I can’t really say for sure, having little reading time in so far, and zero attempts at coding to the spec, which means the all important number of times of using a tool in anger (that’s when stuff sinks in, in my opinion) is still at zero.
The tech giants, which keep your data and everyone else’s data under the same passcode, once cracked, it becomes a massive breach effecting millions, crackers with access to in the clear data.
The new POD servers will be holding containers that only have half (or less) of the required passcodes to get at any particular piece of data. Say the credit card number of Joe Average. This is after cracking the entire Inrupt collection of POD data. They only have half the passcode. To get Joe’s credit card deets, they’ll need a private ssh key. Your local ssh key (again, I haven’t had much time to peruse the entire toolchain). The cracker does not get in the clear customer data, they get encrypted data, each box with a separate key.
For Joe Littlebit Tech Average, this toolchain is built on node.js and Web, so it’s fairly ubiquitous at this point. Nothing too exotic. I don’t think, yet.
Opportunity for Haxe to shine.
I truly believe this.
If you want to fluke into fame, then Solid POD is a excellent opportunity. It might not take, but what if it does?
An idea: Web page ATM style control panels, no screen with more than say 7 big round coloured buttons. Let Joe Average click click click, “WAIT I have to do what now? Oh, go to the OS GUI and start up an icon for creating local private keys, hrmm, ok”, type a few keystrokes click click a few more, done. POD built, 4096 bit RSA if you’d like, your choice, but the panel screens will make sane default choices presumably.
Let Snidely Sneer crack Inrupt. I’ll only care so far as what links are public. The rest is still protected by the local private key.
Society has to be, and can be, taught to protect id_rsa and share id_rsa.pub, by themselves, for themselves. Sure, their is a copy of the encrypted data. But the matching key was not cracked, at least not at Inrupt, that would be your house someone cracked too.
If you mark a data item as “Facebook wall”, then off it goes, FB will only need the public half of your POD key. And yes, the POD data needs to hosted and served. For Joe, the difference in clicking a button at Inrupt and then off to Facebook, or any site that has an fb login icon, or google login button. Inrupt will get one of those if/when there is the critical mass.
This comes down to who get the interface the simplest first, I think. The fine grain control panel. Yeah it can be tedious if taken all at once; but there will be Bank signup, Banking, Facebook signup, Facebook Wall, Facebook group x, Haxe Community, HaxeLib, HaxeLibInsiders, etc… Not too many for each person, given that we only bump into one at a time on the web anyway.
If this is drop down and click web interface; yeah I think people will get into fine grained control, over the few things they care about. From what I understand, when people get into a forum, groups form, invitations are sent, you click a POD button to let people post messages on your folder of pictures. Facebook (ok it’ll probably have to be PODBook, so it starts out playing nice with the tech) will only show your pictures to people in that tagged group.
I’m thinking that Haxe could be a Rails of POD. POD could be the Rails of Haxe?
Or, I may be completely giving in to bias filters around the name Tim Berners-Lee and this will fizzle. Then, Google, Facebook, Equifax, …, will win the data prize and get to hoard it all - in the clear from the perspective of the corporation. Inrupt does not get in the clear source data, (but does have a copy of the box the data is in - which you can move, just like any hosting provider relationship).