SOLID Promises A New Approach To How The Web Works

As it stands on the modern Internet, your data is no longer your own. Your emails, photos, and posts all live on servers owned by large corporations. Their policies give them access to your data, which is mined to generate advertising revenue. And if you want your data back, there are innumerable hoops to jump through. Want it deleted entirely? Good luck.

Tim Berners-Lee, original creator of the World Wide Web, is behind the project.

Sir Tim Berners-Lee, as the original creator of what became the Web, has drawn issue with the current state of play. To move the ball on the issue, he’s been working on a design for decentralized internet and the efforts have led to the establishment of the Solid project. The goal is to rectify online privacy and ownership issues and give users greater control over their personal data.

The big question is how do you do that? When SOLID was announced last year there were few if any details on the approach taken by the program. But since then, more details have surface and you can even take an early version of the program for a spin. Let’s take a look.

It’s All In The PODS

Solid is all about PODS – personal online data stores. The concept is simple. An individual has a pod in which all their personal data is stored. This can be hosted at home, or with an external provider, but the point is that you choose and control where your data is hosted. PODS are intended to be portable; you’re free to switch providers or self-host at any time.

The basic concept of Solid is that all data will be held in pods controlled by users. Image credit: Inrupt

On the internet as we know it today, a user uploads data to each service they use. By and large, this data is trapped. Everything you upload to Facebook lives in one silo, while everything you upload to Twitter lives in another. Solid seeks to change this, where instead of uploading data to remote services, the services are granted permission to access the data that lives in one of your PODS.

The overarching aim is to eliminate the hold that large corporations have over user data, and the negative consequences that come of this. The system is designed to safeguard against things like the Cambridge Analytica scandal, where millions of Facebook users had their data exploited for political purposes. Instead, the company would have to manually ask individual users for access to their PODS to achieve the same goal, without being able to operate in secret.

Pros and Cons

The goal of giving users the ultimate say over who access their data and how is a lofty and noble one. In practice however, there are several hurdles that must be overcome to achieve this. It will require major structural changes to the way we all go about our day to day business on the Web.

One of the main issues is data security. In the Solid model, a social media company would access data on users’ PODS, rather than storing it on their own servers. In an ideal world, this would limit them from mining user data (for targeted advertising, etc.) and go a long way to stop the data being accessed for malicious purposes. However, if a company is given access to a user’s data at all, there’s little to stop the data being copied on to a remote server. From there, the data can be mined and manipulated at will.

Additionally, the Solid model may conflict with the very business model many web companies are built on. The average user enjoys a huge swathe of free content and services online. These are all paid with by users exchanging their personal data, which is used to sell targeted ads, covering the costs of delivering these services. If this is circumvented by users locking down their data, many services may have to switch to other methods of generating revenue.

This need not be a complete roadblock, however. The advertising industry was able to survive for years without granular targeting data, and users could always choose just how much of their data they’re willing to trade for service. Some may not be comfortable at all, while others may consider trading information on their age, location and purchase habits if it gets them a 6-month subscription to watch Friends. This opens up another con of the system: uninformed users giving up access to their PODS without understanding with whom they will be sharing their data.

Of course, a major benefit of such a system is having all your data in one place. Want your IoT-enabled air conditioner to click on at home when you’re on your way back from a workout? Give your home HVAC access to the fitness data in your pod and you’re set. Want a lower premium on your health insurance because you never buy unhealthy food and your government doesn’t supply public healthcare? Send your purchase data to your insurer! With all the data under the user’s control, there’s also the possibility of easily revoking access if one changes one’s mind.

Future of the Project

Obviously, remaking the Web to better serve users won’t happen overnight. Berners-Lee has taken a sabbatical from other work to focus on Solid, considering it of paramount importance. Additionally, the project has attracted top talent, with internationally renowed cryptography expert Bruce Schneier lending his skills to Inrupt, an open source startup founded to push the project forward.

Resources are already available for developers keen to dive into the new ecosystem. Whether or not Solid can take the Web by storm and usher in a new golden age of privacy and interoperability remains to be seen. We look forward to seeing what progress the project makes, and how it can change things for the better.

71 thoughts on “SOLID Promises A New Approach To How The Web Works

  1. I’d LOOOOVE that Hackaday.io implements it so we can finally download all the data from our projects for offline use :-)
    y’know, Internet is still not ubiquitous and there are times when we can’t access the site.
    Or we want to be able to restore our data in case of problem.

  2. >These are all paid with by users exchanging their personal data, which is used to sell targeted ads
    >many services may have to switch to other methods of generating revenue.

    This is a VERY good thing. There is a big problem in how ad-funded services run, and that’s in the fact that other consumers have to pay the price and they don’t get to negotiate how much is being paid.

    When you view ads, the advertiser pays a delivery network that pays the service you use. You have no control how much is being paid to whom and for what. The cost is spread to all the customers of the company that advertises, which may or may not include you, but definitely the majority of the cost goes to other people. In this way, people are forced to pay for services they wouldn’t choose to buy for the price. What’s worse, the vast majority of the money goes to people who just farm ads instead of proper services.

    That’s why blocking ads online is not only good for your own privacy – it’s a moral act. It’s refusing to steal from other people.

    1. I don’t follow. So you’re saying that if I buy a product, I’m also paying for that company’s advertising. And that if the company spends money to advertise to other people, that’s my money they are using? I don’t think most pricing strategies take into account how much a product costs to market – products are priced based on how much the market will bear. And once I buy a product, the company can do what they want with the profit. Advertising is used to expose new people to the product, not just get customers to buy again, so it makes sense that advertisements will cast a wide net and advertise to many people who will not make purchases.

      I don’t think advertising is necessarily immoral, as long as the content isn’t misleading. If no one advertised their products (including creating brand names, packaging, etc.) how would people buy anything? Would you just go to a store and look at the products on the shelves and pick whichever things met your specific ingredients list? For example, would you buy cereal by picking the one with just the right mix of bran flakes and raisins? I mean, sometimes I wish the world worked this way… but it doesn’t. We buy things because someone invented it, perfected it, and then convinced us it was good – through advertising. We buy cereal because someone created a recipe that tastes good and advertised it. If a new product isn’t advertised, how would it get any traction?

      I like the quote attributed to Henry Ford “If I had asked the people what they wanted, they would have asked for a faster horse.” Advertising is just the word we use to describe how a company tells the world about their product. Henry Ford improved the car, found the right mix of features and cost to appeal to a large segment of America. He advertised his car to convince people to buy it. If he hadn’t advertised, people would have kept buying horses, motorized bikes, or expensive coach-build cars.

      I think there is a chance something like a distributed Facebook could work, where a small open-source project creates the framework that allows each user to host their data from their home, or on a virtual machine. Each user could subscribe to get updates directly from other users and display them using a local dashboard. The registry of users would be shared in a peer-to-peer network. But getting people to switch social networks is extremely difficult, so I doubt this will happen.

      1. “Would you just go to a store and look at the products on the shelves and pick whichever things met your specific ingredients list? For example, would you buy cereal by picking the one with just the right mix of bran flakes and raisins? ”

        What? Nobody else does this? If I’m buying oatmeal cookies and it isn’t in the top 3 ingredients they can screw off with their flour and sugar cookies with slight oatmeal impurities.

      2. Noah writes “products are priced based on how much the market will bear” or has a former boss used to say “price has nothing to do with cost”. Companies charge as much as they can get (look at how much prices have changed in the last 4 weeks) and sometimes companies sell things for much lower than cost to get you hooked in (razors, and HP printers)

        But sales cost are a big part of profits. There isn’t a successful product out there that doesn’t have advertising attached to it. Profit companies need revenue and profit to survive. Even non-profits advertise, they need that revenue stream.

        The biggest problem is that people slurp content in an mind numbing amount. Somebody needs to pay for that content. People would like to think content is free, but it’s not. People are “cord cutting, take that Comcast”, but Comcast gets their dollars in other ways.

        While SOLID on the surface looks cool, Sir Tim needs to buy a few hours of Russian Mafia time to look it it “Da, nice social network you have there, be shame if something happens to it”. People are experts and exploiting things for profit. But I wish them luck!

        1. Stepping aside the question of whether advertising in general is moral, the biggest problem is the ad delivery networks that screw both the consumers and the companies over.

          They don’t care what you do to display the ads, as long as they can claim that the ads are showing, so they can charge more from the companies. Say they give you a dollar for showing ads, they sell that space for $10 to the companies, and since this applies to all the companies looking to advertise it raises the prices of all products across the board, and the companies have no choice not to advertise because their whole game is based on visibility.

          The reality is that online advertisement is a cargo cult. Studies show it doesn’t really work even when people don’t block the ads because we’ve habituated to ignore it, but you can’t not do it out of fear of losing visibility. For every ad-funded website out there, Google takes home multiple times the value of their service, and adds it to your grocery bills through the companies it charges.

          1. Notice also that I could write Google here, but the instant I tried to mention a soda brand starting with P, another starting with C, and a fashion brand with the initials L. V. the commenting system censored me instantly. This is how they control visibility.

      3. >So you’re saying that if I buy a product, I’m also paying for that company’s advertising.

        Yes. In a market with competition, prices tend towards cost of production. Marketing is a cost, so with less marketing the company can price their products lower and win more customers.

        Most marketing isn’t like this: it’s about creating needs (psychological appeals) or eclipsing your competitors (visibility). In other words, it’s an extra expense that has nothing to do with informing consumers about the qualities and availability of products. Advertisement is chiefly focused on trying to influence whether I’m buying Coke or Pepsi out of practically equal options, or telling me that I absolutely need a Louis Vuitton handbag.

      4. I literally don’t watch advertisements. When I buy cereals, I do go to the store and look at the ingredients list – then I buy a box and if I like it, I’ll keep buying it. If I don’t, I buy a different one. It’s cheap enough to try. Whenever I want to buy something more expensive, I check multiple stores for their inventory online and offline, catalogues etc. If I’m bored, I’ll go window-shopping to see what new things there are.

        All the rest of the time, I genuinely don’t have an idea what they’re even selling now. I couldn’t name the cereal brands there are, I don’t know the names of the new cars or the latest cabinet from the Swedish furniture store – it just passes me by entirely. The moment I want a new sofa, I don’t turn on a TV, I go to a furniture store (or their website) to see what they have.

        Most advertisement isn’t about informing consumers, but trying to influence consumers to buy one out of equally good options, or to create needs by psychological appeal.

        Hackaday also censors out brand names apparently.

      5. > if the company spends money to advertise to other people, that’s my money they are using?

        A company could sell the product cheaper if they didn’t put so much into marketing, but often times marketing is the only thing that keeps people buying the product instead of the generic cheap variant.

        The cereal is a good example. The store brand choco puffs are just as good and cheaper, but the brand name choco puffs are “better” because you see them on TV all the time, so you pay more. The advertisements are used for pushing the margins up by “differentiating” without actually making a difference.

        1. Actually the Pharmaceutical Industry is a better one. They perpetually claim that the reason their products are so expensive is because of their R&D costs. There is se truth in that, it cost a huge amount to develop a drug. But they quietly ignore or would have you ignore that their marketimg budgets per product are usually at least twice their R&D cost.
          That said, bring on Solid.

    2. To elaborate on the point:

      Suppose you want to read the newspaper (or a website, play a game, see a movie…), but it costs a dollar – and you don’t think it’s worth a dollar – so you don’t pay and you don’t read the paper.

      The newspaper company then switches to advertising instead and gives the paper to you for free so they could argue a certain level of page views. Then they get paid the dollar through the advertising agency, which is more than you were willing to pay because the paper is just full of pointless “clickbait” – and yet someone is paying it against your better judgement. Of course then, the agency is charging more than a dollar from the actual company, so the cost of your newspaper to the market overall is multiplied many times.

      In this way, advertising is paying for pointless junk that would never gain profit by its own merit by pretending that it’s “free”, and supporting a whole bunch of useless labor. It’s causing an economic drain for rendering “services” which aren’t valued high enough for the price by their actual users, so it’s a net negative value – it’s literally stealing money from everyone.

      1. I find it funny that Hackaday works exactly like your example – readers don’t pay for the articles, but advertisers pay for page views and presumably, Supplyframe gets something out of it…

        The only thing I disagree with is the definition of the word steal. Stealing implies taking something without your permission, but we give money to Coca-Cola, Pepsi and Louis Vitton willingly. People don’t need to buy these things, as you pointed out off brands exist and are often cheaper.

        I guess you mean stealing in the sense that these companies are taking from society as a whole, by wasting money that could be used on more noble endeavors. But who says what labor is useless? I like to read Hackaday, and I like to think I’d pay for it if it wasn’t free, but would I? Perhaps some small part of my Tindie, Mouser, and DigiKey purchases are actually being used to pay Lewin Day for this article! Maybe some articles aren’t worth the cost that I would have paid, but since I’m not paying, I don’t get to decide what it’s worth. Mouser thinks the articles are worth it for them. Yes I paid Mouser, but I could have bought the same things off Alibaba, or directly from the manufacturers. I chose Mouser because I think their services are worth it.

        Maybe brand visibility, creating appeal, and differentiation are totally worthless. But that doesn’t make them illegal. Or, IMO, immoral.

        1. >we give money to … willingly.

          Or because we’re pressured by advertisements.

          >taking something without your permission

          There’s two kinds happening here: paying for the service (and the service of the ad distributor) without negotiating with the actual end users over the price, and offloading the resulting cost on other consumers who didn’t consent to paying for your use of the service. I think that constitutes as taking without permission.

          It has the same problem as with predatory charity organizations. Everyone has their hand out, but only 10% of the money actually ends up where they say it will – the rest just “falls off the cart. This has the tragedy of the commons written all over it, because individual users cause costs that are shared by all, so even though the cost to the community is unreasonable, the cost to the individual seems very little – until you count all the costs you pay because other people are using other services that you aren’t, and everyone’s paying extra just to keep the ad-machine rolling.

        2. >since I’m not paying, I don’t get to decide what it’s worth

          That’s where the moral point comes in. You should, because by your viewing the ads you are making other people pay instead of you – so it’s even more your responsibility to choose not to reward lousy articles.

          Unfortunately that choice is not possible, because you have to read the article and view the ads before you can decide whether it was worth it. The trick is that you cost other people money whether you want it or not – there’s no negotiation – so the only moral option is to block the ads or avoid the website entirely.

          Unfortunately, simply viewing sites which display ads increases their page view ranking, which is used to decide the price of the ads. This is more difficult to stop, because simply visiting the site without even viewing ads is indirectly making the price go up.

        3. > Maybe some articles aren’t worth the cost that I would have paid, but since I’m not paying, I don’t get to decide what it’s worth.

          On the contrary. Its your moral duty to decide even more so, because by your viewing the page you will cause other people to pay for it. You have to decide for other people whether they think you deserve to see it on their money.

          Since you can’t make the judgement before you actually view the page, the only solution is to block all ads by default so you don’t end up making other people pay for junk articles.

      2. Nothing’s being stolen, you’re coarsening the meaning of the word to push this idea.

        You’re selling your attention (or the possibility of it) for a dollar. The delivery people re-sell it for 10 dollars to some company that’s willing to pay that much for it. In other words, they must believe their final prices will still be attractive enough to people, after the cost of this marketing is absorbed. So they get the visibility they want to sell their Thing. People do end up buying the Thing because they feel there’s enough value to warrant buying it regardless of whatever costs lie beyond it, from your newspaper cravings to the lawsuit which the company lost last year and had to pay millions in damages. They choose to do it (as much as we choose to do anything in this world, which is an entirely different argument).

        Of course, not all companies can afford to pay as much as $10 for your attention, or can do so as frequently as richer companies. The Things sold by these companies may also not be as high quality. So they may not do as well in visibility and according to what you’ve said, their prices should be lower, right, since they haven’t had to market as much as others? Those who can’t afford the Things from the first set of companies, can purchase equivalent Things from this second tier. And when those from the first tier make the wrong assumptions about consumers’ pockets, they pay the price and don’t sell as many Things as they should have. What should follow is a drop in their price to stay competitive; they certainly can’t increase it, yeah? Or they just go out of business and then there’s less competition and hopefully a bit less need for others to stand out, which should reduce their marketing costs and in turn the Thing prices. And so it keeps going.

        And when you say the prices could become low in general, keep in mind that “low” isn’t some constant. Right now, any difference in price possibly arising from marketing, is already taken care of (roughly) by present wages and other sources of income, which continually adjust over years to the present cost of living. If marketing ends in all forms abruptly today and prices suddenly drop significantly as a result, in time, wages and everything else *will* drop as well to match and then we’re back to the starting point. Except now, we do have to pay that dollar for the shit newspaper and we’re walking aisles counting corn flakes.

  3. I have no idea why they think this will work. The problem is not technical engineering, it is social and psychological engineering. And that people don’t change infrastructure until the costs of staying far outweigh the benefits. Why do “touch tones” still exist? Fax machines? DSL is still around.

    Is granny and all her friends going to move her stuff to some kind of “pod” or leave it on facebook, which will be the “facebook pod” and lock everything inside, and demand access to all your other pods (like the app does when it says it wants to listen in on your phone calls and microphone).

    Even if you could put stuff in a pod, Facebook (as an example) would insist on uploading a copy, not linking to the original media. They would also scan and AIize it. Most people don’t care and aren’t affected.

    Twitter starts censoring, so there’s Gab, Minds, Parler, and a few others.

    How many here even have accounts on another service? How many are active on them?

    The deepest irony and/or hypocrisy are articles complaining that Twitter, Facebook, YouTube, etc. censor things, but to contact them, they don’t have email, only Twitter, Facebook, or YouTube comments.

    To take a different example, Steve Gibson came up with SQRL which gets rid of passwords. Fairly easy to use with any smartphone. Name any site that uses SQRL.

    The privacy rape isn’t that bad (at least you don’t see or feel it). Cybercensorship still isn’t that bad – most still whine instead of switching from Twitter, etc. then remove the tweet and continue. Passwords aren’t that bad.

    Until your disk crashes and until you’ve restored your backup, how many files over 3 years old do you still have around though they aren’t useful?

    People are lazy and tolerant of a lot of evil. And people won’t buy a better mousetrap if they don’t think there are any mice.

    1. >To take a different example, Steve Gibson came up with SQRL which gets rid of passwords

      It requires you to use a phone app or a browser plugin rather than just knowing your login and password, and it places everything behind a single master password. It’s both inconvenient and insecure – just in a different way.

      It’s purpose is to identify a person across different services, whereas login/password combinations don’t require you to identify yourself so you can be completely anonymous rather than simply pseudonymous. You don’t need to reveal that you’re the same person to service A and B so they cannot combine their information to figure out your identity.

      There’s also uncertainties about submarine patents about the protocol. It may or may not be encumbered.

    1. Right. And once they’ve got your data, they can sell it to whoever they like, just like now. People still fall for Indian tech support scams, most people are operant-conditioned to press “yes” or “allow” every time they see it, by endlessly stupid permissions being asked that make little difference and are more of a pest. By reflex they select “allow” as if it means “stop bothering me”. If you want to fix privacy, it’d better be simple to do and actually solve the problem.

      But yep, once you’ve given your data away, you no longer control it. I was reading the article waiting for the bit with the clever encryption or something, that allows you to do that. I was trying to figure out how it could possibly work. But there isn’t any. This is just a plan for another useless “allow” button. Reinforcing the lesson. So it’s actually making things WORSE!

      Since educating people to understand and give a fuck about online privacy isn’t going to happen soon, we need some better answer than just keeping the data somewhere else for 5 minutes first. Particularly since the biggest companies on the planet will fight something like this any way they can.

      1. Perhaps the data is provided to Facebook with license terms they can violate or not. In the case of a photo, don’t you own the copyright and therefore Facebook would be guilty of copyright infringement if they breach the terms? When they take secret copies and rifle through it with AI then maybe you’d need to prove the existence of the secret copy based on the insight they possess that is predicated on the existence a secret copy.

          1. I assume the idea is that you would no longer upload anything to Facebook, only to your own POD, so that part of their EULA wouldn’t really matter.

          2. The way copyrights work, you have to give your rights to Facebook in order for them to re-distribute your photos to anyone else, so sharing a photo means you’re giving them the permission to copy. That’s what copyright is all about.

            Blame copyright. If it wasn’t, we could make a law that says they don’t have any rights to your personal photos even though they can re-distribute them by an agreement with you – but since copyright demands they do, they do.

            This was kinda the original point of the copyright in the first place: an author had a “natural” distribution and duplication right to their works, but this right could be given away to second parties. In order to maintain their previous monopolies that were granted by the kings and czars but were no longer available under a free market, the publishers and printers argued for copyrights in order to BUY copyrights and retain the monopoly to print. Otherwise they would refuse to publish, thereby depriving the authors of any income.

            The whole system is designed to give particular publishers and distributors/sellers, in this case Facebook, the argument that they have rights to your information by the fact that they need that right in order to distribute it – thereby you must give it to them at the door when you sign in to Facebook.

          3. As I said, Facebook’s EULA (including their approach to copyright) wouldn’t come into it because you wouldn’t be uploading to Facebook, you’d be uploading to your POD.

          4. >wouldn’t be uploading to Facebook, you’d be uploading to your POD.

            But in order for Facebook to show your photo to other people (re-distribute), they need the right to do so (copyright), which means you either sign your rights away by a boilerplate EULA that transfers reproduction and distribution rights to them, or your grandma doesn’t see the picture of her grandchildren.

          5. Then what does Facebook have to do with the whole business in the first place? If you’re serving content directly out of your own pod, then you don’t need another distributor?

            The whole point of the service is to act as a catalogue – if nothing exists on Facebook’s servers, then they can’t do a database search – they might as well not exist.

          6. Facebook would be a catalogue, yes, exactly. What the users would submit would be an address to something in their own POD. Something for which Facebook wouldn’t necessarily have an encryption key. Facebook still achieves the goal of social networking as its baseline.

          7. In order to act as a catalog, facebook needs to store information about what’s in your pod.

            They don’t actually need to have the photo – they just need to know who’s in the photo, where the photo was taken from… etc. which is exactly the kind of info they’re mining for.

        1. This. I that this pod thing requires another step. I think that Facebook has to agree to a EULA to use your pod. Perhaps the POD service offers tiered EULA agreements. Facebook can give you tiered access to their service in exchange for the level of access you give to your data. If the user determines that Facebook has breached your level of trust, you revoke the right for facebook to review your data, you remove facebooks access the encryption key to your data and in turn facebook revokes your right to use their service.

          It would be comforting to know that the terms of agreement between a service and the user were two way and mutual, even if the EULAs on the POD side are boiler plate.

          I’d like to think that if anything this would force social networks to at least tell you in plain terms what they are doing with your data. If you are uncomfortable with this then move your data elsewhere.

          Maybe its not for everybody, but I think there is a sizable base of users that aren’t using social networking because they are uncomfortable with the data privacy aspect of it.

  4. While the problem this tries to fix is undeniable I fail to see how they would do so.
    Some problems the article already talks about (like facebook just grabbing everything and uploading it). Other things are overlooked, like the added hassle for the 90% non-tech users out there.
    The other big thing it lacks is a target audience. Generally if you are aware enough of the problem you already have ways to avoid/minimize the data you leave behind.
    For many things (like facebook) it’s fairly easy to just not upload personal information (and run a privacy extension in your browser). For other services like youtube I fail to see how a POD would prevent google from analyzing the kind of videos I watch.
    Don’t get me wrong. I appreciate them trying to do something against these data-mining giants, but I just fail to how this solution would provide any significant reduction in data delivered to them.
    One might of-course argue, that since the data is inside the container and not the service itself it is more safe, but if you want the service to use any bit of data (with or without a container) you must give it to them and nothing is stopping them from keeping it (and, let’s be honest they will keep it).

  5. The answer is simple. You encrypt your data on your home network. It gets sent out encrypted and you receive it encrypted. You have a key on your device and that lets you decrypt it locally. When you share something you just share the key. You can re-encrypt your local data whenever you want. Devices that want to see your content can download it whenever they want but you keep control of the keys. Facebook for instance never gets the keys. All the data is essentially garbage to them but your friends would have access to the content.

    1. How would that work with Facebook? Wouldn’t that require that the Facebook app implements does the deciphering, and since the Facebook app is closed source, there’s no way to guarantee they don’t get the key.

    2. Sounds like a start, but how do you stop a company keeping and sharing your dick size once they’ve had the information, and the key to decrypt it, once? You haven’t solved the problem. Most personal information doesn’t change often.

      Actually stuff like companies tracing you over the web, and in real life on phones, could be stopped with some decent laws. It’d mean you’d have to keep the lobbyists well away from the politicans, who will need educating properly on all of this, and even then won’t see the point. And there’d have to be demand for it, sufficient to counter all the lobbying Facebook and Google etc will do, but to politicians directly, and also through their control of what’s in front of most people’s eyes for much of the waking day. They can spin this to their users, which is basically everybody, however they like.

      You’d need an immensely politically powerful set of geeks who actually wanted privacy for the masses. There are a few of the former, but they’re all the enemies of privacy.

      Is there some sort of time-limited encryption possible? There are two-way transactional encryption thingies but AFAIK there’s nothing that can revoke access to information once you’ve given it. Nothing that will stop eg Google just filing your information away once they’ve seen it once. Your scheme is the same as just giving your friends the cleartext info and not giving it to Facebook. The encryption step doesn’t really do anything.

      Might be a case of either waiting for the law to help, which it never will, and meanwhile we all just lie about our personal stuff. Anti-tracker browser extensions are nice too. And of course you don’t own any supermarket “loyalty” cards.

      1. Easy, it has two modes – one public and one private. The public one you give to facebook, et al, it just creates random data each time it is accessed. You give that out to the annoying companies. When you actually need your real data, then you can provide that.

    3. “..Facebook for instance never gets the keys…” – then Facebook would not allow you to use their system. We have allowed the internet to secretly become a hidden “pay” service – by agreeing to sell each site we visit all of our personal data. Long ago, you paid for your connection to the internet, and never worried about tracking you when you were online. I personally like the PODS idea, but big corps will refuse to interact with you if you lock them out, i.e.,: “I see you are using a AD blocker…” [lockout sound]

  6. This problem is far bigger than the internet. I’ve signed paperwork at a realtor, doctor, and car dealership that all REQUIRE me to sign a piece of paper saying they can share my information with third parties. I’m already paying for these services and they still require me to share my info or they won’t provide the service.

  7. It remind me ongoing projects base on block chain:
    – Brave Browser: https://brave.com
    – Metamask: https://metamask.io
    based on Basic attention token: https://basicattentiontoken.org/ (itself based on ethereum technology).
    I can hardly understand how it works so I let you see by yourself. But it seems to work. The idea is the same: the user owns his own data and share it to who he want and gets rewarded to do so. The user can also pay a content creator by giving his attention (watching ads).

      1. The resource consumption of block-chain is due to everyone racing to be the “first” to solve a math problem.

        You could run an entire decentralized enterprise business management software on the same tech for a fraction of the resource, as they are just verifying updates to the system.

        Blockchain enterprise software could lead to some interesting changes. Like fully trusted accounting, daily staff payouts, and a better gig/temp economy between businesses that run the same software.

        I could see it being huge within ten years.

  8. How is this going to solve anything? Data is inherently copiable. If I give facebook access to some info and then change my mind and revoke it, they will still have a copy.

    The masses will still gleefully accept terms and conditions without looking, and post personal information all day long.

    It’s not a technological problem, it’s a social problem.

  9. Seems like one of the best portable data proposals so far, assuming it’s not a technical nightmare to actually implement.

    The big companies will find ways to get our data, because people will grant permission, which is their right to do. What matters is having the infrastructure to turn this off if we find out a company does something that outrages us, and not having our data locked to one provider that can disappear.

  10. It’s both a social and technical problem
    On the social side, there need to be stronger privacy laws worldwide. Yes, it’s a pipe dream. Neither side wants to give up the power, and and neither side trusts the other to be honest or follow through with their promises.
    Meanwhile, the users repeatedly screwed.

    For both sides, whatever the solution may be has to be easy to use, preferably automatic, standard and transparent to all parties.

    A large part of the problem is that that those with a clue want to continually ‘educate’ the problem away and lay it off on the user. Forget that, wrong answer. Most users aren’t geared toward understanding the scope of the problem and don’t care to understand the details, nor should they be required to. Those who can come up with solutions need to provide transparent, easy to use answers that are capable of teaching if the user wishes or just doing the job if the user can’t be bothered.

    The jury’s out on Solid, but it’s not looking good. When I tried to add it to my test VM, everything it wanted to install was outdated. Not a good first impression.

    1. “On the social side, there need to be stronger privacy laws worldwide. Yes, it’s a pipe dream. Neither side wants to give up the power, and and neither side trusts the other to be honest or follow through with their promises.”

      If everyone wants to start storing their data in encrypted pods, and not on facebook. It gives users some leverage as to what they are willing to sign to, or perhaps users can start to set the terms on their own data. I mentioned in a previous comment that idea of a reverse-EULA. Its not hard to create boiler plate legalese, so a pod could create a contract from a set of user settings, submit it to the service and some sort of automatic negotiation could occur prior to signing up. This might force EULAs to boil down their text into something more human readable, a bullet-list like you see when an app asks to use a service on your phone.

      Also as far as caching goes, if you have high resolution imagery on your phone, maybe you don’t want to share the full resolution image. The pod could server a version that is low resolution, and as another comment noted, a set of peers with proper encryption keys could view the full res image on their phone. Certain metadata might come with different privilege levels. History of purchases, or location data has elevated privileges.

      Pods could come with image manipulation services, that could be kind of funny, serving modified images, so that when facebook posts images of your family all the faces are rendered with cat heads. The facebook only has access to a modified low res set of images that are useless for AI.

  11. This proposal will result in yet another click-through prompt like GDPR, and nothing more. Every site will demand all access and refuse to work without it, then copy everything. Even worse, now all of your sensitive data is one place with millions of references making it much easier for a hacker or governments to target.

  12. Ok, I get it.

    Imagine your pod as a multi-dimensional data object, with different sub-pods for each service that are fed from bits of data from the parent pod. You can grant access to bits of data within your parent pod, or create data specifically for that service that is stored in the service sub-pod (either hosted locally, or on the service)

    I really like this as an idea, especially if it means you get to keep all your own data, and it tightens up security.

  13. The idea of PODS seems a bit silly to be fair.

    It doesn’t stop an organization from out right copying the data you provide them. Most organizations would easily still be able to ask for everything and have a logical reason for it as far as most users are concerned, so asking for permission is only a minor issue.

    Then there is the problem of caching.
    Do we consider caching a form of copying? (Without caching, service quality will be severely diminished for anything remotely popular. Especially if your PODS is hosted from your own home network. (Expect to DDoS yourself in that case….))
    And when data is requested, should each individual end user ask for it themselves, or should the service they use ask for it instead?

    Do we as a user need to give permission to individual pieces of data? (since that is going to be tedious…)
    It is still going to be fairly tedious if we are talking about larger collections of data. (Not to mention that a collection like “photographs” can be a very wide assortment of data. So organization/categorization will be a mess to implement, not to mention having systems managing that on the fly, since the vast majority of end users will not do that adequately.)

    Then we have the bigger problem.
    Do we need to state permission for every time the data needs to be used or not?
    If we don’t, then the company has access to it until we remove them from our list. (btw, How often would you expect the average user to go through that list and actually remove permissions? One could add a timer, but that doesn’t solve it either to be fair.)
    If we on the other hand do need to grant permission every single time, than have fun using PODS for storing your comments and the like…….

    Then we have the idea of using one’s PODS as a login credential. This is frankly already a thing.
    You can go to almost any website these days, enter in your email address (that your browser most of the time already knows) and click, “I forgot my password” that 95% of the time makes the website send a one time use login link to your email. Effectively meaning that you need no password for the website. (As long as your email account is properly secured, you will have access to your stuff.)

    In the end, PODS isn’t a solution to privacy. Since all the information you give out, you would give out regardless.

    For an example, the problem of a fitness tracker sharing your data isn’t really about other companies using it, but rather the fitness tracking service itself using your data (and selling it to other companies) as an additional revenue stream. If the data is stored in a PODS or not doesn’t change that fact, nor does it make it harder.

    All PODS offers is frankly another pop up message for the average users to click “okay” on regardless, since otherwise the service the user want to use doesn’t work as expected….

    If one doesn’t want organizations partaking in certain parts of one’s personal data, then don’t hand out that data to start with, simple as that……. (And if the organizations gather that data regardless, then in “some” jurisdictions in the world it would be considered spying, ie a criminal offence.)

    1. >Do we consider caching a form of copying?

      Yes. Again, copyright. Many people have tried to dodge it by claiming they’re only relaying the information between users, but still got taken down for piracy.

      Only the ISP/network has the right to cache content on the point that they’re not caching any particular content but simply everything that goes through their networks – for the same reason why the post office doesn’t need a re-distribution license for the CD they carry by mail.

  14. “Want a lower premium on your health insurance because you never buy unhealthy food?”

    Wow, that’s the scariest thing I’ve heard in a while. At what point will it become impossible to buy health insurance because an AI analysing your private data has decided you’re too high risk? What do you do then?

  15. I like targeted advertising.

    I remember banner ad networks, “Punch the Monkey” and ads for things I have zero use for and even less interest in. Today a large portion of the ads that pop up when I view a webpage are for tools and parts. Sometimes I even click them, because actually interest me. Sometimes they are better than the content!

    I don’t mind companies knowing that I, cookie number 21342314cf232345c have recently shopped for ab and c on websites x y and z. Keeping it anonymous like that would be good however.

    And the telemarketers who have my actual phone number however… those people can be boiled in oil as far as I am concerned. They are a way bigger problem than anything on the internet.

    1. If your online trails had a half-life like that, it would be nice.

      But there’s pretty much a permanent record of you on Google that’s only missing your name. What’s in a name when they can identify you by how you shop, where you live, the brand of computer you use… your name might as well be “21342314cf232345c” for all they care because it will follow you for the rest of your life.

      1. It’s also impossible for them not to know you by name, because they also read your emails – they just pretend they won’t put two and two together for legal reasons.

        1. I don’t believe that they even pretend that. Are you telling me that Google / Facebook pretend that they don’t connect your online activity with your profile on their various social media services? I thought that was why they offered the “services”.

          Would you like free e-mail with that?

  16. At first I wondered why any social media company would pay money to develop code to use a POD. Then I thought, I pay to buy the pod, I spend time to administer it, I pay for the bandwidth, and facebook gets the advertising dollars? Ah. Sounds like a good deal for them.

Leave a Reply to tzCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.