The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided
Would you be able to trust GDPR to actually return “useful” data?
Data-Transfer-Project - https://news.ycombinator.com/item?id=23887000 - July 2020 (27 comments)
An open source platform promoting universal data portability - https://news.ycombinator.com/item?id=17596146 - July 2018 (10 comments)
The Data Transfer Project - https://news.ycombinator.com/item?id=17580502 - July 2018 (47 comments)
The Data Transfer Project - https://news.ycombinator.com/item?id=17574707 - July 2018 (50 comments)
Is it purely for data migration? ie: I am closing my facebook account and want to extract an archive copy of all my contacts, posts, uploads, etc
Is it better to function as a direct transfer? How could it possibly make sense to transfer my old hackernews comments to my new facebook account?
The more I think about it, the more I just come back to email. Not necessarily the specific implementations, just the high level design: From any domain, I should be able to send a direct message to a contact in any domain. They should be able to view any basic content I post (text, images, calendar) and respond in kind with basic content regardless of the domain either of us use.
I'm not sure that fully-federated-everything is the best answer and I would expect most reasonable implementations to include "Sign in at facebook.com for the best experience" or whatever.
I can't personally imagine the ideal system yet but I assume it must be somewhere in the unmapped middle ground between Facebook/Twitter/Apple silos and thousands of impossible-to-trust sloppily-federated micro-domains hosted by random individuals.
Edit: As an aside, the issue of authentication seems critically important with no clear designs that would provide a secure and usable solution. Though, the issue of account name squatters does already exist, it is relatively manageable with so few domains and no inter-operability between domains.
 This concept of "basic" data seems to be more-or-less captured by the "verticals" described here https://datatransferproject.dev/documentation
You can now sign in on future visits by signing messages with the same key. No e-mail or phone number needed (but can still be requested by the service, of course).
We're kind of seeing this by a second-order effect in the Ethereum dapp space, where you need this functionality to interact with the blockchain etc. Every user has some form ow Web3-compatible software, most commonly Metemask browser extension. I think it's an interesting ground where this could start spreading - the key infrastructure etc are already in place!
(And in case anyone gets confused, it can be used perfectly fine without actually transacting to any blockchain or holding any cryptocurrency - it's just normal elliptic curve keys with easy-to-use APIs)
send the service a signed number of your choice.
You can now sign in on future visits by signing messages with the same key
This part is the authentication.
My extreme opinion is that the post office should run OAuth servers.
Laws create incentives and businesses respond rationally.
I'm personally glad it works.
Businesses are supposed to make money and lawmakers are supposed to set the rules of the playing field to benefit consumers. It's a good combination.
That evil behaviour from corporations is largely due to the focus on maximizing shareholder value to the exclusion of all else. That's a fairly recent way of running a business that came about around 1970, primarily from Milton Friedman.
I think most people expect a company to work towards healthy profits, while also taking into account all stakeholders, not just shareholders, their business interacts with.
You're right in the sense that the rules are the way they are, so corporations act within those rules. However, those rules were largely put in place to make it easier to pursue the maximization of profits and were pushed by corporate lobbying.
So, if an entity wants to act in an evil way, but is constrained by rules, then gets those rules changed so it can act evilly with impunity, surely that entity should be seen as evil?
Heck, Zuckerberg is pleading congress to pass strict privacy laws and Amazon is pushing for higher min wages. The reason is that it will level the field and they don't have alone play by a different set of rules and see users go to competitors.
Traditional leftist position is that evil is structural, class etc. People are people. Changing structures fixes problems.
Traditional right position is that structures don't matter, less the better. People are mainly poor because they are lazy. Corporations are evil because they have bad people in them. Remove those people and you fix things.
No they aren't. They are mostly amoral. Meaning they aren't inherently moral or immoral. They just act in accordance with their main directive which is to make the largest possible profit while keeping with the letter of the law (mostly).
However, what the left emphasizes and the right often forgets is that they (corporations) aren't just reacting to pressures from the competitors, the public and the law makers. They also exert enormous pressure in all these spheres in the direction that benefits them. Not too rarely to the detriment of the public at large. That's when they can and do sometimes turn evil.
Yeah, this is the actual problem the left has: profit-driven entities. Nobody cares about groups of people working towards a common goal (ie, "corporations").
Of course profit-driven entities want to increase their profits at all costs. What's desired is systemic change and reorganization of production around different principles beyond just profit (or rather, eliminating it entirely). No leftists have a problem with companies themselves.
It all started with Robert Bork and his book The Antitrust Paradox https://en.wikipedia.org/wiki/The_Antitrust_Paradox
I'd be surprised if this wasn't a widely requested feature that all involved companies have been ignoring in their backlogs for too long and now they've accelerated this, got management approval and finally managed to get a couple of senior engineers together because of impending legislation that might force their hand.
I think you meant to say 'thankfully provided by their benevolent creators for my benefit'.
I have no idea how the economics would work with this.
Nice to see it's finally landing.
With data portability you can export data from one app and import it into another but there's no ongoing sync.
in simple english: It is the dream project of whoever come up with cookies. basically cookies as first party data that you can download, upload, shared. All while having either the trouble of hosting a lot of infrastructure (just like the creators of email protocol thought everyone would do, ha!) or relaying all that info to a 3rd party like google or facebook. The nightmare scenario to everyone saying 3rd party cookies are bad.
* We are separated from our data. It should be ours, and we should be able to allow for corporates to access it if we choose to and we are able to understand the usage.
* The options we are given here are to be able to move our data from one corporate entity to another. Hardly the solution individual ownership of one's data and privacy.
* We are looking to government legislation to make this right for us, but governments like having access to all the data that the corporations share with them. Governments are in the business of managing populations at scale - the more information they have, the better modelling, nudging, manipulations of the population they can do. Basically corporate and governmental interests align.
* Not to forget that corporations lobby governmental entities for the legislation they want. Even if the legislation states one thing, there are ALWAYS backdoors that are understood.
I'm sorry to say that the attack on privacy is a coordinated one with governments AND corporations. If you hope that this time the government will write better legislation or that corporates will do the right thing, you are mistaken. They only care about being perceived to do the right thing - so public relations.
If you are aware of all that, and have a solution, I would be interested to hear. I think any solution would involve individuals acting very defensively about their data. Any solution that begs government or corporations for better action this time is doomed.
Sadly that still wouldn't fix the problem that you have to visit each platform to see responses from users that don't similarly syndicate their own posts. That might lessen those platform's concerns about implementing this automatic synching feature, though, and take them a step closer to being properly federated.
A good point he had is that this kind of thing would, seemingly counter-intuitively (but it makes sense) strengthen the incumbents and stifle both innovation and competition.
Innovation -> Interoperability has a (maintenance) cost and would probably quickly devolve to "lowest common denominator functionality" while raising yet another barrier to entry for new companies
Competition -> Incumbents could pretty much just exploit new companies as "market research" and gobble up all their features and data if they deem the experiment successful, at no cost
* Interoperability is feature just like any other, and the difficulty of implementing/maintaining it must be a fraction of the difficulty of competing with the network effects of entrenched online services. Indeed, I would hope that interoperability would pay for itself, in terms of effort, because of the number of users that can migrate to the new service, as well as being a selling point in itself (since people would be reluctant to sign up to yet another incompatible silo).
* I think incumbents don't need to rely on interoperability to do market research and copy features of competitors. It's true that Facebook would be able to see private posts on Mastodon instances that it federated with, but I don't know what useful data Facebook could gain from that which it couldn't gain from A/B testing its own huge user base. If anything, I would expect Mastodon instances to gain more from this exchange, because they are gaining access to the bigger pool of data.
The ability to "delete" something is only apparent. You can just tell the customer you have erased her data, but preserve it anyway, not to mention other parties like secret services or competitors, that could be interested on your data too.
If you have valuable data, people(like the Chinese or competitors) will offer your workers millions of dollars(or just threaten them or you like 3 letter agencies) for access to this data.
> Q: Why aren’t there more, smaller companies in the Project?
Well, ok then.