will ever use.

The internet already is for everyone - everyone with an internet connection,
that is - and that is precisely the problem. So unless you are willing to
drastically limit the influx of users sooner or later there will be a swing
back to centralization, for instance by companies that require you to give up
some of your rights in exchange for hosting your data. And then you are more
or less back to today, only with lots of little data-stores that can be merged
at will by whoever controls the storage facility after you cough up your keys
in return for something shiny.

~~~
Kostchei
It's not about avoiding marketing. It's about ownership and control.

If I want my stuff to be analysed- I let that happen- it finds business or
social matches- awesome. I just need the option to turn that off for things I
don't want greped- like banking.

I too am in favor of paid for services. Because that is what happens
eventually. You pay for it. I'd rather make a decision and choose who I pay,
as opposed to having my choices and VIEW-OF-THE-WORLD limited because
everything is "free" but funded by marketing.

~~~
jacquesm
I would love to 'own' all my data. But companies offering services will win
out because they do not have to play nice with you or your data store. Take
Gmail, Facebook or Google docs as examples. In principle that's _your_ data.
But Gmail has successfully convinced people that Google is able to run its
mail service better than you or your corporation ever could. In return for
'reading your mail', and vast amounts of corporations and individuals seem to
believe them.

Ditto for Facebook and yet another encore for Google docs.

Once established economies of scale and network effects will do the rest. A
new system would have to fix a lot more than _just_ the security angle because
it is well known that security is always going to be secondary to convenience,
a factor that large entities will find much easier to control than many small
ones.

So, I really hope they will manage but I'm not going to hold my breath until
they do. Note this comes from a guy that does not have a Facebook account, no
smartphone, runs his own web and mail server.

~~~
fjsolwmv
What is going to prevent everyone on Solid from getting constantly hacked by
0-day bugs and all their data read?

~~~
jacquesm
Wrong thread?

------
rmkoek
I'm still not sold on this idea. I ask why help John/Jan Doe Net Shopper
protect their data? If Net Shopper X is that concerned about said issue a
little research and implementation a Net Shopper X can privately and securely
shop. However my constituents feel it's our obligation to use our skills and
knowledge to help Net Shopper X because they are to stupid to do it
themselves. Like a Shepard needs to protect the sheep from the wolves. So at
this time its still just conversions rather then actions in my circle.

------
keithnz
my biggest worry is that the "granular permissions" just won't work. People
already just say "Yes" to give away their data, this actually seems to make it
easier to get to a lot of personal data because people will just say "Yes" to
whatever is asked for when they want to use a service.

------
xtf
I would be happier in a decentralized network staying connected with other
sheeple and have my own options of sharing information.

This is an attempt to doom it before it was even tried.

~~~
drasticmeasures
Facebook / gov can import all your data from Solid, rendering your options of
who to share info with a cruel illusion.

------
erfgh
Not solid. To build a good user experience you need to have end-to-end
control. If you don't control the hardware your product will suck.

