How serious is Tim Berners-Lee's plan to decentralize the web?
- Transfer
The Internet and the almost free scaling of digital technologies have led to the concentration of too much power in several companies. Accountability systems do not keep up with them. A promising antidote - alternative network decentralization, management and control. That is why it is so good that web inventor Tim Berners-Lee announced a commercial enterprise to support the Solid platform. Solid is a personal data repository (PDS), which transfers control to the user's hands, and Inrupt is the first commercial offer on this platform. When we launched the Redecentralize project in 2013, very few really cared about decentralization, and most did not even think about it. The support and approval of Tim helped make a difference.
But I’m concerned that Solid is poorly equipped to solve PDS problems and real industry impact. This article discusses some of the problems faced by PDS, and suggests a strategic, user-centered, systematic approach that allows for a variety of options to overcome centralization.
Privacy for sale?
The scandals surrounding Cambridge Analytica’s abuse of Facebook application privileges, as well as the consequences of political influence and the spread of misinformation, have led to a significant increase in interest in decentralized networks. People are less likely to trust Facebook, which shares with your advertisers your phone numbers for targeted advertising, and less and less trust Google, which tracks your location, even if tracking is explicitly disabled in Android. More recently, at least 50 million Facebook profiles have been leaked, which will only increase the pressure. Companies are required to demonstrate that they are capable of being safeguards of personal data. Therefore, at the beginning of the year, Simon and I decided to explore the PDS market in order to evaluate the effectiveness of the Solid approach.
How does personal data storage work?
The Solid model is typical of many PDS. User data is stored in the repository. The user either hosts it, or pays someone to securely store the PDS on its behalf. Applications read and write this data using granular permissions managed by the user.
At best, application developers provide an interface and functionality, such as a calendar or a magazine. Data is always stored in your data warehouse. When viewing a log or calendar in a web application or a desktop application, or a phone application, data from the data store is displayed in the interface, but is safely transferred between you and the data store. No other parties can access it. This should change the rules of the game.
But there are problems
1. Most digital transactions require confirmation.
The article by Tim Berners-Lee in many ways suggests that there is a clear knowledge of the data, which is far from simple . Different entities use different data types:
- For most digital transactions and interactions (buying things on the Internet, applying for services, booking a flight, confirming age), verified data from a reputable source are most valuable. For example, that I have a valid driver's license or a confirmed address, bank account, passport.
- For advertising, you need information that I bought and for which banners I clicked, as well as profile data (email address, demographic data and information about interests). This data is generated by the services I use (for example, Facebook, Google, Twitter).
- For AirBnB and Uber, the ratings that other users gave me are important. Obviously, I do not “own” this data.
Yes, something may seem presumptuous, but organizations often need objective data based on our behavior and objective decisions. They can't just take their word for it. The mortgage broker doesn’t have enough of my claim about his income, he wants evidence.
This means that Solid’s use is limited if the platform does not cooperate with institutions such as banks and governments to validate and verify such data. Fortunately, the W3C develops standards specifically for this , but we still need to establish good frameworks and create incentives for such institutions so that they want to spend time / energy on sharing and checking data about us, organizing security modeled on the GDPR.
2. If we narrow the market, it is difficult to offer a benefit.
Putting aside claims to verification, we have a potential market for applications or services that need only self-generated data, preferences, or quantitative data about ourselves. This could be my calendar, task list, journal entries, emails, messages, saved Apple / Google Health data, Fitbit data, which web sites I use, time spent on the Internet, and so on. It is still a large market, but it is already well served.
What to offer users?
I would like to see a study of the real current problems of users, which Solid solves well enough to overcome inertia and migration efforts. Most privacy concerns relate to Facebook, but people do not stay on Facebook because there are no alternatives. There are many well-designed, encrypted, decentralized and private social networks, even on the blockchain. However, your current social network is not portable, and the value of Facebook and Twitter is in the people who use them. The problem needs to be solved by regulating open protocols , rather than expecting everyone to switch.
Therefore, if we cannot provide privacy as a product in social networks, then we need evidence of where these priorities are important for users. Decentralized or integrated into PDS technology should provide new and valuable functionality or solve the basic problems of users that they experience with existing centralized solutions.
What to offer to companies and application developers?
For companies, service providers and application developers, the value proposition is hazy. I have not yet met a PDS supplier with an impressive or long list of partners and companies. Most of the existing business models depend on data control and their use to improve the service, as well as providing valuable analytics to increase sales of paid plans or direct monetization of data collected through advertisers and third-party data markets. Failure of this requires incentives or regulation.
If the Solid offer is attractive enough for application developers, what prevents the same exploitation of data, even now with an additional step, when the user requests “permission” to access and use his data in exchange for a free or better service? Consent makes sense only if there are genuine alternatives, and our industry has yet to solve this problem (see how Facebook, Apple, Google, Amazon ask for "permission" to commit various compromising actions). What really happens when a user is asked to agree to the terms of the software on the phone he has already bought and which otherwise will not work? Or consent to the sale of Facebook data, if there is no other way to invite friends to events, send them a message or see their photos if these friends are Facebook users? I would not call it "permission."
The solution may be to partner with civil or non-governmental organizations that have other goals, but many users. Organizations such as the BBC, governments, local governments, the charity sector, and even financial institutions such as Funding Circle and other peer-to-peer credit organizations. This is a worthy option to study, but it is unlikely to be enough.
Alternative approaches
When it comes to digital technology, it's time to challenge the standard economic approach. The economy of scaling is fundamentally different, and we need bold new laws for technology to benefit and protect everyone in society. Governments can and should invest in an open infrastructure so that the basics of communication on the Internet or communication with people cannot “belong” to companies, but be a common basis, such as the Internet or an e-mail protocol.
I am delighted that Tim is promoting the Solid peering platform, but we need to think more broadly. Let's start solving more general problems and use the capabilities of a decentralized network to improve the overall ecosystem.. Solid and similar projects need audience research, user-friendly UI development, marketing and coordination to ensure interoperability and usability that can compete with existing solutions. We need common authentication and authorization standards for digital identities, as well as common authentication and communication standards that work in different applications and services. They will help break down barriers between isolated services and create real benefits for users and companies to motivate a departure from digital monopolies. The time has come to push for serious funding and investing resources in such a public infrastructure in order to create a web that works for everyone - just like the original vision of Tim Berners-Lee.