COMMUNITY

Everyone has heard about Solid POD, by Tim Berners-Lee?


(Brian Tiffin) #1

It’ll be a thing, but for how long is a question.

Personal Online Datastore

It could be web3.0 or it could be a nice bright flash in a pan. But it’ll be worth knowing about.

I’m pretty sure Haxe programmers could better the reference implementation (which is node.js based) :slight_smile:

https://solid.inrupt.com/

Basically: node.js, npm, Angular, WebID, WebID-TLS, WebID-OIDC, RDF, (and Soild hosting services).

And Tim Berners-Lee, so…


(Allan Dowdeswell) #2

Thanks for the link; I had not heard of this.
I must say that anything monolithic where all your data is in one spot scares me. Anyone who has been in the internet industry for more than a couple years has witnessed multiple big time security breaches. Heartbleed, Facebook, and Yahoo immediately come to mind. I could also surely provide a historical list of guys with big dreams who wanted to push them through with little thought to the consequences. Solid might be a thing, but I hope it won’t be THE thing.


(Brian Tiffin) #3

multiple big time security breaches. Heartbleed, Facebook, and Yahoo immediately come to mind.

That’s one of the points of Personal Online Datastores. A breach at Facebook would leak only the information a POD allows Facebook to access. Facebook shouldn’t have large datastores of your stuff, just links to your PODs. What you give up is what you give up. Facebook wants your phone number, it asks your POD. It might even be deemed a copyright infringement if they make a copy of the phone number after use and stash it in a database. They want it, they ask the POD, every time.

Heartbleed is a different breed of breach. That was transient infrastructure cracking, one token at a time. Not mass dumps of everyone’s personal info all at once.

POD access means that large tech giants won’t (shouldn’t) have the right to store or share your data, only access items they have been granted permissions for and share the links to those items.

This all assumes a critical mass of uptake. Facebook and Google and Apple and governments, will probably try and make that sound like it will be very hard on the average consumer to manage, as those parties might lose out on increasing the size of the data hoards they covet. So Tim and Solid and Inrupt have an uphill battle to wage. The current players are not going to just roll over and play nice. They will likely try and inundate the masses with misinformation to protect their status quo. Or maybe not, maybe some few in the top ranks of Google are still behind the now deprecated Don’t be evil motto. Right? Some few? :slight_smile: (The new Alphabet motto of “Do the right thing” seems pretty open to interpretation. Do the right thing from what perspective? Shareholders, or consumers?)

So, from what little I understand so far: yes, your data will be in one spot, but it’ll be an individual stash, not a great big database of everyone’s data together. And you can have more than one POD. A social network POD with pictures and chats. A developer POD with keys to all your source repos. A financial POD where you stash credit card numbers (with access control over who can see it). Etc. Someone cracks your social POD it won’t give them access to your more critical financial info POD. Someone cracks your financial info POD, and that’s akin to having them physically stealing your credit card (or your private id_rsa credentials file). One person at a time, not en mass data breaches.

It’s the point of the new Solid framework. It’ll take a critical mass of participants to break the current chains though. There won’t be massive breaches of data in that future, only potential massive breaches of links to data. Those links won’t provide access to the actual data items until the owner allows it.

It will likely be an interesting time to see what blocks the tech giants try and invent to stop this new freedom from spreading.

I’ll admit, I liked the Solid POD idea, immediately. But the name Tim Berners-Lee probably had a lot to do with that, and it might be a somewhat dangerous affirmation bias. I’ve never met Tim, but I respect his public persona and ideals. An open web, uncontrolled by any central body. Now, a new angle to control what information we let leak out into this open web, again uncontrolled by any central body (even though we already gave Facebook and Google our personal data just for the convenience).

Now there can be a way to say, yeah here is a link to my phone number data store, you the tech corp, may make copies of the link, but you can’t make copies of the phone numbers they point to. Google and Facebook are not going to like that and I can envision some misinformation being the flavour of the day for the next little while. That may either kill of Solid POD as a workable concept, or if enough people care, it will be a saner, safer future.

And to keep these posts even a little bit on task. I truly believe some Haxe programmers can help this new infrastructure reach a critical mass by developing point and click front ends. The kind of convenience and ease of use that let Google and Facebook build up these massive data farms in the first place.


(Allan Dowdeswell) #4

Please correct me if I’m wrong but unless Joe Average operates his own Solid server, would he not need to use a data hosting service like Inrupt? And would that service not end up having multiple clients, resulting in a large organisation hosting the PODs of many people? And would the average person bother with fine-grained data splitting betwixt their PODs, hosted on multiple services?


(Brian Tiffin) #5

I can’t really say for sure, having little reading time in so far, and zero attempts at coding to the spec, which means the all important number of times of using a tool in anger (that’s when stuff sinks in, in my opinion) is still at zero.

The tech giants, which keep your data and everyone else’s data under the same passcode, once cracked, it becomes a massive breach effecting millions, crackers with access to in the clear data.

The new POD servers will be holding containers that only have half (or less) of the required passcodes to get at any particular piece of data. Say the credit card number of Joe Average. This is after cracking the entire Inrupt collection of POD data. They only have half the passcode. To get Joe’s credit card deets, they’ll need a private ssh key. Your local ssh key (again, I haven’t had much time to peruse the entire toolchain). The cracker does not get in the clear customer data, they get encrypted data, each box with a separate key.

For Joe Littlebit Tech Average, this toolchain is built on node.js and Web, so it’s fairly ubiquitous at this point. Nothing too exotic. I don’t think, yet.

Opportunity for Haxe to shine.

I truly believe this.

If you want to fluke into fame, then Solid POD is a excellent opportunity. It might not take, but what if it does?

An idea: Web page ATM style control panels, no screen with more than say 7 big round coloured buttons. Let Joe Average click click click, “WAIT I have to do what now? Oh, go to the OS GUI and start up an icon for creating local private keys, hrmm, ok”, type a few keystrokes click click a few more, done. POD built, 4096 bit RSA if you’d like, your choice, but the panel screens will make sane default choices presumably.

Let Snidely Sneer crack Inrupt. I’ll only care so far as what links are public. The rest is still protected by the local private key.

Society has to be, and can be, taught to protect id_rsa and share id_rsa.pub, by themselves, for themselves. Sure, their is a copy of the encrypted data. But the matching key was not cracked, at least not at Inrupt, that would be your house someone cracked too.

If you mark a data item as “Facebook wall”, then off it goes, FB will only need the public half of your POD key. And yes, the POD data needs to hosted and served. For Joe, the difference in clicking a button at Inrupt and then off to Facebook, or any site that has an fb login icon, or google login button. Inrupt will get one of those if/when there is the critical mass.

This comes down to who get the interface the simplest first, I think. The fine grain control panel. Yeah it can be tedious if taken all at once; but there will be Bank signup, Banking, Facebook signup, Facebook Wall, Facebook group x, Haxe Community, HaxeLib, HaxeLibInsiders, etc… Not too many for each person, given that we only bump into one at a time on the web anyway.

If this is drop down and click web interface; yeah I think people will get into fine grained control, over the few things they care about. From what I understand, when people get into a forum, groups form, invitations are sent, you click a POD button to let people post messages on your folder of pictures. Facebook (ok it’ll probably have to be PODBook, so it starts out playing nice with the tech) will only show your pictures to people in that tagged group.

I’m thinking that Haxe could be a Rails of POD. POD could be the Rails of Haxe? :slight_smile:

Or, I may be completely giving in to bias filters around the name Tim Berners-Lee and this will fizzle. Then, Google, Facebook, Equifax, …, will win the data prize and get to hoard it all - in the clear from the perspective of the corporation. Inrupt does not get in the clear source data, (but does have a copy of the box the data is in - which you can move, just like any hosting provider relationship).

Maybe?
Brian


(Allan Dowdeswell) #6

I genuinely appreciate your enthusiasm on the topic and the respectful discussion. I do find this interesting. I haven’t the ability to actually do this type of development so I look forward to what happens!