Slashdot Mirror
Tim Berners-Lee Announces Solid, an Open Source Project Which Would Aim To Decentralize the Web (fastcompany.com)
Tim Berners-Lee, the founder of the World Wide Web, thinks it's broken and he has a plan to fix it. The British computer scientist has announced a new project that he hopes will radically change his creation by giving people full control over their data. Tim Berners-Lee: This is why I have, over recent years, been working with a few people at MIT and elsewhere to develop Solid, an open-source project to restore the power and agency of individuals on the web. Solid changes the current model where users have to hand over personal data to digital giants in exchange for perceived value. As we've all discovered, this hasn't been in our best interests. Solid is how we evolve the web in order to restore balance -- by giving every one of us complete control over data, personal or not, in a revolutionary way. Solid is a platform, built using the existing web. It gives every user a choice about where data is stored, which specific people and groups can access select elements, and which apps you use. It allows you, your family and colleagues, to link and share data with anyone. It allows people to look at the same data with different apps at the same time. Solid unleashes incredible opportunities for creativity, problem-solving and commerce. It will empower individuals, developers and businesses with entirely new ways to conceive, build and find innovative, trusted and beneficial applications and services. I see multiple market possibilities, including Solid apps and Solid data storage.
Solid is guided by the principle of "personal empowerment through data" which we believe is fundamental to the success of the next era of the web. We believe data should empower each of us. Imagine if all your current apps talked to each other, collaborating and conceiving ways to enrich and streamline your personal life and business objectives? That's the kind of innovation, intelligence and creativity Solid apps will generate. With Solid, you will have far more personal agency over data -- you decide which apps can access it. In an interview with Fast Company, he shared more on Solid and its creation: "I have been imagining this for a very long time," says Berners-Lee. He opens up his laptop and starts tapping at his keyboard. Watching the inventor of the web work at his computer feels like what it might have been like to watch Beethoven compose a symphony: It's riveting but hard to fully grasp. "We are in the Solid world now," he says, his eyes lit up with excitement. He pushes the laptop toward me so I too can see. On his screen, there is a simple-looking web page with tabs across the top: Tim's to-do list, his calendar, chats, address book. He built this app -- one of the first on Solid -- for his personal use. It is simple, spare. In fact, it's so plain that, at first glance, it's hard to see its significance. But to Berners-Lee, this is where the revolution begins. The app, using Solid's decentralized technology, allows Berners-Lee to access all of his data seamlessly -- his calendar, his music library, videos, chat, research. It's like a mashup of Google Drive, Microsoft Outlook, Slack, Spotify, and WhatsApp. The difference here is that, on Solid, all the information is under his control. Every bit of data he creates or adds on Solid exists within a Solid pod -- which is an acronym for personal online data store. These pods are what give Solid users control over their applications and information on the web. Anyone using the platform will get a Solid identity and Solid pod. This is how people, Berners-Lee says, will take back the power of the web from corporations.
Starting this week, developers around the world will be able to start building their own decentralized apps with tools through the Inrupt site. Berners-Lee will spend this fall crisscrossing the globe, giving tutorials and presentations to developers about Solid and Inrupt. "What's great about having a startup versus a research group is things get done," he says. These days, instead of heading into his lab at MIT, Berners-Lee comes to the Inrupt offices, which are currently based out of Janeiro Digital, a company he has contracted to help work on Inrupt. For now, the company consists of Berners-Lee; his partner John Bruce, who built Resilient, a security platform bought by IBM; a handful of on-staff developers contracted to work on the project; and a community of volunteer coders. Later this fall, Berners-Lee plans to start looking for more venture funding and grow his team. The aim, for now, is not to make billions of dollars. The man who gave the web away for free has never been motivated by money. Still, his plans could impact billion-dollar business models that profit off of control over data. It's not likely that the big powers of the web will give up control without a fight.
Solid is guided by the principle of "personal empowerment through data" which we believe is fundamental to the success of the next era of the web. We believe data should empower each of us. Imagine if all your current apps talked to each other, collaborating and conceiving ways to enrich and streamline your personal life and business objectives? That's the kind of innovation, intelligence and creativity Solid apps will generate. With Solid, you will have far more personal agency over data -- you decide which apps can access it. In an interview with Fast Company, he shared more on Solid and its creation: "I have been imagining this for a very long time," says Berners-Lee. He opens up his laptop and starts tapping at his keyboard. Watching the inventor of the web work at his computer feels like what it might have been like to watch Beethoven compose a symphony: It's riveting but hard to fully grasp. "We are in the Solid world now," he says, his eyes lit up with excitement. He pushes the laptop toward me so I too can see. On his screen, there is a simple-looking web page with tabs across the top: Tim's to-do list, his calendar, chats, address book. He built this app -- one of the first on Solid -- for his personal use. It is simple, spare. In fact, it's so plain that, at first glance, it's hard to see its significance. But to Berners-Lee, this is where the revolution begins. The app, using Solid's decentralized technology, allows Berners-Lee to access all of his data seamlessly -- his calendar, his music library, videos, chat, research. It's like a mashup of Google Drive, Microsoft Outlook, Slack, Spotify, and WhatsApp. The difference here is that, on Solid, all the information is under his control. Every bit of data he creates or adds on Solid exists within a Solid pod -- which is an acronym for personal online data store. These pods are what give Solid users control over their applications and information on the web. Anyone using the platform will get a Solid identity and Solid pod. This is how people, Berners-Lee says, will take back the power of the web from corporations.
Starting this week, developers around the world will be able to start building their own decentralized apps with tools through the Inrupt site. Berners-Lee will spend this fall crisscrossing the globe, giving tutorials and presentations to developers about Solid and Inrupt. "What's great about having a startup versus a research group is things get done," he says. These days, instead of heading into his lab at MIT, Berners-Lee comes to the Inrupt offices, which are currently based out of Janeiro Digital, a company he has contracted to help work on Inrupt. For now, the company consists of Berners-Lee; his partner John Bruce, who built Resilient, a security platform bought by IBM; a handful of on-staff developers contracted to work on the project; and a community of volunteer coders. Later this fall, Berners-Lee plans to start looking for more venture funding and grow his team. The aim, for now, is not to make billions of dollars. The man who gave the web away for free has never been motivated by money. Still, his plans could impact billion-dollar business models that profit off of control over data. It's not likely that the big powers of the web will give up control without a fight.
A false sense of security is in some ways worse than no security.
Howâ(TM)s out slashdot appropriately processing âoeâ quotes?
Honestly not sure if you are right or not... For such a long summary it's remarkably free of actual information and details of what this thing is or how it works.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
These are very nice puff pieces claiming a lot of good intentions, but how does it work?
I can already create a calendar app -- or download one -- and control all my information by running it on my own web server. That is more hassle than I want. How does this new thing let me trust my data to code written by other people, that I probably never see, running on servers I don't control? How will Berners-Lee's new company make enough money to pay employees and satisfy its venture-capital backers?
Companies and governments will find ways to hinder his project or to screw it up.
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
There was a fella with the name of Tim Berners Lee who voted FOR the inclusion of DRM in HTML.
I do not know if it is the same Tim Berners Lee, or not
https://www.techdirt.com/artic...
How about being able to actually get GB speed from the GB connection Iâ(TM)m paying for?
That is not a WWW issue at all; it's not even an Internet issue. It's a commercial issue between you and your ISP.
How about not being stuck waiting on a connection to some third part domain that Iâ(TM)ve never even heard of, so that the site Iâ(TM)m ACTUALLY VISITING will load and make itself available to me?
Again, this is only marginally a WWW issue. You can make matters a lot better by not patronizing sites that pull in lots of other sites, often for money-making or advertising purposes.
How about a goddamned single sign on mechanism of any kind so that I donâ(TM)t have 1000 different passwords for websites?
Use a password manager such as Password Safe.
How about a âoepay nowâ button that accesses the info I have already stored in my web browserâ(TM)s âoeID cardâ, so that I donâ(TM)t have to type it in all the time?
If you think it worth the loss of security involved, you can already have your browser memorize most of that information.
I am sure that there are many other solipsists out there.
> "How about a goddamned single sign on mechanism of any kind so that I donÃ(TM)t have 1000 different passwords for websites?
This already exists and is called OpenID Connect. It works quite well for the most part and is what makes all of the "Sign in with Google" and "Sign in with Facebook" (and used to also have Sign in with Yahoo) buttons work across the web.
It has not taken off for a couple of reasons
- Misunderstanding that by doing this you are giving Google/Facebook/Yahoo access to your data on that site (you aren't)
- Misunderstanding that by doing this you are giving that site access to your Google/Facebook/Yahoo password or information (you aren't, unless you approve it explicitly - and you never give them your password).
- Difficulty to implement "in the olden days" limited it's spread. This is no longer true.
I use "Log in with Google" everywhere I possibly can. It is much more secure than making identities on third party sites.
This design seems like DRM for personal data. Which is fine for things I would never share, like a TODO list. As soon as you wish to share information the receivers need a way to decrypt it. Just like DRM is broken by design, since the purchaser needs to actually play the song, so will this.
I just donâ(TM)t think the protection of data Is the problem. Itâ(TM)s the motives of companies that provide ease of data creation, and consumption, that are the issue. For this to work, well funded, highly regulated non-profits would need to mange it, and create the interfaces. Maybe Iâ(TM)m an old cranky pessimist, but I donâ(TM)t see that happening.
For such a long summary it's remarkably free of actual information and details of what this thing is or how it works.
My thought exactly. Just a lot of long-winded bullshit that doesn't mean anything. For example:
on Solid, all the information is under his control. Every bit of data he creates or adds on Solid exists within a Solid pod -- which is an acronym for personal online data store. These pods are what give Solid users control over their applications and information on the web. Anyone using the platform will get a Solid identity and Solid pod.
Get it .... how? From .... whom? Things don't just magically appear out of thin air.
This is how people, Berners-Lee says, will take back the power of the web from corporations.
Somebody has to build, maintain and pay for the physical infrastructure. Which means means someone owns and controls it. And that someone is not you. Which means you haven't actually "solved" any problems.
"Watching the inventor of the web work at his computer feels like what it might have been like to watch Beethoven compose a symphony"
Watching someone type is one of the most boring things imaginable, no matter who you are.
Actually, it is described in the link to the website itself.
From what I could understand, you have one account connected to one or more PODs. The account controls the information flow for the pods.
So basically an old school web server with a permissions protocol slapped on top of it.
systemd is not an init system. It's a GNU replacement.
That's not the idea, really. Tim Berners-Lee is like Steve Wozniak. He started with something good in the early days, and that was it. You can't give him credit for innovating over three or four decades when it was really one invention three or four decades ago that he deserves credit for. Not to draw any criticism of the former, but Wozniak has only been able to invent flops since leaving in the early days and going off on his own. Someone was bound to invent HTTP or an HTTP-like "thing" or an extension of gopher, and if it hadn't been for Berners-Lee, it might have taken another few years for someone else to do it. Or maybe not.
Woz and Berners-Lee are both great guys, and you can go so far as to call them authorities in their realms on what was and has been, but that doesn't mean that they know what should be or will be.
Just a friendly tip: Wouldn isn't trademarked.
Wonderful, and needed. So as an oldie who html handcoded my co's original 'website' very many years ago, I want to try what's new. My personal website has lots of files and anchors, so looks good for conversion/insertion to a 'Pod'. What to do next? Follow the links and register with, er, real name, then get flipped to Github and have to... get registered again - in order to get what... a manual? Aw, come on. I may be misunderstanding this, but there has to be a better front end for those of us who aren't geeks
These are very nice puff pieces claiming a lot of good intentions, but how does it work?
I found some some documentation: The getting started, Introduction to the specification.
There are some other things that look interesting Introduction to Linked Data, Expressing ID and, Manipulating linked data.
It looks interesting enough to check out when I'm not so tired.
My ism, it's full of beliefs.
The Web isn't broken. It's still there. It's still working the way it always has. Most people have simply chosen to use it badly.
I don't respond to AC's.
"Misunderstanding that by doing this you are giving Google/Facebook/Yahoo access to your data on that site (you aren't)"
The flip side -- and the problem -- with this is that nine times out of ten the site in question wants access to your personal information as well as a complete list of your friends. Refuse, and the site won't grant access.
So the site in question gets all of my Facebook/Google data, and Facebook/Google now know of your interests in X and (quite likely) can track you across that site using "like" button cookies.
OpenID would be great if there was a way to have an account somewhere that was limited solely to identification and whose provider wasn't snarfing all of your personal data. And, not to mention, was a big enough player in the space that most web sites would actually implement it.
So maybe Solid is, in fact, that solution.
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
Odds are it will follow the course of the original web. You may pay for the server from providers that honestly charge a fair price for it. Or you can host it with one of the alternatives that will host your data for free, in exchange for being granted access to crawl that data and serve you ads based on it., Next up websites will start requesting access to that data in exchange for access to free services. The reason this is doomed, is 70-90% of people will value the money in their wallet over privacy. and in capitalism in general the most succesful business will generally eat and destroy it's smaller competitors So this all falls next to diaspora overtaking facebook in short.
I'm starting to like it this way. It lets us identify the Apple users and ignore them accordingly.
You are welcome on my lawn.
Spent some time on solid website. It certainly appears to be compliant with all modern standards.
1. Talks about how important privacy is while using Google Analytics
2. Massive fonts
3. Jackpot scrolling
4. Low information content that leaves the reader guessing what you are talking about.
5. Piling on armies of crappy framework over another until something notably unremarkable is achieved.
"Solid is a set of modular specifications, which build on, and extend the founding technology of the world wide web (HTTP, REST, HTML). They are 100% backwards compatible with the existing web. "
"At its core, Linked Data is really simple: every piece of data gets its own HTTP URL on the Web, and we use those URLs to refer to those them. So if your photo is identified by https://yourpod.solid/photos/b..., then my comment at https://mypod.solid/comments/3... will link back to that URL."
"PODs are like secure USB sticks for the Web, that you can access from anywhere. When you give others access to parts of your POD, they can react to your photos and share their memories with you. You decide which things apps and people can see."
In other words quite literally nothing new.
Giving everyone in the world their own HTTP REST endpoint for granting information access to 3rd parties isn't a bad idea on the surface, but I think the implementation here might be a bit too convoluted. I would make an extension to DNS and flow everything based on e-mail address alone, similar to how MX works:
- Your e-mail address is your unique identifier. Just as most sites already use today.
- To participate, domains expose a new DNS record of type, let's say "IX" (information exchange)
- An IX record on domain.com points to an IX server endpoint... which is nothing more than a REST/WebSocket protocol defined by some spec.
The user's experience for logging in to a 3rd party website becomes:
Email: [ Enter your email ]
[ Login ]
User hits Login. The 3rd party does a DNS IX lookup on "domain.com", redirects the user accordingly. By convention:
front-part-of-email@domain.com routes to whatever-ix-dns-record.domain.com/front-part-of-email
With GET params ?scope=[attributes]&callback_url=[3rd party url with state information]. Not too dissimilar to OAuth2.
User is now on their personal "IX portal" and can login and grant the 3rd party access to /photos, /music, /ical, /mail etc with configurable RWX rights.)
the requested attributes or data stores (predefine
Upon grant, the callback url is hit with access token information and the 3rd party can do whatever with the user's data.
"...Every bit of data he creates or adds on Solid exists within a Solid pod -- which is an acronym for personal online data store..."
So you have to trust somebody to host it and storage is not free, and also to trust your browser manufacturer (Google, MS and Apple) and trust your OS manufacturer as well (again Google, MS and Apple). Finally Google will put Facebook out of business (unless people keep going with the status quo).
Listen to your selves...
In the light of the recent blow to net neutrality and the recently passed European copyright law, I find it disheartening reading the comments.
You sit here nay-saying any effort to decentralize the internet and better privacy before it has a chance to mature. You regurgitate political and corporate bias left and right. These tech giants like alphabet/google, amazon and the likes, should be considered the enemy of privacy and a free, decentralized internet, and it is their ideas that should be objected, not the ideas that help promote it.
Shame on you!
I see an increased polarization and hostility towards each other, instead of working together to make something that helps us in the the way we communicate and exchange data. There is nothing constructive about that. I only hope we come to our sense before it is too late, and i chose to believe there is still time to fix the state of things.
Yes, I am posting as an anonymous coward. Deal with it.
EOF
The summary probably wasn't written with a technical audience in mind, and it leaves much to be desired.
The main contribution here is the concept of linked data: that the relationship between media objects should be exposed through a standards-based interface. This is an old idea, but it is seldom practiced. Linked data is a natural extension of Sir Berners-Lee's original hypertext protocol, which provided for hyperlinking between documents.
The linked data protocol encourages the development of distributed applications. For example, one can host a photo on one server, but comments about that photo could be distributed among many others. Linked data is used to describe what refers to what. In this model, contributors are expected to retain more control over their contributions. This will likely scale OK for small groups... but if you attract hundreds of comments, you might be in trouble.
Is this useful? Maybe. It appears to fill much the same space as existing "social networking" websites, which provide both identity and methods for "limited sharing." It does not appear to address the needs of
Worse, where are we going to put these "Solid PODS?" On our home PCs? Most homes are not blessed with high uplink speeds, 99.9%+ SLAs, uninterruptible power, or redundant data centers. The answer for most people is likely going to be "in the cloud." Economies of scale dictate that low-cost cloud computing resources will be concentrated into the hands of relatively few organizations with both the capital and the experience to provide them.
All will be well and good until the cloud service providers realize that they can simply peer into these PODS and extract all the data that they ever wanted.
At our school, we don't earn a degree when we graduate—we earn pi/180 radians
"Imagine a photo and a bunch of comments, likes, etc on it (their example), and the photo or random comments disappear."
That's what happens now if you have a website and try to include links to your references. The links rot constantly and often just go away. Unless the Internet Archive has saved the linked material and you take the trouble to fix the link, the stuff is gone forever from your POV. AFAICS, the only solution is to ignore copyright and make copies of any external material you actually care about.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
These are very nice puff pieces claiming a lot of good intentions, but how does it work?
I can already create a calendar app -- or download one -- and control all my information by running it on my own web server. That is more hassle than I want.
Ah, but you are pinpointing it right there! It is more hassle than you want, why? If we could fix that problem, so that it wouldn't be more hassle to have it on your own webserver, then what would you do? And that's like iteration 1 of Solid, we're separating those apps from the data, so that you can have your data on your webserver, but you can use any calendar app you want. That way, companies will be competing to create the best apps, not to suck your data out of you. So, Solid is about making the infrastructure and the ecosystem to make sure that all those things aren't a hassle, they will be your preferred way to do it.
How does this new thing let me trust my data to code written by other people, that I probably never see, running on servers I don't control?
Right, good question, because that is the essence. But first of all, they are not running on a server you don't control, they are running on your client. So, Solid is doing a massive shift on where the intelligence will be. It will be mostly on the client. The server side will be pretty simple.
But the rest of the question is still interesting. It is a fairly long and intricate answer, but some of the short story here:
So, in the way it is working in browsers now, is the simple CORS restrictions. It is pretty broken, but it is what we have. So, we're making some hacks to identify web apps. And then, you can assign privileges to them. Since they are running on your device, the security of your browser applies to them.
Still, it doesn't mean that you can necessarily trust them, of course, but then, this is a social technology, so we could establish a Web of Trust around that. We're thinking a lot about that.
How will Berners-Lee's new company make enough money to pay employees and satisfy its venture-capital backers?
So, we don't know that yet. There are a few no-brainer business models of course, but we don't expect them to last long. But we have some really good people on the team, we'll figure it out.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
So basically an old school web server with a permissions protocol slapped on top of it.
You make the stuff that we do sounds really simple, but yeah. That's pretty much it. :-)
But note that in spite of Tim having read-write capability in his first browser, it really never took off. And then we had this document web, when we also wanted a data web and an applications web. So, I guess we got the applications web, but just pretty primitive and constrained ones.
So, yeah, the server side is really very simple. It is like, the UNIX of the Web. But in terms of all the stuff that has been around for 25 years without taking off, there is really a lot to do...
Employee of Inrupt, Project Release Manager and Community Manager for Solid
But the server is pretty simple, and can and will be implemented in many different languages. People are working on a Go implementation too. The nice thing about JS is that much of the same logic is both on the server and the client side, and so it is actually the same code. That's pretty nice for consistency and cost of implementing it.
I'm myself not really impressed with the security of the Node.js landscape, but that's what we decided to do first.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
Just read much of the inrupt.com site and some of the specifications on github. Not everything, but alot. Two critical problems seem obvious though it is possible I missed the provisions.
First, I see no indication that access to the pods is end-to-end encrypted. So, if your pod is stored on a server that is not your own, they definitely have access to your data. No 3rd party server can be trusted with your data (even if it can, you won't get notified when that changes) and few have the skills to stand up their own server. I would think that a requirement for end-to-end encryption of all data is an obvious one. An app given permission to access it must also be given some type of revocable keys.
Second, I don't see provisions to stop apps from taking the data and writing it somewhere else. To control your data, you must control the writing at everywhere it is processed as well. Apps should be forced to run in a sandbox that can only write data to approved places and all memory in the sandbox should be reliably wiped when the app is no longer needed. Trust of the sandbox should be verified before pods can be accessed.
Without at least these provisions, I see no possibility that this system can deliver user's control of the dissemination of their data.
Somebody has to build, maintain and pay for the physical infrastructure. Which means means someone owns and controls it. And that someone is not you. Which means you haven't actually "solved" any problems.
I think the point of this exercise is that anyone can build, maintain and pay for the physical infrastructure, so people can effectively pick up stakes whenever they like. The premise seems to be that competitive forces will keep the behemoths from monopolising your data, twisting it out of shape, or rendering it inaccessible to outside forces.
Given our experience of the commercialisation of the open web, and the commoditisation of the user, I'd say that premise is naive. At best, this is a new weapon in the online arms race, and for the moment, it's in the hands of the freedom crowd. The moment there's money to be made from your pod—and that's a necessary condition for SOLID to work—there will be vendors who will customise its contents at the expense of interoperability, and a concerted effort to make it as difficult to move as possible.
Governments will want to be able to control the movement of pods as well, for obvious reasons. And they'll no doubt want to legislate backdoors into the security mechanisms, especially those establishing identity.
I saw Tim Berners Lee back in 2000 when he first proposed what he was then calling the Semantic Web. Most of SOLID derives from what he had in mind back then. Then, as now, his ideas are inspired and powerful, but vulnerable to the buffeting of external forces. And compared to a smart man with a computer, governments and vested interests are looming large these days.
Crumb's Corollary: Never bring a knife to a bun fight.