Tim Berners-Lee Announces Solid, an Open Source Project Which Would Aim To Decentralize the Web

Tim Berners-Lee, the founder of the World Wide Web, thinks it's broken and he has a plan to fix it. The British computer scientist has announced a new project that he hopes will radically change his creation by giving people full control over their data. Tim Berners-Lee: This is why I have, over recent years, been working with a few people at MIT and elsewhere to develop Solid, an open-source project to restore the power and agency of individuals on the web. Solid changes the current model where users have to hand over personal data to digital giants in exchange for perceived value. As we've all discovered, this hasn't been in our best interests. Solid is how we evolve the web in order to restore balance -- by giving every one of us complete control over data, personal or not, in a revolutionary way. Solid is a platform, built using the existing web. It gives every user a choice about where data is stored, which specific people and groups can access select elements, and which apps you use. It allows you, your family and colleagues, to link and share data with anyone. It allows people to look at the same data with different apps at the same time. Solid unleashes incredible opportunities for creativity, problem-solving and commerce. It will empower individuals, developers and businesses with entirely new ways to conceive, build and find innovative, trusted and beneficial applications and services. I see multiple market possibilities, including Solid apps and Solid data storage.

Solid is guided by the principle of "personal empowerment through data" which we believe is fundamental to the success of the next era of the web. We believe data should empower each of us. Imagine if all your current apps talked to each other, collaborating and conceiving ways to enrich and streamline your personal life and business objectives? That's the kind of innovation, intelligence and creativity Solid apps will generate. With Solid, you will have far more personal agency over data -- you decide which apps can access it. In an interview with Fast Company, he shared more on Solid and its creation: "I have been imagining this for a very long time," says Berners-Lee. He opens up his laptop and starts tapping at his keyboard. Watching the inventor of the web work at his computer feels like what it might have been like to watch Beethoven compose a symphony: It's riveting but hard to fully grasp. "We are in the Solid world now," he says, his eyes lit up with excitement. He pushes the laptop toward me so I too can see. On his screen, there is a simple-looking web page with tabs across the top: Tim's to-do list, his calendar, chats, address book. He built this app -- one of the first on Solid -- for his personal use. It is simple, spare. In fact, it's so plain that, at first glance, it's hard to see its significance. But to Berners-Lee, this is where the revolution begins. The app, using Solid's decentralized technology, allows Berners-Lee to access all of his data seamlessly -- his calendar, his music library, videos, chat, research. It's like a mashup of Google Drive, Microsoft Outlook, Slack, Spotify, and WhatsApp. The difference here is that, on Solid, all the information is under his control. Every bit of data he creates or adds on Solid exists within a Solid pod -- which is an acronym for personal online data store. These pods are what give Solid users control over their applications and information on the web. Anyone using the platform will get a Solid identity and Solid pod. This is how people, Berners-Lee says, will take back the power of the web from corporations.

Starting this week, developers around the world will be able to start building their own decentralized apps with tools through the Inrupt site. Berners-Lee will spend this fall crisscrossing the globe, giving tutorials and presentations to developers about Solid and Inrupt. "What's great about having a startup versus a research group is things get done," he says. These days, instead of heading into his lab at MIT, Berners-Lee comes to the Inrupt offices, which are currently based out of Janeiro Digital, a company he has contracted to help work on Inrupt. For now, the company consists of Berners-Lee; his partner John Bruce, who built Resilient, a security platform bought by IBM; a handful of on-staff developers contracted to work on the project; and a community of volunteer coders. Later this fall, Berners-Lee plans to start looking for more venture funding and grow his team. The aim, for now, is not to make billions of dollars. The man who gave the web away for free has never been motivated by money. Still, his plans could impact billion-dollar business models that profit off of control over data. It's not likely that the big powers of the web will give up control without a fight.

ID

Sounds great... except it completely removes anonymity.

P.S. firsties.

Re:ID

A false sense of security is in some ways worse than no security.

Re:ID

[AmiMoJo]

Honestly not sure if you are right or not... For such a long summary it's remarkably free of actual information and details of what this thing is or how it works.

Re:ID

Yeah, it's better to leave the door open. After all the burglars would just smash a window otherwise, so let's not even try to impede them.

Re:ID

For such a long summary it's remarkably free of actual information and details of what this thing is or how it works.

My thought exactly. Just a lot of long-winded bullshit that doesn't mean anything. For example:

on Solid, all the information is under his control. Every bit of data he creates or adds on Solid exists within a Solid pod -- which is an acronym for personal online data store. These pods are what give Solid users control over their applications and information on the web. Anyone using the platform will get a Solid identity and Solid pod.

Get it .... how? From .... whom? Things don't just magically appear out of thin air.

This is how people, Berners-Lee says, will take back the power of the web from corporations.

Somebody has to build, maintain and pay for the physical infrastructure. Which means means someone owns and controls it. And that someone is not you. Which means you haven't actually "solved" any problems.

Re:ID

More pointless wanking.

(a) A platform that can compete against Google, Facebook, Instagram, Twitter, etc., doesn't just magically fall out of the sky. It requires massive physical infrastructure, and that that takes a lot of money. It is impossible to do that *AND* respect privacy *AND* not be based on monetizing users.

(2) 99% of the people using Google, Facebook, Instagram, Twitter, etc., *DON'T CARE* about privacy, or the lack thereof.

Re: ID

[wertigon]

Actually, it is described in the link to the website itself.

From what I could understand, you have one account connected to one or more PODs. The account controls the information flow for the pods.

So basically an old school web server with a permissions protocol slapped on top of it.

Re:ID

Choice is good and if everybody has a choice then it is probably hard to give detail at a high level.
This idea could simply be implemented with some entities or people that want to do it and then it could grow from there.
Different people means different choices but they will eventually self organize into several kinds of choices people will make. They just need to understand what choices they might have and more importantly what are the potential consequences of those choices. This is how the web developed in the first place but now we have the privacy model we have and it is time to see if it can be guided into a better privacy model. A benefit will be that people will make choices that nobody could have predicted and this will provide new ways of doing things.

Re:ID

I'd say a lot of them don't care, but also a lot of them just don't understand. Many would care, if they understood, i think.

Re:ID

[Napoleon++BONERpart]

That's not the idea, really. Tim Berners-Lee is like Steve Wozniak. He started with something good in the early days, and that was it. You can't give him credit for innovating over three or four decades when it was really one invention three or four decades ago that he deserves credit for. Not to draw any criticism of the former, but Wozniak has only been able to invent flops since leaving in the early days and going off on his own. Someone was bound to invent HTTP or an HTTP-like "thing" or an extension of gopher, and if it hadn't been for Berners-Lee, it might have taken another few years for someone else to do it. Or maybe not.

Woz and Berners-Lee are both great guys, and you can go so far as to call them authorities in their realms on what was and has been, but that doesn't mean that they know what should be or will be.

Re:ID

Reality. It's strong here.

Re: ID

Sounds like 404 galore, as resources are deleted by their owners.

Imagine a photo and a bunch of comments, likes, etc on it (their example), and the photo or random comments disappear...

Re: ID

[tepples]

How is this any different from a Twitter user deleting his or her Tweets?

Re: ID

"Imagine a photo and a bunch of comments, likes, etc on it (their example), and the photo or random comments disappear..."

And? That's the way the web was supposed to be: impermanent.

Re:ID

Pseudo-anonymity. FTFY. My ISP knows I'm on /. now, that's the current limitations of HTTPS.

Re:ID

[DjangoShagnasty]

Built in javascript runnnig node.js and distributed over npm.

Not the most secure non-commercial foundation to base the "reinvented" internet on.

Re:ID

[elrous0]

"Personal empowerment through data" sounds like a bunch of buzzword bullshit to me.

Re:ID

It's not that they don't care about privacy, it's that they are too short-sighted to care about privacy.

Re:ID

[Cbs228]

The summary probably wasn't written with a technical audience in mind, and it leaves much to be desired.

The main contribution here is the concept of linked data: that the relationship between media objects should be exposed through a standards-based interface. This is an old idea, but it is seldom practiced. Linked data is a natural extension of Sir Berners-Lee's original hypertext protocol, which provided for hyperlinking between documents.

The linked data protocol encourages the development of distributed applications. For example, one can host a photo on one server, but comments about that photo could be distributed among many others. Linked data is used to describe what refers to what. In this model, contributors are expected to retain more control over their contributions. This will likely scale OK for small groups... but if you attract hundreds of comments, you might be in trouble.

Is this useful? Maybe. It appears to fill much the same space as existing "social networking" websites, which provide both identity and methods for "limited sharing." It does not appear to address the needs of

• Very personal data like healthcare information, which must be stored only in highly secure, trusted environments; OR
• Very public data, which one might wish to store immutably, indefinitely, and have it be highly discoverable

Worse, where are we going to put these "Solid PODS?" On our home PCs? Most homes are not blessed with high uplink speeds, 99.9%+ SLAs, uninterruptible power, or redundant data centers. The answer for most people is likely going to be "in the cloud." Economies of scale dictate that low-cost cloud computing resources will be concentrated into the hands of relatively few organizations with both the capital and the experience to provide them.

All will be well and good until the cloud service providers realize that they can simply peer into these PODS and extract all the data that they ever wanted.

Re:ID

No! No, here's where you're wrong.

They were told by many of us, that Facebook was evil. To not use reward, airmile, and other type cards. That everything was being tracked, and how such things are a danger not only to them, but to democracy itself.

Fast forward to Cambridge, fast forward to all the CIA issues, to all of it, AND NO ONE CARES.

No one cares!

People don't care that it is easy to get dirt on politicians these days, and manipulate them. And instead of even caring, we now have vigilante style groups, #metoo, and other such, that are capable of completely destroying a person without any court, and evidence examined in a court -- by judge or peers!

And we have the media going bananas, spewing fake headlines all over the place. Electronic voting. Interference in the election process by foreign powers.

NO. ONE. CARES.

You and I, and others here that espouse concern? We make the "1%" look immeasurably large.

Re: ID

Twitter isn't the whole web.

He's building this to redo the whole web.

Re: ID

Missing resources everywhere are annoying, and for businesses, this makes things unreliable.

Armchair philosophers may call this "impermanent", the way things are..

But back in the real world, people and businesses are drawn back to Google, Facebook, and the regular web.

Re: ID

[vtcodger]

"Imagine a photo and a bunch of comments, likes, etc on it (their example), and the photo or random comments disappear."

That's what happens now if you have a website and try to include links to your references. The links rot constantly and often just go away. Unless the Internet Archive has saved the linked material and you take the trouble to fix the link, the stuff is gone forever from your POV. AFAICS, the only solution is to ignore copyright and make copies of any external material you actually care about.

Re:ID

[vtcodger]

"Built in javascript runnnig node.js and distributed over npm."

Insecure by design.

Re: ID

[tepples]

How does this differ from when someone posts a photo to his or her own website using current technology and later deletes it?

Re:ID

[gweihir]

Quite true. Most people do not manage that one great invention, and those few that do usually do it only once.

This "Solid" thing sounds overly complex and far too removed from what exists to ever be established.

Re: ID

Sounds like somebody let the cat out of the bag unfortunately this idea is half baked.

  People will invariably opt in the same set of services so that permission can be delegated to these pods.

  âoeAlexa add Charlie skillâ

Re: ID

Pod data can come from many users, who can withdraw access at will, on a whim. You'll get random pieces missing. Content stays, but only partially, and won't make sense anymore.

Re: ID

The web never relied on monetising users originally... heck nor did any competing solution to the âoeletâ(TM)s organise and distribute information intelligiblyâ problem. Only modern morons feel the need to monetise everything. Itâ(TM)s a tad ironic that the more worthless monetisation that occurs the more inflation will occur to compensate and the less purchasing power with money we will all have....

Heck the proof is obvious that monetisation of the web is for greed, not corporate necessity.

âoeSoftware as a serviceâ is a response to the obvious problem with selling digital products - that once you have all the software you need you ainâ(TM)t gonna keep buying over and over again. Microsoft Office and Adobe Creative Suite demonstrate the point in that besides OS incompatibility and security vulnerabilities forcing an upgrade purchase, people could still use their old versions and get on with life just fine. Somehow companies did just fine for before ripping us off with SaaS, now they want an unlimited money supply without even providing long term bug fix support for a given release branch.

âoeEntertainment as a serviceâ is a response to the natural issue that thereâ(TM)s only so many ways to dress up common tropes, plotlines, samples, beats/rhythms, notes/scores and other themes before people realise they have all the entertainment they need. Legal purchases of music by mainstream artists can be had for as little as $0.10 per track and yet people will pay $10/month to not even own a license. Likewise charity shops stock all the movies people purchased for $1 each. The industry survives without ripping people off, yet it will still do so unethically because $shareholders say so.

Advertising-driven service models: Hoo boy these are nefarious and made of lies. BitTorrent and Gnutella clients demonstrate quite clearly why sites like YouTube donâ(TM)t need adverts. Google could have ran the YouTube service in a cheaply scalable way if theyâ(TM)d have wanted to. But they donâ(TM)t want to. A service like Facebook likewise could have been ran in a very cheaply scalable way too if the developers had wanted to. They chose not to.

Campaigns like HTTPS Everywhere with PFS have crippled caching capabilities for ISPs, wasting a lot of bandwidth and screwing over the web in the process. Iâ(TM)m glad folks like Tim are looking for ways to fix the mess we have created here.

Re: ID

[KjetilK]

So basically an old school web server with a permissions protocol slapped on top of it.

You make the stuff that we do sounds really simple, but yeah. That's pretty much it. :-)

But note that in spite of Tim having read-write capability in his first browser, it really never took off. And then we had this document web, when we also wanted a data web and an applications web. So, I guess we got the applications web, but just pretty primitive and constrained ones.

So, yeah, the server side is really very simple. It is like, the UNIX of the Web. But in terms of all the stuff that has been around for 25 years without taking off, there is really a lot to do...

Re: ID

[KjetilK]

Basically all the stuff around it. First, you have the permission stuff that allows you to share those pics with the people you want, without uploading it somewhere totally beyond any reasonable control. Then, others are welcome to provide apps around it, so your pics could be part of somebody's feed, like instagram, only, those pics are never uploaded to somebody else's server.

But overall, the server side is intended to be pretty simple.

Re:ID

[KjetilK]

But the server is pretty simple, and can and will be implemented in many different languages. People are working on a Go implementation too. The nice thing about JS is that much of the same logic is both on the server and the client side, and so it is actually the same code. That's pretty nice for consistency and cost of implementing it.

I'm myself not really impressed with the security of the Node.js landscape, but that's what we decided to do first.

Re:ID

[grcumb]

Somebody has to build, maintain and pay for the physical infrastructure. Which means means someone owns and controls it. And that someone is not you. Which means you haven't actually "solved" any problems.

I think the point of this exercise is that anyone can build, maintain and pay for the physical infrastructure, so people can effectively pick up stakes whenever they like. The premise seems to be that competitive forces will keep the behemoths from monopolising your data, twisting it out of shape, or rendering it inaccessible to outside forces.

Given our experience of the commercialisation of the open web, and the commoditisation of the user, I'd say that premise is naive. At best, this is a new weapon in the online arms race, and for the moment, it's in the hands of the freedom crowd. The moment there's money to be made from your pod—and that's a necessary condition for SOLID to work—there will be vendors who will customise its contents at the expense of interoperability, and a concerted effort to make it as difficult to move as possible.

Governments will want to be able to control the movement of pods as well, for obvious reasons. And they'll no doubt want to legislate backdoors into the security mechanisms, especially those establishing identity.

I saw Tim Berners Lee back in 2000 when he first proposed what he was then calling the Semantic Web. Most of SOLID derives from what he had in mind back then. Then, as now, his ideas are inspired and powerful, but vulnerable to the buffeting of external forces. And compared to a smart man with a computer, governments and vested interests are looming large these days.

Re: ID

[astrofurter]

But it's Agile(tm)!

Re: ID

Everything Woz built in to the Apple 1 and 2 had been done before and was well known. For example, Don Lancaster's TV Typewriter, 40x24. Colorburst with a shift register. Classic stuff.

Woz put it all together. Completely tightwad, not a gate or transistor extra.

That's great work. Not sure if it was genius.

Yes I was at the computer club presentation of the Apple 1. Is was 13.

all the oss billionaires please raise your mice

or just smile & wave.. that was easy... just don't call it freeloading?

Enough already

[registrations_suck]

Enough with all the utopian bullshit and just make it work better!

How about being able to actually get GB speed from the GB connection Iâ(TM)m paying for? Start there.

How about not being stuck waiting on a connection to some third part domain that Iâ(TM)ve never even heard of, so that the site Iâ(TM)m ACTUALLY VISITING will load and make itself available to me?

How about a goddamned single sign on mechanism of any kind so that I donâ(TM)t have 1000 different passwords for websites?

How about a âoepay nowâ button that accesses the info I have already stored in my web browserâ(TM)s âoeID cardâ, so that I donâ(TM)t have to type it in all the time?

Start with that. Let me know when you have it. Thanks.

Re: Enough already

[registrations_suck]

Howâ(TM)s out slashdot appropriately processing âoeâ quotes?

Re:Enough already

Well, at least Unicode itâ(TM)s working well for everyone!!!1!ONEONEELEVEN

Re:Enough already

[Archtech]

How about being able to actually get GB speed from the GB connection Iâ(TM)m paying for?

That is not a WWW issue at all; it's not even an Internet issue. It's a commercial issue between you and your ISP.

How about not being stuck waiting on a connection to some third part domain that Iâ(TM)ve never even heard of, so that the site Iâ(TM)m ACTUALLY VISITING will load and make itself available to me?

Again, this is only marginally a WWW issue. You can make matters a lot better by not patronizing sites that pull in lots of other sites, often for money-making or advertising purposes.

How about a goddamned single sign on mechanism of any kind so that I donâ(TM)t have 1000 different passwords for websites?

Use a password manager such as Password Safe.

How about a âoepay nowâ button that accesses the info I have already stored in my web browserâ(TM)s âoeID cardâ, so that I donâ(TM)t have to type it in all the time?

If you think it worth the loss of security involved, you can already have your browser memorize most of that information.

Re:Enough already

[brunes69]

> "How about a goddamned single sign on mechanism of any kind so that I donÃ(TM)t have 1000 different passwords for websites?

This already exists and is called OpenID Connect. It works quite well for the most part and is what makes all of the "Sign in with Google" and "Sign in with Facebook" (and used to also have Sign in with Yahoo) buttons work across the web.

It has not taken off for a couple of reasons

- Misunderstanding that by doing this you are giving Google/Facebook/Yahoo access to your data on that site (you aren't)

- Misunderstanding that by doing this you are giving that site access to your Google/Facebook/Yahoo password or information (you aren't, unless you approve it explicitly - and you never give them your password).

- Difficulty to implement "in the olden days" limited it's spread. This is no longer true.

I use "Log in with Google" everywhere I possibly can. It is much more secure than making identities on third party sites.

Re:Enough already

Go complain to your shitty ISP.
This is completely separate.

Re:Enough already

[shmlco]

"Misunderstanding that by doing this you are giving Google/Facebook/Yahoo access to your data on that site (you aren't)"

The flip side -- and the problem -- with this is that nine times out of ten the site in question wants access to your personal information as well as a complete list of your friends. Refuse, and the site won't grant access.

So the site in question gets all of my Facebook/Google data, and Facebook/Google now know of your interests in X and (quite likely) can track you across that site using "like" button cookies.

OpenID would be great if there was a way to have an account somewhere that was limited solely to identification and whose provider wasn't snarfing all of your personal data. And, not to mention, was a big enough player in the space that most web sites would actually implement it.

So maybe Solid is, in fact, that solution.

Re:Enough already

Well, that's great and all, but I don't really care what it does now. The no longer "don't be evil" Google/Alphabet has thrown their hard-earned trust away - far away. So, I won't be trusting Google to do anything that would be in my interest and not theirs. This means that the future is always open for them to modify all of those things you assert are the case now. The only reasonable response is to treat Google technology as radioactive, and so I will.

Not to mention that their search engine sucks so hard that scientists are having to re-examine how vacuum is measured.

Re:Enough already

How about being able to actually get GB speed from the GB connection I am paying for?

That is not a WWW issue at all; it's not even an Internet issue. It's a commercial issue between you and your ISP.

Actually, GB not running at GB speeds is a function of transmission media, Ethernet, throughput, latency, QOS, saturation, broadcast storms, and other technical issues. Wireless introduces 802.11, half-duplex and CSMA/CA to make matters worse. You are also assuming that the WAN / MAN to your destination is running at GB speeds. This is mostly OSI layer 1 and 2 stuff.

Restricted bandwidth to Netflix is an ISP issue called throttling - the opposite of Net Neutrality.

These misconceptions happen when colleges don't require CS majors to take an introductory Cisco class.

Re:Enough already

How about being able to actually get GB speed from the GB connection Iâ(TM)m paying for? Start there.

Well, not being scammed by companies requires that there is some form of regulation in place and that it is enforced.
Vote for a stronger government and with people who actually wants to regulate those companies next time and it might happen eventually.

Re:Enough already

... Start with that. Let me know when you have it. Thanks.

Not sure if you are serious. Check out "utopian bullshit" called IPFS. It already works, is pretty god damn fast and recently reached a milestone.

Everything you listed already exists (unless you are retarded or live under a bridge) and corporations are working hard on making it even "better". In a fucking "cloud". Shit if the cunts get their way you are not gona even need a password. They are shove a chip up your ass to improve "user experience". Facebook is all over that.

Also torrents. That is some pretty fast hardcore "utopian bullshit" in a swarm. Been around for what... like a decade?

Re:Enough already

You seem to be posting from Safari, which does that smart-quote thing that Slashdot doesn't understand.

You should look into the features Apple has put in your web browser. Tired of signing in with passwords? Safari can store the passwords for you and autofill them. If you have TouchID, it'll lock those away so that your thumb becomes your sign-in.

ApplePay exists, and Safari can store your credit card numbers and autofill them when you want.

As for third party tracking domains, Apple's been working on that, allowing you to block third party cookies and cutting down on tracking, but a nice addon like Ghostery (soon to be Ghostery Lite) will help. On iOS there are some wonderful content blockers in the app store: they'll speed up your browsing experience tremendously.

Re:Enough already

[Ol+Olsoc]

Enough with all the utopian bullshit and just make it work better!

How about being able to actually get GB speed from the GB connection Iâ(TM)m paying for? Start there.

How about not being stuck waiting on a connection to some third part domain that Iâ(TM)ve never even heard of, so that the site Iâ(TM)m ACTUALLY VISITING will load and make itself available to me?

How about a goddamned single sign on mechanism of any kind so that I donâ(TM)t have 1000 different passwords for websites?

How about a âoepay nowâ button that accesses the info I have already stored in my web browserâ(TM)s âoeID cardâ, so that I donâ(TM)t have to type it in all the time?

Start with that. Let me know when you have it. Thanks.

You aren't quite understanding, friend. All that you complain about is a direct result of what the web has become, not utopian bullshit.

Do you want to know why data caps has been increasing? Why they advertise faux so called Unlimited data?

All of the thigs you complain about cause it. The increase in data is just so you can be force-fed more ads, scripts, tracking, and attempts to get you to freely give away data that can be monetized or weaponized.

If I tether a computer to my smartphone without an ad blocker or ghostery, I'll blow through data so fast that it takes hardly any time to blow my cap or get data throttled. The phone by itself gobbles up that data if I use it's browser.

I measured one time - one page that I went to without protection to get a 40 K PDF file blew through over 40 Mbytes of the shit they make you wade through.

The internet is badly broken.

Re: Enough already

[PopeRatzo]

Howâ(TM)s out slashdot appropriately processing âoeâ quotes?

I'm starting to like it this way. It lets us identify the Apple users and ignore them accordingly.

Re:Enough already

[sheramil]

The internet is badly broken.

The internet is working perfectly. It was never intended as a virtual domain to allow primates to pick nits off each other digitally.

Re:Enough already

[Ol+Olsoc]

The internet is badly broken.

The internet is working perfectly. It was never intended as a virtual domain to allow primates to pick nits off each other digitally.

Yeah, it was always about an advertisement, tracking and data weapon service.

Re: Enough already

I was somewhat hoping we could PGP the web and dump passwords personally.

As in: Everyone has a PGP key used as their âoeidentityâ, site sends a PGP encrypted request based on a site specific shared secret and the user sends a PGP encrypted response to the site. All forum posts and such could likewise be PGP signed preventing forgery. All website registrations for non critical services would use a PGP key only, while other more critical ones could use a hashed biometric result as a second factor of authentication. To allow for better security and to better protect against a compromise, legitimate alias keys could be TPM generated or stored within an equivalent secure token and used to sign on behalf of the master key. This would allow one to revoke access in the event of a compromise.

To prevent malware acting on behalf of a user, systems could use a dedicated security processor as seen with Secure Enclave utilising a separate peripheral that can be used to confirm/deny signing off access. This approach could effectively be used to close off most problems...

Re: Enough already

[sysrammer]

Thanks, I got my Internet Laff(tm) for the day!

Actually, my 2nd. XKCD made my day with a Stanislav Petrov panel.

Re: Enough already

[cyber-vandal]

How about turning off "smart" quotes in your keyboard settings so your comments don't get mangled.

Re:Enough already

[angel'o'sphere]

How about a goddamned single sign on mechanism of any kind so that I donÃ(TM)t have 1000 different passwords for websites?
Why would any sane person want to do/have that?

Re: Enough already

[angel'o'sphere]

It is not an Apple problem. Android tablets, specifically mine, do have the same "problem" (Using a Chrome browser there)

Re: Enough already

[PopeRatzo]

It is not an Apple problem. Android tablets, specifically mine, do have the same "problem" (Using a Chrome browser there)

I'm using an Android device right now. A tablet, in fact. And chrome. And my 'quotes' and "quotes" don't look like my cat walking over an international keyboard.

Re: Enough already

[phantomfive]

I think the character processing is all done in regular expressions, and there is no one left working at Slashdot who understands regular expressions. They should really just open source Slashcode and let people make improvements.

Re: Enough already

You aren't paying for a GB connection. Unless you are paying a shitton of money. You are paying for a connection with a maximum bandwidth of a GB depending on utilisation. Many dont seem to understand this, you can get your dedicated GB just it will cost you exponentially more.

Re: Enough already

[angel'o'sphere]

But mine do. Lenovo Yoga Book .
So? What is your point?

Re: Enough already

[PopeRatzo]

But mine do. Lenovo Yoga Book .
So? What is your point?

If I were you, I'd try calling the Slashdot Help Line. One of our Customer Experience Concierges will be happy to assist you.

Re: Enough already

I paid for a year's worth of that service! Just use my account.

Re: Enough already

> broadcast storms

Yeah that happens at lot these days!

Errr, uhhh, actually not at all, since 1993

Re: Enough already

[Archtech]

I think that is roughly the kind of thing TBL is trying to do. His main partner is a security expert.

Re: Enough already

At your iDevice:

Settings > General > Keyboard > Find "Smart Punctuation" and set it to OFF

Problem solved, and no one likes smart quote marks anyway.

Re: Enough already

[Zontar+The+Mindless]

They laugh only because they know it's true.

Re: Enough already

I think the phone's been disconnected.

Send a self-addressed, stamped envelope, along with a check or money order for $25, to:

Slashdot Help Line
903 East Division Street
Syracuse, N.Y. 13208 USA
Apartment #1, Lower Level

Re:Enough already

[coofercat]

> How about a goddamned single sign on mechanism of any kind so that I donâ(TM)t have 1000 different passwords for websites?

Er... Dashlane?

> How about a âoepay nowâ button that accesses the info I have already stored in my web browserâ(TM)s âoeID cardâ, so that I donâ(TM)t have to type it in all the time?

Er... Dashlane again?

Re: Enough already

[angel'o'sphere]

No need for that, since I know that the software keyboard is using unicode quotes, I use the hardware keyboard when posting.

But if you are so annoyed about iPad users with "smart quotes", perhaps you should contact the slashdot developers, no idea why you think the "help line" could help there ...

Re: Enough already

[PopeRatzo]

no idea why you think the "help line" could help there ...

You could always ask for a refund of your Slashdot fees.

Re: Enough already

I think the character processing is all done in regular expressions, and there is no one left working at Slashdot who understands regular expressions. They should really just open source Slashcode and let people make improvements.

Like this?

Show, don't tell. Less hype, more details.

[Entrope]

These are very nice puff pieces claiming a lot of good intentions, but how does it work?

I can already create a calendar app -- or download one -- and control all my information by running it on my own web server. That is more hassle than I want. How does this new thing let me trust my data to code written by other people, that I probably never see, running on servers I don't control? How will Berners-Lee's new company make enough money to pay employees and satisfy its venture-capital backers?

I bet he will fail

[aglider]

Companies and governments will find ways to hinder his project or to screw it up.

Re:I bet he will fail

[StikyPad]

This. When the WWW was born, the only entrenched interests were networks like AOL and Compuserv, none of which had the political or economic clout to stifle competition. The web, at that point, was pretty useless anyway, and likely not viewed as competition, per se. These days, Facebook and Google are some of the largest companies in the world, and they exist precisely by monetizing the very user data that TBL proposes to lock down. So.. good luck?

Re: I bet he will fail

No, the weak link is right in the summary, a journalist can overlook it but to regular users, looks IS half the app

  "In fact, it's so plain that, at first glance, it's hard to see its significance"

Re: I bet he will fail

[Megol]

That users think that it's better to look good than to be good that is the main problem with the Internet/WWW IMHO. Imagine if we had the promises of hypertext fulfilled instead of the web of today. Using some site on a phone? You can't do everything, some features are simply gone. Using some site on a large screen desktop computer? Sadly most users access the site on phones and now everything is an infinite scrolling list of phone friendly icons instead pagination and real descriptions. Don't know exactly what you are searching for - you have to scroll until you find it or get bored.

Re: I bet he will fail

[Wrath0fb0b]

User's preferences can never be the problem. This is a contradiction in terms. Things are measured by what people think is better. The sooner you lose this attitude that there's any other measure, the sooner you can build things that people actually want to use.

This is not to say that there isn't a dialogue between the person building widgets and the users consuming them. A lot of building and iterating involves not just blindly giving people what they want, but in exploring what their underlying need is and trying to fulfill it. It's not just 'a faster horse'.

But still, in the final analysis, the builder is successful if and only if the user thinks the widget is good. That's the metric.

Re:I bet he will fail

Companies will say 'if you want to use our service or play our game, you must release your data even though it is not needed by the service/game.' Basically just what big tech is doing now.

Re:I bet he will fail

[thomst]

StikyPad stated:

When the WWW was born, the only entrenched interests were networks like AOL and Compuserv, none of which had the political or economic clout to stifle competition. The web, at that point, was pretty useless anyway, and likely not viewed as competition, per se.

<lecturemode>

Not true.

TBL announced the WWW - and posted source code for it - in late 1989. It instantly took the high-energy particle physics research community by storm (because he worked for CERN, and developed the first iteration of HTML there). However, the only graphical browser in the world at that time was the one he built as a proof of concept - and it ran only on NeXT cubes. Everyone else had to settle for using Lynx, a character-mode browser.

That was less of an impediment to its spread than you might think, both because NeXT machines were wildly popular among high-energy particle physicists (they were, after all, the most powerful personal computers available at the time), and because, outside of the academic/research particle physics and academic computer science communities, the dominant Internet access paradigm at the time was via dial-up, terminal emulation session, where user applications pretty much only ran on the ISP's host machines. Oh, and you had to buy (and your ISP had to support) a US Robotics proprietary-technology modem to get speeds above 9600 baud.

But it is profoundly incorrect to claim that the Web was simply a curiosity at the time. Folks who had Internet accounts then (mine was via Netcom - one of the first commercial ISPs) were tremendously excited when the existence of this new technology exploded out of the HEPP academic hothouse (via Usenet, of course). And we weren't the only ones, either. Any number of tech companies built websites right away - and many of them were actually useful to us. In particular, since I was working as a freelance LAN administrator and networking consultant at the time, I regularly made use of both Novell's and Compaq's sites to download drivers, patches, and documentation - and was grateful as hell to be able to do so.

That's because my colleagues and compeers who didn't have Internet accounts were forced to download those same resources via CompuServe's balky, and determinedly-user-unfriendly, forum portals. Meanwhile, I had gleefully uninstalled the CompuServe client from my own computers, and permanently kissed the monthly CompuServe tax goodbye.

One of the things that made the Internet so attractive an alternative to CompuServe and the <shudder> odious techno-leech called AOL was that, in those days, it was still subject to the restrictions on commercial traffic imposed by the NSFnet's backbone content policies. (NSFnet was the default Internet backbone for the USA. As a project the sole funding source for which was the National Science Foundation, its use policies naturally prohibited commercial messages from traversing it, because federal agencies were, quite rightly, forbidden by law from endorsing any commercial product or service - and basically every packet sent over the 'net wound up traversing NSFnet, because it was the only backbone provider in the USA.) So, no advertising (outside of Usenet spammers) or pay-for-content services were permitted on the 'net.

The first graphical browser for Windows users (which also swiftly was ported to the Mac and AmigaOS platforms) was cobbled together in early 1993 by two grad students working at the National Center for Supercomputing Applications (one of whom went on become a billionaire venture capitalist, while the other one didn't). They called it Mosaic, and man was it ever primitive - but it was free, and open-source (even though that was not yet a term of art), and by using a shim (the name of which escapes me at the moment), you could even get it to run on your dial-up, terminal-emulation-mode account. And, as lame as it was, it was the coolest thing in computing, and all the hax0r kids had to have it.

Me includ

Re: I bet he will fail

Nibbers want 3 + 3 = 7. Nobbers are like that. Fantasy becomes a usr preference and required for them to choose the methodology ( of maths ). The sooner we make-it-so the sooner math builders become successful. WTF ? You gonna buy that bridge pad're ? Things are NOT measured by what (people) think is better. Successful culture molds it's behavior to the cold wheel of careless external reality ... snowflake emotocent culture OTOH is crushed beneath its grinding treads, fragile epiphanies chewed into fragments and spewed into the mud of history.

Re: I bet he will fail

"Things are NOT measured by what (people) think is better. Successful culture molds it's behavior to the cold wheel of careless external reality"

Your taking it way out of context, all he said was "the builder is successful if and only if the user thinks the widget is good."

Re:I bet he will fail

[angel'o'sphere]

Before the WWW we already had similar systems, like Gopher and text based WAIS.
The parent simply mixed up "consumer level internet access, based on WWW/HTTP" with "the internet".

Re:I bet he will fail

[thomst]

angel'o'sphere observed:

Before the WWW we already had similar systems, like Gopher and text based WAIS. The parent simply mixed up "consumer level internet access, based on WWW/HTTP" with "the internet".

Yes we did.

WAIS never really worked very well (because it came along about the same time that the web did, and the latter sucked all the oxygen out of the academic computing environment's interest in it), and Gopher always was a nightmare of non-functional links and endless waits for it to timeout when it hit one of them.

And I believe I pretty definitively made your second point for you - with sufficient historical context included to establish exactly how far from the facts his assertion strays, and that understanding that history is important, if you want to grasp why he's mistaken.

Hey, I'm a storyteller. It's what we do ...

Re:I bet he will fail

[angel'o'sphere]

Well,
I had no bad experience with Gopher as I was using it only on Macs inside of a campus with a quite fast internet connection to the USA, and one of the first fiber optic internet links in Europe connecting Karlsruhe, Strasbourg and two or three other "european" universities.

With WAIS I never had any problems either ... but I did use it only for research purpose of a guy making his PhD ... so that was perhaps over a course of two years once or twice a month.

But I have to admit, when HTTP/HTML came out, I thought to myself: who will ever need/use that?

Re:I bet he will fail

Thank you for that. I lived through it but I was just graduating high school at the time. There were only a few people available to me who knew much about computers. Plus magazines. Even now I really wasn't aware of the birds eye view of things.

The first time I used the web was through the detroit freenet. You had to connect via phone through a limited modem pool. The browser was of course text based. At that moment, the web was completely useless to someone like me.

I eventually got an account I could telnet from. Mmmm muds.. those were the days. I didn't really use the web for a number of years. Prodigy then AOL. I think I finally got on the web when AOL started allowing you to use it. But my memory is fuzzy on that. Eventually AOL offered DSL.

Re:I bet he will fail

Have to agree with your lecture largely. One minor note:
> and by using a shim (the name of which escapes me at the moment),

You might be thinking of SLIP (Serial Line Internet Protocol) which was not too long afterward replaced by PPP. Eventually, on Windows we got third party TCP/IP stacks provided by the likes of Trumpet Winsock.

-Another Old Net Geezer

Re:I bet he will fail

NeXT machines were wildly popular among high-energy particle physicists (they were, after all, the most powerful personal computers available at the time)

Seems you have never heard of the Archimedes Computers: a lot cheaper than NeXT and a lot more powerful, running its own Arthur/RISC OS operating system, or RISC_iX BSD Unix.

Is that the Tim Berners Lee who endorced the DRM?

There was a fella with the name of Tim Berners Lee who voted FOR the inclusion of DRM in HTML.

I do not know if it is the same Tim Berners Lee, or not

https://www.techdirt.com/artic...

Maybe I'm just a noob...

... But if all these apps can access your data at the same time, how does that prevent another party from using its app that you installed to access your data, copy it, and sell it to others like they do currently?

Re:Maybe I'm just a noob...

Maybe it's a matter of the weakness of the links. If you've got just *one* permissive friend (or sets the Pod profile to "public" or something), then it's just a matter of following the links back to conservatively-connected you.

This seems like a way of more effectively seeing who trusts who and why. And it even happens after a big "#DeleteFacebook" fad. Even without centralization, this could still be used by someone else for profit.

Incentives?

And what is the incentive then to build any of this? Companies build these products for you, and make them available for free, because you are monetizable. It's that simple. If you are no longer monetizable, we need a new fundamental unit economy for the internet. Focus on getting companies to adopt that, i.e. give them a reason to. Users will never really care about privacy it's a secondary feature that will only matter to nerds. So you need real features that matter to regular people, and a real ecosystem that creates value for companies. Good luck with this approach, but it doesn't seem well fleshed-out to me.

Re:Show, don't tell. Less hype, more details.

[Archtech]

TBL's original vision for the WWW was exactly that everyone - organization or individual - would be able to read and write information. Presumably this new idea (drawing on nearly 30 years of experience) will suggest ways of making it far easier and more foolproof to run your won Web server - or do something similar that gives the desired benefits with much less hassle.

Umm...

Firstly, wouldnâ(TM)t having to authorize each individual app be a humongous undertaking for even the most tech savvy? You would need to vet each app before allowing access to your data, and then be constantly monitoring them all for changes in privacy policy or reports of data breaches, and their ethics. Then an app will come along saying âoehey, give us your data, and weâ(TM)ll handle app management and make sure your information is secureâ... until they then sell your information.

And secondly, this smells of https://xkcd.com/927/

Re:Umm...

[Megol]

Just a friendly tip: Wouldn isn't trademarked.

Broken by design?

[spinozaq]

This design seems like DRM for personal data. Which is fine for things I would never share, like a TODO list. As soon as you wish to share information the receivers need a way to decrypt it. Just like DRM is broken by design, since the purchaser needs to actually play the song, so will this.

I just donâ(TM)t think the protection of data Is the problem. Itâ(TM)s the motives of companies that provide ease of data creation, and consumption, that are the issue. For this to work, well funded, highly regulated non-profits would need to mange it, and create the interfaces. Maybe Iâ(TM)m an old cranky pessimist, but I donâ(TM)t see that happening.

Re:Broken by design?

Backups or copies for redundancy? Sure I can store my data at my house. What happens when my house is disconnected? I also gather there is some central registrar/push server because incoming TCP connections are usually difficult to set up. So, still plenty of issues.

Re:Broken by design?

â(TM)â(TM)â(TM)tytrâ(TM)uyâ(TM)uyfâ(TM)â(TM)â(TM)uyfâ(TM)vâ(TM)uyfâ(TM)â(TM)â(TM)vâ(TM)â(TM)â(TM)â(TM) â(TM)â(TM) iytâ(TM) igâ(TM) gâ(TM) ffyfyâ(TM)â(TM)â(TM)â(TM) iygfiyfâ(TM) iyfiyfyâ(TM)uyfâ(TM)rtdâ(TM)â(TM)stâ(TM)rstâ(TM)rtâ(TM)oihâ(TM) â(TM)uhogâ(TM)
FUCK YOU

Re:Broken by design?

[DogDude]

There's something wrong with your keyboard.

Re:Broken by design?

[KjetilK]

This design seems like DRM for personal data.

Whoooah! No, it is not. DRM is fundamentally broken, so, that's not what we're aiming for. Indeed, if you trust your data with someone who is not worthy of your trust, then there is very little technology can do to fix that broken trust. Then, it becomes a really difficult social, psychological and legal problem, where technology can only play a very minor part.

So, what we're doing here is to ensure that you can store stuff on a web server you control. Then, the intelligence sits on your client, so the apps you use will be restricted by the security model of your device, and therefore should not send your data off without your consent.

Re:Broken by design?

I just donâ(TM)t think

You were doing so well, but I ignored everything after you revealed that you don't know how to use the current version of the web.

Re: Broken by design?

[spinozaq]

Really? That is pretty petty. There is a bug here with posting from an iPhone on safari dealing with quotes. I did not know about it until I posted. I guess that makes all my other thoughts invalid..... harsh world.

Re:Broken by design?

[nadass]

This design seems like DRM for personal data.

Whoooah! No, it is not. [] that's not what we're aiming for. Indeed, if you trust [] what we're doing here is to ensure that you can store stuff on a web server you control.

Actually, yes, you make it seem exactly like DRM: the terms of consent are centralized ("web server you control") for content consumed by others ("you trust your data with someone"). While Disney owns (legally) and controls (via DRM) their movies on their servers (self-managed datacenters or outsourced to 'the cloud'), they've established a time-limited contract encapsulating the terms upon which you may consume the content. Their terms typically include the disclosure of your personal and digital identity (who are you and where/how is the content consumed).

Technologically, however, it seems like a decentralized DRM implemented simply as an Onion server running atop an Onion router. The content would be marked up as HyperText Markup Language (HTML) or an alternative DRM-friendly annotation scheme (read: metadata) with an associated logging strategy as to establish a sufficient audit trail.

HONESTLY, however, my very first thought is that TBL/Solid/Inrupt is trying to re-invent/re-incarnate the WWW as it was back in 1989... with more contemporary systems and network architectures... with the idea of leaving a lasting legacy of a new green-field project. Oh, with the marketing playbook that AOL, CompuServe, Yahoo! Dial-up, Prodigy, McAfee, etc., all used in the mid- to late-1990s about a "safer" internet with greater control over your data. (Yes, I remember the days when a selling point to using AOL was that your information and activities would remain private and solely on AOL infrastructure and not end up floating around on the scary WWW. Ha.)

won't work.

anything that takes any amount of control away from those who currently have it (i.e. the big internet companies, communications companies, and in many cases, governments)....

ain't gonna happen.

brunswick georgia 95

off topic and do not care

Barfable prose

[mveloso]

"Watching the inventor of the web work at his computer feels like what it might have been like to watch Beethoven compose a symphony"

Watching someone type is one of the most boring things imaginable, no matter who you are.

Re:Barfable prose

Condenses to 'Will no longer do things behind your back' and you will have total control what goes out and to whom.

Except everyone big is totally against this. Even MS does not allow you to set any such policy, same for Google and FaceBook. Most pages are devoted to stealing information and sharing/collaboration to people flogging stuff. A better solution is to inject false data into surreptitious data transmissions. That will get noticed.

Re:Barfable prose

[SlaveToTheGrind]

Watching someone type is one of the most boring things imaginable, no matter who you are.

That really depends on who it is and what else they're doing as they type.

Re:Barfable prose

Spoken like someone who was born with 10 fingers....

Re:Barfable prose

I'm still barfing over this sentence

Re:Barfable prose

[grep+-v+'.*'+*]

Watching someone type is one of the most boring things imaginable, no matter who you are.

Unless you're the piece of paper he's using a quill to write on. Then I imagine it's much more exciting.

OUCH! Oh no, he's going to scrape and poke me again! STOP it -- you can't erase that, I'm too thin there already. Don't crumple me up like my brothers over there!

Finally

I am so glad to see this. Part of the reason we haven't seen this before is because it's some random startup vs. TBL. Hopefully people will take his designs seriously, and the entire project will be written up in RFCs.

In other news

Old man thinks he's still got "it". Buddy, you did something cool thirty years ago. Those days are gone, the world has moved on.

Cool

[DontBeAMoran]

Now add Reddcoin into the idea of sharing my data. Let me set the price on what I want to share and make the companies pay me to get it.

This will give us control and destroy ads at the same time.

Re: Cool

The price is access to their service.

Re: Cool

[DontBeAMoran]

I don't use Facebook, I don't use Twitter, I don't use any of the big "social media" websites and they're already making money from me by selling information to other parties.

Re:Cool

[KjetilK]

We're not married to any particular coin, but we have people working on stuff like that. One project alumni is working on Filecoin, and we are talking a lot with the people of Safecoin. I'm pretty sure we can have stuff like in near future.

Re: Cool

[angel'o'sphere]

If you don't use the them, they don't sell anything about you, silly boy.

Re: Cool

[DontBeAMoran]

Ever heard of Facebook shadow profiles?

Re: Cool

Google for shadow profile and be enlightened. There was a news article in the last few days about these so-called shadow profiles being exploited by Facebook advertisers, so it's happening right now, and probably has been for as long as they've existed.

They get all this information, because as careful as you might be, your mother, sibling cousin, colleague or friend probably has some of your contact information in their contact list and they probably volunteered it to Facebook when they launched the Facebook app on their phone or tablet.

Re: Cool

[angel'o'sphere]

Yes ...
one of those internet myths.

How exactly would they have a shadow profile of you? With your name, birthdate etc. and how would they link it to your usage of the web?

Re:Show, don't tell. Less hype, more details.

[phantomfive]

It's WebID. You have your profile on your own server, or on a WebID server, and it can be accessed via a Rest API.

Re:Show, don't tell. Less hype, more details.

[Luthair]

Who is going to the pay for the web server? The user? hahaha

It can't work.

It would last until Facebook requested access to every last bit of your data for itself in exchange for letting people ... uhm.... do what they could do anyway, like send messages to their friends, at which point the average person will just go "OK! You can have everything, Facebook!"

People are breathtakingly stupid. You cannot solve a social problem via technical means, which is why TBL is trying to do. People WILL find ways to give their data to companies like Facebook no matter what barriers you build in front of them.

Re:Show, don't tell. Less hype, more details.

It seems to depend upon legislative enforcement to be effective. If it is legal for corporations to collect, transmit, license and possess such data what would force them to cooperate with users?

I already store all my data locally. If I want to use any services I need to be willing to hand over portions of that data. Ultimately unless I'm mistaken and lack a clear understanding of the mechanisms of this which force it upon current players in the market this changes nothing.

Can anyone explain exactly how it changes anything at all? Or is it merely another rehash?

Not a problem apps can solve

Political and social problems require political and social solutions. That's not something apps can do. We need better political control, i.e. transparency, oversight, and accountability, over tech giants. That's where the battles to take back control over public political discourse and personal privacy are and should be taking place. And big tech will fight tooth and nail, and use every dirty trick in the book to resist, including misdirection and what Evgeny Morozov calls "solutionism."

Freenet

Good job re-inventing Freenet and calling it your own to a clueless journalist.

HOW TO CONTRIBUTE

We appreciate your interest! The first thing you should do is check out our Code of Conduct.

from https://solid.inrupt.com/commu...

surprise!

Re: HOW TO CONTRIBUTE

Yea because they want to make sure to keep out the white cis males. This project is for diversity hires only. TBL is the only white person allowed. And to be honest, that's one white person too many.

Re:Show, don't tell. Less hype, more details.

[phantomfive]

Can anyone explain exactly how it changes anything at all? Or is it merely another rehash?

Imagine you want to move all your data to a Facebook competitor. All your profile and data is stored locally (or wherever you want) so it's easy to port your data to a different website.

Get ready to get suicided

Tim: I'm going to make the American Internet giants useless and break everything that makes them tick, live, and function, and nullify tens of billions worth of data and profits.

CIA and U.S. government: Yeah we'll just sit and passively watch as it happens.

Just tried

[GerryHattrick]

Wonderful, and needed. So as an oldie who html handcoded my co's original 'website' very many years ago, I want to try what's new. My personal website has lots of files and anchors, so looks good for conversion/insertion to a 'Pod'. What to do next? Follow the links and register with, er, real name, then get flipped to Github and have to... get registered again - in order to get what... a manual? Aw, come on. I may be misunderstanding this, but there has to be a better front end for those of us who aren't geeks

Re:Just tried

[SlaveToTheGrind]

I may be misunderstanding this, but there has to be a better front end for those of us who aren't geeks

I don't think you are. I tried it out sans TFM, on the theory that it's going to have to be pretty damn intuitive for much of the world to bother. Just creating a blank document in a private space (and then finding it again) required way too much trial and error (including manually typing in a URL at one point), and the privacy/sharing interface doesn't seem to allow for any customization of groups/roles much less an obvious way to actually assign users to them. It's a long way from showtime.

Re:Just tried

[KjetilK]

Yeah, we might not have said too clearly that the whole thing is a prototype made for other hackers. The code has been through a long journey, so we know pretty well how the foundations will look, but there is quite a lot of work to get the server into a good shape security-wise. Then, we need to work a lot on Developer Experience and then User Experience. But we're attracting people now, which is good.

Re:Just tried

[RhettLivingston]

If this is like 1989 www in development maturity, we should start seeing stuff interesting to the common folk in about 5 years. But, I was enjoying the internet before 1989. This level of development brings back good memories.

Trust me, I mean good

What a moronic idea. So because we can't trust everybody else we should now trust him?

Given that this is an open source project most of the established untrusted entities will be offering PODs-as-a-service and we will be back in the same situation as we are now.

Re:Show, don't tell. Less hype, more details.

[MrKaos]

These are very nice puff pieces claiming a lot of good intentions, but how does it work?

I found some some documentation: The getting started, Introduction to the specification.

There are some other things that look interesting Introduction to Linked Data, Expressing ID and, Manipulating linked data.

It looks interesting enough to check out when I'm not so tired.

Re:Show, don't tell. Less hype, more details.

[Entrope]

That documentation is almost useless for assessing the claims of personal control over one's data. Sure, if you post an image, you can put it in your "pod", and you can -- if you want -- manage access control rules to limit who can retrieve it from that pod. That doesn't limit further distribution of the data, and it requires absolute trust in the server hosting your pod (because the WebID authentication protocol puts the public key for your identity in that pod).

Flaw in the ointment.

How does one "decentralize" something bound by geography?

Rape/Grope allegations in 3...2...1

[gDLL]

coming soon.

The Web isn't broken

[DogDude]

The Web isn't broken. It's still there. It's still working the way it always has. Most people have simply chosen to use it badly.

Re:The Web isn't broken

This is entirely true. The only thing that has changed fundamentally is access. Decentralized bandwidth and connection points are what the world needs - not yet another walled garden.

Re:The Web isn't broken

The Web isn't broken. It's still there. It's still working the way it always has. Most people have simply chosen to use it badly.

You don't know what you are talking about. If you knew ANYTHING WHATSOEVER about how the web works, you'd agree it's broken. HTTP sends too much information about the client and Javascript gives FAR too much power to the remote site. HTTP could be revised but would require removal of features. But Javascript is unfixable. A new web language needs to be created with user privacy in mind from the start.

Re:The Web isn't broken

[DogDude]

... or just don't go the websites that abuse the users. If you're stupid enough to use Google/Facebook websites, then you kinda' deserve what you get.

Re:The Web isn't broken

This would require a reliable way to know which ones "abuse the users". That doesn't exist. Systems which reduce or eliminate the pathways to abuse are needed.

Dead in crib

ISP TOS.

Re:Dead in crib

This. Once an ISP gets big enough they say "no servers" for regular users if they aren't buying the enterprise service.

Immediate Alternatives

* YaCY, qwant, yandex, baidu instead of GooSearch.
* USENET instead of Twitter
* Bittorrent, real.video instead of youtube and all their communist censorship
* OpenBSD, ReactOS instead of snooper-enabled OSes.
* FreePascal instead of DollarLanguages C# and Java
* Personal low power server (e.g. RPI) instead of github, GooDocs and the other globalist Soros-financed services

https://www.real.video/5842233275001

https://www.breitbart.com/tech/2017/08/07/google-fires-viewpoint-diversity-manifesto-author-james-damore/

Re:Immediate Alternatives

Mastodon instead of Twitter. How the hell is Usenet like Twitter? Usenet is like Reddit.

Re:Immediate Alternatives

Mastodon is is even more repressive than Twitter. But you are correct that Usenet is more like Reddit.

"only did one thing"

Well, Einstein did not do anything significant after 1916, yet people listed to what he said until he died (1955). Many famous scientists/engineers only do one thing. Most people never do anything significant.

According to his wikipedia page, he's been active in the web consortium since its inception. So I think it fair to say they have some idea as to what's gone down.

Re:"only did one thing"

... except that Einstein's later work, like the 1935 EPR paper, was crucial to the development of quantum information theory.

You'r Fine !

Because you can code in html, which 99% of population cannot. 99% of people can use Facebook and Twitter. They are enslaved to Zuckerborg, Brin, Page, Soros and other megalomanics. All their content can be erased in a whim.

So - keep doing your good work. Run your own web server. You do freedom a favor.

I suggest to look at YaCY, a fully distributed search engine. Uncensorable.

Tim, this isn't going to work.

Your company presents a load of business case talk on the homepage. You're seeking the attention of the wrong people for this to succeed. But wait, there's a "how it works" page, too, so maybe there's hope? Nope, just another "big picture" explanation of a concept. But hey, nerds like a puzzle and you do show the technical stuff after all: How to run a Solid server and an intro to the Solid spec. Those tell us that a Pod is hosted by a Node.js server, and the specification is based on WebID, web access control lists and "discovery": "Discovery is the final piece, and allows the ability to tie all of these things together, and enables both humans and machines to participate in a rich ecosystem, leading to emergent and self organizing growth." I feel like I should yell "Bingo!" or barf. Rich ecosystem, leading to emergent and self organizing growth. Come on. No sane person who is capable of running a Node.js server that isn't going to get hacked on day 1 will touch that with a ten foot pole.

Re:Show, don't tell. Less hype, more details.

[Riceballsan]

Odds are it will follow the course of the original web. You may pay for the server from providers that honestly charge a fair price for it. Or you can host it with one of the alternatives that will host your data for free, in exchange for being granted access to crawl that data and serve you ads based on it., Next up websites will start requesting access to that data in exchange for access to free services. The reason this is doomed, is 70-90% of people will value the money in their wallet over privacy. and in capitalism in general the most succesful business will generally eat and destroy it's smaller competitors So this all falls next to diaspora overtaking facebook in short.

DO IT

Run your own RPI server. Costs about 40 dollars and almost no leccy cost.

Be a free man, not a slave of Zuckerborg, Brin and Page.

Re: DO IT

Many ISPs block port 80, and if you want to have SSL you need 443 open as well plenty of addl technical overhead.

Much, much easier to pay for basic web hosting elsewhere.

Save the Pi for your home automation.

Client credentials for how many ID providers?

[tepples]

This already exists and is called OpenID Connect.

I've had problems with OpenID Connect in practice. Describing these problems first requires defining some terms associated with OpenID Connect and the OAuth 2 framework it's built on. In case someone's not familiar with these:

Identity provider (IDP) Website where the user has an account, such as Google or Facebook Relying party (RP) Website that displays a "Sign in with..." button and receives information about a logged-in user from the IDP Client credentials A token that identifies the RP to the IDP, consisting of a client ID and client secret Dynamic client registration (dyn-reg) Mechanism to let an RP obtain client credentials from an IDP for the first time without human interaction on the RP's part

It works quite well for the most part and is what makes all of the "Sign in with Google" and "Sign in with Facebook" (and used to also have Sign in with Yahoo) buttons work across the web.

The last time I looked at OpenID Connect, each RP had to sign up for a developer account with each IDP. For example, I have a Google account but no Facebook account. This means that if I were to create a website using OpenID Connect, it could show a "Sign in with Google" button but no "Sign in with Facebook" button. If there are 20 popular IDPs, each RP has to agree to a Terms of Service contract with all 20 IDPs in order to obtain the required client credentials because no popular IDP supports dyn-reg to my knowledge.

Or has the situation changed in the two years since the last time I looked at OpenID Connect?

Re:Client credentials for how many ID providers?

[KjetilK]

WebID currently builds on OIDC (because we couldn't get browser makers support WebID-TLS, which is much simpler), but I think you'll find that it doesn't have the same problems: https://github.com/solid/webid...

Re:Client credentials for how many ID providers?

[tepples]

In particular, the example workflow implies that dyn-reg support is mandatory, at least for RPs. (I'm assuming for the moment that "must" means "MUST" in the RFC 2119 sense.)

If this is the first time a Provider and a Relying Party are encountering each other, the RP must perform Dynamic Client Registration. Note: This is an operation that happens under the hood, and does not involve the user. All compliant OIDC clients have this functionality built in.

But it doesn't technically make dyn-reg mandatory for providers.

Re:Show, don't tell. Less hype, more details.

[tepples]

Users are already paying for web servers with their ad eyeballs.

Yes, Hare

Let's submit ourselves to Soros, Goldman-Sachs and the other investors into the DOLLARNET (Goo, Facebook, Twitter, Instagram).

Or be a lion and run your own server. Run your own search engine (already exists, search for it). Run your own file server; refuse to socialize your IP via Google. Distribute your videos via Bittorrent (fully legal if you don't include other people's IP). Run your own subversion server instead of Github.

Boycott the communist SJWs who grow out of Big Finance, Big Internet, Big Pharma and Big War.

Re:Show, don't tell. Less hype, more details.

[NormalVisual]

All your profile and data is stored locally (or wherever you want)

But a lot of that data will consist of links to other people's data, and be rather useless without it. For example, looking at the Solid docs, it looks like an instant messaging exchange would consist of your text, and links to the text that the other person responded with. If that person revokes your permissions, or their pod is simply unavailable for whatever reason, you now only have your side of the conversation to take to another service.

Freaking Looooonnnngggg

Wow you guys read that summary?

That's fucking insane. Summary like that should be flagged as spam.

Re:Freaking Looooonnnngggg

Hmm.
Summary that is actually most of the story verbatim, or a Slashdot "Editor" summary of the story with added inaccuracies, repetition, ungrammatical additions and inserted rubbish.
What to choose ?!

Re:Freaking Looooonnnngggg

Hmm.
Summary that is actually most of the story verbatim, (...)

Actually, it`s a non-story,

Bandwidth.

[AnotherBlackHat]

I can't serve the world.
If I post the worlds best corn bread muffin recipe, and it goes viral, then either; my web site crashes because of the slashdot effect, or my provider charges me thousands of dollars for the honor of having a successful web site, or some combination of the two.
The reason Youtube is popular isn't the technically difficultly of hosting video clips, it's the cost of doing so.

Replacing a central server with a group of central servers helps, but it's not good enough.
We need a solution like BitTorrent, where the more people accessing something increases the ability of other people to access it.

Re: Bandwidth.

Or mix it up with the way blockchain currency works. Maybe you could also make it so that it has a coin associated with it so that every time somebody checks out your stuff, you move a coin.

Honestly, I don't know how this stuff works but if you put the word blockchain in it and convince people that they're making some scratch by using the system without doing any real work, it could catch on.

Re: Bandwidth.

[AnotherBlackHat]

Maybe you could also make it so that it has a coin associated with it so that every time somebody checks out your stuff, you move a coin.

We already have a pay-per-click system, it's called "advertising" and we hate it.
But even if you could figure out another way to get people to pay 1/30 of a cent whenever they visit a website, it still doesn't solve the problem.
The average web server can't serve the whole world.
If you get paid, then once you've been slashdotted, you can (after the fact) upgrade to a professional web server - which is the opposite of what's desired.

yawn

this will either be corrupted for commercial gain, or ignored by the majority in order to maintain the status quo. sad.

Simple

So it's really simple- just convince every corporation to give up the data they have already and want to collect about you and all of the revenue streams they have built around that data, and get all consumers to not use services that don't use this "Solid" service. (note to self, don't invest here)

Re:Show, don't tell. Less hype, more details.

run your own Web server

ISP port blocking in 5, 4, 3...

Thanks Giphy!

Giphy

Berners Lee is a blithering idiot

He hasn't done anything remotely interesting in over 20 years. Why should I care what he's blithering about now?

Exactly. He's essentially Steve Wozniak- a currently useless moron who did something cool once and has been living on it for the rest of his life.

Pure retardery.

Re:Show, don't tell. Less hype, more details.

[phantomfive]

But a lot of that data will consist of links to other people's data, and be rather useless without it.

That's true but the entire premise of the web is links to other data.

A truly free internet...

[MindPrison]

...should be where you are in control of the information you read, and no one should be able to purchase themselves the top search result positions.

When you have to register, you immediate place all your privacy and trust in those who claim to protect it, as history shows us again and again, this is seldom the case - we always end up at the shallow end of the dreampool.

A library, is sort of anonymous, because they never register what books you read, they only label them, track them for recovery purposes, and after that - all is lost, and even if they do - you can freely walk into it, read any book and information you want, and no one is any wiser to whatever you where thinking, or worse yet - THINK that you are thinking.

This is the biggest problem with tracking on the net, people getting ideas of what you want, when it might not be what you want at all.

The fight for privacy, is the biggest fight we're fighting now, but our comfort makes us very complacent I'm afraid.

Prediction:

Like all other open source projects with so much hype, it will fall flat on its face.

Closed source rules. Open source drools.

April 1st already?

[WaffleMonster]

Spent some time on solid website. It certainly appears to be compliant with all modern standards.

1. Talks about how important privacy is while using Google Analytics
2. Massive fonts
3. Jackpot scrolling
4. Low information content that leaves the reader guessing what you are talking about.
5. Piling on armies of crappy framework over another until something notably unremarkable is achieved.

"Solid is a set of modular specifications, which build on, and extend the founding technology of the world wide web (HTTP, REST, HTML). They are 100% backwards compatible with the existing web. "

"At its core, Linked Data is really simple: every piece of data gets its own HTTP URL on the Web, and we use those URLs to refer to those them. So if your photo is identified by https://yourpod.solid/photos/b..., then my comment at https://mypod.solid/comments/3... will link back to that URL."

"PODs are like secure USB sticks for the Web, that you can access from anywhere. When you give others access to parts of your POD, they can react to your photos and share their memories with you. You decide which things apps and people can see."

In other words quite literally nothing new.

Not a horrible idea, but could be a bit simpler?

[sichbo]

Giving everyone in the world their own HTTP REST endpoint for granting information access to 3rd parties isn't a bad idea on the surface, but I think the implementation here might be a bit too convoluted. I would make an extension to DNS and flow everything based on e-mail address alone, similar to how MX works:

- Your e-mail address is your unique identifier. Just as most sites already use today.
- To participate, domains expose a new DNS record of type, let's say "IX" (information exchange)
- An IX record on domain.com points to an IX server endpoint... which is nothing more than a REST/WebSocket protocol defined by some spec.

The user's experience for logging in to a 3rd party website becomes:

Email: [ Enter your email ]
[ Login ]

User hits Login. The 3rd party does a DNS IX lookup on "domain.com", redirects the user accordingly. By convention:
front-part-of-email@domain.com routes to whatever-ix-dns-record.domain.com/front-part-of-email

With GET params ?scope=[attributes]&callback_url=[3rd party url with state information]. Not too dissimilar to OAuth2.

User is now on their personal "IX portal" and can login and grant the 3rd party access to
the requested attributes or data stores (predefine /photos, /music, /ical, /mail etc with configurable RWX rights.)

Upon grant, the callback url is hit with access token information and the 3rd party can do whatever with the user's data.

Hosting ?!

[kzwork]

"...Every bit of data he creates or adds on Solid exists within a Solid pod -- which is an acronym for personal online data store..."

So you have to trust somebody to host it and storage is not free, and also to trust your browser manufacturer (Google, MS and Apple) and trust your OS manufacturer as well (again Google, MS and Apple). Finally Google will put Facebook out of business (unless people keep going with the status quo).

You can't "decentralize" the web

You won't have P2P until you can get around the service provider monopoly.

Re: Is that the Tim Berners Lee who endorced the D

Yes, although you appear to have forgotten his actual argument, which was : There's going to be DRM anyway, at least this way it can be an open standard implemented by anyone rather than locked to one platform.

Re:Show, don't tell. Less hype, more details.

[spire3661]

You can get around that with a cheap external relay. Amazon Lightsail could do it for $3.50/mo, with plenty of leftover power/storage to do other things that external relays are good at.

No need to register on Github

[roskakori]

then get flipped to Github and have to... get registered again - in order to get what... a manual?

You don't need to register on github. Just scroll down on the manual page and you will see the directory listing and after that the rendered manual in Markdown. But granted, usability wise this is abysmal. Possibly they currently intend to make it accessible only for people who already have experience with github and other weird things until it has matured enough to be used by the general public.

Re:Show, don't tell. Less hype, more details.

[thomst]

MrKaos noted:

I found some some documentation: The getting started, Introduction to the specification.

There are some other things that look interesting Introduction to Linked Data, Expressing ID and, Manipulating linked data.

Someone who has points please mod parent +1 Informative.

Yes, people could easily find these documents for themselves - but most of us are lazy, easily distracted, and focused on other things. Providing these links is a useful public service.

Thank you, MrKaos ...

We found the anti-privacy Google shill

Has you Google stock not mad or enough money already by stealing and hoarding all our personal information and reselling us?

Let it go. Either give our data back or eventually we will elect some people who will take it and end Google, FB and the rest of you thieves.

Not going to happen

Ever. The Powers That Be like the internet as it is now. In Tim Berners-Lee's shoes I'd take a step back before sexual assault accusation materialize.

Re:Show, don't tell. Less hype, more details.

[elrous0]

These are very nice puff pieces claiming a lot of good intentions, but how does it work?

Probably the same way Theranos' magic blood tests worked. It's powered by bullshit.

Useless IMHO

[MihneaNi]

I think Tim Berners-Lee’s proposal is useless because: 1) privacy has been enforced this year with the GDPR law - you can already see what data is stored and with who is shared, and have the option to opt-out with your data being deleted or anonymized (in which case is harmless for the user and useful for the economy). 2) Collaboration between different apps is already a reality (ex Doodle accessing you Gmail calendar) and you can control the connection settings. 3) Zero risk for stolen data is impossible, event with his proposal : once an app get your data decrypted through your ID, it can do whatever with it.

Re:Useless IMHO

[Actually,+I+do+RTFA]

privacy has been enforced this year with the GDPR law

If you live in Europe, and if you trust tech companies to do what they say with regard to European law. BTW, Has Facebook joined Apple, Google and Microsoft in the "Fuck it, I'll just pay a few billion euro fine instead of changing my behavior" club?

Collaboration between different apps is already a reality (ex Doodle accessing you Gmail calendar)

Connection from many apps to a few common dominant oligopoly backends (e.g. Google) is already a reality.

Zero risk for stolen data is impossible

Also, why I leave my door ajar when I leave the house with a sign in the front yard "security is impossible, and there's no such things as gradations/"

Remember where we came from.

Listen to your selves...

In the light of the recent blow to net neutrality and the recently passed European copyright law, I find it disheartening reading the comments.

You sit here nay-saying any effort to decentralize the internet and better privacy before it has a chance to mature. You regurgitate political and corporate bias left and right. These tech giants like alphabet/google, amazon and the likes, should be considered the enemy of privacy and a free, decentralized internet, and it is their ideas that should be objected, not the ideas that help promote it.
Shame on you!

I see an increased polarization and hostility towards each other, instead of working together to make something that helps us in the the way we communicate and exchange data. There is nothing constructive about that. I only hope we come to our sense before it is too late, and i chose to believe there is still time to fix the state of things.

Yes, I am posting as an anonymous coward. Deal with it.

EOF

Re: Remember where we came from.

It's not that we're hostile to the idea, it's just that we know itcwon't happen. As you pointed out between the end of Net Neutrality and the recent EU rulings on copyright and "terrorist/hate speech", not to mention taxes on internet business, everybody can see that the internet we knew and loved is that. It's not coming back, ever. Nobody will ever be in a position to challenge the big players or even carve their own little niche for fear of being sued and taxed into oblivion. It's over. Big Money and Big Politics won.

Smells like a scam

[mike2006]

There is nothing stopping the POD hosting providers from changing their TOS and selling ALL your POD data. The app providers can also deny your access if you do not allowing them access to your POD data. Of course they will say no identifying information will be captured which everyone knows is a load of crap. This is a greater risk to privacy than we have now with this single point where all your data can be given away or compromised

If you have concern about privacy than use an alternative. No one is forcing you to use a monopoly. If the concern is the majority of people are using monopolies that sell your data then you should contact your government representative to have them enforce anti-trust laws that are being largely ignored.

How about other people collceting info about you?

You know, the way it's done now. How do you control data about you that other people/corps/governments have gathered?

I've had essenitally the same thing for years.

[Jerry]

It's my 128GB USB stick containing all my data, which I keep in my watch pocket, with copies at two other places.

Re:I've had essenitally the same thing for years.

Finally! For years we've suspected the existence of your usb stick but had no idea where it was. Now we know where it is, nothing can stop us from trying to take over the world!

Show, don't tell. Less hype, more servers.

In a way there's already movement in that direction. One of the pieces is already in place, always-on broadband. The other is cheap NASes, in which one can already run apps.

Re:Show, don't tell. Less hype, more details.

[KjetilK]

These are very nice puff pieces claiming a lot of good intentions, but how does it work?

I can already create a calendar app -- or download one -- and control all my information by running it on my own web server. That is more hassle than I want.

Ah, but you are pinpointing it right there! It is more hassle than you want, why? If we could fix that problem, so that it wouldn't be more hassle to have it on your own webserver, then what would you do? And that's like iteration 1 of Solid, we're separating those apps from the data, so that you can have your data on your webserver, but you can use any calendar app you want. That way, companies will be competing to create the best apps, not to suck your data out of you. So, Solid is about making the infrastructure and the ecosystem to make sure that all those things aren't a hassle, they will be your preferred way to do it.

How does this new thing let me trust my data to code written by other people, that I probably never see, running on servers I don't control?

Right, good question, because that is the essence. But first of all, they are not running on a server you don't control, they are running on your client. So, Solid is doing a massive shift on where the intelligence will be. It will be mostly on the client. The server side will be pretty simple.

But the rest of the question is still interesting. It is a fairly long and intricate answer, but some of the short story here:

So, in the way it is working in browsers now, is the simple CORS restrictions. It is pretty broken, but it is what we have. So, we're making some hacks to identify web apps. And then, you can assign privileges to them. Since they are running on your device, the security of your browser applies to them.

Still, it doesn't mean that you can necessarily trust them, of course, but then, this is a social technology, so we could establish a Web of Trust around that. We're thinking a lot about that.

How will Berners-Lee's new company make enough money to pay employees and satisfy its venture-capital backers?

So, we don't know that yet. There are a few no-brainer business models of course, but we don't expect them to last long. But we have some really good people on the team, we'll figure it out.

Semantic Web

[LionKimbro]

I think he wants to talk about RDF triples again.

Everything. In one place?

[TJHook3r]

I'm sure Tim has thought this through but what happens when Solid is compromised?

Re:Show, don't tell. Less hype, more details.

[brantondaveperson]

Actually, we're all paying for it with actual real money. Advertising is paid for by companies, who make profits by selling us stuff. It's like a world-wide tax on everything. The world would be a better place if we could find a way of preventing that money from going through ad agencies, and instead just somehow funnel it directly into media organisations. This is, of course, impossible.

Network effect

[manu0601]

It's not likely that the big powers of the web will give up control without a fight.

They will let their best weapon, which is network effect, fight and defeat it. If people want to reach their friends, they need to go through the existing giant corporations products.

Re:Show, don't tell. Less hype, more details.

[WaffleMonster]

Ah, but you are pinpointing it right there! It is more hassle than you want, why? If we could fix that problem, so that it wouldn't be more hassle to have it on your own webserver, then what would you do? And that's like iteration 1 of Solid, we're separating those apps from the data, so that you can have your data on your webserver, but you can use any calendar app you want.

Surely you jest. Anyone can do this today using iCalendar because the interfaces are standardized. Every calendaring system worth using today supports iCalendar URLs out of the box.

The problem isn't web servers, where data is stored, level of centralization, authentication, authorization, access controls or any such thing. The problem is lack of interoperability due to failure to coordinate and agree on data formats and schemas. It's easy to create a system to scratch a particular itch. It's another matter entirely to get everyone who matters to agree on what is actually necessary to ensure meaningful interoperability.

For example REST was sold as a means of improving interoperability. That never happened. In fact the proliferation of nonsensical Verbs and arbitrary hierarchies expressed in URLs that nobody could predict much less agree on unnecessarily increased complexity and reduced interoperability.

https://xkcd.com/927/

That way, companies will be competing to create the best apps, not to suck your data out of you.

Interesting assumption given widespread existence of counter-examples.

Take SMTP email for example. Google now reads something close to a billion users emails. It used to be everyone used an app to read and compose email and mail servers were fairly decentralized. Today decentralization is rapidly unraveling and browsers rather than apps are used while everyone's privacy is still being raped.

So, Solid is about making the infrastructure and the ecosystem to make sure that all those things aren't a hassle, they will be your preferred way to do it.

http is the last technology I would ever consider for data tier access even if only used for transport to say nothing of actually leveraging nonsensical HTTP verbs and associated REST baggage. This heap of crap is completely unsuitable for the task at hand.

So, Solid is doing a massive shift on where the intelligence will be. It will be mostly on the client. The server side will be pretty simple.

More likely for anything non-trivial it'll be a "massive shift" to middleware.

So, in the way it is working in browsers now, is the simple CORS restrictions. It is pretty broken, but it is what we have. So, we're making some hacks to identify web apps. And then, you can assign privileges to them. Since they are running on your device, the security of your browser applies to them.

CORS are constraints commanded by servers enforced by clients. They flow from the server not the browser.

Still, it doesn't mean that you can necessarily trust them, of course, but then, this is a social technology, so we could establish a Web of Trust around that. We're thinking a lot about that.

Given the ratio of garbage to signal on the Internet I wouldn't trust a "web of trust" any more than I could throw it.

Just like first time

Will this be another stateless, unidirectional protocol for hypertext transfer that everybody will tweak later by building hundreds of frameworks just to make it stateful and bidirectional?

Thanks, Tim, for your contribution to the state of the art.

Re:Show, don't tell. Less hype, more details.

[Entrope]

Ah, but you are pinpointing it right there! It is more hassle than you want, why?

Because I don't want to have a computer at my house running all the time, and a colocated server for my personal data pretty much needs a lot of security monitoring and patching and configuration.

If we could fix that problem, so that it wouldn't be more hassle to have it on your own webserver, then what would you do? And that's like iteration 1 of Solid, we're separating those apps from the data, so that you can have your data on your webserver, but you can use any calendar app you want.

That sounds a little Pollyanna-ish. So what if my data lives on a server I control? The apps that I use still have full access to an awful lot of my data. It isn't exactly rocket science to exfiltrate data from a web server, or even browser, to arbitrary computers on the Internet.

How does this new thing let me trust my data to code written by other people, that I probably never see, running on servers I don't control?

Right, good question, because that is the essence. But first of all, they are not running on a server you don't control, they are running on your client.

Is the new fad running heavy apps on the client instead of on centralized servers (again)?

Smart servers are popular because they make it easy to collaborate in a way that is almost impossible if data is explicitly hosted by one of the users. Also because they make it easy to update the app (which goes back to the "can I trust this code?" question). Also because they make it easy for the app developers to have insight into how people use the apps -- not just the user interface, but statistics about the data, both of which make it much easier to make an app more useful for more users.

A calendar is a toy example for client-centric apps; the relatively few times that one person reads or edits another person's calendar, there is already a specific access control to allow that. A chat app is more interesting and more representative of many modern apps. For a smart client / light server approach, how and where is a new message stored, and how are recipients notified?

Normal HTTP does not map well to a smart-client chat app because you would need a URI for each message, and that adds a lot of overhead (unless your server, and maybe your protocol, includes a fair amount of chat-specific logic). You also need a push mechanism that is triggered by the right updates. You need to decide whether the message will be stored in the sender's pod or the recipient's pod, and there are drawbacks to both. If you want to have apps compete to be the best app, you now need standards on how chat should interoperate -- and while there are dozens of groups that develop and promote interoperability standards, the most recent such standard for chat is XMPP, which is an enormous mess of extensions that need server support and do not degrade nicely if a server does not support a particular extension.

All of that is merely for an application that lets one person send messages to another. The problems are much harder -- particularly in the "social" domain between implementors -- if you look at office productivity applications.

Blockchain Web

RDF is to the Semantic Web what Blockchain is to Cryptocurrency.

https://stackoverflow.com/questions/273218/whats-a-rdf-triple

Re:Show, don't tell. Less hype, more details.

[MrKaos]

Thank you, MrKaos ...

Much appreciated Thomst.

end-to-end encryption? control of data copy?

[RhettLivingston]

Just read much of the inrupt.com site and some of the specifications on github. Not everything, but alot. Two critical problems seem obvious though it is possible I missed the provisions.

First, I see no indication that access to the pods is end-to-end encrypted. So, if your pod is stored on a server that is not your own, they definitely have access to your data. No 3rd party server can be trusted with your data (even if it can, you won't get notified when that changes) and few have the skills to stand up their own server. I would think that a requirement for end-to-end encryption of all data is an obvious one. An app given permission to access it must also be given some type of revocable keys.

Second, I don't see provisions to stop apps from taking the data and writing it somewhere else. To control your data, you must control the writing at everywhere it is processed as well. Apps should be forced to run in a sandbox that can only write data to approved places and all memory in the sandbox should be reliably wiped when the app is no longer needed. Trust of the sandbox should be verified before pods can be accessed.

Without at least these provisions, I see no possibility that this system can deliver user's control of the dissemination of their data.

Re:end-to-end encryption? control of data copy?

I agree. Being a programmer I found the same holes you did. The problem cannot be solely solved by an Internet "Web" specification. Part of the problem is hardware.

But, hey, why stop, let's have the FBI host all of the 'pods'.

You know, Invasion of the Body Snatchers started out with 'Pods'. I think Tim Berners Lee has become a pod person.

https://en.wikipedia.org/wiki/Invasion_of_the_Body_Snatchers_(1978_film)

Re:end-to-end encryption? control of data copy?

[PurplePhase]

> First, I see no indication that access to the pods is end-to-end encrypted. So, if your pod is stored on a server that is not your own, they definitely have access to your data.

Could it work if the data was stored encrypted? That IS the only way data can be secured, right?

If he is in fact going for fully self-controlled data, and everything is at a unique URL, then you private-key-encrypt the data before sending it to the server (also guaranteeing(?possible?) it came from you/your.. app?) and... selectively give your public key to those you give permission to to read your data? Maybe you have a data PGP and a read-requests PGP to control both those aspects separately, only working with trusted request Public keys to give/encrypt your data public key to them...

Of course then the Google(tm) browser can still build a shadow-internet of all unencrypted data, but...

> Second, I don't see provisions to stop apps from taking the data and writing it somewhere else.

Oh, right. There you go. Or worse, depending on how these apps are supposed to work.

Which part(s) of code run elsewhere can be trusted, even if open source/readily auditable?

Re:end-to-end encryption? control of data copy?

[RhettLivingston]

Could it work if the data was stored encrypted? That IS the only way data can be secured, right?

Yes, but the encryption standard, means of exchanging keys, etc. must be standardized so that the third party apps you've given permission to access your data can be handed revocable keys and know how to utilize those keys.

In general, for this scheme to work, a lot of standardization of data representations and access methods must be present. Data created for one app needs to be usable by others. That isn't possible if both apps don't understand the data in the same way. The success of the pods thus depends a whole lot on the use of RDF technologies, i.e. semantic data. True security of the data requires it to be encrypted using keys under full control of the user at all times except when being processed by an app and all of those apps will have to know how to obtain and utilize those keys.

I just read through all of the docs

This is actually worse than what we have. It lures people into thinking their information is safe when it is actually more easily accessed. I've never seen a better example of a wolf in the hen house.

I'll pass. Tim-Berners Lee just doesn't get it.

Well since that problem has been solved

Let's go ahead an host all of the Pods at the NSA / FBI or even local police. No worries here. It is such a relief that we can now trust our government and various companies using our data.

Good job Tim. You are one of our great pod-people.

Been tried before

[DrXym]

There have been glimmers of a federated style systems (Jabber, RSS / Atom / Salmon, Diaspora etc.) in the past. There are even devices such as Freedom Box that attempt to encapsulate a person into a device that can be controlled by the person themselves.

The main problem with all these things is that the majority of people lack the means / motivation / technical skill to set them up. Therefore if a federated system is to work, or we expect people to store their private info in "pods", it requires that there are either a) hosting sites (lots of them), b) means to self-host, e.g. via a smartphone app or desktop software. It has to be a total no-brainer to setup and use, and as easy to install and use as any commercial storage (DropBox, Drive, etc.). It should not require any technical proficiency to set up or maintain, or to protect data. It should preferably be p2p so somebody could sync multiple devices up for redundancy.

It's also not just enough to have a pod that stores stuff unless there are apps use it for its intended purpose. e.g. the Solid website cites a fitness tracker as an app that could store data in a pod but I don't see Google, Apple, FitBit et al ever supporting Solid from their fitness apps or devices. Rinse & repeat for other kinds of apps. This is going to be a very serious problem to overcome, perhaps insurmountable. We'll see I guess, but as I said at the top, it's been tried before.

Re: Show, don't tell. Less hype, more details.

I remember back when your $10-20/mo for dial up included web hosting, usually something like your-isp.net/~yourname

Today I pay $17/mo for a "business" web host account that includes web, sql, domain and sub domain name, and all sorts of add'l services...

Considering that people will drop $10/mo to connect their wearable device to cellular, when they're likely in range of the phone or WiFi 99% of the time, says that there is plenty of money available to folks to be spending on hosting.

Comcast and other large ISPs will bring I back as well -- anything that ties you to their service is good. Today the biggest lock most have with their ISP is email address (and the vast majority have migrated from those to ISP agnostic email) ... so something to hook the user back in would be welcome.

how does this fix anything?

[sad_]

so you have 'pods' that contain your information and you control which website/app can access information in the pod.
you'll end up with sites/apps that will require you to allow access to your pod or else you can't use the site.
they will take use all data from the pod, while still building their own database depending on your actions on their site.
the end result might be even worse then what we have now, where at least you could potentially island of certain sites/apps.

Re: Show, don't tell. Less hype, more details.

...in addition anyone with access to data has that data.

So this doesn't protect anything you put out in public, or even in private to certain parties...

Maybe if we have super strong data rights you're protected from the big corps, but individuals, small corps, and those operating outside the reach of the law, will continue to scrape, mine, and exploit.

Retroshare

It sounds like is trying to re-invent Retroshare:
http://retroshare.net/

Following the pattern of

[Chrisq]

Following the pattern of Diaspora*, Mastadon, etc - and will probably prove as popular. All promise a "new web" for everyone but is only of interest to techies

Re:Show, don't tell. Less hype, more details.

Currently free to get one from his company or the global community. Or you can set one up on your computer or server. I just grabbed one for free.

Berners-Lee is late to the party

[dm42]

If you truly want what Berners-Lee is selling, you don't have to wait for him to criss-cross America and get venture capital to make it happen. It's available now, today, in an opensource platform called Hubzilla. Privacy and access control for all your files, data, and even your social media. All of it can be hosted and stored on a system you own and control. What's more, your account on your system links you to other Hubzilla systems on "the Grid" without even retyping a username and password.

The opensource developers around the world who are working on the project are right now preparing to release version 3.8. It's a real product that real people are already using every day.

*Social Media communication (like Facebook but with better access and privacy controls, no advertising, and if you run your own server or use a server run by someone you know and trust - no way for "big data" companies like Facebook, Google, Twitter and others to vacuum up your data to sell to the highest bidder)
*File storage (like DropBox or Google Drive without the ability of "big data" to read your files and serve you advertising based on their contents)
*Webpage creation
* Wiki
* Events and Calendars
* "Nomadic Identity" (unique to the Zot protocol - allows you to have multiple "copies" of your identity, contacts and data on different servers all constantly kept synchronized - if you primary hub is down for any reason, just log into a copy and continue working exactly where you left off.)
* More!
* All on an extensible platform that allows motivated individuals to create custom solutions and applications on top of the robust ZOT protocol.

Visit https://usezot.net/ to find out more.

Right Idea, Wrong Reason

"Companies and governments" won't be the cause, users will.

Look, the internet + www are massively successful already. For Berners-Lee to succeed, he'd have to at least carve out a significant niche against, what is in business terms, a competitor. It's not impossible but what does Berners-Lee have on his side? OK, he's got a sterling reputation... and that's about it.

Does he have deep pockets? Marketing chops? Is he filling a sharply-felt void? Are there legions of people with him, willing to advance the cause of these PODS and this new internet vision? If so, I don't see it.

He's going to be about as successful as Ted Nelson was with Xanadu. An interesting idea that the customers didn't particularly want. And that's the worst part; I see no pent-up demand from users for Berners-Lee's vision of a (more) distributed internet. If Berners-Lee isn't meeting some unmet demand he is doomed to failure.

Hand wringing about privacy, corporate control, centralization and the Good Old Days of Usenet is the province of /. users. Average users, ordinary citizens, are quite happy to hand over their data to Google, Facebook, Twitter and all the rest. They buy Apple devices by the millions. They use Windows. They like the internet for friends, family, memes, cats and minimally (or rarely, actually) talented adolescents.

I don't see where PODS fits in any of that.

Re:Show, don't tell. Less hype, more details.

you run a javascript web server or pay someone else to run one for you and then you install various javascript apps in that server and authorize the app a certain level of access to the datastore apis