1. 17
  1.  

  2. 12

    A committee, a huge spec, and a set of partially-abandoned reference implementations. Hmm. I’m not hopeful.

    1. 3

      Personally I’m betting on https://datproject.org/ and in particular https://www.datprotocol.com/

    2. 12

      Maybe I’m wrong, but… What does exactly stop a company like Google provide pod hosting and end up having access to all pod’s data anyway?

      I dont imagine people hosting their own pods of information. You still need a way to allow third parties to access to the plain data, so they can use it.

      Today’s problem with internet and data owning isn’t technical. It’s social and cultural. Imho.

      1. 2

        If he has done it sanely, at most such a host would be able to glean is metadata that you accessed it when and from which ip address.

        They shouldn’t be able to look inside your pod to see what you are reading and writing, or even who you are.

        Admittedly given how much other data the likes of Google already has, they would be able to do de-anonymise you based on even that little bit of meta-data, but it would be a huge huge decrease in what they have on you presently.

        1. 1

          This would require that the POD information is encrypted. Such encrypted nature wouldn’t allow a “recover password” functionality.

          And today’s society can’t live without that. And won’t understand why there isn’t a recover password option and what does it mean that “everything is lost”.

          1. 1

            That would surely be a valid added service someone could provide.

            Key escrow.

            User Alice encrypts her private key along with some agreed identifying token with Escrow provider Bobs public key. For a small fee Bob will return Alice’s decrypted private key if Alice can provide the identifying token. eg. Her drivers licence.

            If Alice doesn’t trust Bob completely, she can double wrap it with as many independent escrow providers as she wishes.

            And today’s society can’t live without that. And won’t understand why there isn’t a recover password option and what does it mean that “everything is lost”.

            That sort of translates to in today’s current practices, “I’m not prepared to pay anything and I trust my email provider with all my data and trust him to be unhackable and I trust my email password and my data isn’t worth all that much anyway.”

            I’m sure that level of password recovery (and (lack of) data security) can continue be available to you for free.

            1. 1

              If Alice doesn’t trust Bob completely, she can double wrap it with as many independent escrow providers as she wishes.

              I just see too many steps that the user needs to do just to secure its data. Which will never happen, because, as you just said: “I’m not prepared to pay anything and I trust my email provider with all my data and trust him to be unhackable and I trust my email password and my data isn’t worth all that much anyway.”.

              1. 1

                Partly we’re in the “I’m not prepared to pay anything and I trust my email provider with all my data and trust him to be unhackable and I trust my email password and my data isn’t worth all that much anyway” age of the world because we don’t trust our providers.

                I don’t store anything valuable on facebook because I don’t trust the likes of Zuck further than I can throw him.

                I keep my money in the bank, because it’s more secure than under my bed…. but if your money regularly got stolen or “lost” whether you had it in the bank or under your bed or in your personal safe…….. Would you even bother accumulating the stuff?

              2. 1

                I think the Post office should offer that service.

                1. 1

                  In the Bad Old Days I lived in a country with government issued ID books, without which you couldn’t do anything, it was a real pain in the ass, and not terribly secure.

                  In the current day I live in NZ where there is no mandated form of ID, and if you don’t have a driver’s licence or passport, (or you lose them) establishing ID for any purpose is a nightmare even worse than ID books, and in total probably a fair patch less secure.

                  In current NZ….. they are doing exactly what you suggest. https://www.realme.govt.nz/

                  Sort of.

                  Except it doesn’t provide me with options if I don’t trust RealMe as a really secure service provider (which I don’t).

                  1. 1

                    yeah, that’s a problem. I was thinking of a physical process. Show up with fingerprints and some id. You can only get access by visiting in person and checking in. When you checkin you can get copies of private keys or whatever you deposited, and PO can send, encrypted using its public key, your public key. Or something like that. Physical security.

                    1. 1

                      Personally I’m a social progressive.

                      I strongly believe the world still needs to progress in the sense that some things that are currently illegal, should be become legal, and some things that are currently legal, should become illegal.

                      The ’net is a tool that allows us to move faster from “here to there” so to speak.

                      Now as a thought experiment, choose an event of historical progress that you agree with (eg. banning of slavery, decriminalization of homosexuality, votes for women…)….

                      …and now imagine if at the time prior to that change, every opinion you ever had was physically bound to you, and surveillance was perfect.

                      I’m pretty sure that progress would never have happened.

                      We’re nearing the point in history where surveillance will be near perfect and ubiquitous…. we need a future where speech can be anonymous.

                      Thus the identity recovery mechanisms also need to be anonymous.

                      1. 1

                        i don’t know if you need an identity recovery mechanism for an alias . A government run one seems especially wrong.

                        1. 1

                          You don’t need a recovery mechanism if your data is worthless…..

                          If the recovery mechanism is designed right, it doesn’t matter who runs it.

                          It’s more in the realm of neutral infrastructure like a bus stop.

          2. 1

            It’s deeper than social/cultural. Systems tend toward centralization. That’s just what they do.

            1. 2

              Systems tend toward centralization because social responsabilities tend toward centralization too. Because it’s simpler and just works with a trust mechanism.

              Once trust is gone, centralization is gone, too.

              If you have a society that is responsible and conscient enough to see the importance of their own data, you’ll get a decentralized system easily, because each individual will be responsible of it’s own data.

              1. 2

                Social has nothing to do with it. You see centralization in natural physical systems too, due to the same forces.

                1. 1

                  It has to do with social as those artificial systems are born from the society and our interactions. Just see the Conway’s Law: https://en.wikipedia.org/wiki/Conway%27s_law as an example of mapping social structures to software.

                  1. 1

                    That’s a manifestation. It happens in purely physical systems too, like leaf structure. There’s nothing social about that. Here’s a talk: https://www.infoq.com/presentations/scalability-variant-structuring

                    1. 2

                      I mean: The software borns from society, so, if society changes (being the root of software), software will change, too.

                      Thanks for the link, tho, will check out :)

          3. 4

            I can’t take anyone’s attempt at a “save the web!” movement seriously, who has previously had the opportunity to do just that and block DRM in HTML, but failed to do so. If one had the option to do the right thing, but did not, how come they want to “save the web” now? Why not back when they had the opportunity? And why should I trust they’ll deliver?

            1. 2

              I can’t take anyone’s attempt at a “save the web!” movement seriously, who has previously had the opportunity to do just that and block DRM in HTML, but failed to do so.

              And you don’t think that the browser vendors would have implemented HTML5 DRM anyways, or the media companies continued using stuff like Flash? “Blocking” DRM by the W3C was a rubber stamp move in either direction as it would have happened anyways; picking to standardize the DRM would probably be marginally better than non-standardized DRM.

              1. 4

                picking to standardize the DRM would probably be marginally better than non-standardized DRM.

                No. If DRM wouldn’t have been standardized, the chances are high, there would be subtle differences between implementations. Which in turn, would make it that much harder to apply DRM to content. That would have been a win, even if only a small one. Not to mention that not standardizing DRM would have sent a very different message.

            2. 3

              Curious what others think of this, seems naive and not very well thought out?

              1. 8

                What is it? The website is very marketing-y with not much explanation of the technology. It’s all claims of what it supposedly can do, but how how is it supposed to do it?

                1. 4

                  The technology is at https://github.com/solid/solid-spec — it’s not new, they just have a new organization / marketing / website thingy.

                  It’s like IndieWeb tech in purpose, but instead of easy protocols that can be implemented in an evening, Solid means you have to deal with Linked Data stuff and whatnot.

                  The inventor of the World Wide Web just can’t stop chasing the RDF dream…

                  1. 2

                    i think that’s what people are trying to figure out at the moment, how it works. I setup a pod and had no clue what to do next, or how i could use it.

                2. 3

                  How is this different than https://upspin.io/ and many similar things that have come before?

                  1. 2

                    The idea of having concrete means to take back the ownership of our data is crucial. We’re past the unicorns and rainbows of the early days of the Web, and we can all see now that our data is a product on a global market – and let’s not forget that data is forever: once out, it can be copied and backed up without us being able to do anything. There’s been lots of thoughts on how to re-decentralize the web, but Solid seems like a simple, concrete viable idea that just takes a community of privacy-minded developers and entrepreneurs to get started.

                    1. 2

                      Distributed systems are not as simple as people want to believe.

                    2. 2

                      My favorite HN comment was the one that said it’s trying to take a market that’s been thoroughly one. I’ll add not going anywhere, either, given much of it is fueled by money gained through lock-in, surveillance, and/or tie-ins to existing model. Most products like these never get uptake or remain super-niche existing in parallel with all the bad stuff they want to replace. The bad stuff is where the masses will remain.

                      1. 1

                        I don’t get why people are so skeptical. There is a company that has Tim Berners-Lee in the co-founders and promises to push some open-source to promote privacy and user rights, that’s sounds great to me!