Hacker News new | past | comments | ask | show | jobs | submit login
How solid is Tim’s plan to redecentralize the web? (medium.com)
291 points by okket 9 months ago | hide | past | web | favorite | 168 comments

People are lazy and don't care. They're happy to let Facebook host and own their data if they can comment and like friends' videos for that. That's basically fine. From what I can learn from the history the web has mostly been centralised and will continue to be so. To think, all business domains tend to converge into few large companies/services, and finally into duopolies and monopolies if left to their own devices.

What I'm worried about is actively preventing decentralized, small-scale or hackership services.

If some guy has to effectively stop hosting a forum because of GDPR, or I can't host my own email server, or serve HTTP out of my home box, or get decent bandwidth for a private virtual network, Tor, I2P or IPFS while Netflix works at full speed, or do about anything else than initiate HTTP/HTTPS connections to known big company grade services or be flagged as a malicious endpoint, then there will not be a decentralised network living within the same infrastructure as the centralised behemoths. And that is the death people are talking about.

A marginal decentralised segment of the current internet is still larger than the whole decentralised internet in its early years. As long as the old ways of networking can live, develop, and grow along with the FANG & co that's fine. But it might not be taken for granted, eventually.

"People are lazy and don't care. They're happy to let the King and nobles be educated, decide, rule them and govern the country." could have said many 3 centuries ago.

Cue https://en.wikipedia.org/wiki/Freedom_of_association.

"Because freedom of association necessarily recognizes pluralistic sources of power and organisation, aside from the government, it has been a primary target for repression by all dictatorial societies."

And that freedom is rather young (19th century).

Hosting/owning data and the processes on them is no different as an exercise of sovereignity.

At this point, today, it's more a matter of law (it must be recognized and guaranteed) than a matter of ability (it's possible) or market (it exists). That's where the battle is.

Well put. All the regulation and change Ralph Nader and co managed to make happen didn't take more than a few hundred motivated people - https://m.youtube.com/watch?v=OWxc_kYmPTE

People are "lazy and don't care" is dialogue you hear from people who don't have the experience of getting things done.

People are lazy and don't care.

It's why we are now in a world where either Google or Apple have access to pretty much every piece of data that every person on the planet produces or consumes.

The Google Problem in particular is spawned by people wanting free or cheap stuff at any cost.

It will take more than a few hundred people to change this now. It's too entrenched.

People aren't lazy and don't care.

People are busy and have other priorities and don't see meaningful gains for investing time and effort in opposing the endless torrent of technofeudalism washing over them.

Trying to moralize a co-ordination issue is great way to shift the responsibility for bad things occurring from those doing it to those who failed to resist it.

Yes they/we are. And more over, they are unaware and/or uneducated.

So were they before when literacy and education was limited to nobility and clergy (probably not so much per design, but per means and imagination and interest). And so couldn't understand WHAT general people literacy and education could bring to society as a whole and for every one.

It's not a matter of guilt or lazyness. Things take time to enter the mind of one person, even more so the mind of societies.

An educational/technological advantage is not always but often a winning one.

And that is not an excuse.

>If some guy has to effectively stop hosting a forum because of GDPR

GDPR does not prevent people from hosting forums

Explicitly no. Though practically that seems to be the effect.

How so? All you have to do is not collect personal data, which is easy.

I don’t run any forums at the moment, but when I did, the software I used gave users massive opportunity to provide information about themselves. Some users loved this and filled in every field, perhaps because they enjoyed that it made socialising easier.

The problem for anyone wanting to host a forum is that using off-the-shelf software is a sensible route, but the available software might still be leaning towards offering to collect data like this, might not yet have support for GDPR disclaimers, checkboxes, etc.

What I’m saying is let’s assume neither malice nor incompetence and instead that those wishing to host forums may be hamstrung by the available software.

The new Copyright Directive may have that effect though.

GDPR is worse, actually. Both laws are making site owners liable for hosting certain types of content (personal information and copyrighted materials, respectively). However automatically detecting copyrighted materials is relatively straightforward compared but automatically detecting personal information is probably impossible.

> However automatically detecting copyrighted materials is relatively straightforward

Sure, that's easy: everything is copyrighted. The difficult part is determining whether the uploader can legally share the copyrighted material, which is just as likely to prove impossible to automate with accuracy and precision as the detection of personal information.


How would that have that effect?

I'm no expert, but from what I've heard, site owners can be held liable for hosting copyrighted material now. If you're running a site with lots of user generated content, it could be difficult to distinguish what is 100% user made vs copied from somewhere else.

Someone correct me if I'm wrong.

It's time to start copyright check startup.

You are absolutely correct. This law could have such effect.

More realistically, this is a problem that has no easy technical solution that originates from a law that still isn't adopted.

If I were an owner of such platform, I wouldn't worry too much about it now. In a year... maybe.

Even more realistically: is there any reason to assume any of this stuff will ever be enforced, let alone enforced against obscure forums?

Here in the UK, these sorts of laws have had, as far as I know, zero enforcement.

http://nocookielaw.com/ https://silktide.com/the-stupid-cookie-law-is-dead-at-last/ https://silktide.com/dear-ico-this-is-why-web-developers-hat...

Ive said the same thing before about not just facebook, but google/microsoft owning email, uber/lyft owning taxi, yelp/tripadvisor owning restaurant reviews.

Absolutely nobody actually seems to care about decentralized databases and networks feeding compatible clients info. Every user interface is made by the people holding the data in a walled garden.


Heard of the IndieWeb guys? https://indieweb.org/

>From what I can learn from the history the web has mostly been centralised and will continue to be so.

How do you define "web" and "centralized" here? The internet (not necessarily the world wide web) was created to be decentralized because the US military recognized that having a single point of communication failure was a bad design (http://ccr.sigcomm.org/archive/1995/jan95/ccr-9501-clark.pdf).

In my estimation, the most centralized thing about the internet as we currently know it is the physical infrastructure (which is still not really centralized, but there's a relatively small number of Tier 1 networks connecting everyone else). But the protocols can be implemented over radio if necessary (albeit much more slowly), so even that's not really centralized.

My estimation is that as governments increase regulation of the internet as we know it, more people will move to TOR or something like it (move to the "dark web" if you like) as a way to just do normal internet things without the need for a lawyer. The governments in turn may decide to outlaw that (as in China), but enforcement of that seems infeasible against determined and skilled citizens.

How do you define "web" and "centralized" here? The internet (not necessarily the world wide web) was created to be decentralized

Web as the world wide web of HTML pages served over the HTTP protocol. And centralised as served by the handful of biggest players in each market.

Even early on big centralised portals were attracting users. Internet started to attract common folks as soon as some services grew big enough to become "go to sites" at which point word of mouth was crushing smaller players. People didn't use Neighbour Joe's Web Crawler for searching, people used something like Alta Vista. The market for shopping on the internet increased directly as a function of big commerce sites gaining popularity. The small players never enjoyed more than a fraction of the number of users the big players had.

It seems to me that this suggests common people who do not have an interest in technology want to rely on a single (or at most few) brand(s) of service providers which basically leads to a winner-takes-all market and that just adds into centralised nature. If your mother wants to buy something on the internet isn't the only clue she has called "Amazon" ? (Or some applicable local market leader, depending on the country.)

Even if internet itself was completely decentralised and people were using RFC 1149 to reach the net I'm pretty sure they would still be connecting to Amazon, Ebay, Google, and other centralised hubs.

The leading metric to change all of this is to develop a person's self-awareness, to connect themselves with themselves more deeply, so they can feel the pull-distraction that ads cause - and understanding the manipulation and general shallow level of information used in ads - and thus feel repulsed by them, and then want to not have them be in their life unexpectedly. If you can't perceive or sense the impact or associate to the impact, then you can't care about it - and caring is what leads to impulse, and action vs. laziness.

It is definitely warrants to be concern and care to have, for safety and security purposes of society as a whole to counter the will of bad actors that perhaps will ebb and flow until the end of time; it's why I believe as a signal point (a canary) for government-citizen relationships, is a deeply embedded law that allows for mesh networks to be always allowed - and so the moment there is an organized crackdown on this, we can know something is up - whether that is capitalistic for-profit efforts of people thinking more selfishly or a bad actor who has malicious and hatred-based goals/impulses.

A lot of folks seem to think this kind of technology needs to be marketed or launched the way a hip Silicon Valley startup should be. I understand how the argument that critical mass is the necessary ingredient for success would appeal to people, but it’s not like the Internet succeeded that way. In fact, it’s probably better if foundational technology like this is developed and grown more slowly and deliberately. I have no idea if solid will take off the way the web has, but it stands a fighting chance. More than being a “viable competitor” to the web, it needs to be a platform that people want to develop for. As with the web, cloud and mobile ecosystems, the platform that developers want to support is the one that wins. If you want to see something like solid take off, play around with it for a bit. Try making it go and share your experience.

> the platform that developers want to support is the one that wins.

This is very hard to believe. Developers hate apple, facebook, and countless other platforms that are doing very well. Adoption is the fundamental problem, not what developers want to support. The platform with the most users is what people will develop for.

This is pretty clearly not the case. Apple and Facebook are companies, not platforms. The platforms these companies develop are wildly successful and loved by developers.

I think you may be too focused on how developers decide a platform that is already successful. In that case, yes, which one is already adopted the most deserves strong consideration. However, when it comes to actually achieving adoption, it’s the platform that developers flock to that tend to succeed, all else being equal. We are talking about relatively fresh terrain here. There isn’t already a huge federated system like this that has a lot of mainstream adoption.

> However, when it comes to actually achieving adoption, it’s the platform that developers flock to that tend to succeed, all else being equal.

Perhaps, but I struggle to think of two comparable platforms with similar user adoption and significantly different developer interest, outside of there being different sets of developers that hate/love each (c.f. iOS and Android). I'm definitely not aware of any examples indicating a platform can be saved or damned by developers loving/hating it: e.g. most developers hated developing for the PS3 initially but it didn't fare badly in the console wars. Xbox One however did do much worse than the PS4 because fewer users wanted it.

Arguably, Linux owning the back end development space so completely is due to developer preference.

But I think you do have a point. It's not just developer preference, there are other big factors like feature offered and ease of entry that determine likelihood of success.

> Arguably, Linux owning the back end development space so completely is due to developer preference.

and why is that possible? it's because the backend is decoupled from where the users are.

Because commercial UNIX companies decided it was cheaper to commoditize UNIX on their hardware than keeping on investing on their own.

Linux would hardly be where it is without the help of Intel, IBM, HP, SGI, Hollywood studios, ...

completely agree. i'm just saying it mostly isn't found on the desktop, neither on the iphone and you could argue neither really on android, so not in places where 'normal people' look. these people don't look at the backend so developers are free to pick whatever they want - Linux, Windows, unikernels, it doesn't matter for the end user.

Which is also one of the reasons why GNU/Linux failed as desktop OS.

The lack of focus on UI/UX and a full stack experience for frontend developers (native/web).

Hence why Android and ChromeOS succeed at it, while hiding what kernel they run on.

Windows Phone is a platform that died cause developers did not get it. I think the issue I have with your PS3 example is that it is PS3, PlayStation was already on its third iteration. With PS2 being one of the most successful consoles of all time, companies were baked into that ecosystem. Whatever Playstation gave them, they had to work with, they fed their families that way. But I agree with the comment above. Developers support platforms (That are not yet popular) because they find it inspiring, they, in turn, give feedback to what they dislike about the platform, and if the platform has good management and responds quickly, developers work to grow that platform out. All great platforms I know today are because the company behind them inspired developers on what they could achieve using it.

I suspect this is reversing causality. Developers flock to the platform that is succeeding.

This is true of most things. Applicants flock to the industry that is hiring the most. It would be nice if the industry hiring the most was the most worthy, but that is doubtful. Consider mining communities.

Of course it's both. But I think (independent) developers are much more likely to publish for a platform they think is fun to develop for.

And in this we just disagree. I assert people independently develop where they can. If they have the means, they develop where they can make money.

I think you may be in a bubble. Many developers like apple, and facebook enough to work for them. In fact, its that which keeps both platforms viable in the face of stiff competiton and shallow moats.

Facebook has a shallow moat? People only use it at all because of the network effect.

And Apple's main draw is the large number of affluent customers. They'll have developers as long as they have those users, whether the developers like it or not. Which is why they can get away with charging 30% to developers when platforms have historically given incentives to developers to develop for their platform.

That is a bit circular to say developers like Apple because they like money, thus Apple is not truly liked for itself.

Apple was successful in building a platform because it's in house developers were capable of putting together something that was popolar with many people. They built on that to make more money by allowing other developers to use their platform.

However two things come to mind:

1. Competency is not a moat. If Apple loses developers it's next product will not be so much better than competition that it's success will maintain against erosion.

2. For all people talk about associating with necessary evils; when you associate with someone long enough, you begin to think they are not evil. Thus it seems reasonable to think developers do not hate Apple, if they work with Apple.

> That is a bit circular to say developers like Apple because they like money, thus Apple is not truly liked for itself.

It's almost as if users patronize Comcast because they like internet access and Comcast is not truly liked for itself. It's almost as if drivers patronize the DMV because they like driving without being arrested and the DMV is not truly liked for itself.

There is a big difference between needing something and liking it.

> Apple was successful in building a platform because it's in house developers were capable of putting together something that was popolar with many people. They built on that to make more money by allowing other developers to use their platform.

But who are they to be allowing anything? GE makes a fine electrical distribution panel but that doesn't mean they get to decide what kind of lamp or microwave or laptop I can use with it.

> 1. Competency is not a moat. If Apple loses developers it's next product will not be so much better than competition that it's success will maintain against erosion.

Network effects are a moat. Apple had the first mover advantage, so they had the initial users and the developers follow the users. Then the users stay because the developers are there and the developers have no choice but to stay if they want access to those users.

The users could switch to Android -- most of them already have. But the developers can't make the remaining users move outside of some sufficiently large organized boycott, which are notoriously difficult to effectuate because of the coordination problem.

> 2. For all people talk about associating with necessary evils; when you associate with someone long enough, you begin to think they are not evil. Thus it seems reasonable to think developers do not hate Apple, if they work with Apple.

By this logic the most beloved entity in the country should be the IRS. And if people had to file four times a year instead of once they would like them even more.

You're talking past each other: contributing to the App Store isn't the same as working for Apple.

"Developers hate apple, facebook, and countless other platforms that are doing very well. "

No, most developers don't hate anything. Most developers are just normal people makin' stuff because their company pays them to.

Most developers are not particularly ideological.

Just some of us are ... perhaps a little bit more than in other industries.

"Most developers are just normal people makin' stuff because their company pays them to."

And normal people do have feelings. So they like or love the things they do, or despise or even hate them. Unless they became mindles zombies along the way.. which happens, but much more common is rather that they project all the other negative feelings into technology X or Y ... at least it often seems like this, when I read another rant about the technology Z.

It isn't about ideology it is about ease and quality.

Facebook is legendary for introducing breaking changes to their API without warning, for having terrible documentation, baroque and inconsistent APIs, flaky behaviour and broken examples.

Whatever you think of Facebook the company, Facebook the API is something everyone I know has horror stories about.

What developers?!

I really dislike this HN generalization that software developers are a big mass of people that think all the same way, which most of the time is actually a synomim for a thin subgroup of developers doing web applications with CLI tooling on UNIX like OSes.

There are many kinds of developers out there, some of us have experienced multiple kinds of platforms and development models towards the years, to make our business decisions how to provide our work according to points of view and related cost/benefit.

I remember when Facebook was very developer-friendly (2006-ish). Significantly different experience at the time developing applications for FB vs Myspace and the lesser social networking platforms of the age.

Developers love Apple. They don't have to worry whether their apps will work on a million different Android devices.

Some developers love them, but as a developer myself the idea that I need apples permissions to run my own apps on my own machine makes my skin crawl.

If early computing was a walled garden environment like iOS I never would have been a developer.

Early computing was a kind of walled garden.

Each computer system was its own eco-system with special hardware features.

The PC was the exception to it, only because IBM wasn't too clever about securing the platform like everyone else.

There's more than one developer out there. Developers do hate Apple.

Other developers may love it.

Apples and Oranges. Your analysis is after the fact, and those arenas aren't open development environments. Adoption follows content creation. Not every time, but the essence of the sentiment 'build it and they will come,' shouldn't be dismissed.

I’m not sure I follow developers hating Apple when 99% of the engineers I see use an apple laptop.

As to facebook, we’ll see if it survives. There’s not much to use it for aside from advertising as a platform, and I’ve heard nothing but negatives about return on ads.

Plenty of people hate things they are stuck with for lack of usable alternatives

Maybe. I just don’t see a shred of evidence developers generally hate Apple.

Most developers I know use MacBooks, my own staff included.

Most JS developers quite like stuff like react, and most api developers like graphQL. So while developers may dislike Facebook as a company, they don’t seem to dislike Facebook tools.

I don’t think the platform that developers like will necessarily take of though.

> Most developers I know use MacBooks, my own staff included

I'm just letting you know that we both apparently have very biased samples on this matter.

Yes, people are different. :)

When I was 20 years younger most developers I knew loved Linux. So maybe she plays in. I know I left gentoo for a Mac in 2006 and I’ve never looked back.

I don’t dislike Linux by the way, I just don’t want to spend time configuring things anymore.

perhaps gentoo was not a good fit for you?

currently develop on mac but still linux at home

Gentoo was certainly a terrible fit, but I've had my runs with Debian, ubuntu and fedora as well, and it somehow always ends up being configuration hell, which then breaks with some random update, prompting me to do it all over.

These days it's more than that though. I mean, I'm completely drenched in the apple eco-system, and it's kind of nice to get iMessages on my MacBook and sharing data between devices so easily. I now I could setup something similar with stuff like own cloud, but then I'd have to do that, instead of it just working out the box.

Like I said, I don't dislike linux. I've never really disliked an OS until windows 10, but I just don't bother with technology that isn't designed for user experience anymore.

Like my first smartphone was an android, I don't think I'll ever own an android phone again. :p

I honestly don't believe that developers hate Apple/Facebook.

If developers hate Apple then why do they buy macs?

Why would you ask such a weird question? Is Apple an all-encompassing, lifetime sect? all or nothing? I like developing on my MacBook but I hope to God I will never have to write a line of code for the walled garden iOS, though I may not even get a choice at some point. Sometimes Apple makes very nice and useful things, sometimes some things they make are really shitty, other large parts of what they do I hate very much, like their monopolistic control freak tendencies.

I’m seeing less and less developers buy Macs...

In favor of linux? Chrome books?


One reason the world is so screwed up in 2018 is that people think they have to get everything for free.

Thus "your smartphone" is really an extension of other people's brands. It's not a tool to control your environment but a way sinister forces in the environment control you.

I like Linux for certain things but since you don't pay for it you influenced by the priorities of those who do pay: IBM, Google, the corporate customers of Red Hat.

Since you do pay for Windows and you do have a choice, Microsoft is working for you and there is an incentive to make the OS better.

Developers are moving away from Apple hardware, that is quite visible. The operating system is a much better question, that is hard to answer - given the fact that linux runs on anything, Window runs on a lot of things, and Hackintosh exists.

Only those using Macs as pretty UNIX.

There are other kinds of developers.

I can't imagine hating Facebook as a developer. Just because some people hand over their personal information to them? I'll gladly overlook that when they gave me things like React, React Native. GraphQL, Jest, Flow.

You can't imagine that some people find a few fad frameworks not appealing enough to overlook hijacking the world's social relationships?

> it needs to be a platform that people want to develop for

Have you tried developing an app for it? Docs are solid, but time is valuable. Why don't they include a bunch of super simple apps to show how it all works and make entry as easy as possible?

I want solid to succeed (well, anything comparable is also ok), but as much as I don't like it, marketing wins over how good the product is. That's just how it is today. That's how open source libraries and projects grow. It has to do with tons of available information, world moving forward very fast and our limited attention.

While I understand this point, there are other things than the technical aspects, the Diaspora precedent is a cautious tale of why not to chose this approach : It will attract the most toxic people of our communities.

The popular communities (Twitter. Reddit, Youtube, email spam) are already toxic. The solution to that is good UX this puts users in control of which content is put in their face.

I'd suggest a bit of reflection on this comment.

There is a bubble or perspective that derides everything popular as toxic, but I encourage you to think in degrees, and compare things.

For example, visit voat.co, and then 4chan, and then compare them to the sites you listed. And hell! compare them to your family discussions, and what you see on fox/cnn/msnbc. I bet you can find a spectrum of toxic content, and I bet the sites you listed aren't at the extreme toxic end.

I agree that some places are worse, but I don't see value in accepting a more diluted poison. Bad apples spoil the bunch. In fact Reddit's I'll may be worse because the non toxic content is attractive enough that it draws users in only to be chronically sideswiped by the toxic content, while voat can be simply if ignored.

The best comment I've read all day.

The man deserves credit of course for helping create the first browsers and promoting the early web and his work for W3C. However, Tim's track record is not great when it comes to backing new versions of the web. E.g. Semantic Web never happened and arguably this is his latest attempt at flogging that dead horse. So, my prediction is that this won't get very far. It seems the website is a bit hand-wavy on the actual substance or vision and from what I'm seeing there's not actually a lot there. This looks like a research prototype to me.

I like the idea of decentralized as much as the next geek. However, there's a tendency of complex decentralized stuff being something that normal people don't really grasp or see the value of. Also, a lot of this value is not very tangible or even real. Most p2p systems have a hard time competing against a well run centralized system.

A lot of these decentralized Facebook/Twitter alternatives are being populated by people that, well, aren't that social. If you are like that, the empty room problem (you have no friends until world + dog joins) is not a big problem. You might even consider that a feature and not a bug. However, solving the empty room problem really is the key problem for social networks. How do you get all the social media whores, self pro-claimed influencers, etc. from endorsing your super duper decentralized platform and wanting to be there? Mostly that never happens.

"Mostly that never happens. "

Might be because there are no decentralized competitors to facebook, who offer the same possibilities bugfree. Never seen that.

There have been plenty of attempts over the years. But even if you have the exact same feature set, looks, ux, etc., you still have an empty room. You need an incentive for people to actually switch. That's what's missing.

Decentralized is an implementation detail for most users that they don't really understand or appreciate.

I do believe there is an opportunity for something new to displace facebook. FB is not a healthy network at this point. It's shrinking and users are disengaging or even afraid to use it.

Same isn't good enough. You need a killer app to get people to switch.

When you offer the same technical possibilities, but coorporation free, that is enough difference to get a critical mass of people to join.

Signal for example still can't compete with WhatsApp on everything, but is good enough now to get some traction.

Given the tendency for wealth and power to concentrate, is it possible to design a competitive, and efficient system where all the actors are sufficiently prosperous without the formation of any monopolies/duopolies/oligopolies?

Edit: a follow-up thought. If the answer is no or "it's too hard", then is it possible have something along the same lines, is it possible for the proposed system to self-correct away from monopolies/duopolies/oligopolies should they form?

Your second point is the critical one, and I'll add to it — there must be an incentive to decentralize, and it must outweigh the numerous incentives to re-centralize.

We need to centralize around protocols/standards and decentralize ownership of data. If somehow each piece of data on a user were exponentially more expensive to keep, that might be possible. But that would be a very strange law…

>> If somehow each piece of data on a user were exponentially more expensive to keep, that might be possible. But that would be a very strange law…

Dave and I agree with your diagnosis, and we would like to propose a solution. Who is Dave? Well you know him, and I know that you know him and I know that when we both talk about Dave we must be talking about the same person.

(mLuby I probably don't really know you, this is just a hypothetical).

A casual observer could not approach our common understanding by adding more data. There's so many Daves after all. In fact they'd need to subtract all but the right data.

So the solution is a protocol in which increased data adds noise faster than it adds signal. Such a protocol requires 1000s times more plausible yet incorrect noise for every signal. Digital chaff.

I don't understand. If Eve (who we don't know) adds data like location, age, interests to her profile on our Dave, people will want to access her profile on Dave. This creates an incentive for Eve to aggregate as much data on as many people as possible.

Are you saying that nobody can know which Dave we're talking about unless we identify him as Dave-with-cell-5551234567? I don't think that's true, since human social circles are pretty easy to figure out; see the humorous hypothetical collection of data about US Founding Fathers. http://www.newenglandhistoricalsociety.com/phone-spying-paul...

Yes. That is what I am saying. And I agree that the protocol must be so designed that more data does not increase specificity, but rather increases noise.

Yeah, it probably more realistic (and possibly even ideal in its own way) to assume that obtaining the desired equilibrium will always be an adversarial process. Having proven ways to measure the dominance of each actor or having canaries / alerts is important, but not enough: there has to be ways to measures detect if anyone has subverted, gamed, or compromised the measures themselves.

the SafeNetwork seems like the best decentralised project in that respect. the more resources you share with the network (cpu, hard drive space) the more money you earn. that should more than enough incentives for most poeple!

there are a few other things too like only being charged to upload files once vs paying a subscription for the rest of your life, or only needing one password for all sites.

Price's Law says no:

> 50% of the work is done by the square root of the total number of people who participate in the work.


Hm. I worked in a team of 4 for quite some time, and it did always feel quite fair, now that you mention it.

I saw what you did there.

I wonder if that observation depends on how fungible the output is. I also have a point of contention in that 50% of the work is not necessarily the same as 50% of the created value.

Wikipedia also fixes the definition of Price's Law to be specifically around authors and their publications [0]. I can see the relationship that author is trying to make, but I'm uncomfortable to how the article conflates the generalization with original definition. The original definition is also related to Lotka's Law, which is also about publications [1].

I also just watched the Jordan B Peterson lecture linked in the article, and it sounded to me that he chose to make the same generalization [2]. He correctly calls it out as being restricted to creative work, but then goes on to make connections to goals scored in team sports like hockey and basketball. I think part of the problem in all of this is the attribution of effort with the overall outcome.

Taking Peterson's example with hockey, you can try to have an all-star team of just goal-scorers be on your hockey team including your extra players, but good luck trying to qualify for a championship. "Alright fine", you say and you get two-or-three bespoke goalies on your team. You more likely to qualify now, but given the typical builds of goal-scorers and how often they get injured, and comparing that to players who play defense, now your problem becomes having a team that more injuries than average, and suffering performance-wise as a result.

Certain kinds of success can be acquired through iterative attempts at amassing fractional results into one pot. Other kinds hinge binary do-or-die outcomes. Resilience and longevity comes from striking the correct balance between the two in any situation.

[0] https://en.wikipedia.org/wiki/Derek_J._de_Solla_Price#Scient...

[1] https://en.wikipedia.org/wiki/Lotka%27s_law

[2] https://www.youtube.com/watch?time_continue=16&v=UmUdcWk6Vfw

Tech has a tendency to become monopolistic. Well funded open source competitors seem like a solution as it would allow anyone to compete.

Fund the development of software and not the distribution. It would realign incentives to the consumers.

I think this is a good idea. We use intellectual property protection to get money to developers, but then they charge money for things we could be duplicating for free. I think we could improve the lives of many people and lower the total cost of living a good life if for example everything productive was open source. I’ve written a story about this, with an all-capable machine as an allegory for an open source automated economy. That’s here: http://tlalexander.com/machine/

I really want to see more people taking this seriously. Open sourcing the productive world is a radical idea I fear most entrenched businesses owners wouldn’t take seriously, but I think the notion has staggering potential for improving the human condition for generations to come.

That's part of what I'm trying to figure out as part of asking the question: what works well, but stays decentralized? There are probably transferable characteristics that we can learn about and be aware of.

Looking at successful decentralized systems (the web, email, the internet itself) the common theme seems to be simple protocols that support multiple independent implementations.

But that's just moving the goalposts: who do you align incentives such that software is funded, not distribution?

One way is to pay for feature requests. Pay $10 a month for you or a proxy to vote on various features to be developed/maintained.

There are multiple ways this could be funded. I don't know if any would work.

> is it possible

See "Economies of Scale" [1]

To the degree that efficiency is increased with larger scale, the market will become an oligopoly or monopoly.

Most things are economies of scale: healthcare, social networks, manufacturing, network protocols.

[1] https://en.wikipedia.org/wiki/Economies_of_scale

Volunteer (distributed) computing projects demonstrate that even scale can be decentralized.

I’m unaware of any such project that operates on even a hundredth of the scale of the centralized sites that people want to replace. Facebook, Twitter, google, etc.

Perhaps situations that are harder to count, such as botnets or bitcoin, would get closer.

However, even a thousandth of their scale is enough to demonstrate that decentralized scale is possible at the level where there can be economies (or diseconomies).

Google's scale was already huge even when they had merely "more than 10,000 servers" in the years prior to their IPO.

Most network protocols like TCP/IP are royalty-free open standards. They have a monopoly in the sense that IPX et al are dead and gone, but that's not the same thing as having a single company in control of them.

In terms of economic capitalism yes, but more abstractly "market share" goes to a select few winners: ARP, IP, TCP, and HTTP.

Because things are easier when devices use the same protocols as many other devices.

Yes, but you have to regulate it.

The problem with your personal data store is that it will be impossible to stop the large companies like Google/Facebook from simply copying and caching a copy of all the data they need to access. You give them permission to handle your email and calendar information and bingo, they have a copy of your entire set of emails and appointments. If you use multiple services from Google/Facebook then they will end up with a good copy of your entire dataset and can mine it of value just like they already do.

CouchApps had a better vision for the web. You would run a local CouchDB and replicate the app next to your data, rather then giving the app access to your data while hosted somewhere else. It has the added benefit of working offline.

Some sort of cross-domain request blocking could then prevent the app from stealing your data.

Thanks for mentioning CouchApps (based on CouchDB, or the scalable BigCouch). I haven’t thought about CouchDB as a platform for a long time, but it does hit a sweet spot for local data, distributed replication. Seems like a good basis for a Decentralized Web on a small scale where you share with a small number of people.

That's correct, and if the companies can't see the data, then the data is really just an extension of client side storage, and therefore it can't be trusted, because you can never trust the client.

I think that's the aim, not the failure of this plan.

The key difference is that instead of companies storing, owning and exploiting your data, the user maintains their own data store and companies can then access and exploit it.

It's decentralised in the way where the data lives and is controlled by, not in how or where the data is used.

There is the problem where companies could continue to use your data when you no longer let them access to your data store - but that in effect is at worse unethical and at best not legal these days.

The datproject [1] had an interesting approach to this. Distributed data stores that you control and are addressable via hashes, with client-side apps that work 100% in browser just by pulling in the distributed copies of that data (via its hash) - no backend slurping it up.

Of course, it is not impossible for the client-side app to send the data back up to the server. Even if encrypted somehow once decrypted in the client for display to humans then its hard to protect that plain-text data. There were also some other open questions like if my distributed data is distributed, how can I "take it back?" I dont think there is a mechanism for that yet - some sort of TTL might work there though, if you can somehow bake it into the data/hash itself to avoid bad clients from ignoring TTL values before deleting/archiving.

1 - https://datproject.org/

On the other hand, what would stop the rise of email UX companies that provide a PAID service that links to your email with the explicit promise of never caching it? They wouldn't need to mine it to make money as google does, as they are being paid, even though the per user cost payment could be quite low to support a profitable email UX company.

How could you prove/trust that they never cache the data? I think the only way is if the "app" actually ran on your PDS (Personal Data Store) instead of somewhere else. Of course that brings other challenges.

Ideally you'd pay them and that would be part of the contract. Otherwise demand a legally enforceable promise (via promissory estoppel).

I also think there is a need to figure out how to enable community-controlled SaaS platforms in addition to this. LibreOffice, for example, has essentially released an online office suite. But it has decided not to actually operate and offer this suite to the public in ready-to-use fashion. From what I understand, it is just too difficult and resource-intensive to do that. So it's up to companies running paid platforms to do it (or you can spin it up on your own server/instance and run it yourself). There's nothing inherently wrong with this. But it seems to me that there's a "next step" to take by figuring out how to enable fully community-controlled platforms so that a project like an open source G Suite (running at scale with an iron-clad privacy guarantee that is backed by community audits) that you can just go create an account on could become a reality one day. This seems like it would require a non-profit organization akin to Mozilla. How great would it be to have a community-controlled non-profit organization operating a trusted cloud platform, perhaps even audited by a group like the EFF? Very challenging, for sure. But it seems humanly possible.

This means that apps/services will need to come with a self-hosted option. This is technically doable (at least for email/calendar), but it implies that vendors will need to re-adopt product-centric business models, solve distribution issues, etc.

Isn't this plan the same as the last plan (the name of which I can't even remember - app something. There was a kickstarter), just with Tim Berners-Lee's name attached to it?

My main concern is that this project is DOA for the same reason that the last few have been - too much of an academic focus tending towards navel-gazing, not enough network effect to draw hobbyists, and zero money to attract businesses.

The PDS needs to be a personal cpanel. Something with powertools for the enthusiast but enough shiny for the tech hipsters to use it even if they don't know why. It needs to be designed with an Apple-like mindset from end to end, and willing to make fundamental and architectural compromises (or sacrifices) for user aesthetic.

That probably wont happen.

If the effort around this was instead used to make something like Mastodon better, we might see much more widespread adoption of that platform. You could probably find non-profit funding for sufficient centralized infrastructure to kickstart a healthy mesh network.

The issue from a hosting provider is the platform has to be 100% sandboxes; cpu, heap, network and file system access. Lua is the only runtime that provides this level of control. SQLite can do massive multi tenancy and acceptable performance if used correctly.

Agree it has to be 100% sandboxes. Note that TC39 has a proposal for realms that is moving along. It is meant to allow sandboxing in JS.


Node-solid-server is just one implementation of the spec. There's nothing stopping another implementation from having a cpanel like management interface.

I'm going with SBCL Lisp and Allegrograph and Caveman. Anyone interested in teaming up on the Solid Lisp library? cl-solid

Count me in. My email is in my profile.

As much as I like AllegroGraph (and I wrote a book using AllegroGraph) if you want people to be able to install your project easily, then using SQLite, or something similar, might make it easier for people try try it out.

Great Mark,

Agreed - the cl-json library will handle all the Solid standards and then developers can layer on top of that their preferred db etc. I'm not sure if we need a db for the core library or not...

"redecentralize founder" writing a post on medium.com, oh the irony

It's like everyone forgot you can host your own blog

It drives me nuts when friends and associates write long form content on other people’s/organization’s platforms.

The purpose of FaceBook, Twitter, Google+, etc. should be as a place to put a link to your content in your own domain.

These projects could seriously backfire in unanticipated ways. There are a lot of important matters to explore in this space by law and philosophy wonks. I think that Solid and the other emerging platforms are more likely to create new revenue streams for those already in the business of selling PII than helping individuals protect and manage their PII.

If each of us can control personal information about ourselves, the Supreme Court may rule in favor of this information as property. The problem is that this is not a realistic scenario. Most of our personal information involves parties other than ourselves. Counterparties can rightfully stake a claim to information they helped to create. Why wouldn't they? There is no clear breach of ethics by doing so.

So, let's assume the world adopts Solid pods to manage this data. Is each pod really a single source of truth? Any pod organized by an individual could just as easily be created by a counterparty, with some modification.

Then, suppose a marketplace exists for this information. Who is dedicating effort to monetizing their pods? How will individuals, who work for a living, compete with organizations mandated to maximize pod revenue? Both have legal claims.

My prediction is that contrary to what Lee, Pentland [2], Mazzucato [3] and others envision, Solid and its growing number of equivalents will spawn a new generation of business models and go even further than they do now, by introducing financial products linked to monetization. The main beneficiaries are those already monetizing personal information and those who will securitize them.

[1] https://enigma.co/ [2]https://www.technologyreview.com/s/611489/lets-make-private-...

It seems the author is missing the point in advocating big government solutions and government regulation to somehow fix the privacy problem.

Imagine if you owned and controlled all your email vs. gmail reading it all? For companies, owning their proprietary data is an enormous market. I'm planning to launch a Solid service on top of Allegrograph in the next month or two to service my business customers.

I don't think they're missing anything. The article mentions that even though you "own" your data in Solid, companies will still cajole you into "consenting" for them to data-mine it.

For the email example, people will have a choice of paying a small amount for a cross-platform private/encrypted UX service, or free by allowing a company to read and datamine all of their email. I'm guessing a surprising number of people will pay a small amount for privacy given how badly things are going in the silos today.

And that UX service can easily import a users entire email history from google and others, and then use the graph to expose relationships and browsing not currently available in google and other services.

Can anyone name one for-profit company that wants to build software on Solid?

The concept excites me. I want companies to sell software for a dollar value. That's what solid leaves open as the one remaining business model. You can't use my data so you're just selling an app for five bucks or whatever.

With the runaway success of microtransactions, I doubt this interests many. You can even see it in gaming. Spend $100 on Assassin's Creed and it still wants you to cough up $10 for exp boosts.

> With the runaway success of microtransactions

What are you talking about?

I'm guessing he was talking about the revenue model of the most profitable mobile games.

Especially the fact that it's working.

It's not like the early Internet was a haven of for profit companies in the early days.

Early on most of the profit was in providing the access, not the content.

This would be competing against the existing internet though, where there are a lot of for-profit companies fuelling the content (for the consumer). If I'm a business I need to decide whether to back a scrappy startup infrastructure with no users or to go with the established internet with a vast potential customerbase. If I'm a user I need to decide between the existing internet with vast swathes of content and huge numbers of different services and this new network with better protections for my privacy but basically none of the above.

The early internet was innately disruptive and extremely different from anything that was there before. This doesn't have that advantage as far as I can see.

there doesn’t need to be a haven, i only asked for the name of a single entity!

Why does it have to be a for-profit company?

To be able to hire good engineers to work on Solid full time.

you’re right, it’s a good question. my instinct is that markets get to the truth about what people need or want sufficiently to pay for. there’s a lot of virtue signaling and lip flapping bs to cut through in the dweb space.

graphMetrix.com - Solid service to support business customer data launching in the next 2 months.

Is that a remotely important question? You couldn't have answered such a question on ARPANET, or more pertinently when TimBL was at CERN. You're one of those people who thinks the internet was built by for-profit companies, and therefore you're one of the people who doesn't know any history.

I don't think that's a great mark of success early on.

I've been reading about solid for three years now and there's nothing. In 1992, the Web was doubling every 3-4 months according to Weaving the Web by Tim Berners Lee page 66 which I happen to have sitting on my desk. Mosaic was founded in '93 and Netscape in '94. Solid has nothing.

> Mosaic was founded in '93 and Netscape in '94

Only Netscape is a for-profit company, and it took 3 years of the Web existing to be founded.

In my view Solid is trying to provide a technical solution to a problem that isn't technical.

The internet and web are already decentralised technical solutions.

But self-hosting is not a feasible solution for people and network effects mean that they'll gravitate to a few platforms.

That's simply the way it is.

Google, Facebook, etc. naturally emerged and similar near-monopolies will emerge with any other technology providing a decentralised network, including Solid.

By reading the Solid website I was wondering if it was not basically what OpenID tried to offers 10 years ago? https://openid.net/what-is-openid/

> OpenID allows you to use an existing account to sign in to multiple websites, without needing to create new passwords.

> You may choose to associate information with your OpenID that can be shared with the websites you visit, such as a name or email address. With OpenID, you control how much of that information is shared with the websites you visit.

Is Solid having the NIH syndrome?

There are some similarities. But the key difference are:

1) Solid is designed for you to store large, complete sets of data you care about over the protocol. OpenID is mainly about identity, and the associated bits of metadata are small and can't be written to by the OpenID protocol.

2) Solid separates the data storage from the application provider. So all your data could be in your Solid personal data store, and none in the application provider. (This was normal on Microsoft Windows in the 1990s, so think of it as a cloud version of that model of application development / data storage).

This is a high level quick answer - correct me if I've misrepresented something. Quickly looking there are lots of OpenID-related standards that I've never read or used, and I bet some write data!

In that sense, I think it's more like https://remotestorage.io/

Why didn't we have these problems back in the days when telephony got started?

Shouldn't we go back to some of the core values we had back then?

Also, when the internet started, universities and government institutions were inventing and running the internet, while companies were just providing the hardware. Seems like a better model to me in principle, although we need stricter privacy regulation.

It seems stupid to hand our data to ... the entities that have an incentive to abuse our data.

The average person prefers convenience over decentralization because ‘it just works’. Decentralized services right now are slower and harder to use so I don’t see it take off until the usability and performance becomes just as comparable to centralized services

Yes, Solid is something to looking forward to.

Many years ago, we face the vendor lock-in problem from the software giants, due to proprietary data formats. Thanks to Tim, W3C, XML and open source community, that is less of a problem today.

But now we face the problem of vendor lock-in, not due to proprietary formats, but due to cloud-service lock-in. With all the software giants, Microsoft, Google, Facebook, Amazon, ... offering their services primarily as cloud services, this cloud lock-in issue is going to become more severe in years to come.

It's a new war the software industry needs to fight. It cannot be addressed just by one person, one project, one organization. It needs collaboration from the entire community.

I enjoyed listening to Tim and others talking about systems like Solid at the 2016 Decentralized Web Conference.

I liken projects like Solid to be similar to permissioned blockchain where small groups (people or organizations) use a private platform with lighter weight consensus algorithms than proof of work. Success can be had for small focused communities if there is enough value for users.

After trying to get friends and family to use a private Apache Wave instance for shared communication, and failed due to lack of interest on their part, I now don’t underestimate how difficult it is to move people off of centralized platforms.

Obligatory cynical comment: It won't work. For the simple reason that if it is successful commerce will find a way in. A large enough group of people will always be marketed to in one way or another. And once that happens the budgets will follow and before you know it you are in the next phase of centralization. I would not know of a way to side-step this effect, unless the plan is to create something that only few people will ever use.

The internet already is for everyone - everyone with an internet connection, that is - and that is precisely the problem. So unless you are willing to drastically limit the influx of users sooner or later there will be a swing back to centralization, for instance by companies that require you to give up some of your rights in exchange for hosting your data. And then you are more or less back to today, only with lots of little data-stores that can be merged at will by whoever controls the storage facility after you cough up your keys in return for something shiny.

It's not about avoiding marketing. It's about ownership and control.

If I want my stuff to be analysed- I let that happen- it finds business or social matches- awesome. I just need the option to turn that off for things I don't want greped- like banking.

I too am in favor of paid for services. Because that is what happens eventually. You pay for it. I'd rather make a decision and choose who I pay, as opposed to having my choices and VIEW-OF-THE-WORLD limited because everything is "free" but funded by marketing.

I would love to 'own' all my data. But companies offering services will win out because they do not have to play nice with you or your data store. Take Gmail, Facebook or Google docs as examples. In principle that's your data. But Gmail has successfully convinced people that Google is able to run its mail service better than you or your corporation ever could. In return for 'reading your mail', and vast amounts of corporations and individuals seem to believe them.

Ditto for Facebook and yet another encore for Google docs.

Once established economies of scale and network effects will do the rest. A new system would have to fix a lot more than just the security angle because it is well known that security is always going to be secondary to convenience, a factor that large entities will find much easier to control than many small ones.

So, I really hope they will manage but I'm not going to hold my breath until they do. Note this comes from a guy that does not have a Facebook account, no smartphone, runs his own web and mail server.

The big recent change with the free paradigm is that trust in privacy has been lost with these massive data silos. In fact, you could argue that we are now at the beginning of the end of this entire approach to the web. George Gilder exposes the nearing end of this in his latest book "Life after Google" https://www.amazon.com/Life-After-Google-Blockchain-Economy-... I definitely recommend it.

The answer, as I see it, to this, is transparent decryption via federated ledgers. That way the data is not just "available".

Note- the big guys (facebook, google) could trick/force individuals into handing over keys, but if you make the keys per object this becomes less effective for the same big guys.

In a sense, there is no control without encryption.

Still cogitating the various hows, but transparency to the user is the key.

What is going to prevent everyone on Solid from getting constantly hacked by 0-day bugs and all their data read?

Wrong thread?

I'm still not sold on this idea. I ask why help John/Jan Doe Net Shopper protect their data? If Net Shopper X is that concerned about said issue a little research and implementation a Net Shopper X can privately and securely shop. However my constituents feel it's our obligation to use our skills and knowledge to help Net Shopper X because they are to stupid to do it themselves. Like a Shepard needs to protect the sheep from the wolves. So at this time its still just conversions rather then actions in my circle.

my biggest worry is that the "granular permissions" just won't work. People already just say "Yes" to give away their data, this actually seems to make it easier to get to a lot of personal data because people will just say "Yes" to whatever is asked for when they want to use a service.

I would be happier in a decentralized network staying connected with other sheeple and have my own options of sharing information.

This is an attempt to doom it before it was even tried.

Facebook / gov can import all your data from Solid, rendering your options of who to share info with a cruel illusion.

Not solid. To build a good user experience you need to have end-to-end control. If you don't control the hardware your product will suck.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact