Web inventor Tim Berners-Lee reveals 'Solid' plan for users to take control of personal da...

in General Discussion edited October 2018
Tim Berners-Lee, inventor of the World Wide Web, hopes to hand back control of personal data to individuals, with the launch of an open-source platform called Solid to control where data is stored and what entities have access to the information.

via Flickr/gdsteam
via Flickr/gdsteam

Announced via a blog post on Saturday, Solid is described as an "open-source project to restore the power and agency of individuals on the web." Developed by Berners-Lee and people at MIT, Solid is effectively a single management location for a person's data, one which will provide the ability to dictate how and where the data is stored, which people and organizations can access specific elements, and how it is shared.

The move to develop Solid was prompted by the trend for companies to acquire as much data about their users as possible, followed by mining the data and using it to market products and services to users. The wholesale acquisition and datamining has been a cause for concern for privacy activists, who have previously warned of the data's potential misuse.

The most prominent case of misuse in recent times was the Cambridge Analytica scandal, where the data of Facebook users was acquired by the political analysis firm and used by political parties to influence events, allegedly including the 2016 U.S. presidential election.

"Solid changes the current model where users have to hand over personal data to digital giants in exchange for perceived value," writes Berners-Lee. "As we've all discovered, this hasn't been in our best interests. Solid is how we evolve the web in order to restore balance - by giving every one of us complete control over data, personal or not, in a revolutionary way."

For end users, their data is stored in one or more Solid personal online data stores, or PODs, which can be stored in the location of a user's choice, including online storage services or a home server. The data are said to be transferrable between locations at any time, without any interruption of service.

The user can store practically any data they want in the POD, including photographs, videos, and fitness tracker data. The data can then be shared with apps and services of the user's choosing, as well as other people.

As the data is also stored in a POD under the user's control, and not by other companies, there is no need to synchronize data if it is shared with multiple apps, as the same data source is used across the board.

The POD is also being touted as a method of authentication, along the lines as logging in with a Facebook account to another services' website. The ownership of a POD will apparently provide third-parties with enough proof that the user is who they say they are.

Berners-Lee is taking time off from his role at MIT to work on a start-up connected to Solid. Inrupt is a startup that intends to provide the infrastructure for the open-source Solid to function, as well as aiding apps in using Solid, and is also providing users with Solid PODs.

As part of this work, Berners-Lee will be traveling the world for the next few months, educating developers about both Solid and Inrupt, reports Fast Company. He will also spend time this fall attempting to raise venture funding to grow the team, though it is unclear how successful this will be as the project aims to oppose the data collection activities of major tech companies like Facebook and Google.

It is also unclear how much this would impact Apple, as its own data policies shy away from the practices of other tech giants, in that minimal data is uploaded to its servers and processing is performed as much as possible on the user's end. An often-heard refrain from Apple is "The customer is not our product," in that the company does not collect then use data for advertising purposes, instead aiming for a more transparent approach.

In AppleInsider's brief testing of the Inrupt Solid POD, it appears the service is not ready for public usage, and is in a state more suited towards app developers. While the account creation is straightforward, and a public page can be created, it is difficult for the average user to make changes to their profile page. Meanwhile the profile page itself has the appearance of being editable by others, though this action is blocked when the changes are submitted.

While it is possible to sign up for a free Solid POD from Inrupt right now, the main reason for the average user to do so is to secure their selected username before it becomes a more heavily used service. After apps and services start to use Solid, it is likely the user experience will be overhauled at around the same time.


  • Reply 1 of 15
    What would be conrolling Solid platform access?
  • Reply 2 of 15
    SpamSandwichSpamSandwich Posts: 33,407member
    Several other things for people to investigate and compare:  IPFS and Hashgraph


  • Reply 3 of 15
    What is to stop people from attacking and hacking Solid and gaining access to user data? Seems like a risk even if it is well intentioned.
  • Reply 4 of 15
    sflocalsflocal Posts: 6,056member
    I give Tim credit for what he did with the Internet.  That being said, I'd trust him on modern tech about as much as I'd trust Thomas Edison to repair a Tesla car.  Today's Internet is nothing like the Internet he helped create.

    It sounds more like Tim is just using/loaning his name to garner interest.
  • Reply 5 of 15
    FolioFolio Posts: 698member
    "An often-heard refrain from Apple is "The customer is not our product," in that the company does not collect then use data for advertising purposes, instead aiming for a more transparent approach."

    Perhaps AI needs to put an asterisk with such statements now. True, for the most part. But sign on for Apple News or new iOS 12 Stocks app and you'll read about how usage helps target advertisements. This is an area rife with potential conflict for a company who chiefly makes money from HW, in that Apple can make it impossible for users not to see advertisements. If Apple embeds an ad that takes up 1/3 of the screen while you are reading an article, that kind of defeats the purpose of having a large screen for viewing. This is another reason I'm not enamored with Apple's new Stock app.

    While a minor nit at present, as Apple pushes services, this issue could become a larger concern.
  • Reply 6 of 15
    FolioFolio Posts: 698member

    sflocal said:
    I give Tim credit for what he did with the Internet.  That being said, I'd trust him on modern tech about as much as I'd trust Thomas Edison to repair a Tesla car.  Today's Internet is nothing like the Internet he helped create.

    It sounds more like Tim is just using/loaning his name to garner interest.
    I applaud him sticking to utopian vision... But I question if even old pals like Vint Cerf at Google can help him much with this...
  • Reply 7 of 15
    Well, I grabbed a username just in case.

     I got in on the gmail thing fairly early back when it was by invitation only. I still couldn’t get the username I wanted. 
  • Reply 8 of 15
    boboliciousbobolicious Posts: 1,122member
    georgie01 said:
    What is to stop people from attacking and hacking Solid and gaining access to user data? Seems like a risk even if it is well intentioned.

    ...perhaps like the web, if data is stored in a distributed way hacking mass records becomes a much less likely thing ? https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html

    Could this also serve those with regulatory jurisdictional concerns or requirements ?

    I'd always hoped some form of localized iCloud might have been offered with the server app...

    edited October 2018
  • Reply 9 of 15
    macplusplusmacplusplus Posts: 2,112member
    sflocal said:
    I give Tim credit for what he did with the Internet.  That being said, I'd trust him on modern tech about as much as I'd trust Thomas Edison to repair a Tesla car.  Today's Internet is nothing like the Internet he helped create.

    It sounds more like Tim is just using/loaning his name to garner interest.
    "He is the Director of the World Wide Web Consortium (W3C), a Web standards organization founded in 1994 which develops interoperable technologies (specifications, guidelines, software, and tools) to lead the Web to its full potential. He is a Director of the World Wide Web Foundation which was launched in 2009 to coordinate efforts to further the potential of the Web to benefit humanity."


  • Reply 10 of 15
    backstabbackstab Posts: 138member
    sflocal said:

    "Today's Internet is nothing like the Internet he helped create."
    Pretty sure that's exactly his point. (and purpose)
  • Reply 11 of 15
    Neat, but once you’re using a service, like Facebook for example, everything you do while on their servers will be collected by FB. How can Solid stop that?? What’s to stop FB from buying and selling data collected? It’s not like FB will all of sudden stop those shady practices that makes them all the money. I must be missing something, derp. Sounds like cloud storage with universal login authentication. 
    edited October 2018 JWSCdewme
  • Reply 12 of 15
    JWSCJWSC Posts: 1,203member
    Neat, but once you’re using a service, like Facebook for example, everything you do while on their servers will be collected by FB. How can Solid stop that??  ...

    Exactly.   It can’t.

    A quote rightly or wrongly attributed to Albert Einstein goes like this.  “If I had only one hour to save the world, I would spend 55 minutes defining the problem, and only 5 minutes finding the solution.”

    It appears to me that we haven’t really defined what the problem is with data mining.  Many don’t like the inferences drawn from companies keeping bits and pieces of data about them but few can define what those negative effects might be.  Even the actions of the vilified Cambridge Analytica can’t be separated from what hundreds of other companies are doing with our data every day.

    Then there’s the fact that many highly useful and insightful statistics can be gleaned from data mining.  Plus we tend to be the beneficiaries of some forms of targeted marketing.

    If we’re afraid of identity theft then that’s a legitimate concern.  If we’re afraid of false data being intermingled with verifiable data that can’t be good.  But if it’s something else we’re afraid of, we need the do a better job of defining what that is.  If we don’t some political fool will enact legislation to solve what might turn out to be a nonexistent problem.  And that’s double plus ungood.

  • Reply 13 of 15
    dewmedewme Posts: 5,039member
    I know I'm not yet capturing everything there is about the Solid concept, but it still sounds like apps that work with the system would have be very well behaved and play along cooperatively within the constraints of the protocols enforced by the Solid system. If everyone, including data hoarders like Google, plays along with the rules of the game then everything is good. But once someone gets real, unencrypted data through the standard mechanisms provided by the Solid system what keeps them from taking it out of band and squirreling it away in their own storage? In many trust based systems there is the notion of expiries that limit how long a representation of data, say a token or certificate, is valid and usable. I suppose this concept could be used to create other forms of boundaries around the use of data, e.g., geofencing, transaction scope, etc., but again even if everything about the data is abstracted by service calls back to the POD, there may still be opportunities for (legitimate, trusted) apps to snatch data. Perhaps if there is middleware that injects itself on both the client and server side to keep apps from storing the data they see only within the scope of the trust boundaries ... I don't know. How do you keep the data hoarders from hanging on to every piece of data they can possibly collect about you? Asking them to not do it doesn't work. Hopefully, Solid will find a way to solve the data hoarding problem, which is kind of the lifeblood of Google and Facebook. I don't think Google and Facebook are going to go away quietly or change their evil ways. They'll just throw out a few "free" toys and the herd will gladly hand them all the data they want.
    edited October 2018
  • Reply 14 of 15
    Thank you, but… I’m feed up with creating accounts on all new services just to get my username, just in case this new service happens to become the next big thing.
  • Reply 15 of 15
    PShimiPShimi Posts: 38member
    How I view this is both simple and complex.
    The simple:
    We are talking about everyone on the planet that has access to the Web having their own personal web server, from which all photos and comments they may write on the web are actually being stored AND SERVED by their personal web server. 

    This has a lot of ramifications...

    The complex:
    This idea is little more than having your own personal cloud server (whether it is literally your own server at home, or work, a plug in device that some company develops and sells to consumers at some point, or space you rent on a cloud service). The big difference is that rather than storing files (the most common example being photos) that are served to the web, you also store your personal data here too... address book, your health data, anything and everything that any app you own puts there. 

    Reading through this (Solid's website), there are a couple of things that seem a bit out

    While it is true that vendors are able to collect your data and analyse the data, all data collected is collected by different vendors, and stored in different places. For the most part, these vendors do not share their data with each other, and they do not know of all the different accounts you have on the Web.

    With Solid all data is stored in ONE place. This means that if a Solid account were compromised, the attacker would have access to EVERYTHING.
    Further, there are apps installed on phones that have been found to access data they should not be accessing, what if those apps were to access your Solid data through your phone's connection to your Solid account? Presumably, it would not have direct access to all data on a POD, but it certainly could track what websites you look at, what your Solid ID is,  most likely Solid data cached on the phone, and therefore who you actually are. Further, if there were a security bug in the Solid system / POD, then the app could gain access to all that information.

    1. One single ID for the entire web. Yes, your user name and password on a given site might be different, but the underlying ID will be the same across ALL SITES that you use (Solid talks about using your POD as your 'IDENTITY'. If your identity were stolen, it would be relatively easy for attackers to reset accounts and gain access to them. Even two factor authentication would link back to this single ID, since at the end of the day, this system does not work unless everyone and everything is using it, including your phone.

    2. Linked data - when you post a photo on a website, that photo is stored on your POD. This means that the photo is served from your POD. This means that everything of yours on the web is stored on your POD, and served from your POD. If many people viewed a web site with content coming from your POD your internet line is going to get very busy, to the point that your Internet connection could degrade rapidly. Think about it, all you have to do to bring down someone's internet connection is request the same large photo through thousands of zombie connections to kill their Internet connection and stop EVERY SITE they have content on from showing their content.
    3. If your single POD fails, all content on the web from you will disappear (unless it is cached somewhere... but not sure about how that would fit with the Solid system, since the URL for the content would be your POD's).  Are companies going to be selling PODs that you can install at home and connect to your Solid account? How will these PODs be protected? What if they get hacked? The system supports the use of more than one POD, so this may mitigate the situation if one was at home and one was at work (but you would need permission for that, and if everyone had their own POD at work, it is not going to work either).

    4. There are many users of the web that do not have an Internet line to their residence, since they rely on their tablet/phone. Obviously this means that yet more online content servers are going to spring up - essentially, Drop Boxes that serve content. Which is going to cost users. This means that user's data is not on their own servers, and in effect not 100% under their control since no one could guarantee that administrators on the service would not snoop at their content. (I wonder if Apple would be open to someone having a POD service running on their iCloud account?)

    5. When viewing a post by someone, by looking at the IP address of the URL of the photo being served by their POD, if it were a personal POD at someone's house and not rented space on a server, their location would be swiftly exposed.

    6. There is the question of how personal data is encrypted on these PODs. Files served over the web are encrypted through TSL/SSL, but actual data on the PODs should be encrypted too so that if an attacker did hack into the POD device, unless they had the encryption keys they would not be able to read any data they copied from the device.

    7. These encryption keys would presumably be hosted by Solid, because it states on the inrupt site that "you’re free to move it [your data] at any time, without interruption of service." This sounds like DNS updates are going to have to occur in order for the data to be hosted on a different server (sorry, POD) yet still be accessible using the same URL. This DNS service would be managed by Solid, presumably.

    8. The site also states "Things saved through one app are available in another: you never have to sync, because your data stays with you." In other-words, your data is stored in one place. What happens if your POD data gets scrambled (crashed local device) how will you recover your data? You will lose access to lots of sites (because your POD is your IDENTITY), and your information will disappear from the web? We all know we should back up our data, but the average human on this planet does not actually back up their data.

    9. I think that this means that online PODs will get promoted more, unless an enterprising company starts churning out PODs that people can install in their houses. Further, it is very likely that the POD service will become integrated into home routers since newer routers on the market are more than capable of full encryption support and serving web content to the world, in fact for the average person with an Internet connection that might be ideal.

    Having your data in your possession actually offers up some interesting situations that could arise:
    * You can back up your online data more easily.
    * If a web site closes, you still have your data.
    * Your data is stored where you decide to store it, one of the results being that a country's law enforcement (good or bad) cannot get at your data if you are not located in their country (even if the web site you have an account on is in that country.)
    * Law enforcement could pick up someone's POD sitting behind their TV connected to the Internet and have everything in the palms of their hands (even if it is encrypted).
    * Law enforcement could force Solid to provide the encryption keys (this is just a guess, not sure about this one, as I do not know yet where they are stored.)

    Well, there is much more reading ahead, but these are my initial thoughts.

    I like the premise, but am not sure about the implementation.
    For developers, we can build our own servers, we can set them up as we like, we can get fast internet connections sorted out, and we can set up and manage our own PODs. Not a problem.

    The average human on this planet is not able to do this. They are going to have to rely on online services. So, will their data really be any more private and any safer from being stolen, manipulated, or accidentally erased?
    Single point of failure is also cause for concern.
Sign In or Register to comment.