back to article A web where the user has complete control of their data? Sounds Solid, Tim Berners-Lee

WWW creator Tim Berners-Lee has taken aim at the internet giants with his new decentralised web project Solid, which pushes for individuals, not firms, to control their data. The inventor is no stranger to public proclamations about the future of his creation, which he has long fought to keep open to all. But in recent months …

  1. tojb
    Headmaster

    Antidote to digital tyranny?

    Will this protect us from digital tyranny-type scenarios, such as the Chinese approach of escalating from bad seat assignment on the train up to organ harvest, based on who you have been associating with and what they have been saying?

    Mortarboard because the satellites are watching me

    1. macjules
      Black Helicopters

      Re: Antidote to digital tyranny?

      Will this protect us from digital tyranny-type scenarios

      Err. No

      Zuckerberg simply would employ 10,000+ developers whose sole mission would be to reverse-engineer Solid so that it can take a Facebook-style app.

  2. }{amis}{
    Holmes

    Good Luck

    The digital B@$%"&$s won't go quietly into the night, I predict that if this starts to grow a wave of "Think of the children" or the classic "But Terrorism" F.U.D. will be peddled to try to bring this down before it can grow into a real challenger.

    1. Captain Hogwash

      Re: Good Luck

      You're right. It will probably work too. For example, I explained Tor to my SO the other night. Her first words after were "I bet paedophiles use that." She conceded that the legitimate uses I suggested were valid, but it just shows where the minds of those who rarely, if ever, think about this stuff go to first.

    2. Mark 85

      Re: Good Luck Tilting at Windmills

      It's just doomed to fail. He'll need backing and the big corps aren't about to that and will lobby against any public funds being used for this.

      Maybe 10 years ago it might have worked but I don't see the big guys playing nice here. And has been pointed out, users for the most part don't care. They've been sucked into the mindset that it's "only data" they hand over for something new and shiny.

  3. Crypto Monad Silver badge

    Would have been helpful...

    ...to link to any details about what Solid actually is or how it works.

    Here you go:

    https://solid.inrupt.com/

    https://github.com/solid/solid-spec

    There doesn't seem to be a huge amount to it: basically it's a web server with a complicated ACL mechanism. The social parts like "friends" and "followers" are not done yet.

    1. colinb

      Re: Would have been helpful...

      Seem to be trying to leverage fairly out of fashion concepts like RDF.

      Fair enough but unless it has a way to encrypt and split your data across multiple locations with only you able to decrypt or provide tokens for certain elements plus some revenue model via ad or micropay mechanism i don't see this as being that radical.

      I've argued with relatives about avoiding Facebook due to its narrowing of the web and data slurping and its only recently they have any inkling of what i was warning about.

      Facebook is massive due to ignorance and laziness and until evolution removes both there will always be a Facebook of some kind or other for the masses, long long after i'm gone.

    2. P. Lee

      Re: Would have been helpful...

      I think the key bit is owning your own authentication rather than deferring to a provider.

      This is the scary bit about MS' Azure, "sign in with facebook," "sign in with google" etc. These major platforms are attempting to own the authentication, which gives them control over the interaction. Obviously not the details, but if the application only uses "sign in with google" and you don't implement anything else, google are the gatekeepers and can collect data on your interactions.

      I set up MS SASL with an external provider and it was... non-trivial. We need something which is easier. And we need a mechanism where corporate firewalls and proxy interception don't void the security.

    3. Door Handle
      Black Helicopters

      Re: Would have been helpful...

      Thanks for the summary. As I understand it this is something like a more private version of Facebook, an alternative solution (like Diaspora or Friendica?). But Facebook (or Google+) is not "the web", it's not the only place where the user needs "complete control of their data". What about ads tracking you, Google analysing your search terms, your emails, tracking your location history, Microsoft slurping your data via Windows, Amazon keeping your purchase history, Youtube tracking your comments and viewing history? What about banks, utility companies, online shops, news portals all tracking you, sending you DM via third parties etc. etc.?

      1. Anonymous Coward
        Anonymous Coward

        Re: Would have been helpful...

        I don't mind Amazon using my purchase history to suggest potentially interesting products to me (when I am on the Amazon website), as that's useful. (All the other third-party tracking spyware I object to massively.)

        But, although AWS is a clever thing (and nowadays it seems that most of the web uses it as a back-end (along with a very unhealthy reliance on Google APIs, etc)), part of me does also wonder/worry if Amazon themselves get to sniff all that data that belongs to their AWS customers, and uses it to further profile and track us as individuals?

        1. DropBear

          Re: Would have been helpful...

          Actually, I would MUCH prefer if Amazon or anyone else would have no idea who I am each time I choose to enter into a transaction with them - you know, kinda like how shopping USED TO WORK for the previous few millennia or so. Stores used to have no idea about my name, address, previous purchases*, or the detailed origin of each banknote and coin I use to pay with**; and that's exactly the way I fucking like it. Just because the nature of modern online commerce is what it is, and just because some folks already see it as the normal way of things, I feel no obligation to cease looking for any and all ways that would maintain the privacy we all used to enjoy by default, in the digital realm as well, if possible.

          * Please consider that while fidelity cards and such do exist here around me as well so far I had zero difficulty in simply never asking for or agreeing to accept one.

          ** I also had zero difficulty so far in paying exclusively with cash for anything I buy, except for international online purchases.

    4. Julz

      Re: Would have been helpful...

      Javascript running on node.js what could possibly go wrong.

  4. fluffybunnyuk

    its the hope that kills you.

  5. Anonymous Coward
    Anonymous Coward

    Great. And he built it on Google's Chrome Javascript engine...

    .... please, give me something where Google, Facebook, Microsoft, etc. appear nowhere...

    1. Anonymous Coward
      Anonymous Coward

      Re: Great. And he built it on Google's Chrome Javascript engine...

      There's no such thing as Google JavaScript.

      Are you saying it uses APIs exclusive to chrome or are you saying it's written in JavaScript? If it's the latter then what's the problem?

    2. Lomax

      Re: Great. And he built it on Google's Chrome Javascript engine...

      Diaspora?

      https://en.m.wikipedia.org/wiki/Diaspora_(social_network)

      1. Anonymous Coward
        Anonymous Coward

        Re: Great. And he built it on Google's Chrome Javascript engine...

        Cool.

        How quickly things change around here. There was a time when dissing Google would get you thoughtless downvotes. That's changed and now dissing Google is considered a good thing. It really doesn't matter to you if the tech is good or bad, or whether you understand the discussion.

        Someone stupidly conflating JavaScript with Google? Hurray! Well done them for exposing the evil search overlords once more.

        Someone pointing out that JavaScript has very little to do with Google? Boo! Boo! Google are bad! You must be bad too!!!!

        C'mon, there must be some people here who understand that life is more complex than "goodies vs baddies"......

        1. werdsmith Silver badge

          Re: Great. And he built it on Google's Chrome Javascript engine...

          I would like to see a standard where you could choose whichever application (client) you prefer to use but would be able to interact and share activity with people who choose to use another application. So I could add friends in Solid and see the feeds from people in Diaspora and Friendica etc and share mine in their pages.

          Like the web was when it was good. Different email clients, web browsers (ish) all working with the same user created content. No silos, not attempt to dominate and become the de facto web. I'm looking at you Faecebook home of the thick.

  6. JohnFen

    Right

    "For all the good we've achieved, the web has evolved into an engine of inequity and division; swayed by powerful forces who use it for their own agendas,"

    Says the man who pushed hard to perpetuate this problem by including the EME in HTML5.

    1. Anonymous Coward
      Anonymous Coward

      Re: Right

      Make your own contents, instead of pirating someone else's... that what the Web is for - not a huge network to traffic in pirated contents, because too many people are too mean to pay for what they can easily get for free illegally.

      That why he's dream people will pay for applications is doomed to fail.

      1. JohnFen

        Re: Right

        "Make your own contents, instead of pirating someone else's"

        That's an argument that doesn't address the problems with the EME. Also, I don't pirate, so that's an argument that is completely irrelevant to me personally.

        1. This post has been deleted by its author

        2. Anonymous Coward
          Anonymous Coward

          "That's an argument that doesn't address the problems with the EME"

          No? EME is all about DRM. And DRM exists to protect contents from piracy. The only one who have issues with DRM are those who want to pirate contents easily without the hassle and the risks of breaking it. I don't pirate and I have no problem with EME and DRM.

          You have, why? I like how many people like to hide behind a finger..

          1. LenG

            Re: "That's an argument that doesn't address the problems with the EME"

            I don't pirate but I have major issues with DRM interfering with my ability to play what I want where I want on my own equipment.

            1. Anonymous Coward
              Anonymous Coward

              "DRM interfering with my ability to play what I want"

              In this case, don't buy it. You have no right on someone else's contents but what is in the contract - when you buy them, you abide to a contract. If you don't like the contract, don't enter it. Once again, it's just a matter of really childish "I want a cake and eat it".

              It's really just entertainment mostly, you can do without it and send them a signal you don't like their contracts. Pirating those contents just signal them you are obsessed with them, can't live without, and they will try to extract more money from you. Grow up.

              1. Anonymous Coward
                Anonymous Coward

                Re: "DRM interfering with my ability to play what I want"

                Say thank you to the pirates. Did you ever produced something valuable that got highly pirated? Probably not, otherwise you'll know you want DRM. Sure, they are also protecting their profits, shouldn't they? There are people with their ass stuck to a chair, brain turned off, while downloading someone else's work, while there are people who actually spend time, money and effort to create something new and valuable. Frankly, I prefer the latter, and DRM is a necessary evil as long as there are lazy greed people only able to take advantage of others.

                1. JohnFen

                  Re: "DRM interfering with my ability to play what I want"

                  "Did you ever produced something valuable that got highly pirated?"

                  Yes, multiple times. But that doesn't affect my attitude toward DRM. Two wrongs don't make a right, after all.

          2. joma0711

            Re: "That's an argument that doesn't address the problems with the EME"

            drm has caused me grief many times - from not being able to make digital copies of music i own the copyright to (SCMS anyone?), to not being able to play my bluray on my DVI monitor. Reducing my sound quality (all the analogue anti copying methods ever proposed to stop cassettes recording LPs). additional software required in players, that doesn't always work properly. i'm sure others here have similar tales.

            1. Anonymous Coward
              Anonymous Coward

              "o not being able to play my bluray on my DVI monitor"

              Get and HDCP compliant monitor. Sure, sure, all poor people wanting to make copies of contents they legally own or bought, ROTFL - c'mon, you're all people sucking form BitTorrent the hell out of the Internet. Hypocrites.

              1. Anonymous Coward
                Anonymous Coward

                Re: "o not being able to play my bluray on my DVI monitor"

                Whatever Berners-Lee had suggested you'd still have DRM in your browser. Would you rather have it in a documented and standardised place or do you want all the content providers to bodge their own implementations into your browser? Because they have lots of money and want DRM so they're going to get DRM however much you might not like it. Berners-Lee is just a little more realistic about these things and realised he's better off sat at the table where they discuss this than pouting in the hallway.

                1. JohnFen

                  Re: "o not being able to play my bluray on my DVI monitor"

                  "Would you rather have it in a documented and standardised place or do you want all the content providers to bodge their own implementations into your browser?"

                  With the EME, content providers are still bodging their own implementations into your browser, they're just doing it with a different API than they used to. In terms of this aspect, I don't see how it makes things any better (or worse).

          3. JohnFen

            Re: "That's an argument that doesn't address the problems with the EME"

            "EME is all about DRM. And DRM exists to protect contents from piracy."

            Yes, I'm with you so far, as long as you acknowledge that DRM exists for a lot of reasons beyond preventing piracy.

            "The only one who have issues with DRM are those who want to pirate contents easily without the hassle and the risks of breaking it."

            ...and this is where you're wrong. DRM (and the EME) causes plenty of downstream issues, both technical and societal, for people who have no interest in piracy whatsoever.

            1. This post has been deleted by its author

  7. Pascal Monett Silver badge
    FAIL

    Might be a nice idea, but it'll stay theoretical

    Unless there's a way to force Facebook to use this construct, I don't see any change any time soon.

    Apart from the fact that we might soon have to learn to manage our private data in yet another data repository.

    Oh, and great idea to make the users manage access - in a world where most of them blindly accept all app permissions, what could possibly go wrong ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Might be a nice idea, but it'll stay theoretical

      Facebook will just buy Solid providers when they will have enough data in it... the only way is not to put your data in someone else's system - unless well encrypted and with the keys in your possession only.

      1. JohnFen

        Re: Might be a nice idea, but it'll stay theoretical

        "unless well encrypted and with the keys in your possession only."

        ...and even then, you should think long and hard about it and only do it if you really have no other option.

      2. Persona Silver badge

        Re: Might be a nice idea, but it'll stay theoretical

        If solid takes off Facebook could just implement their own solid server for people to use from where it could access their data or serve it to others as permitted. Many many people seem quite content to give Facebook all of their data so they would get plenty of customers.

    2. Graham Cobb Silver badge

      Re: Might be a nice idea, but it'll stay theoretical

      Unless there's a way to force Facebook to use this construct, I don't see any change any time soon.

      It is a first step.

      Obviously the only answer to the problems with Facebook, Twitter, etc are for regulators to enforce competition with open interoperation. Then people can have their "conservative facebook" or their "activist twitter" and still follow their favourite pop stars and Auntie Betty as well. But regulators won't force that until the tools are in place to make it work.

      This sounds like one of those building blocks. If it is successful then we can start asking regulators to use competition laws to force the massive players to use it.

  8. alain williams Silver badge

    Durh! Why should I bovver ?

    Will be the typical reaction of most Internet users. If it takes more than 10 seconds to implement a change then they won't bother.

    Yes: some of them might have heard stories about abuse of data by the facebook & friends, but they have not seen the sky fall & don't understand why these apps that let them chat to friends, the purveyors of pictures of kittens are in anyway malign. Then they forgot about the stories.

    Much as I applaud Solid they are unlikely to get more than 1% of users (most of whom will be the sort of techno nerd that visits el-Reg) - so the data abuse will continue. Solid is going to need to come up with exciting must-have features to attract users ... features that the big boys will copy in a trice. Most people do not consider security & privacy. They are not must-have features that Sharon from Essex thinks about.

    1. r_c_a_d_t

      Re: Durh! Why should I bovver ?

      Great. I'm happy if those people stay on facebook while the (hopefully significant) minority get on with something more useful.

      1% of 2 billion is still 20 million. That's a significant number of people.

    2. Anonymous Coward
      Anonymous Coward

      Re: Most people do not consider security & privacy.

      I DO care about security & privacy, there's this little green padlock safely shut, and that little disc with a green tick, and that little green thumb up - they all tell me I'm secure & private, what's your problem?!

      Sharon from Essex

  9. Anonymous Coward
    Anonymous Coward

    So what happens to data once it's been released ?

    Because it's not necessarily restricting access to data that's the issue. More the fact that once ANYONE has a copy of your data, then it's theirs to do with what they will.

    Sure, we can have all the laws you like. But based on the fact that my wife is still receiving post in her maiden name (which disappeared 11 years ago) I really can't see what any new system can do unless it has the power to expire data once it's been snaffled.

    1. Natalie Gritpants Jr

      Re: So what happens to data once it's been released ?

      Suggest that she is still posting in her maiden name. Maybe you could ask her why or even contact her and see what happens (Kate Bush - Babooshka)

      1. Anonymous Coward
        Anonymous Coward

        Re: So what happens to data once it's been released ?

        @ Natalie Gritpants Jr

        er, I really couldn't parse that :(

        1. Evil_Goblin

          Re: So what happens to data once it's been released ?

          Not that complicated really - merely a suggestion that the wife was still using her maiden name somewhere, with a suggestion of a possible scenario ( go look up the lyrics to Kate Bush - Babooshka if it doesn't ring a bell).

  10. Munchausen's proxy
    Pint

    Xanadu

    So basically, the vision Ted Nelson had, but with more marketing and no more likely to be implemented.

  11. steviebuk Silver badge

    Just...

    ...bring back GeoCities. That's where my own content once was. With all the bad "Under Construction" and animated gifs. Tried to code it in HotDog but my 386sx back then was so shit it couldn't even cope with HotDog.

    Ah the 90s and having no money. (The 90s was good, having no money wasn't).

    1. elDog

      Re: Just...

      Ah, HTML Dog and other variants of HTML editors that dogged my life from the early 90's well into the ought's. Of course Mr. Microsoft didn't think these technologies were worth investing his billions in....

      In the end I submitted my new markup using PPT or recycled hollerith cards (with the punched holes painstakenly filled in when necessary.)

      1. Lomax

        Re: Just...

        I used Allaire Homesite, before Macromedia ruined it. Great editor.

  12. steelpillow Silver badge
    WTF?

    Circumvention

    So the big dudes will just write apps that hook not only into Solid but into other arbitrary web resources, one of them being their own harvester. You can't police every "Solid-compliant" app on the planet, or have I missed something here?

  13. herman

    Retroshare

    So he is trying to reinvent Retroshare?

    1. elDog

      Re: Retroshare

      Thanks for that. Worth studying.

      Now, if I can only find my dongle that opens my container that has my encrypted keepass locker...etc...

      1. Anonymous Coward
        Anonymous Coward

        Re: Retroshare

        Now, if I can only find my dongle that opens my container that has my encrypted keepass locker...etc...

        I certainly resemble that remark! PasswordSafe, but that's the only difference.

  14. sorry, what?
    Alert

    Single point of security failure

    Having had a very cursory glance at the Inrupt Solid web site content, with all their talk about personal PODs, since these PODs are implemented using the "Solid Server", that software (if, and that is a big IF, Solid were to actually catch on) would be a primary target for all hackers after exploitable personal data. The smallest whiff of an exploitable bug would be catastrophic.

    Or did I misunderstand something?

    1. Cuddles

      Re: Single point of security failure

      "a primary target for all hackers after exploitable personal data"

      Indeed, this seems to be a fairly large flaw with the whole idea. Instead of putting bits and pieces of your data all over the place as and when it's asked for, you pre-emptively put it all in one place and wait for someone to ask you for access to it access it without you knowing. It's just another cloud with all the issues that always brings.

      Worse, even if it were perfectly secure it wouldn't actually achieve anything anyway. The problem with personal data isn't that it's too easy to gain access to it, it's that once it's been given out for any reason, it's trivial to copy it and hand it around. It doesn't matter how secure you make your central data store, as soon as you give anyone permission to look at any of it, all the data they've seen is in exactly the same situation as if you had no central store at all. In order for the idea to work, you have to trust everyone who is given access to any of your data, but the entire reason for proposing it is because most parties aren't trusted. It's a neat idea that completely fails to actually address its only objective.

  15. Lt.Kije

    So my data lives in the Solid environment which guarantees that I control which apps have access to which data and how often. (once only, on request, always, etc). The environment would have to guarantee that a group of apps could not share personal profile data or app activity data, and thatdata is deleted when an app is deleted. What else? Automatic expiration?

  16. Chris Miller

    "People want free apps that help them do what they want and need to do – without spying on them,"

    FTFY

    'Free' stuff comes with a price. If you're lucky it will just be the occasional advert popping up; if you're unlucky, it will involve selling information about your usage of the app to an unknown third party. Most people seem fairly happy with such arrangements, but if you think there's a massive pent-up demand for paid-for stuff without these drawbacks, emulate Sir Tim and get coding. Maybe this time next year you'll be a billionaire ... but A hae ma doots.

    1. JohnFen

      That division stopped being true a while back. Nowadays, applications are no less likely to be spying on you just because you paid for them. "Free" no longer enters into it.

      1. TReko
        Thumb Up

        Windows

        Indeed, your paid for copy of Windows 10 will spy on you just as intrusively as the free version. Good luck trying to turn it off, too, when every update turns it all back on again and throws in a free 300M version of Candy Crush.

  17. User McUser
    Unhappy

    Some people just have to ruin everything...

    "For all the good we've achieved, the web has evolved into an engine of inequity and division; swayed by powerful forces who use it for their own agendas"

    Name a single technology from any time in human history that did not follow exactly the same path.

    I'm sure the first were fire and flint knives and I don't think it ever stopped.

    1. Teiwaz

      Re: Some people just have to ruin everything...

      I'm sure the first were fire and flint knives and I don't think it ever stopped.

      I wonder if a portion of the population back then had no particular interest or curiosity to learn how to make fire or knapp their own flint knives and passively permitted that inequality and division.

      You could argue the same today over IT, people have no interest in finding out how to build even rudimentary apps themselves (despite a portion of the industry actively trying to make it easier year by year), and actively accept the role of being provided for in return for their 'digital allegiance'.

  18. Anonymous Coward
    Anonymous Coward

    'Solid would restore balance to the web because it meant people never lost control of their data'

    Until its hacked... One data silo is a one-stop shop for hackers. Imagine the resources bearing down on that. NSA + Shadowbrokers proves anything can be hacked. Its also a single point of failure for outages etc.

    I've an alternate idea.... How about we abandon tech altogether, turn our backs on it, let it rot. For a decade or more. Until security is completely re-worked and privacy is better understood and legislated for. Why not? Some Reg'ers are already doing this in part... Whose buying IoT etc?!

    Otherwise enjoy getting a data proctology every time you just want to buy a fcking ice-cream... Never mind an insurance policy (John Hancock adds fitness tracking to all policies). Meanwhile a single silo is perfect for a China 2020 social-credit-score system in the West. ** It will be abused **

    1. JohnFen

      Re: 'Solid would restore balance to the web..."

      "NSA + Shadowbrokers proves anything can be hacked."

      They didn't prove it as much as reaffirmed something that we've known for longer than I've been alive. It's one of the core laws of security: if a thing can be accessed legally, then it can be accessed illegally. There is no exception to that truth. The point of security measures is to make the cost (time and effort) required to gain illegal access high enough that the cost/benefit ratio favors the defender.

    2. tiggity Silver badge

      Re: 'Solid would restore balance to the web because it meant people never lost control

      I'm half hoping I get an offer of reduced insurance for a tracker - I'll just attach it to the cat collar & let the feline accumulate some steps whilst out & about roaming

  19. J.G.Harston Silver badge

    Wouldn't you have to legislate to ban people from chosing not to use Solid?

  20. Anonymous Coward
    Anonymous Coward

    evolve the web in order to restore balance

    I applaud, but sadly, there's no backpedalling from the shit we're deep in. There's too much money at stake, and too much greed for control, to reverse the trend of businesses and government to suck more and more users' data. They will NOT allow for creation of alternative routes that bypass their "due" share :/

  21. F0ulRaven

    This is what an ideology looks like

    Solid, is, at best, a data wallet, which could be used to store your user name and passwords, but it can't force other web services to use it instead of its current method

    - now, am I the only one who's thinking, Is Solid just wanting to be Facebook or Google, but got to the party a bit late?

    If you really want to do something for users data, maybe Tim should be asking users what they think first?

    Or just like the other bit tech companies, does Tim think he knows better?

    This sounds to me like the only choice on offer is who do you want to be your data overlords?

    1. Captain Hogwash

      Re: who do you want to be your data overlords?

      You can self-host. I think the odds are against it for reasons stated by other commenters, but I hope it succeeds. BTW, did I mention you can self-host?

  22. 27escape

    See also Databox

    Similar thing being worked on here https://www.databoxproject.uk/about/

  23. Anonymous Coward
    Anonymous Coward

    Quote from Tim Berners-Lee: "People want apps that help them do what they want and need to do – without spying on them," Berners-Lee said. "Apps that don't have an ulterior motive of distracting them with propositions to buy this or that."

    *

    How does this square with communications providers giving the NSA and GCHQ (and no doubt others) access TO THE UNDERLYING TRAFFIC? Sure, "apps" like Facebook are hoovering up the app traffic.... but the NSA and GCHQ are hoovering up ALL THE TRaFFIC.

    *

    I simply don't see the Tim Berners-Lee initiative "giving users control" over NSA or GCHQ information about those users. It's not just Facebook and Google doing the spying. This is typical of the misdirection provided by influential figures...the real problems are NEVER mentioned!

    *

    What am I missing here?

  24. annodomini2

    Look at Android and App permissions

    This isn't going to do anything, even if implemented.

    The Apps talking to it will just refuse to work unless you release the information and probably rights to sell it on.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like