I keep seeing data-hubs and identity-providers touting themselves as solutions to the web's privacy issues, but I don't see how they actually solve anything.
It seems like an attempted technical solution to a social problem to me.
The real problem with data based services (ads, Google search, etc) is really that a bunch of data is collected opaquely, unethically, and in some cases illegally. The whole system including data brokers and real time bidding is out of control.
An example: There is a pending suit that will ultimately be settled with an insurance company by the courts. Crucial to the case is data collected by a mobile app that helps establish some relevant facts. The incident in question was >1 year ago, and we're going to move forward with the case this week (originally planned for last spring but put off due to COVID). Yesterday, I logged in to the site associated with the app, and it threw up a screen that cannot be dismissed, in the style of "please take care of <these issues with your account> before you can proceed". This is an account which is nowadays dormant, and there is in fact no way to take care of these issues. I dug out my old phone in an attempt to access the records in-app and take screenshots for the benefit of the court. The app itself had had an update released, and the records are now inaccessible, because the old version of the app is treated as an obsolete client. Fortunately, I'd already earlier exported all the data I could readily get my hands on—so the only thing I'm giving up are those screenshots that I determined in a last-minute decision would be helpful as supplemental resources—but this could have been a problem for someone who's never heard the phrase "move fast and break things" and who took it on faith that all this stuff wouldn't just disappear underneath their nose for seemingly no good reason.
If we transition to a world where apps are always writing to (and pulling from) data stores that are under your control, then this would be a total non-issue, even for people less paranoid/guarded than I was. The truth is that there are social hurdles, but there are technological hurdles, too, and dealing with the technological part is a precondition to society being able to be effective in doing its part. People can't solve problems with solutions that don't exist.
Data-storage + authorization doesn't solve any (new) technical privacy-issues; this is "data protection" rather than "data privacy" in my book.
You could have the model where the silo produces encrypted blobs and the end client can read it. (What's stored and connected is nothing but encrypted blobs)
"Platforms", aka "Minitels 2.0"¤ are what is wrong today with the Web specifically, and the state of today's infocom technologies in general.
The whole point of Tim's "pods", is that just like the WWW, they aren't going to be just another private, centralized platform. Or has this word diffused to the point of losing all meaning?
¤ https://www.fdn.fr/actions/confs/internet-libre-ou-minitel-2... (fr)
Difference is that pods operate on top of open protocols for storing and accessing data. This means that you can stop hosting your pod and move data to another hoster of pods.
How?
Extend HTML to include a Like button and a Share button, and implement a new standard that defines an open access comment platform.
I'm not suggesting W3C should set up servers to compete with service providers. Rather, it could define protocols for those capabilities as web standards which are designed to enable arbitrary 3rd party implementers to federate interactions. That way, service providers could attract niche social groups, whilst pooling interactions, thereby overcoming the dilemma of all being too small to compete with FB.
And, ActivityPub is already a W3C published standard...Of course, having an existing standard doesn't mean that the Facebooks's of the world will choose to adopt it.
What is really required is a database protocol for tracking Likes, or "a client/server API for creating, updating, and deleting content, as well as a federated server-to-server API for delivering notifications and content."
But they have that! I didn't know about ActivityPub until I read mxuribe's comment above. That's a good start.
As mxuribe says, "having an existing standard doesn't mean that the Facebooks's of the world will choose to adopt it." I would expect FB to resist it. But if the backlash and dissatisfaction with FB grows, a protocol like ActivityPub is a necessary enabler for something new to happen. By allowing multiple providers to share content in a federated model, the protocol could grow organically without requiring one big new player to migrate all the FB users to a new monopoly.
Once it starts to happen, FB customers could be bridged into the new federated universe with translators that mirror content from FB into the new ecosystem.
It is important to remember that distributed protocols for social interaction is not something new that researchers had not considered before. Email is the prime example of open, distributed protocol that still is very successful. But many researchers have stoped to consider such open protocols and jumped in the walled garden bandwagon.
https://www.schneier.com/blog/archives/2020/02/inrupt_tim_be...
Trying to avoid harming others is also not tenable, but a policy of avoiding harm is capable of being followed with soft penalties, and I think neuroticism can be avoided. I think striving for privacy and it’s preservation is inherently neurotic, though it can be short term successful policy in the presence of others who would harm, exploit, or subjugate us.
> Unix creaks and clanks and has obvious rust spots, but it gets the job done well enough to hold its position. There is a lesson here for ambitious system architects: The most dangerous enemy of a better solution is an existing codebase that is just good enough.
Outlaw it.
>And how does it apply to data a company generates about me?
You store it on a server you control, then provide access to 3rd parties. This is how https://urbit.org/understanding-urbit/ is setup to work.
If you don't want them to keep it, find a way to invalidate it. (This would be for where the read key is time sensitive.. not sure how to make that work)
Companies always follow the law.
The better angle is that we're becoming digital serfs. Google decided that they didn't want Google Music to exist anymore and poof went my listening history and playlists. Any service that I use today can do the same thing. If that data were stored somewhere I had access to I could have imported it in to Spotify.
This is an area I think Amazon or CloudFlare could step into. Sell consumers a NAS type box that keeps their data local. Sell companies on Lambda/Workers @ Home and have their applications run on that NAS.
At the moment we've been pushing services in the wrong direction to create their own schemas. However, we may win back control with standards on this one.
But yes, the idea is that you are able to remove the control they have over the data you've produced. It's such a terrible arguement to claim they own the data. (Also, why do they need to control that other than to try to prevent you from leaving)
There are very few types of apps which truly need a third party server to work.
This is perfectly possible.
In your example, Spotify could store the data they needed for their recommendation algorithm in aggregate form so that any link to a person was destroyed and not reversible.
And then make recommendations by running that algorithm on your locally/privately stored data, with no loss of functionality.
As such, a recommendation algorithm does not technically benefit from storing your personal data, at all.
Ended up having to pay for the network traffic.
Freedom is the better technology, and Solid claims to offer freedom but if you look closely it doesn't.
In what world does a specification designed by comity, describing functionality that existed for at least 15 years, and that furiously lobbies the government for its forced adoption, have anything to do with freedom?
How does ActivePub help me compete with facebook, How? Why can TikTok get popular without it, Why?
Maybe, companies should be forced to offer me a RSS feed of mp3s. Maybe not mp3 but some open format, and we should force chip makers to add special instructions to their chips for optimal playing speed.
Here's what the rss feeds look like
Https://codechefs.dev/rss.xml
If you do some google searches on "podcast name rss" I'm sure a public feed will pop up
But yeah I'm not sure why these platforms don't let you see the rss feeds though
The answer to your question is embedded within it. Apple Spotify and Google don't want you to leave their control.
The article ventures a short list: "websites visited, credit card purchases, workout routines, music streamed", but I don't see how that could ever be turned into a coherent definition. A "credit card purchase" likely involves a dozen distinct parties with their own individual role and view of the event.
Ummm....
edit: judging by the number of replies like this one, clearly has a high CTR. Might not be as bad a choice as I thought.
While I totally support Tim's project, history will decide what is "on the right side of history". Unless he's from the future?
With that said, depending on what specifically Liam had in mind with that quote, i don't think it's far off. Tim's technological choice might be right or wrong, but it's difficult to argue that people should be able to own more of their data than they do now. Is there some pro-Google argument that would argue they're the ideal hosts for your data?
I guess that I found the whiplash with the next phrase somewhat funny.
As far as for Google, they're certainly very competent at their job of gathering (and using) the world's information. Which makes them both tempting to use, and also extremely dangerous. Also, remember their old motto ? I wonder how many of today's googlers still believe that they're the "good guys" ?
People had to learn HTML and HTTP back in the day, because it was the thing that would turn possible to transfer information through the wire with a platform called browser.
It was the same with the Windows API, VB, Delphi or Android and the iPhone is today.
People will learn that thing not because it will 'save the world', sure some will, but for more pragmatic reasons. So you also have to offer those pragmatic reasons to people, because those reasons are also important after all.
I know TBL was more or less on the "hippie" side of the web standards and it was very important to the web's core and foundation on the right track.
But i was not because of the HTML standard was great as a piece of technology, but the energy and the people that formed around it made it happen through the patient iteration over browsers, until browsers became a thing no one could avoid.
I'm saying this as somebody working more or less on the same problem, but who have taken a different approach..
The problem is hard because the state-of-the-art now is very sophisticated. You will have to compete with browsers and app platforms for mindshare, and i think you only can do it if you propose a new platform where people understand it as a better approach.
And i must say, the web alone as it is, is a broken foundation to lay out this sort of thing, for a lot of reasons.
So we need a new sort of browser, one that's so different that you actually wont even be able to call it a browser anymore.
This is what i'm trying to do. Trying to solve the same sort of problems, but with a different take than Solid.
But i must say its pretty hard, because you also have to offer, at least as a starting point, what browsers and application platforms already offer to developer. Along with this, there's a need for a incentive on the part of the user, the ultimate consumer of the thing. And this is also a hard problem, because you will need to offer something people want and dont have already..
I think i got this, but only time will tell. And even if the thing is somehow "right", even than you might suffer from lack of adoption as the incentives might not be enough and that 'killer app' that will make the platform boom never shows up.
https://dspace.mit.edu/bitstream/handle/1721.1/37600/MIT-CSA...
I gave up on this idea as the www form of internet arrived and e-commerce, adserve, cookies, and all other modern forms of surveillance capitalism flourished.
The idea that you can somehow control someone’s observation of your activities, and that you are entitled to privacy, or obscurity, or to be hidden, or forgotten, I realized ( or came to think ) was quixotic and antisocial.
It is a conflicted and torturous path to take, because Many real abuses occur and a lot of harm is done with data that is collected and analyzed.
I think a statutory right to partake in ownership of your data sounds sensible, but I think it too is unworkable and going in the wrong direction - to scarcity, fear, and the complement of fear is aggression.
This seems like a movement that would be at odds with the interests of people who fund elections. It could easily trigger the bazillionth instance of corps and legislators uniting to squash a public interest.
Paywall stops me from reading the actual article, so please let me know if it's realistic this time.
Unfortunately at the bottom is a copyright notice. Nothing is going to “put people in control of their personal data” as long as we have copyright. Otherwise lots of your “personal data” will remained locked up with corporations.
You do not have control of your data when you have no idea or control over the software and hardware that you store your data on. A situation that will never change as long as we have #ImaginaryPropertyLaws.
