Tim Berners-Lee's Inrupt project plans to fix the web - Sensationalist Headlines

How Tim Berners Some article snippets: Tim Berners-Lee wants to change the face of the internet he created. In September 2018, the father of the world wide web announced the launch of startup Inrupt, co-founded with cybersecurity entrepreneur John Bruce, which has as its mission “to restore rightful ownership of data back to every web user.” The big idea behind Solid is that, instead of a company storing all your personal data on their servers, you would keep it on your own personal data “pod”, located on a Solid server. You could run your own server or host it with a provider, much like a personal website. You could then give individual apps permission to read and write to your pod. When you want to stop using an app, you just revoke its access. The data remains on your pod, and businesses making apps never have to worry about storing it, deleting it, or making it easily exportable. Here's the website for the project: https://solid.inrupt.com What does Facepunch think of this initiative? I have mixed feelings about it. While it's great to have more control over your personal information, storing everyone's details on one location may create a literal goldmine of personal information that some will want a bite out of. That is unless people end up hosting Solid servers on a personal VPS. There are endless ways to go about it and nothing seems to be set in stone, however I appreciate Tim's continued work on opening the internet to what he originally viewed it: an open place for online collaboration.

The Solid POD providers below are currently designed for use by a highly technical audience of developers. This is on the "Get a Solid POD page", so I assume they haven't actually worked on making it user-friendly for mere mortals. In which case, it's dead on arrival. I think most systems like this are anyway. I think there was another similar proposed system called "Data box" or something. You'd need to cause a huge paradigm shift to get enough people to care about the privacy and security of their personal data to start seeing big players adopting this system. Either that, or it is enshrined in law by countries - which I think is even less likely, considering the influence of corporate lobbying and concerns over "competitiveness". If these systems were already in use by a significant number of people, I expect Google, Facebook et al would have their currently very successful business strategies ruffled. People would go "holy shit why does [company] want access to all of my personal info", and of course reject it. As such, expect fierce opposition from them should adoption of such a system start to pick up momentum. In the ideal world, this system would be perfect for your average human. I do wish it success, but I'm not too hopeful.

There's a beginning of a great idea here, but I am concerned about a universal data storage point due to things like Equifax.

The problem: People are storing their data on companies' servers. The solution: Make a company for people to store their data on its servers. Also a healthy dose of xkcd (always relevant): https://imgs.xkcd.com/comics/standards.png As with boxama, I don't think this will end up succeeding the way the developers are hoping it will. And like Dan the Man points out, this is a huge security risk, storing all your data for various different applications all on a singular point of failure. Their hearts are in the right place, but their heads seem like they need to catch up yet.

Sounds interesting but why would any of the big ad companies and web companies actually use that when current tracking and ads is such a big industry. Most of them want to crawl as much information as legally possible, if not go around laws in grey areas. And good luck "transforming the internet", I doubt thats really possible at this point, being the "father of the internet" doesn't really say much in that regard. Also not sure about the hosting situation, its basically just moving it from all the companies to one company if you aren't able to host it yourself. The risk of a single breach of the data of millions. If I get it right its sorta like "app permissions" or API based login on websites. This also invites for a huge wave of phishing/scams. Twitch recently had an issue where people would give a fake bot all their rights via the legitimate Twitch API login, if you would read everything on there you would notice its a bad idea but since people thought its a popular bot they just agreed. Thus hundreds of peoples accounts were abused for spam or ToS breaking streams. On mobile we already have tons of apps that request way more information then they need and people also just agree to them. Now if this system works similar, with giving access rights (probably in tiers like on apps etc.), then this sort of phishing/scam can easily be applied here. In the end it will probably just end up as some extra "standard" some sites might use, would be my prediction.

TBL is one of the people who supported EME, which was a successful attack on the open web, why should I trust him now?

Because he also like invented the WWW?

That doesn't mean much if decades after that he worked against it.

I'm not familiar with the EME, searching it on Google brings up unrelated results for me. I'm pretty curious as to what Tim has been up to now. Can you kindly elaborate?

EME is a way for web browsers to communicate with DRM software, the whole point of having a web standard is that anyone can implement it completely on any platform (even new ones), however while EME is standardized the DRM it connects to isn't, this effectively means that in some platforms parts of the web may not be available.

The data still needs to go to the developer's web server, and they're still going to need to store data outside of a user's pod, so I don't see how this will work whatsoever

Before that there were tons of things that were pretty much just like the WWW, only the shitty document format it used along with lucky timing made it stand out Berners-Lee is a corporate whore and I don't trust him at all with this

If companies can still read/write your data what stops them from keeping copies of it, even after you revoke access?

This just can't work securely. There are a number of competing problems they need to solve: Storing all of your data for every website, unencrypted in a single location would obviously be one of the worst goddamn ideas imaginable. Encrypting the data with a user-provided password doesn't provide enough protection. Having the websites encrypt the data using their own secret keys would render that data completely useless to you, should you want to "emigrate"; one of the selling points of this scheme is that you can "take your data with you". It's impossible to stop the websites from encrypting the data they store in your pod before they store it. Therefore, it is impossible to force companies to let you "keep" or "own" your data. Websites will have complete read access to the data, so they can store a copy of it whenever they please. It is impossible to prevent this.