[HN Gopher] Tim Berners-Lee wants to put people in control of th...
___________________________________________________________________
Tim Berners-Lee wants to put people in control of their personal
data
Author : IvanSologub
Score : 203 points
Date : 2021-01-11 13:20 UTC (8 hours ago)
(HTM) web link (www.nytimes.com)
(TXT) w3m dump (www.nytimes.com)
| gnarbarian wrote:
| https://urbit.org/understanding-urbit/ is an attempt to solve
| this problem as well.
| 2a0c40 wrote:
| ,, A network-wide reset has just happened. You may need to take
| action. Please visit urbit.org/breach for more information."
| moritonal wrote:
| "Unlike _past_ breaches, this one comes with a tool to export
| and reimport all of your data so that you don 't lose
| anything;"
| parhamn wrote:
| > We call an event like this a 'breach' since we breach the
| continuity of Urbit's network protocol. This isn't a security
| incident.
|
| Ummm....
|
| edit: judging by the number of replies like this one, clearly
| has a high CTR. Might not be as bad a choice as I thought.
| laminatedsmore wrote:
| That link explains that this is just a protocol update not a
| security thing. (confusing word choice imo)
| [deleted]
| [deleted]
| normanmatrix wrote:
| The GDPR could make or break this. Here's hoping for the former..
| monksy wrote:
| I don't see how GDPR would break this. It would be compatible
| with what that hopes to acomplish. This is a technology
| solution which helps you to enforce GDPR redactions.
| wrnr wrote:
| Yesterday I got pissed when I tried to download a podcast
| episode. It is available on Apple, Google and Spotify, but these
| platforms won't let you download a simple mp3.
|
| Ended up having to pay for the network traffic.
|
| Freedom is the better technology, and Solid claims to offer
| freedom but if you look closely it doesn't.
|
| In what world does a specification designed by comity, describing
| functionality that existed for at least 15 years, and that
| furiously lobbies the government for its forced adoption, have
| anything to do with freedom?
|
| How does ActivePub help me compete with facebook, How? Why can
| TikTok get popular without it, Why?
|
| Maybe, companies should be forced to offer me a RSS feed of mp3s.
| Maybe not mp3 but some open format, and we should force chip
| makers to add special instructions to their chips for optimal
| playing speed.
| Kagerjay wrote:
| I run a podcast, and built my own distribution to spotify,
| itunes, etc. Those platforms just consume an rss feed and the
| mp3s are hosted on my s3 bucket
|
| Here's what the rss feeds look like
|
| Https://codechefs.dev/rss.xml
|
| If you do some google searches on "podcast name rss" I'm sure a
| public feed will pop up
|
| But yeah I'm not sure why these platforms don't let you see the
| rss feeds though
| WarOnPrivacy wrote:
| > Tim Berners-Lee wants to put people in control of their
| personal data
|
| This seems like a movement that would be at odds with the
| interests of people who fund elections. It could easily trigger
| the bazillionth instance of corps and legislators uniting to
| squash a public interest.
| cbdumas wrote:
| Something I rarely see brought up in these articles is the
| difficulty of defining "data" and who would own it. If I buy
| something on Amazon to be shipped to me from a third party
| seller, which part of that transaction is data that belongs to
| me? To Amazon? The the third party?
|
| The article ventures a short list: "websites visited, credit card
| purchases, workout routines, music streamed", but I don't see how
| that could ever be turned into a coherent definition. A "credit
| card purchase" likely involves a dozen distinct parties with
| their own individual role and view of the event.
| mfer wrote:
| We need apps built on this technology. It will go a long way to
| making it succeed and working out the nuances. Interesting tech
| is interesting. Something that's generally useful or solves a
| normal problem... that's something people will pick up.
| BlueTemplar wrote:
| > "This technology could unlock an enormous amount of
| innovation," potentially becoming a new platform as the iPhone
| was for smartphone apps, he said.
|
| "Platforms", aka "Minitels 2.0"$? _are_ what is wrong today with
| the Web specifically, and the state of today 's infocom
| technologies in general.
|
| The whole _point_ of Tim 's "pods", is that just like the WWW,
| they aren't going to be just another private, centralized
| platform. Or has this word diffused to the point of losing all
| meaning?
|
| $? https://www.fdn.fr/actions/confs/internet-libre-ou-
| minitel-2... (fr)
| pogorniy wrote:
| > The whole point of Tim's "pods", is that just like the WWW,
| they aren't going to be just another private, centralized
| platform.
|
| Difference is that pods operate on top of open protocols for
| storing and accessing data. This means that you can stop
| hosting your pod and move data to another hoster of pods.
| WarOnPrivacy wrote:
| I wish they guy behind this didn't have "Made Sure That DRM Was
| Baked Into The HTML5 Standard" on his resume.
| oscargrouch wrote:
| Its a great project and it would solve a lot of problems we face
| today for sure. But i fear it will suffer with a problem of
| adoption.
|
| People had to learn HTML and HTTP back in the day, because it was
| the thing that would turn possible to transfer information
| through the wire with a platform called browser.
|
| It was the same with the Windows API, VB, Delphi or Android and
| the iPhone is today.
|
| People will learn that thing not because it will 'save the
| world', sure some will, but for more pragmatic reasons. So you
| also have to offer those pragmatic reasons to people, because
| those reasons are also important after all.
|
| I know TBL was more or less on the "hippie" side of the web
| standards and it was very important to the web's core and
| foundation on the right track.
|
| But i was not because of the HTML standard was great as a piece
| of technology, but the energy and the people that formed around
| it made it happen through the patient iteration over browsers,
| until browsers became a thing no one could avoid.
|
| I'm saying this as somebody working more or less on the same
| problem, but who have taken a different approach..
|
| The problem is hard because the state-of-the-art now is very
| sophisticated. You will have to compete with browsers and app
| platforms for mindshare, and i think you only can do it if you
| propose a new platform where people understand it as a better
| approach.
|
| And i must say, the web alone as it is, is a broken foundation to
| lay out this sort of thing, for a lot of reasons.
|
| So we need a new sort of browser, one that's so different that
| you actually wont even be able to call it a browser anymore.
|
| This is what i'm trying to do. Trying to solve the same sort of
| problems, but with a different take than Solid.
|
| But i must say its pretty hard, because you also have to offer,
| at least as a starting point, what browsers and application
| platforms already offer to developer. Along with this, there's a
| need for a incentive on the part of the user, the ultimate
| consumer of the thing. And this is also a hard problem, because
| you will need to offer something people want and dont have
| already..
|
| I think i got this, but only time will tell. And even if the
| thing is somehow "right", even than you might suffer from lack of
| adoption as the incentives might not be enough and that 'killer
| app' that will make the platform boom never shows up.
| Slackwise wrote:
| I adore this project, and wish for it to succeed, but how do we
| incentivize or _force_ companies to accommodate pods?
| Legislature? About the only way I can think of.
| wombatmobile wrote:
| TBL and W3C could enable competition to de facto monopolies such
| as FB by providing web standards that enable competitors to
| overcome FB's inherent walled garden first mover silo advantage.
|
| How?
|
| Extend HTML to include a Like button and a Share button, and
| implement a new standard that defines an open access comment
| platform.
|
| I'm not suggesting W3C should set up servers to compete with
| service providers. Rather, it could define protocols for those
| capabilities as web standards which are designed to enable
| arbitrary 3rd party implementers to federate interactions. That
| way, service providers could attract niche social groups, whilst
| pooling interactions, thereby overcoming the dilemma of all being
| too small to compete with FB.
| tester756 wrote:
| So what exactly would they have to add to HTML?
| wombatmobile wrote:
| They don't really have to add anything to HTML. I just put it
| that way to express the idea of the "Like" button being a
| page element available anywhere on the web, rather than only
| inside a walled garden.
|
| What is really required is a database protocol for tracking
| Likes, or "a client/server API for creating, updating, and
| deleting content, as well as a federated server-to-server API
| for delivering notifications and content."
|
| But they have that! I didn't know about ActivityPub until I
| read mxuribe's comment above. That's a good start.
|
| As mxuribe says, "having an existing standard doesn't mean
| that the Facebooks's of the world will choose to adopt it." I
| would expect FB to resist it. But if the backlash and
| dissatisfaction with FB grows, a protocol like ActivityPub is
| a necessary enabler for something new to happen. By allowing
| multiple providers to share content in a federated model, the
| protocol could grow organically without requiring one big new
| player to migrate all the FB users to a new monopoly.
|
| Once it starts to happen, FB customers could be bridged into
| the new federated universe with translators that mirror
| content from FB into the new ecosystem.
| cxr wrote:
| LDN (Linked Data Notifications) and the work that
| Hypothes.is is doing on annotations/commenting should also
| not be overlooked.
| mxuribe wrote:
| I believe ActivityPub does allow for "Like button"-like
| functionality: https://www.w3.org/TR/activitypub/#liked
|
| And, ActivityPub is already a W3C published standard...Of
| course, having an existing standard doesn't mean that the
| Facebooks's of the world will choose to adopt it.
| wcerfgba wrote:
| I'm glad TBL is working on this stuff, but at this point I can't
| help but feel like this is doomed to a very slow uptake, like how
| Semantic Web and IPv6 are still emerging technologies. I am
| reminded of esr on Plan 9:
|
| > Unix creaks and clanks and has obvious rust spots, but it gets
| the job done well enough to hold its position. There is a lesson
| here for ambitious system architects: The most dangerous enemy of
| a better solution is an existing codebase that is just good
| enough.
| BlueTemplar wrote:
| It ultimately depends on the governments. They have been quite
| proactive in mandating the end of some technologies in the
| fields of TV and light bulbs. Not sure why they are dragging
| their feets so much with IPv6, now that it has finally been
| finalized in 2017, and even Europe ran out of IPv4 addresses in
| 2020 ?
| mxuribe wrote:
| @wcerfgba That is such a great quote about unix and an existing
| codebase being good enough! Do you know the source? I'd love to
| refer to that in my presentations at work, etc. Thanks!
| Slackwise wrote:
| Parent mentioned it was "esr" or Eric S. Raymond.
| [deleted]
| kkylin wrote:
| Seems this may be pertinent to the discussion, even if it is
| relatively old:
|
| https://dspace.mit.edu/bitstream/handle/1721.1/37600/MIT-CSA...
| eivarv wrote:
| Interesting in a technological sense, but what problem it solves
| isn't obvious to me. It lets me granularly authorize first party
| access what data I have in my pod, but there can't be any
| technical guarantees with regards to illegitimate sharing or
| otherwise copying (many might at least cache, for instance) - nor
| about what is collected and shared outside this system.
|
| I keep seeing data-hubs and identity-providers touting themselves
| as solutions to the web's privacy issues, but I don't see how
| they actually solve anything.
|
| It seems like an attempted technical solution to a social problem
| to me.
|
| The real problem with data based services (ads, Google search,
| etc) is really that a bunch of data is collected opaquely,
| unethically, and in some cases illegally. The whole system
| including data brokers and real time bidding is out of control.
| kvark wrote:
| Maybe we need a quantum leap in technology first? Operating on
| data that can't be immutably copied (i.e. quantum state) opens
| up interesting possibilities in privacy space.
| monksy wrote:
| Depends on what the data is and if the aggregators can
| understand it.
|
| You could have the model where the silo produces encrypted
| blobs and the end client can read it. (What's stored and
| connected is nothing but encrypted blobs)
| BlueTemplar wrote:
| How? The 3rd parties will still need to copy the data, even
| temporarily, to be able to do anything with it.
| kvark wrote:
| If I understand correctly, that's the point. Nobody should
| be able to read or copy your data without permission.
| BlueTemplar wrote:
| Again, the issue is that once you _did_ share (= sent to)
| the data once with _anyone_ , you don't have any
| technical control over what might happen to it (see the
| pirate bay as an example).
|
| Quantum anti-tampering isn't going to help here, where
| it's your interlocutor that is the one that can't be
| trusted.
| pwdisswordfish5 wrote:
| It's partially related the webmail-vs-IMAP problem: direct
| access and control over your data.
|
| An example: There is a pending suit that will ultimately be
| settled with an insurance company by the courts. Crucial to the
| case is data collected by a mobile app that helps establish
| some relevant facts. The incident in question was >1 year ago,
| and we're going to move forward with the case this week
| (originally planned for last spring but put off due to COVID).
| Yesterday, I logged in to the site associated with the app, and
| it threw up a screen that cannot be dismissed, in the style of
| "please take care of <these issues with your account> before
| you can proceed". This is an account which is nowadays dormant,
| and there is in fact no way to take care of these issues. I dug
| out my old phone in an attempt to access the records in-app and
| take screenshots for the benefit of the court. The app itself
| had had an update released, and the records are now
| inaccessible, because the old version of the app is treated as
| an obsolete client. Fortunately, I'd already earlier exported
| all the data I could readily get my hands on--so the only thing
| I'm giving up are those screenshots that I determined in a
| last-minute decision would be helpful as supplemental resources
| --but this could have been a problem for someone who's never
| heard the phrase "move fast and break things" and who took it
| on faith that all this stuff wouldn't just disappear underneath
| their nose for seemingly no good reason.
|
| If we transition to a world where apps are always writing to
| (and pulling from) data stores that are under your control,
| then this would be a total non-issue, even for people less
| paranoid/guarded than I was. The truth is that there _are_
| social hurdles, but there are technological hurdles, too, and
| dealing with the technological part is a precondition to
| society being able to be effective in doing its part. People
| can 't solve problems with solutions that don't exist.
| Vinnl wrote:
| In my (personal) view, it's the technical part of a solution
| that definitely also needs to have a social/legislative
| component. It cannot _prevent_ parties from illegitimate
| sharing of my data, but it does give them the _option_ to hand
| over control to me. There are lots of companies that currently
| hold data on us but for whom that data is not their primary
| competency, and they only need a small nudge (like GDPR) to
| make having the customer responsible for that data an
| attractive proposition.
| eivarv wrote:
| You might be right, but I think it's disingenuous to market
| it as though this "solves privacy". Worst case, people are
| lulled into a false sense of security.
|
| Data-storage + authorization doesn't solve any (new)
| technical privacy-issues; this is "data protection" rather
| than "data privacy" in my book.
| westurner wrote:
| While I recognize the value of W3C LDP and SOLID, I also
| fail to see anything in SOLID that prevents B from sharing
| A's now pod-siloed information.
|
| Does it prevent screenshots and OCR?
|
| So it's in standard record structs and that makes it harder
| for the bad guys?
|
| Who moderates mean memes with my face on them?
|
| It is my hope that future Linked Data spec tutorials model
| something benign like shapes or cells instead of people: so
| that we can still see the value.
| cxr wrote:
| Laws still exist against things like perjury, even though
| there are no technical means in the law itself to prevent
| perjury. Note that one of the comments upthread
| specifically mentioned legislation.
|
| There's an old phrase that putting locks on your doors
| doesn't actually stop a determined attacker, but that
| it's okay because they're not meant to--that they're
| meant to "keep honest people honest". It's a principle
| that applies here.
| metabagel wrote:
| Bruce Schneier is involved with this project.
|
| https://www.schneier.com/blog/archives/2020/02/inrupt_tim_be...
| pintxo wrote:
| We should simply outlaw most privacy-invasive behavior. People
| will still demand news, social-media etc, but the payment will be
| different. Technology cannot and must not solve everything.
| BlueTemplar wrote:
| > "No one will argue with the direction," said Liam Broza, a
| founder of LifeScope, an open-source data project. "He's on the
| right side of history. But is what he's doing really going to
| work?"
|
| While I totally support Tim's project, history will decide what
| is "on the right side of history". Unless he's from the future?
| adkadskhj wrote:
| Well.. obviously it's speculation. Specifically a form of
| speculation describing Liam's belief in this technology.
|
| With that said, depending on what specifically Liam had in mind
| with that quote, i don't think it's far off. Tim's
| technological choice might be right or wrong, but it's
| difficult to argue that people should be able to own more of
| their data than they do now. Is there some pro-Google argument
| that would argue they're the ideal hosts for your data?
| BlueTemplar wrote:
| I guess as long as it isn't a form of "we are the good guys =
| we cannot lose (at least in the long term)"...
|
| I guess that I found the whiplash with the next phrase
| somewhat funny.
|
| As far as for Google, they're certainly very competent at
| their job of gathering (and using) the world's information.
| Which makes them both tempting to use, and also extremely
| dangerous. Also, remember their old motto ? I wonder how many
| of today's googlers still believe that they're the "good
| guys" ?
| QuadrupleA wrote:
| I like the goals of Solid, but tech-wise I fear it's headed into
| the weeds. A detailed critique from a few days' deep dive into
| the tech stack: https://forum.solidproject.org/t/constructive-
| criticism-from...
| sfink wrote:
| tl;dr: Solid is exposing a database of data with a filesystem
| API. This will not end well.
| cxr wrote:
| That's not exactly true. Solid is a refinement of HTTP, and
| HTTP is and always has been closer to "messages and ports",
| not files. <https://news.ycombinator.com/item?id=17897325>
| sanqui wrote:
| My knee-jerk response to this headline is: again?
|
| Paywall stops me from reading the actual article, so please let
| me know if it's realistic this time.
| sgift wrote:
| Decide for yourself: https://archive.is/0BTU1
| wcerfgba wrote:
| NYTimes uses the paywall to keep control of their data ;)
| Slackwise wrote:
| Just delete/block the NYT cookies.
| coliveira wrote:
| It is very interesting that, with the exception of people like
| Berners-Lee, computer scientists around the world have decided
| that the problems of social networks should be addressed only
| within the realm of private companies. I see little to no
| coordinated activity targeted at open social networks for
| commenting, liking, and sharing. Similar pattern on open and
| distributed protocols for searching and sharing data. It seems to
| me as a failure of academia in this important area of computing.
|
| It is important to remember that distributed protocols for social
| interaction is not something new that researchers had not
| considered before. Email is the prime example of open,
| distributed protocol that still is very successful. But many
| researchers have stoped to consider such open protocols and
| jumped in the walled garden bandwagon.
| chrisweekly wrote:
| This is a bit of a tangent, but I think there's a market for a
| "self-tracker" data hub of sorts. My half-baked idea is that it'd
| run locally and ingest my activity of all sorts -- privately,
| securely, individually -- to help inform my personal knowledge
| base. Along the lines of Readwise but broader and deeper, and
| with analytics....
| cxr wrote:
| Check out Brad Fitzpatrick's Perkeep/Camlistore.
| reilly3000 wrote:
| 1000% yes. Local logging of activities from lots of
| applications and devices. Everything gets added to a full-text
| search index, and the data only lives locally unless otherwise
| specified.
| ngcc_hk wrote:
| Try it in china. Or all is just for non-china. And if you think
| you can't do that this reveal most significant problem.
| monksy wrote:
| Why should we worry about that one country and the usage of it?
| They tend to want to control who deals with what data and track
| those who access it.
| pents90 wrote:
| How do you grant a company access to your data but prevent them
| from storing it? And how does it apply to data a company
| generates about me? For example, if I listen to songs on Spotify,
| are they supposed to somehow not store it, but still give me
| recommendations?
| ocdtrekkie wrote:
| To me, this is the major flaw with Solid: Why use a third
| party's service at all? Why should your apps _and_ your data be
| on your own server? Sandstorm and Cloudron already do this, and
| make it user-friendly to install, remove, and share web apps
| with people from a private space. Furthermore, Sandstorm also
| _assumes_ apps are malicious, so it is relatively safe to
| install proprietary apps on-device and still prevent data
| exfiltration.
|
| There are very few types of apps which truly need a third party
| server to work.
| gnarbarian wrote:
| >How do you grant a company access to your data but prevent
| them from storing it?
|
| Outlaw it.
|
| >And how does it apply to data a company generates about me?
|
| You store it on a server you control, then provide access to
| 3rd parties. This is how https://urbit.org/understanding-urbit/
| is setup to work.
| pents90 wrote:
| Ok, so it's more of a legal framework than a technological
| one.
| Vinnl wrote:
| I see it as technology that enables the legal framework.
| chrisseaton wrote:
| > Outlaw it.
|
| Companies always follow the law.
| monksy wrote:
| If you don't want them to know what it is, encrypt it. Even
| if they store it, it's not much use.
|
| If you don't want them to keep it, find a way to invalidate
| it. (This would be for where the read key is time sensitive..
| not sure how to make that work)
| nhumrich wrote:
| If you are asking how it would be technically feasible, there
| are essentially two ways at the top of my head. 1. End to end
| encryption. They store your data, but without your password,
| its encrypted in the db and useless. 2. You pass all your data
| in every request, like a sqlite file or something.
| treis wrote:
| I think the privacy angle is misguided. Most people don't
| really care about it. Even moreso for stuff like what songs did
| I listen to on Spotify.
|
| The better angle is that we're becoming digital serfs. Google
| decided that they didn't want Google Music to exist anymore and
| poof went my listening history and playlists. Any service that
| I use today can do the same thing. If that data were stored
| somewhere I had access to I could have imported it in to
| Spotify.
|
| This is an area I think Amazon or CloudFlare could step into.
| Sell consumers a NAS type box that keeps their data local. Sell
| companies on Lambda/Workers @ Home and have their applications
| run on that NAS.
| monksy wrote:
| > If that data were stored somewhere I had access to I could
| have imported it in to Spotify.
|
| At the moment we've been pushing services in the wrong
| direction to create their own schemas. However, we may win
| back control with standards on this one.
|
| But yes, the idea is that you are able to remove the control
| they have over the data you've produced. It's such a terrible
| arguement to claim they own the data. (Also, why do they need
| to control that other than to try to prevent you from
| leaving)
| cxr wrote:
| People do care about privacy, it's just that they have
| Snapchat-style privacy concerns, not the hypothetical ones
| that technologists tend to talk too much about. You're right
| that people don't care about YouTube having access to their
| stuff; they care about _people_ having it--people like
| Regina, or their manager (or Regina, their manager). The
| whole "digital serfdom" concept is as abstract of a concern
| (and in the minds of many, as irrelevant) as the classic
| surveillance capitalism arguments that you're putting down,
| even if the digital serfdom concept is accurate. People just
| don't care about anything that isn't an _immediate_ concern.
| throwaway2245 wrote:
| >if I listen to songs on Spotify, are they supposed to somehow
| not store it, but still give me recommendations?
|
| This is perfectly possible.
|
| In your example, Spotify could store the data they needed for
| their recommendation algorithm in aggregate form so that any
| link to a person was destroyed and not reversible.
|
| And then make recommendations by running that algorithm on your
| locally/privately stored data, with no loss of functionality.
|
| As such, a recommendation algorithm does not technically
| benefit from storing your personal data, at all.
| breck wrote:
| https://inrupt.com/ Is the startup.
|
| Unfortunately at the bottom is a copyright notice. Nothing is
| going to "put people in control of their personal data" as long
| as we have copyright. Otherwise lots of your "personal data" will
| remained locked up with corporations.
___________________________________________________________________
(page generated 2021-01-11 22:02 UTC)