I recently got introduced to a company called Polypoly. They are working on exactly the same, in the EU.<p>They have an interesting setup as a collective. Users of the software automatically become members of the collective. The website talks of automatic partake in economic success.<p>Curiously they also use the idea of self-hosted pods to hold the users private data and they even use the term 'pod' for this.<p>When the founder, Thorsten Dittmer, gave me his elevator pitch he almost use the same line of reasoning as Schneier.<p>Basically: 25 years ago, we technologists (while reading Gibson, mind you) thought that the web will bring freedom, understanding and equality to the world.
We were wrong.
Now we have to fix our mistake because we're the only ones who have a chance at doing this.<p>It is probably not exaggerated to call these sorts of companies the biggest threats to the business models of the Googles and FBs of today.<p>[1] <a href="https://www.polypoly.eu/en/home-en" rel="nofollow">https://www.polypoly.eu/en/home-en</a>
As much as I like the idea (and the people behind it), I have an hard time seeing how this can succeed.<p>The idea of pod reminds me of the self-hosting movement: people -including myself - host a bunch of services to avoid sharing fundamental data, like email, GPS-history or contacts.<p>Still, "self-hosters" interact with all the big personal data hoarder out there (FB, Google, the many ad and tracking companies) which expose them to the same abuses as any other internet user.<p>Basically, I don't really see a company like FB play ball with these guys, for two reasons:<p>1) the privatization of data would be a existential threat to their business model<p>2) the majority of internet users are oblivious to the data collection tactics employed by half the internet and I can't picture folks raising pitchforks for "pods" to become a standard.<p>But I also hope to be dead wrong!
I wish them well.<p>Problem with their approach is that their marketing pitch is all wrong.<p>There is no demand for what they are selling because there is no value in what they are selling. The value comes from network effect and at the beginning there is no value, just cost. Mainstream users don't care and companies either don't care or don't like of that kind of talk.<p>Inrupt should start with completely different sales pitch and product idea. They should delay the privacy talk and user owned data until they are bigger.<p>Start with smaller IoT companies. Provide and market actual services they want. Mostly they want automatic data management, cloud services on cheap. They want to avoid any EU privacy hassles. Handle all that, I18n and internet user interfaces for them. Provide mobile and desktop clients. Just provide simple apis and ready made interfaces for companies to use.<p>Once the protocol and pods become normal users start to discover that they own the data and third party uses and products for that data may emerge.
This kills the innovation or puts too much power to the first innovator.<p>- if solid will dictate a protocol for data, it should cover the common denominator: so if you have your email on gmail now, lets say solid is covering basic email structure, i can move my email data to another provider, but about my filters? On other tiny stuff that gmail builds on email<p>- if i invent something new in a chat app, lets say stickers. I implemented that. (Should I ask solid to update protocol for this) Now all other chat apps supporting solid, has to follow my lead? Interoperability will be hell to manage.<p>- even with the limited number of browsers, we couldn't manage to unify the protocol. Protocol stuff is real hard.
I am very excited about Solid. That motivated me to write my thesis about a decentralised wiki, where Solid is its foundation. For further information, you can have a look at my work journal (<a href="https://ma.parrillo.eu" rel="nofollow">https://ma.parrillo.eu</a>).
The problem I have with these sort of initiatives is that they don't solve the real problem. Here's the thing: I want to own some of my data, but I don't want to own most of it, because it shouldn't be collected in the first place.<p>Solid and other alike work in theory, but in practice I have some serious doubts. I believe that instead of owning your data is far much better to camouflage or destroy your data before it gets out there.
This sounds great. I imagine a world where gmail had a setting whereby they had to use <i>my</i> storage for their service, mounted over the internet using SSHFS or something. This would be fantastic! No more IMAP syncing to backup my data. My data would already be <i>my data</i>.<p>Even if the “pod” is a virtual one in a data center, as long as the webmail provider is a different company to the pod provider, the data access is granular enough, and the terms of service enforce that the data is stored in a way that’s readable by me, this can only be a good thing.<p>Perhaps legislation could help here? What if the service company starts encrypting the data they store on my pod and refuses to give me the key? It would be good to wield the power of a regulator against bad actors who do this and any other shady rule bending.<p>Very exciting.
Sorry but what happens when i grant access to a company? It will collect the data i granted access to and then resell them to other companies and buy data from other firms too so my data will be spread around exactly as now so even if i like the idea, what's the advantage? Am i missing something?
Solid's goal is nice but its solution ia based on RDF and semantic web. Those technologies failed to take off for a web 3.0. I dont see this going to take off either. Turtle is just another syntax for RDF because XML is too verbose....<p>Anyway i do see a lot of value in IPFS, its solving a different problem, but it's related. It could allow for storing private data encrypted in a non centralized way, having the pinned copy owned by you.<p>I dont think the data format is going to be Solid based.
I remember reading about solid and not getting it, and Schneier here made a perfect pitch in a paragraph.<p>It would be great for all ambitious projects to have this kind of communicator.
As much as I like the ideas behind SOLID, I just don't seeing it panning out. The semantic data model is exactly the same as the one 10 years ago when it didn't catch on.<p>One of my biggest pet peeves there is that the default mode of operation is using a de-facto centralized ontology that is mutable and non-versioned. How is someone supposed to build up a semantic database when the semantics can be changed any time from under you?
My problem with all those pro-privacy apps is that privacy has a price[0], and a price most consumers (me included) are not willing to pay.<p>There are, essentially, two business models on the web. One is to provide the services for free and sell ads, the other is to charge for the services directly. To earn substantial amounts on ads, you need to track consumers massively.<p>As a consumer, I definitely prefer being tracked than paying for all the services I use. That's the stance of most consumers. If there's a free alternative with a lot of tracking and a paid alternative with good privacy, the free alternative will win. That's how the free market works. Privacy has a price, and a price most consumers are not willing to pay. Forcing them to pay it for some antiquated notion of privacy is just... wrong.
There is a similar project by Rob Pike called Upspin. It is pretty interesting. That also looked very promising. <a href="https://upspin.io/" rel="nofollow">https://upspin.io/</a>
I have mixed feelings about Solid. I really love the ideas behind it, and having Tim Berners-Lee (big name in tech) at the helm is a huge plus. However, I have some trouble with some of the technical choices, like RDF/Turtle. Given that most web developers are familiar with JSON, and many web APIs / services talk JSON exclusively, I feel like that should be the default recommended choice. Given that there is a lot of semantic web data already in RDF, I think that format should be supported, but not encouraged going forward.<p>I also think it's clear that Google and Facebook are not going to want to give up control of this data, and are highly incentivized to provide the best and cheapest services they can to keep users on their platforms. People are used to keeping their stuff in Google Drive, and wouldn't move it unless there was an easy way to do so and a good reason to even think about doing that.<p>I'm excited to see where it goes though, as centralization is a big problem on the web today. I try to self-host my own personal data but it's so hard to work with it in nice consumer apps. For example, I'd love to see CalDAV and CardDAV supported in Android, but for now I need to use DAVx⁵ to sync my info, and it doesn't seem to show up in Outlook for Android after years of requests to Microsoft for the feature.<p>I'd really like to hear other thoughts on this, as I'd love to see Solid succeed. Anyone working on Solid in this thread?
Like many others on this thread, I have a hard time seeing how it can succeed. I’ve been following anytype.io for a while and it seems like a much better solution that comes with a built in product. No need for pods since they live individually on each device. And it’s based on IPFS, which seems to be a much more established protocol for dealing with this sort of data.<p>It’ll be released later this year and hopefully it lives up to the hype.
I am not quite sure of the problem they are trying to solve as it isn’t directly stated. I suspect they are concerned about non-public data hoarding and the resulting centralization on an otherwise public and distributed platform.<p>If my assumption is correct here are some potential alternative approaches:<p>* Private platform reliant upon anonymity and public data. The value is the application delivering the best decision(s) returned from a consideration of available data, what some people might think of as AI. The better AI is more valuable than holding data.<p>* Private platform fully divorced from both data and anonymity. The data is what a person or organization already holds and what they are willing to expose in a private relationship to somebody they know and trust. The relationship is more valuable than the data or the application. This is something like WhatsApp mixed with a tiny operating system that works more like Bit Torrent than using a central service. I am working on something like this.<p>* Public platform reliant upon mixins of various public data. This is the semantic web of the prior decade. It never took off because nobody wanted to expose their data. Data is king, especially when the corresponding automation isn’t a valued portable commercial product.<p>* Tiny portable data driven application architecture. Applications need only enough data to perform their functional task at any given moment. The value is purely driven by the application’s output regardless of where data on the fly comes from. This is something like Siri, but more specific to a given task.<p>In order for ideas like these to be commercially viable data must become a commodity or at least less valued than almost everything else. This is hard because there are very real fears (such as lost privacy) around treating data as a traded commodity and because in many cases software, as a business practice, is still in the dark ages.
<p><pre><code> Everyone's pod would be on a computer they own
</code></pre>
Why? Hardware is hard. Why not just encrypt it and let it live in the cloud?<p><pre><code> If you want your insurance company
to have access to your fitness data,
you grant it through your pod.
</code></pre>
Or just give them a key that can decrypt your fitness data?
I would like to see some time-based permission scheme, for instance the ability to share my credit card information with Amazon for the next five minutes as well as the ability to share my address with Amazon for the next year.<p>My hope is that this could eventually be built out to support discrete identities, perhaps one for personal use and another for work and a third that is meant to remain anonymous.<p>A PKI based infrastructure comes to mind, that would provide the ability to revoke access. Technically I don't see a way to force systems to stop using revoked data but maybe the revocations could be used to provide legal proof that a specific company no longer has access to specific data.
I definitely agree with this sentiment but I think rather than reinvent the wheel we should be applying current web standards to users instead of businesses. If every user had their own static IP, sever, and SSL Cert, database, DNS entry, etc, we'd be able to create the web that Tim originally envisioned. And until now that would be prohibitively expensive and complex but could be real possibility now.
"<i>Your data lives in a pod that is controlled by you. Data generated by your things -- your computer, your phone, your IoT whatever -- is written to your pod. You authorize granular access to that pod to whoever you want for whatever reason you want.</i>"<p>Whereupon they copy your data, aggregate it with other sources, and continue on their merry way. Security theater in action.<p>I wonder what the backup scheme looks like.
I wonder how much data sharing we would actually do if this did exist. For example, your Facebook friends list is not your Twitter follows, nor your YouTube subscribees, nor your phone contact list, etc. There's some overlap but essentially they're different lists. Isn't a lot of stuff like that?<p>It still would be nice to have control and visibility of all that data automatically.
Actually people don't want to self-host anything. They want their data to live "somewhere in the cloud", accessible on demand. At most they wish this cloud to be "trusted" or "secure" or "privacy-respecting".<p>Until we find a viable business model for trusted and privacy-respecting cloud, we can't move on.
While I haven't studied their idea enough to be able to argue about it's effectiveness and/or flaws, I am glad that they are doing it, being who they are.<p>It really looks like we need a central paradigm shift. A free world designed for educated academics cannot survive the greed and stupidity of the whole world it seems.
Somehow, Semantic Web and associated ideas does not seem to have panned out in practice. I wonder whether HTML is the ASCII of the web world - clearly just intended as a first step and supposed to be obsolete over time, but proving to be a survivor, and a hurdle against future improvements due to wide adoption.
I'm sceptical about the economics of this. The first problem is the obvious idea of everyone storing their pod as many people have pointed out which is unfeasible, as inrupt itself points out.<p>The next step is that someone is supposed to host your pod in the cloud, but if this is supposed to protect your privacy the pod has to be encrypted. So then the question is how is the host making money? Charging people upfront for storage in a trade-off for privacy or control has proven to be a deal almost nobody is willing to make, we already have privacy respecting, more expensive services, they're largely fringe. Pods are a technical solution that only make this more complicated.<p>the fundamental issue that I think breaks this entire idea is that it vastly overrates how many people care about control or privacy.
>If you want your insurance company to have access to your fitness data, you grant it through your pod.<p>What if the insurance companies (or any other company) retain a copy of your fitness data after granting them access.<p>Won't we end up in the same world we are running away from?
I was looking into Solid for a bit, but stopped as my concerns grew, must of which are expressed in other comments.<p>Recently I've been enamored with the Dat Protocol and the Beaker Browser. I like that it's a peer to peer protocol that uses local data storage. In addition, it makes it almost effortless to publish and scale a web application or site. It doesn't have Solid's strength in access control, but that's not to say that Dat's access control won't evolve. At this time, Dat's access control is very simple, basically share by link.<p>In addition, I would like to Linux handsets like Pinephone become better and more widely used.
> If you want your insurance company to have access to your fitness data, you grant it through your pod.<p>Why would the insurance company trust that data? Since you're in control of the pod, you could alter it, no?
All I care about is that decentralized data projects somehow utilize our existing, real life, social networks.<p>I want a family to all be able to "friend" each other and seed each others' data. And just because you're seeding each others' data, that doesn't mean you necessarily have read or write permissions on that data.<p>People want to know whose data they are re-hosting and they should have an incentive to host it. Linking seeding to our existing relationships solves for both.
One benefit to this model is it fixes the way we currently handle things like contacts.<p>Right now if you have my phone number on your phone and my number changes you have stale data. If I don't want you to have my number anymore there isn't a great way to do much about that.<p>If you're allowing/removing access to a pod you host then when you update your phone number all of the people with access will get that updated information. You can also more easily remove access from people.
> Your data is no longer in a bazillion places on the Internet, controlled by you-have-no-idea-who. It's yours. If you want your insurance company to have access to your fitness data, you grant it through your pod.<p>Nothing stops a third party to record the data once you gave access and sell it. Even after you remove access they can keep their copy. So what use is this pod thing?
Is Inrupt on a big PR push right now? I just saw an article about them in the FT, and now another.<p>This quote from the post suggests that the timing of this personal news is externally managed:
“I joined the Inrupt team last summer as its Chief of Security Architecture, and have been in stealth mode until now.”
This is great, but shouldn't they also mention how metadata (like IPs) is almost as important (if not more so) than data, and the Internet is designed around the absence of privacy related to the personal information stored in the metadata ?
none of our file-systems support semantic access, e.g. you can't give handles to your apps, no!, they have to use archaic paths .. or constructions jails/vms/docker/etc to isolate them. that is a backwards stone-age hierarchical foundation.<p>and 'protocol' is somehow going to make that better? I don't think that's possible. users have never had to think about more than paths.<p>lets give them semantics to map file-systems to applications, [perhaps] in the same way a functional package manager would 'give' you/the os access to the right versions of those applications.
It's not often that I read about something and think "holy crap, that's genius", and that's exactly what solid is.<p>Then again, given who's directing it, it should come as no surprise in hindsight.
Inkandswitch is also working on similar problem <a href="https://news.ycombinator.com/item?id=19804478" rel="nofollow">https://news.ycombinator.com/item?id=19804478</a>
Lots of comments about how "no one wants this".
But we already have things like Dropbox, Mega, Drive, iCloud where it makes complete sense for users.
I'm more pessimistic. The internet and the apps we use frequently are like a public utility. The space is undergoing an era of massive consolidation and centralization.<p>This happened with railroads, and electricity, in the past. That period of consolidation was never followed by counterbalanced period of <i>decentralization</i>, a period of people operating their own mini-rail-car services, or micro power plants (solar, but...you know...).<p>It <i>was</i> followed by steady decline in prices of tickets, expansion in size of monopolies and steady decline in quality of service.<p>But you know, electricity and railroads became "democratized" just not in a "democratic" way. It's democratized because everyone can use a bit of it for basically nothing.<p>Then, the companies that made their fortunes often moved onto other high growth industries and the public became inured to the dilapidation, because the <i>product</i> had basically stagnated.<p>I don't see this company making any statement that suggests to me it can bring about some other possible future.
> Even if you do hand your pod over to some company, it'll be like letting them host your domain name or manage your cell phone number. If you don't like what they're doing, you can always move your pod -- just like you can take your cell phone number and move to a different carrier. This will give users a lot more power.<p>The domain name analogy scares me rather than reassures me. Sure, DNS was created in good faith to be as distributed as possible, but is it? There are recent stories that show that individuals do not have as much control on domain names as one would ideally like. See these stories -<p>- Sinkholed: <a href="https://susam.in/blog/sinkholed/" rel="nofollow">https://susam.in/blog/sinkholed/</a> (domain name hijack by German authority by accident)<p>- The duck tape holding the internet together: <a href="https://medium.com/thisiscala/the-duct-tape-holding-the-internet-together-12118be60ff1" rel="nofollow">https://medium.com/thisiscala/the-duct-tape-holding-the-inte...</a> (loss of control on domain name due to registrar error)<p>While the idea behind Solid sounds solid but the moment they talk about outsourcing pod hosting to third-party pod hosting providers, I get worried. Would it lead to walled gardens of pods? (Example GMail for emails) Would they add non-standard convenience features to create vendor lock-ins (Example GitHub for Git)? Would they abuse their power due to vendor lock-in (Example Sourceforge for SVN)?