Re-imaging the Web via Solid, Inrupt, and Pods

created Feb 24, 2020

https://www.schneier.com/blog/archives/2020/02/inrupt_tim_bern.html

https://inrupt.com/small-step-web-part2

https://ma.parrillo.eu/


https://news.ycombinator.com/item?id=22395358 - Feb 23, 2020

Top HN comment:

I recently got introduced to a company called Polypoly. They are working on exactly the same, in the EU.

They have an interesting setup as a collective. Users of the software automatically become members of the collective. The website talks of automatic partake in economic success.

Curiously they also use the idea of self-hosted pods to hold the users private data and they even use the term 'pod' for this.

https://www.polypoly.eu/en/home-en

I still don't understand it. Then that commenter added this bullcrap.

When the founder, Thorsten Dittmer, gave me his elevator pitch he almost use the same line of reasoning as Schneier.

Basically: 25 years ago, we technologists (while reading Gibson, mind you) thought that the web will bring freedom, understanding and equality to the world. We were wrong. Now we have to fix our mistake because we're the only ones who have a chance at doing this.

What a load. That's alternative reality.

The web DID bring freedom, and it continues to provide freedom.

The web also gave tech founders the CHOICE to exploit the free web tech for profit. And the web gave users the CHOICE to use these for-profit web businesses, such as eBay, Amazon, Politico, Basecamp, DraftKings, Etsy, etc.

And we have the freedom of choice NOT to use any of those for-profit businesses. It's not a law that we must use Google, Facebook, Twitter, and other potentially garbage-collecting services.

How I use the web probably differs greatly from the people who believes this crap: "We were wrong. Now we have to fix our mistake."

I know that how I use the web differs greatly from how my wife and our friends use the web. That's okay. We make our own CHOICES. That's freedom, baby.

The web made it easy and cheap for everyone to be a publisher to the world. Sure, the professional media orgs, the former information gatekeepers, and many governments hate this aspect of the web.

The web popularized the internet. The web is an application or protocol that runs over the internet. The other favorite application of the internet is email, which was invented more than 15 years before the web. Email enabled and still enables people to communicate easily in a somewhat private manner. Email can be used as a lo-fi notification tool. Email listservs were early forms of online communities. The popularity of media-based and individual-based email newsletters has exploded over the past 10 years.

Podcasting has existed since around 2003, but it has also exploded in popularity over the past five years. Media orgs and individuals are creating podcasts. Podcasting uses RSS, which is still an open, web-based feed format that was created around 20 years ago.

Google, Facebook, MailChimp, and Spotify exploit open internet technologies for profit, but we can still use the same open internet technologies for our usage, circumventing the for-profit Big Tech companies, although discovery can be harder and slower.

I have learned about many topics by watching YouTube videos. We watch YouTube on our Roku TV. We like to watch artists, crafters, and other makers. That's freedom. I choose to enjoy the benefits that YouTube provides, despite YouTube being owned by Google. I can learn a difficult crochet stitch by studying one or more YouTube videos.

20 or 30 years ago, I would have had to go find someone for help. I would have had to visit a yarn store somewhere to see if anyone knew an experienced crocheter. I would have had to go to the library and pour through old issues of crochet magazines, assuming that the library received such periodicals. While these are all noble activities, it's damn convenient when I can watch videos at home.

Over the past 15 years, I have noticed a lot more young people making and selling things at craft shows. The craft show has morphed to become Makers Marts. Some years ago, a store opened in downtown Toledo that supports this new making movement. The store is called Handmade Toledo.

Long ago, it seemed that the sellers at craft shows consisted mostly of people who were of retirement age. That still exists now, but many of the crafters and makers are under the age of 40. I think that YouTube, Etsy, social media, and more have permitted young people to make and sell items while still working at an unrelated job that pays the bills. Some people make their crafts their full-time business, but it's a far greater and better dynamic today for makers than pre-web.

A local yarn dyer who we like to support is Bad Amy Knits. She maintains her studio in West Toledo. When shopping at her studio about two months ago, she told us that without the internet or the web, she would not be able to function as a business. She sells a lot more over the web than at shows or from her own physical location.

That's freedom.

Bad Amy uses social media to help her business. Even though I don't use social media, I want Bad Amy's Knits to exist. I want to be able to buy her brilliantly colored yarns in the future. And if that means that Bad Amy must use the silos over the open web, then I accept that CHOICE, otherwise, Bad Amy closes down, and I don't have access to yarns colored by a local dyer. I want to support local businesses.

Bad Amy's Knits CHOOSES to use the silos. I CHOOSE not to use the silos. I CHOOSE to buy yarns from Bad Amy in person. I CHOSE to learn how to crochet in 2014 because I wanted to make something physical with my hands that could last a long time. I CHOOSE to crochet accessories that use Bad Amy's yarns. I CHOOSE to wear my crocheted accessories that use Bad Amy's yarns. I enjoy all of this. How is any of this wrong? It's not.

I have enhanced my crocheting by buying books, reading blog posts, and watching YouTube videos. Obviously, some of that activity relies on the web.

Now we have to fix our mistake because we're the only ones who have a chance at doing this.

That sounds ego-maniacal. That sounds like inflating personal importance.

If any of that thought was true, why would we want the same people who created the problems to solve the problems? No thank you. The problem-makers need to step aside, and we need to wait a generation or so for the real problem-solvers to arise.

This ...

We were wrong. Now we have to fix our mistake because we're the only ones who have a chance at doing this.

... sounds like a shady sales pitch.

I prefer the open web over the silos, but I'm in the tiny minority. I accept the fact that the silos made using the web easier for the people who want to use the web for utility and entertainment. But I can still use the web my way. Multiple possibilities exist on the web.

Unless the Inrupt/Solid pod thing is as easy to use as email or using the Facebook app on a smartphone, then Inrupt won't get beyond a few geeks on Hacker News.


From the Feb 24, 2020 Protocol email newsletter

I interviewed John Bruce, Inrupt's CEO, about a year ago — when Inrupt was still lying low — and he said that Solid hoped to essentially invert the way the internet works now. Although he was careful to note: "We're not trying to turn the web upside down, we're trying to turn it rightside up."

"What we're trading is that notion where I have 80 application logins," he said. "I've got one UI for the Solid world … I manage one application, within which I decide who and what gets access to my data."

With Solid, you keep hold of all your data, from health records to financial info — everything is inside your pod. You grant and control access to the pod, but it's always your data. Companies don't collect it – they simply use it when you allow.

Inrupt's rightside-up-ing of the internet is about security, certainly. But Bruce also said it could — and this is a pretty big could — make every app and service you use better:

Applications currently "give me a myopic view of my fitness or my notes or my travel," he said, "and I act as the glue between them all." Solid allows for things to work together more, to connect across services, because your ID and your pod are the hooks for everything.


From the schneier.com post:

The idea behind Solid is both simple and extraordinarily powerful. Your data lives in a pod that is controlled by you. Data generated by your things -- your computer, your phone, your IoT whatever -- is written to your pod. You authorize granular access to that pod to whoever you want for whatever reason you want. Your data is no longer in a bazillion places on the Internet, controlled by you-have-no-idea-who. It's yours. If you want your insurance company to have access to your fitness data, you grant it through your pod. If you want your friends to have access to your vacation photos, you grant it through your pod. If you want your thermostat to share data with your air conditioner, you give both of them access through your pod.

Pod users grant people and businesses access to their data. Okay. That means pod users have to trust those people and businesses NOT to share the data with others. How does that work? Once someone or some company has a copy, then that data can be shared or sold to others. It does not matter if I own the original data. The data that I granted access to is now being forwarded on to potentially multiple companies.

If a company goes out of business, but their assets are purchased, including data that I granted to that company, well now what? If I share fitness data with an insurance company, but then that company decides to sell the data to a drug company or to a health care chain, now what? Facebook could eventually buy the data from someone who obtained it from someone who obtained it from a company that I granted access to.

If we use the internet, we cannot expect 100 percent privacy. The more technology that we use, the less privacy that we possess. The best that we can do is to limit the intrusions.

The ideal would be for this to be completely distributed. Everyone's pod would be on a computer they own, running on their network. But that's not how it's likely to be in real life. Just as you can theoretically run your own email server but in reality you outsource it to Google or whoever, you are likely to outsource your pod to those same sets of companies. But maybe pods will come standard issue in home routers. Even if you do hand your pod over to some company, it'll be like letting them host your domain name or manage your cell phone number. If you don't like what they're doing, you can always move your pod -- just like you can take your cell phone number and move to a different carrier. This will give users a lot more power.

What about redundancy or backups? What happens if our home computer or home router croaks? Transferring a phone number seems simple. How simple will it be to transfer 10 to 20 years or more of data that could total hundreds of gigabytes or more from one pod cloud hosting provider to another?

Are we suppose to trust the pod hosting providers not to scan our data? Google has been accused of scanning users' Gmail email.

Obviously, the pod hosting providers won't work for free. Well if they do it's because they are selling our pod data to others. The pod hosting providers will have to charge a monthly or annual fee.

Apparently, we are okay with paying outrageous monthly cell phone usage fees, but most people have zero interest in leasing a domain name and leasing web hosting space to maintain their own personal website where users can own or control some of their web activity. Will billions or even millions pay a pod hosting provider?

People CHOOSE to host their content at Twitter, Facebook, Instagram, and elsewhere for FREE. Convincing billions of people to pay to host their content in a pod that then requires the users to spend time granting varying degrees of access to their data to many services may be too much to expect from the masses. A tiny percentage of geeks might enjoy this.

How much of an admin tax will users incur? Most people don't want to be sys admins. Eventually, the masses might choose to grant all access to everyone to make management easier.

I still don't know how the data gets created. Instagram offers a smartphone app to permit users to create, comment, like, and maybe share content. How does this similar activity exist for Inrupt that enables a user to create the initial image and text description at the user's pod? Does that pod user grant access to Instagram and/or some other service, such as Twitter? How do people follow and comment? Does that information get backfed to the user's pod that created the initial post, or do the interactions remain at Instagram and Twitter? If a user granted Instagram access to the initial post, then Instagram can use that data copy to sell ads.

For years, the IndieWeb.org has promoted methods for hosting content on our domain names, sharing it on social media silos, and then having the silo interactions backfed to the personal websites, hosted at personal domain names. What is Inrupt/Solid providing beyond the IndieWeb concepts?

HN comment:

Sorry but what happens when i grant access to a company? It will collect the data i granted access to and then resell them to other companies and buy data from other firms too so my data will be spread around exactly as now so even if i like the idea, what's the advantage?

HN reply to the above comment:

Well for one your data lives in a place where you can govern it. Nowadays your data lives in all places you use (Facebook, Gmail, Twitter). Ever tried taking stock of your data lately? It can take weeks to do it for all services and importing the exports into a self hosted alternative is nigh impossible.

HN reply to that reply:

As soon as you grant access to some data in your pod to someone, they can make a copy and then it's out of your control. I don't see how you can govern it unless you just never grant access.

When granting data to a company, that company probably maintains a nearly indecipherable terms of service, which protects the company from lawsuits when the company decides to sell the users' data. The company could say, "You checked the box, which stated that you read and agreed to our terms of service."

Another HN comment, elsewhere in that thread:

My problem with all those pro-privacy apps is that privacy has a price, and a price most consumers (me included) are not willing to pay.

There are, essentially, two business models on the web. One is to provide the services for free and sell ads, the other is to charge for the services directly. To earn substantial amounts on ads, you need to track consumers massively.

As a consumer, I definitely prefer being tracked than paying for all the services I use. That's the stance of most consumers. If there's a free alternative with a lot of tracking and a paid alternative with good privacy, the free alternative will win. That's how the free market works. Privacy has a price, and a price most consumers are not willing to pay. Forcing them to pay it for some antiquated notion of privacy is just... wrong.

That's an unfortunately sad observation, but it's true. Ease of use trumps security and privacy, especially if users enjoy benefits of the former.

The indieweb.org concepts are a good first step before adopting the Inrupt/Solid pod model. The IndieWeb is probably easier than Inrupt. Maybe 10 to 15 years from now, the IndieWeb model will be used by at least hundreds of millions of users. Then 10 to 15 years after that, the same thing occurs with the Inrupt model.

Inrupt could be a generation ahead of schedule. If the IndieWeb fails to be as common as Twitter, then I don't see how Inrupt grows beyond a few geeks.


Unrelated, I think, but it's a humorous clip from Seinfeld.

YouTube - Kraimer is a Pod - "You're not normal. You're a pod."

-30-