Slashdot Mirror
Tim Berners-Lee Announces Solid, an Open Source Project Which Would Aim To Decentralize the Web (fastcompany.com)
Tim Berners-Lee, the founder of the World Wide Web, thinks it's broken and he has a plan to fix it. The British computer scientist has announced a new project that he hopes will radically change his creation by giving people full control over their data. Tim Berners-Lee: This is why I have, over recent years, been working with a few people at MIT and elsewhere to develop Solid, an open-source project to restore the power and agency of individuals on the web. Solid changes the current model where users have to hand over personal data to digital giants in exchange for perceived value. As we've all discovered, this hasn't been in our best interests. Solid is how we evolve the web in order to restore balance -- by giving every one of us complete control over data, personal or not, in a revolutionary way. Solid is a platform, built using the existing web. It gives every user a choice about where data is stored, which specific people and groups can access select elements, and which apps you use. It allows you, your family and colleagues, to link and share data with anyone. It allows people to look at the same data with different apps at the same time. Solid unleashes incredible opportunities for creativity, problem-solving and commerce. It will empower individuals, developers and businesses with entirely new ways to conceive, build and find innovative, trusted and beneficial applications and services. I see multiple market possibilities, including Solid apps and Solid data storage.
Solid is guided by the principle of "personal empowerment through data" which we believe is fundamental to the success of the next era of the web. We believe data should empower each of us. Imagine if all your current apps talked to each other, collaborating and conceiving ways to enrich and streamline your personal life and business objectives? That's the kind of innovation, intelligence and creativity Solid apps will generate. With Solid, you will have far more personal agency over data -- you decide which apps can access it. In an interview with Fast Company, he shared more on Solid and its creation: "I have been imagining this for a very long time," says Berners-Lee. He opens up his laptop and starts tapping at his keyboard. Watching the inventor of the web work at his computer feels like what it might have been like to watch Beethoven compose a symphony: It's riveting but hard to fully grasp. "We are in the Solid world now," he says, his eyes lit up with excitement. He pushes the laptop toward me so I too can see. On his screen, there is a simple-looking web page with tabs across the top: Tim's to-do list, his calendar, chats, address book. He built this app -- one of the first on Solid -- for his personal use. It is simple, spare. In fact, it's so plain that, at first glance, it's hard to see its significance. But to Berners-Lee, this is where the revolution begins. The app, using Solid's decentralized technology, allows Berners-Lee to access all of his data seamlessly -- his calendar, his music library, videos, chat, research. It's like a mashup of Google Drive, Microsoft Outlook, Slack, Spotify, and WhatsApp. The difference here is that, on Solid, all the information is under his control. Every bit of data he creates or adds on Solid exists within a Solid pod -- which is an acronym for personal online data store. These pods are what give Solid users control over their applications and information on the web. Anyone using the platform will get a Solid identity and Solid pod. This is how people, Berners-Lee says, will take back the power of the web from corporations.
Starting this week, developers around the world will be able to start building their own decentralized apps with tools through the Inrupt site. Berners-Lee will spend this fall crisscrossing the globe, giving tutorials and presentations to developers about Solid and Inrupt. "What's great about having a startup versus a research group is things get done," he says. These days, instead of heading into his lab at MIT, Berners-Lee comes to the Inrupt offices, which are currently based out of Janeiro Digital, a company he has contracted to help work on Inrupt. For now, the company consists of Berners-Lee; his partner John Bruce, who built Resilient, a security platform bought by IBM; a handful of on-staff developers contracted to work on the project; and a community of volunteer coders. Later this fall, Berners-Lee plans to start looking for more venture funding and grow his team. The aim, for now, is not to make billions of dollars. The man who gave the web away for free has never been motivated by money. Still, his plans could impact billion-dollar business models that profit off of control over data. It's not likely that the big powers of the web will give up control without a fight.
Solid is guided by the principle of "personal empowerment through data" which we believe is fundamental to the success of the next era of the web. We believe data should empower each of us. Imagine if all your current apps talked to each other, collaborating and conceiving ways to enrich and streamline your personal life and business objectives? That's the kind of innovation, intelligence and creativity Solid apps will generate. With Solid, you will have far more personal agency over data -- you decide which apps can access it. In an interview with Fast Company, he shared more on Solid and its creation: "I have been imagining this for a very long time," says Berners-Lee. He opens up his laptop and starts tapping at his keyboard. Watching the inventor of the web work at his computer feels like what it might have been like to watch Beethoven compose a symphony: It's riveting but hard to fully grasp. "We are in the Solid world now," he says, his eyes lit up with excitement. He pushes the laptop toward me so I too can see. On his screen, there is a simple-looking web page with tabs across the top: Tim's to-do list, his calendar, chats, address book. He built this app -- one of the first on Solid -- for his personal use. It is simple, spare. In fact, it's so plain that, at first glance, it's hard to see its significance. But to Berners-Lee, this is where the revolution begins. The app, using Solid's decentralized technology, allows Berners-Lee to access all of his data seamlessly -- his calendar, his music library, videos, chat, research. It's like a mashup of Google Drive, Microsoft Outlook, Slack, Spotify, and WhatsApp. The difference here is that, on Solid, all the information is under his control. Every bit of data he creates or adds on Solid exists within a Solid pod -- which is an acronym for personal online data store. These pods are what give Solid users control over their applications and information on the web. Anyone using the platform will get a Solid identity and Solid pod. This is how people, Berners-Lee says, will take back the power of the web from corporations.
Starting this week, developers around the world will be able to start building their own decentralized apps with tools through the Inrupt site. Berners-Lee will spend this fall crisscrossing the globe, giving tutorials and presentations to developers about Solid and Inrupt. "What's great about having a startup versus a research group is things get done," he says. These days, instead of heading into his lab at MIT, Berners-Lee comes to the Inrupt offices, which are currently based out of Janeiro Digital, a company he has contracted to help work on Inrupt. For now, the company consists of Berners-Lee; his partner John Bruce, who built Resilient, a security platform bought by IBM; a handful of on-staff developers contracted to work on the project; and a community of volunteer coders. Later this fall, Berners-Lee plans to start looking for more venture funding and grow his team. The aim, for now, is not to make billions of dollars. The man who gave the web away for free has never been motivated by money. Still, his plans could impact billion-dollar business models that profit off of control over data. It's not likely that the big powers of the web will give up control without a fight.
Sounds great... except it completely removes anonymity.
P.S. firsties.
Enough with all the utopian bullshit and just make it work better!
How about being able to actually get GB speed from the GB connection Iâ(TM)m paying for? Start there.
How about not being stuck waiting on a connection to some third part domain that Iâ(TM)ve never even heard of, so that the site Iâ(TM)m ACTUALLY VISITING will load and make itself available to me?
How about a goddamned single sign on mechanism of any kind so that I donâ(TM)t have 1000 different passwords for websites?
How about a âoepay nowâ button that accesses the info I have already stored in my web browserâ(TM)s âoeID cardâ, so that I donâ(TM)t have to type it in all the time?
Start with that. Let me know when you have it. Thanks.
These are very nice puff pieces claiming a lot of good intentions, but how does it work?
I can already create a calendar app -- or download one -- and control all my information by running it on my own web server. That is more hassle than I want. How does this new thing let me trust my data to code written by other people, that I probably never see, running on servers I don't control? How will Berners-Lee's new company make enough money to pay employees and satisfy its venture-capital backers?
Companies and governments will find ways to hinder his project or to screw it up.
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
There was a fella with the name of Tim Berners Lee who voted FOR the inclusion of DRM in HTML.
I do not know if it is the same Tim Berners Lee, or not
https://www.techdirt.com/artic...
TBL's original vision for the WWW was exactly that everyone - organization or individual - would be able to read and write information. Presumably this new idea (drawing on nearly 30 years of experience) will suggest ways of making it far easier and more foolproof to run your won Web server - or do something similar that gives the desired benefits with much less hassle.
I am sure that there are many other solipsists out there.
This design seems like DRM for personal data. Which is fine for things I would never share, like a TODO list. As soon as you wish to share information the receivers need a way to decrypt it. Just like DRM is broken by design, since the purchaser needs to actually play the song, so will this.
I just donâ(TM)t think the protection of data Is the problem. Itâ(TM)s the motives of companies that provide ease of data creation, and consumption, that are the issue. For this to work, well funded, highly regulated non-profits would need to mange it, and create the interfaces. Maybe Iâ(TM)m an old cranky pessimist, but I donâ(TM)t see that happening.
"Watching the inventor of the web work at his computer feels like what it might have been like to watch Beethoven compose a symphony"
Watching someone type is one of the most boring things imaginable, no matter who you are.
Now add Reddcoin into the idea of sharing my data. Let me set the price on what I want to share and make the companies pay me to get it.
This will give us control and destroy ads at the same time.
#DeleteFacebook
It's WebID. You have your profile on your own server, or on a WebID server, and it can be accessed via a Rest API.
"First they came for the slanderers and i said nothing."
Who is going to the pay for the web server? The user? hahaha
Just a friendly tip: Wouldn isn't trademarked.
Can anyone explain exactly how it changes anything at all? Or is it merely another rehash?
Imagine you want to move all your data to a Facebook competitor. All your profile and data is stored locally (or wherever you want) so it's easy to port your data to a different website.
"First they came for the slanderers and i said nothing."
Wonderful, and needed. So as an oldie who html handcoded my co's original 'website' very many years ago, I want to try what's new. My personal website has lots of files and anchors, so looks good for conversion/insertion to a 'Pod'. What to do next? Follow the links and register with, er, real name, then get flipped to Github and have to... get registered again - in order to get what... a manual? Aw, come on. I may be misunderstanding this, but there has to be a better front end for those of us who aren't geeks
These are very nice puff pieces claiming a lot of good intentions, but how does it work?
I found some some documentation: The getting started, Introduction to the specification.
There are some other things that look interesting Introduction to Linked Data, Expressing ID and, Manipulating linked data.
It looks interesting enough to check out when I'm not so tired.
My ism, it's full of beliefs.
That documentation is almost useless for assessing the claims of personal control over one's data. Sure, if you post an image, you can put it in your "pod", and you can -- if you want -- manage access control rules to limit who can retrieve it from that pod. That doesn't limit further distribution of the data, and it requires absolute trust in the server hosting your pod (because the WebID authentication protocol puts the public key for your identity in that pod).
coming soon.
The Web isn't broken. It's still there. It's still working the way it always has. Most people have simply chosen to use it badly.
I don't respond to AC's.
Well, Einstein did not do anything significant after 1916, yet people listed to what he said until he died (1955). Many famous scientists/engineers only do one thing. Most people never do anything significant.
According to his wikipedia page, he's been active in the web consortium since its inception. So I think it fair to say they have some idea as to what's gone down.
Odds are it will follow the course of the original web. You may pay for the server from providers that honestly charge a fair price for it. Or you can host it with one of the alternatives that will host your data for free, in exchange for being granted access to crawl that data and serve you ads based on it., Next up websites will start requesting access to that data in exchange for access to free services. The reason this is doomed, is 70-90% of people will value the money in their wallet over privacy. and in capitalism in general the most succesful business will generally eat and destroy it's smaller competitors So this all falls next to diaspora overtaking facebook in short.
This already exists and is called OpenID Connect.
I've had problems with OpenID Connect in practice. Describing these problems first requires defining some terms associated with OpenID Connect and the OAuth 2 framework it's built on. In case someone's not familiar with these:
Identity provider (IDP) Website where the user has an account, such as Google or Facebook Relying party (RP) Website that displays a "Sign in with..." button and receives information about a logged-in user from the IDP Client credentials A token that identifies the RP to the IDP, consisting of a client ID and client secret Dynamic client registration (dyn-reg) Mechanism to let an RP obtain client credentials from an IDP for the first time without human interaction on the RP's partIt works quite well for the most part and is what makes all of the "Sign in with Google" and "Sign in with Facebook" (and used to also have Sign in with Yahoo) buttons work across the web.
The last time I looked at OpenID Connect, each RP had to sign up for a developer account with each IDP. For example, I have a Google account but no Facebook account. This means that if I were to create a website using OpenID Connect, it could show a "Sign in with Google" button but no "Sign in with Facebook" button. If there are 20 popular IDPs, each RP has to agree to a Terms of Service contract with all 20 IDPs in order to obtain the required client credentials because no popular IDP supports dyn-reg to my knowledge.
Or has the situation changed in the two years since the last time I looked at OpenID Connect?
Users are already paying for web servers with their ad eyeballs.
All your profile and data is stored locally (or wherever you want)
But a lot of that data will consist of links to other people's data, and be rather useless without it. For example, looking at the Solid docs, it looks like an instant messaging exchange would consist of your text, and links to the text that the other person responded with. If that person revokes your permissions, or their pod is simply unavailable for whatever reason, you now only have your side of the conversation to take to another service.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
I can't serve the world.
If I post the worlds best corn bread muffin recipe, and it goes viral, then either; my web site crashes because of the slashdot effect, or my provider charges me thousands of dollars for the honor of having a successful web site, or some combination of the two.
The reason Youtube is popular isn't the technically difficultly of hosting video clips, it's the cost of doing so.
Replacing a central server with a group of central servers helps, but it's not good enough.
We need a solution like BitTorrent, where the more people accessing something increases the ability of other people to access it.
But a lot of that data will consist of links to other people's data, and be rather useless without it.
That's true but the entire premise of the web is links to other data.
"First they came for the slanderers and i said nothing."
...should be where you are in control of the information you read, and no one should be able to purchase themselves the top search result positions.
When you have to register, you immediate place all your privacy and trust in those who claim to protect it, as history shows us again and again, this is seldom the case - we always end up at the shallow end of the dreampool.
A library, is sort of anonymous, because they never register what books you read, they only label them, track them for recovery purposes, and after that - all is lost, and even if they do - you can freely walk into it, read any book and information you want, and no one is any wiser to whatever you where thinking, or worse yet - THINK that you are thinking.
This is the biggest problem with tracking on the net, people getting ideas of what you want, when it might not be what you want at all.
The fight for privacy, is the biggest fight we're fighting now, but our comfort makes us very complacent I'm afraid.
What this world is coming to - is for you and me to decide.
Spent some time on solid website. It certainly appears to be compliant with all modern standards.
1. Talks about how important privacy is while using Google Analytics
2. Massive fonts
3. Jackpot scrolling
4. Low information content that leaves the reader guessing what you are talking about.
5. Piling on armies of crappy framework over another until something notably unremarkable is achieved.
"Solid is a set of modular specifications, which build on, and extend the founding technology of the world wide web (HTTP, REST, HTML). They are 100% backwards compatible with the existing web. "
"At its core, Linked Data is really simple: every piece of data gets its own HTTP URL on the Web, and we use those URLs to refer to those them. So if your photo is identified by https://yourpod.solid/photos/b..., then my comment at https://mypod.solid/comments/3... will link back to that URL."
"PODs are like secure USB sticks for the Web, that you can access from anywhere. When you give others access to parts of your POD, they can react to your photos and share their memories with you. You decide which things apps and people can see."
In other words quite literally nothing new.
Giving everyone in the world their own HTTP REST endpoint for granting information access to 3rd parties isn't a bad idea on the surface, but I think the implementation here might be a bit too convoluted. I would make an extension to DNS and flow everything based on e-mail address alone, similar to how MX works:
- Your e-mail address is your unique identifier. Just as most sites already use today.
- To participate, domains expose a new DNS record of type, let's say "IX" (information exchange)
- An IX record on domain.com points to an IX server endpoint... which is nothing more than a REST/WebSocket protocol defined by some spec.
The user's experience for logging in to a 3rd party website becomes:
Email: [ Enter your email ]
[ Login ]
User hits Login. The 3rd party does a DNS IX lookup on "domain.com", redirects the user accordingly. By convention:
front-part-of-email@domain.com routes to whatever-ix-dns-record.domain.com/front-part-of-email
With GET params ?scope=[attributes]&callback_url=[3rd party url with state information]. Not too dissimilar to OAuth2.
User is now on their personal "IX portal" and can login and grant the 3rd party access to /photos, /music, /ical, /mail etc with configurable RWX rights.)
the requested attributes or data stores (predefine
Upon grant, the callback url is hit with access token information and the 3rd party can do whatever with the user's data.
"...Every bit of data he creates or adds on Solid exists within a Solid pod -- which is an acronym for personal online data store..."
So you have to trust somebody to host it and storage is not free, and also to trust your browser manufacturer (Google, MS and Apple) and trust your OS manufacturer as well (again Google, MS and Apple). Finally Google will put Facebook out of business (unless people keep going with the status quo).
Yes, although you appear to have forgotten his actual argument, which was : There's going to be DRM anyway, at least this way it can be an open standard implemented by anyone rather than locked to one platform.
You can get around that with a cheap external relay. Amazon Lightsail could do it for $3.50/mo, with plenty of leftover power/storage to do other things that external relays are good at.
Good-bye
You don't need to register on github. Just scroll down on the manual page and you will see the directory listing and after that the rendered manual in Markdown. But granted, usability wise this is abysmal. Possibly they currently intend to make it accessible only for people who already have experience with github and other weird things until it has matured enough to be used by the general public.
MrKaos noted:
I found some some documentation: The getting started, Introduction to the specification.
There are some other things that look interesting Introduction to Linked Data, Expressing ID and, Manipulating linked data.
Someone who has points please mod parent +1 Informative.
Yes, people could easily find these documents for themselves - but most of us are lazy, easily distracted, and focused on other things. Providing these links is a useful public service.
Thank you, MrKaos ...
Check out my novel.
Probably the same way Theranos' magic blood tests worked. It's powered by bullshit.
SJW: Someone who has run out of real oppression, and has to fake it.
I think Tim Berners-Lee’s proposal is useless because: 1) privacy has been enforced this year with the GDPR law - you can already see what data is stored and with who is shared, and have the option to opt-out with your data being deleted or anonymized (in which case is harmless for the user and useful for the economy). 2) Collaboration between different apps is already a reality (ex Doodle accessing you Gmail calendar) and you can control the connection settings. 3) Zero risk for stolen data is impossible, event with his proposal : once an app get your data decrypted through your ID, it can do whatever with it.
Listen to your selves...
In the light of the recent blow to net neutrality and the recently passed European copyright law, I find it disheartening reading the comments.
You sit here nay-saying any effort to decentralize the internet and better privacy before it has a chance to mature. You regurgitate political and corporate bias left and right. These tech giants like alphabet/google, amazon and the likes, should be considered the enemy of privacy and a free, decentralized internet, and it is their ideas that should be objected, not the ideas that help promote it.
Shame on you!
I see an increased polarization and hostility towards each other, instead of working together to make something that helps us in the the way we communicate and exchange data. There is nothing constructive about that. I only hope we come to our sense before it is too late, and i chose to believe there is still time to fix the state of things.
Yes, I am posting as an anonymous coward. Deal with it.
EOF
There is nothing stopping the POD hosting providers from changing their TOS and selling ALL your POD data. The app providers can also deny your access if you do not allowing them access to your POD data. Of course they will say no identifying information will be captured which everyone knows is a load of crap. This is a greater risk to privacy than we have now with this single point where all your data can be given away or compromised
If you have concern about privacy than use an alternative. No one is forcing you to use a monopoly. If the concern is the majority of people are using monopolies that sell your data then you should contact your government representative to have them enforce anti-trust laws that are being largely ignored.
It's my 128GB USB stick containing all my data, which I keep in my watch pocket, with copies at two other places.
Running with Linux for over 20 years!
These are very nice puff pieces claiming a lot of good intentions, but how does it work?
I can already create a calendar app -- or download one -- and control all my information by running it on my own web server. That is more hassle than I want.
Ah, but you are pinpointing it right there! It is more hassle than you want, why? If we could fix that problem, so that it wouldn't be more hassle to have it on your own webserver, then what would you do? And that's like iteration 1 of Solid, we're separating those apps from the data, so that you can have your data on your webserver, but you can use any calendar app you want. That way, companies will be competing to create the best apps, not to suck your data out of you. So, Solid is about making the infrastructure and the ecosystem to make sure that all those things aren't a hassle, they will be your preferred way to do it.
How does this new thing let me trust my data to code written by other people, that I probably never see, running on servers I don't control?
Right, good question, because that is the essence. But first of all, they are not running on a server you don't control, they are running on your client. So, Solid is doing a massive shift on where the intelligence will be. It will be mostly on the client. The server side will be pretty simple.
But the rest of the question is still interesting. It is a fairly long and intricate answer, but some of the short story here:
So, in the way it is working in browsers now, is the simple CORS restrictions. It is pretty broken, but it is what we have. So, we're making some hacks to identify web apps. And then, you can assign privileges to them. Since they are running on your device, the security of your browser applies to them.
Still, it doesn't mean that you can necessarily trust them, of course, but then, this is a social technology, so we could establish a Web of Trust around that. We're thinking a lot about that.
How will Berners-Lee's new company make enough money to pay employees and satisfy its venture-capital backers?
So, we don't know that yet. There are a few no-brainer business models of course, but we don't expect them to last long. But we have some really good people on the team, we'll figure it out.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
I think he wants to talk about RDF triples again.
I'm sure Tim has thought this through but what happens when Solid is compromised?
Actually, we're all paying for it with actual real money. Advertising is paid for by companies, who make profits by selling us stuff. It's like a world-wide tax on everything. The world would be a better place if we could find a way of preventing that money from going through ad agencies, and instead just somehow funnel it directly into media organisations. This is, of course, impossible.
It's not likely that the big powers of the web will give up control without a fight.
They will let their best weapon, which is network effect, fight and defeat it. If people want to reach their friends, they need to go through the existing giant corporations products.
Ah, but you are pinpointing it right there! It is more hassle than you want, why? If we could fix that problem, so that it wouldn't be more hassle to have it on your own webserver, then what would you do? And that's like iteration 1 of Solid, we're separating those apps from the data, so that you can have your data on your webserver, but you can use any calendar app you want.
Surely you jest. Anyone can do this today using iCalendar because the interfaces are standardized. Every calendaring system worth using today supports iCalendar URLs out of the box.
The problem isn't web servers, where data is stored, level of centralization, authentication, authorization, access controls or any such thing. The problem is lack of interoperability due to failure to coordinate and agree on data formats and schemas. It's easy to create a system to scratch a particular itch. It's another matter entirely to get everyone who matters to agree on what is actually necessary to ensure meaningful interoperability.
For example REST was sold as a means of improving interoperability. That never happened. In fact the proliferation of nonsensical Verbs and arbitrary hierarchies expressed in URLs that nobody could predict much less agree on unnecessarily increased complexity and reduced interoperability.
https://xkcd.com/927/
That way, companies will be competing to create the best apps, not to suck your data out of you.
Interesting assumption given widespread existence of counter-examples.
Take SMTP email for example. Google now reads something close to a billion users emails. It used to be everyone used an app to read and compose email and mail servers were fairly decentralized. Today decentralization is rapidly unraveling and browsers rather than apps are used while everyone's privacy is still being raped.
So, Solid is about making the infrastructure and the ecosystem to make sure that all those things aren't a hassle, they will be your preferred way to do it.
http is the last technology I would ever consider for data tier access even if only used for transport to say nothing of actually leveraging nonsensical HTTP verbs and associated REST baggage. This heap of crap is completely unsuitable for the task at hand.
So, Solid is doing a massive shift on where the intelligence will be. It will be mostly on the client. The server side will be pretty simple.
More likely for anything non-trivial it'll be a "massive shift" to middleware.
So, in the way it is working in browsers now, is the simple CORS restrictions. It is pretty broken, but it is what we have. So, we're making some hacks to identify web apps. And then, you can assign privileges to them. Since they are running on your device, the security of your browser applies to them.
CORS are constraints commanded by servers enforced by clients. They flow from the server not the browser.
Still, it doesn't mean that you can necessarily trust them, of course, but then, this is a social technology, so we could establish a Web of Trust around that. We're thinking a lot about that.
Given the ratio of garbage to signal on the Internet I wouldn't trust a "web of trust" any more than I could throw it.
Because I don't want to have a computer at my house running all the time, and a colocated server for my personal data pretty much needs a lot of security monitoring and patching and configuration.
That sounds a little Pollyanna-ish. So what if my data lives on a server I control? The apps that I use still have full access to an awful lot of my data. It isn't exactly rocket science to exfiltrate data from a web server, or even browser, to arbitrary computers on the Internet.
Is the new fad running heavy apps on the client instead of on centralized servers (again)?
Smart servers are popular because they make it easy to collaborate in a way that is almost impossible if data is explicitly hosted by one of the users. Also because they make it easy to update the app (which goes back to the "can I trust this code?" question). Also because they make it easy for the app developers to have insight into how people use the apps -- not just the user interface, but statistics about the data, both of which make it much easier to make an app more useful for more users.
A calendar is a toy example for client-centric apps; the relatively few times that one person reads or edits another person's calendar, there is already a specific access control to allow that. A chat app is more interesting and more representative of many modern apps. For a smart client / light server approach, how and where is a new message stored, and how are recipients notified?
Normal HTTP does not map well to a smart-client chat app because you would need a URI for each message, and that adds a lot of overhead (unless your server, and maybe your protocol, includes a fair amount of chat-specific logic). You also need a push mechanism that is triggered by the right updates. You need to decide whether the message will be stored in the sender's pod or the recipient's pod, and there are drawbacks to both. If you want to have apps compete to be the best app, you now need standards on how chat should interoperate -- and while there are dozens of groups that develop and promote interoperability standards, the most recent such standard for chat is XMPP, which is an enormous mess of extensions that need server support and do not degrade nicely if a server does not support a particular extension.
All of that is merely for an application that lets one person send messages to another. The problems are much harder -- particularly in the "social" domain between implementors -- if you look at office productivity applications.
Thank you, MrKaos ...
Much appreciated Thomst.
My ism, it's full of beliefs.
Just read much of the inrupt.com site and some of the specifications on github. Not everything, but alot. Two critical problems seem obvious though it is possible I missed the provisions.
First, I see no indication that access to the pods is end-to-end encrypted. So, if your pod is stored on a server that is not your own, they definitely have access to your data. No 3rd party server can be trusted with your data (even if it can, you won't get notified when that changes) and few have the skills to stand up their own server. I would think that a requirement for end-to-end encryption of all data is an obvious one. An app given permission to access it must also be given some type of revocable keys.
Second, I don't see provisions to stop apps from taking the data and writing it somewhere else. To control your data, you must control the writing at everywhere it is processed as well. Apps should be forced to run in a sandbox that can only write data to approved places and all memory in the sandbox should be reliably wiped when the app is no longer needed. Trust of the sandbox should be verified before pods can be accessed.
Without at least these provisions, I see no possibility that this system can deliver user's control of the dissemination of their data.
The main problem with all these things is that the majority of people lack the means / motivation / technical skill to set them up. Therefore if a federated system is to work, or we expect people to store their private info in "pods", it requires that there are either a) hosting sites (lots of them), b) means to self-host, e.g. via a smartphone app or desktop software. It has to be a total no-brainer to setup and use, and as easy to install and use as any commercial storage (DropBox, Drive, etc.). It should not require any technical proficiency to set up or maintain, or to protect data. It should preferably be p2p so somebody could sync multiple devices up for redundancy.
It's also not just enough to have a pod that stores stuff unless there are apps use it for its intended purpose. e.g. the Solid website cites a fitness tracker as an app that could store data in a pod but I don't see Google, Apple, FitBit et al ever supporting Solid from their fitness apps or devices. Rinse & repeat for other kinds of apps. This is going to be a very serious problem to overcome, perhaps insurmountable. We'll see I guess, but as I said at the top, it's been tried before.
so you have 'pods' that contain your information and you control which website/app can access information in the pod.
you'll end up with sites/apps that will require you to allow access to your pod or else you can't use the site.
they will take use all data from the pod, while still building their own database depending on your actions on their site.
the end result might be even worse then what we have now, where at least you could potentially island of certain sites/apps.
On a long enough timeline, the survival rate for everyone drops to zero.
Following the pattern of Diaspora*, Mastadon, etc - and will probably prove as popular. All promise a "new web" for everyone but is only of interest to techies
If you truly want what Berners-Lee is selling, you don't have to wait for him to criss-cross America and get venture capital to make it happen. It's available now, today, in an opensource platform called Hubzilla. Privacy and access control for all your files, data, and even your social media. All of it can be hosted and stored on a system you own and control. What's more, your account on your system links you to other Hubzilla systems on "the Grid" without even retyping a username and password.
The opensource developers around the world who are working on the project are right now preparing to release version 3.8. It's a real product that real people are already using every day.
*Social Media communication (like Facebook but with better access and privacy controls, no advertising, and if you run your own server or use a server run by someone you know and trust - no way for "big data" companies like Facebook, Google, Twitter and others to vacuum up your data to sell to the highest bidder)
*File storage (like DropBox or Google Drive without the ability of "big data" to read your files and serve you advertising based on their contents)
*Webpage creation
* Wiki
* Events and Calendars
* "Nomadic Identity" (unique to the Zot protocol - allows you to have multiple "copies" of your identity, contacts and data on different servers all constantly kept synchronized - if you primary hub is down for any reason, just log into a copy and continue working exactly where you left off.)
* More!
* All on an extensible platform that allows motivated individuals to create custom solutions and applications on top of the robust ZOT protocol.
Visit https://usezot.net/ to find out more.