Can Solid Save The Internet?

We ran an article on Solid this week, a project that aims to do nothing less than change the privacy and security aspects of the Internet as we use it today. Sir Tim Berners-Lee, the guy who invented the World Wide Web as a side project at work, is behind it, and it’s got a lot to recommend it. I certainly hope they succeed.

The basic idea is that instead of handing your photos, your content, and your thoughts over to social media and other sharing platforms, you’d store your own personal data in a Personal Online Data (POD) container, and grant revocable access to these companies to access your data on your behalf. It’s like it’s your own website contents, but with an API for sharing parts of it elsewhere.

This is a clever legal hack, because today you give over rights to your data so that Facebook and Co. can display them in your name. This gives them all the bargaining power, and locks you into their service. If instead, you simply gave Facebook a revocable access token, the power dynamic shifts. Today you can migrate your data and delete your Facebook account, but that’s a major hassle that few undertake.

Mike and I were discussing this on this week’s podcast, and we were thinking about the privacy aspects of PODs. In particular, whatever firm you use to socially share your stuff will still be able to snoop you out, map your behavior, and target you with ads and other content, because they see it while it’s in transit. But I failed to put two and two together.

The real power of a common API for sharing your content/data is that it will make it that much easier to switch from one sharing platform to another. This means that you could easily migrate to a system that respects your privacy. If we’re lucky, we’ll see competition in this space. At the same time, storing and hosting the data would be portable as well, hopefully promoting the best practices in the providers. Real competition in where your data lives and how it’s served may well save the Internet. (Or at least we can dream.)

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter.

Want this type of article to hit your inbox every Friday morning? You should sign up!

32 thoughts on “Can Solid Save The Internet?

  1. And since those “PODs” must be stored somewhere, this have the potential to create a new source of revenue to host/storage providers, like, $10/month to store your POD up to the size of X gigabytes ….

  2. “…you could easily migrate to a system that respects your privacy…”

    But how would you know? Everyone says they will.

    The simple answer is that since you’re now hosting the content yourself, you don’t need a platform. All you need is a software client to access the container, kinda like how P2P filesharing works.

      1. I migrated my data (what little there was) to Diaspora*/Mastodon/other federated privacy-centric social networks about 8 years ago, and, sure, most of my relatives and friends aren’t there and nobody’s heard of it, but, I’ve made some new friends there and I don’t spend a lot of time there because there’s not a lot there. So I have a lot more time to do other things, like building and learning. This is a very clear what-do-you-value tradeoff. Most people choose the feeling of social connection they get on facebook. I get that, and I miss it, but I’ve chosen something else, and really, it’s pretty excellent.

    1. The point of a social media platform is that it has people in it. “Free” is always going to be the most popular for obvious reasons, and the rest remain enclaves for the 1-2% of Stallman types out there – who will then further destroy their own platforms by persistent petty balkanization.

  3. If someone can display your photos, they could already extract that. How do you protect them from something as simple as a screen grab? The only thing you could do is with DMCA take down requests if you host them on “your” server.

    Other contents that has an asymmetric encryption on an OS with DRM might be better protected.

  4. Sure. Let’s all pretend that companies like Facebook don’t know what “copy” is. If you do that and have a couple drinks this Solid thing finally starts to make sense. Worse than the fact the this is broken by design is that it removes one more human step in the data sharing process. Instead of maybe having to think about what I’m providing a company when I re-entered my data, I now just click a button to conveniently give up all my privacy at once.

  5. The danger is that platforms will come in two kinds: paid services where they respect your privacy, or free services where they’ll demand all access right to your data.

    Free is difficult to compete with, so most people will just say “Okay, take it.” just as they’re doing right now by clicking through all the EULAs – and the privacy-respecting options are marginalized and become useless for having too few users. Who cares if your pod is secured all the way to Sunday, when Facebook, Whatsapp, Twitter… etc. will not play ball with it?

  6. This is just yet another pie-in-the-sky project that’ll never actually get much wind under its wings. For one, there have already been similar projects in the past and…well, they haven’t taken off, have they? Then you’d have to convince Facebook et. al. to go along with this project and there’s zero chance they will. Oh, and the average consumer? How are you going to convince them to move to this project, if none of the platforms they use do?

  7. And exactly HOW MUCH will it cost for these “POD”s? Because somebody has to pay for the storage space and electricity. Remember, those services that sell your data Sir Tim decries offers the space for free. They get their money collecting and selling your data to third parties. So if you aren’t paying for it, do you really have any room to complain?

    1. Almost nothing. You can buy GB of space on a web server for just about nothing. These PODs will be a few KB, maybe a megabyte tops, that might be accessed a few times a day.

      Web servers aren’t generally set up to host lots and lots of tiny accounts, but it could certainly be done profitably and cheaply. One POD server could host millions of accounts for the same cost and same hardware as an ordinary web server. It’d be a license to print money if it worked. It won’t, though.

      The issue of complaint isn’t so much that there’s ads on the web, but that they track you really intrusively, and try analyse you as a person (and an ad target) by getting every bit of information they can and then cross-referencing everything. Every time you see the Facebook icon on a website, that icon is being loaded from a Facebook server, which through standard HTTP knows which page you’re viewing it on. And you see that icon a lot! So Facebook knows what you’re doing on the web even when you’re not on their site. That sort of information is worth much more than bland ordinary ads.

      I’d rather either advertisers behaved themselves, instead of acting like rampant info-pirates, or else there were no ads and commercial websites could just charge their customers money instead, while respecting their privacy. There’s already mature systems to make online payments of small amounts.

      That would be honest commerce, you get a product and you pay cash for it. People paying for a product rather than people being a product. Rather than all this crazy spying and bugging that’s going on in front of your nose, but most people aren’t aware of.

  8. The problem with this is normies, normies don’t know jack about how a webserver works. Whats a p2p system . They aren’t tech nuts.

    This sounds like a good system but for the majority of people this might not work unless, its small child blindly mashing on keyboard safe.

    1. Another thing to add why this might not work is the same reason why say games aren’t released linux that much. Niche.
      A lot of people are concerned about privacy but not a majority. Facebook won’t comply unless they stand to win and won’t happen
      if its a minority using this.

      1. It’s probably actually dangerous to put the idea in Facebooks head that people might want it. They can do a regulatory capture whereby they lobby for privacy laws with so many compliance hurdles that in the end only a billion dollar company can have their hands on ANY personal data. Oh, lookee here, you need somewhere to put your POD and only Facebook is now uniquely “qualified” to do so. Well yah, Google and MS probably want a piece of that too, but that’s not what we wanted, same evil in different team strips.

  9. Ho hum. An answer for a problem that only a few perceive. If you are really serious about privacy and all that you wouldn’t be on Facebook at all. And if you are/were, you would be extremely careful about what you put there. Social networking and privacy are mutually exclusive, no matter what you think. The basic truth — anything you email, put on github, facebook, etc. is gone forever, out of your control, end of story. This post for example.

    The internet doesn’t need saving, it is people who don’t understand privacy that might need some help.

    1. Sure, but those of us that don’t use social media are still subjected to all the privacy issues. It appears to be baked into every aspect of the internet, this is an issue if you seek to have privacy but can’t attain it. Why does a nut and bolt company need a ‘ We use cookies to improve your experience’ disclaimer? Why do so many websites need these? In all my time on the internet, since web tv was around, I have yet to have an ad pop up that is useful to anything I am interested in clicking on, this leads me to think about the actual purpose of tracking people at large. Nothing to hide or don’t use this service or that service only empowers companies to continue to advance privacy snooping though AI, and the like. The improve your experience theory is a cover, as it doesn’t really improve anything. If one thinks ‘suggestions’ or ‘ you might like this or that’ generated from some type of AI sifting through your history of all things on the internet, trying to predict what you are interested in or might be thinking is of some use, as one can’t think for themself or know what it is one is looking for, I woyld think it possible one may be willing to ‘overlook’ some things as whatever they in particular are getting from the use of the internet is worth it somehow. Fine and dandy, if there are reasonable choices for your average person. I submit to you that any terms of service agreement pretty much denies those reasonable choices, and this will only get worse, not better, mainly because people.

  10. If you are allowed to use your own storage for your POD, aka personal NAS, mobile device shared storage and a number of other possibilities all not relying on a 3rd party, then yeah am all behind it. If it still forces us to use a 3rd party cloud provider there is NO REAL DIFFERENCE.

  11. I have to wonder what the point of this article is. It’s just pointing out an article you had a few days ago. That article got a lot of responses, so are you expecting the argument to play itself out again here, for more views, or whatever advertisers call invading your privacy?

    To summarise the discussion we already had, “it won’t work”, because “they can just copy the data”. I see that’s already been mentioned here. Why the re-hash? Because you were talking about it on your podcast? I didn’t listen to the podcast. If I did, I’d already know what you’re saying here. I do anyway cos I read the article last week.

    Also “Don’t use Facebook” was some sage advice. I’ve already killed off the account I had. I’d rather have rogue AI or aliens take over the world, than a bunch of avaricious nerds.

  12. I can’t see this going very far, they are too busy moaning about whether or not to have a GET request to a /* endpoint return the content of all files/documents in a folder in a single request.

  13. Why not use a form of secret sharing/splitting (https://en.wikipedia.org/wiki/Secret_sharing) and put each slice onto a different storage location online, and each item you store has a different splitting formula, so you can ave fine grained control, relative guaranteed availability (like RAID 0, 5, or 6), and the computational/time cost to split/stitch is low, and privacy is guaranteed on the storage side as well as in transit to the stitching location. Now days, storage is fairly cheap, so the fact you are increasing the size by a factor of x is not usually to big of an issue.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.