Tim Berners-Lee unveils next step for Solid, a decentralized Web platform with privacy built-in as standard

Posted on Oct 6, 2018 by Glyn Moody

It’s no secret that the current design of the World Wide Web has huge problems. This was shown most dramatically by the recent security breach at Facebook that saw 50 million accounts compromised. A key issue is the highly centralized nature of today’s Internet, with power – and our personal data – concentrated in just a few giant companies. This has led to an increasing interest in moving to a decentralized system.

One person who has been working on ways to make the Web better is the man who invented it, Tim Berners-Lee. For over a decade, he has been working on technology that allows a more decentralized approach. Back in 2006, he was focussing on “linked data“. As its name implies, this aimed to do for structured data what hypertext had done for unstructured material like documents. In 2009 he was exploring the idea of “Socially Aware Cloud Storage“. More recently, Berners-Lee has worked as co-leader of the Decentralized Information Group at MIT’s Computer Science and Artificial Intelligence Laboratory. In 2016, he and his fellow researchers published a paper about the new system Solid – the name comes from “social linked data”:

Solid is a decentralized platform for social Web applications. In the Solid platform, users’ data is managed independently of the applications that create and consume this data. Each user stores their data in a Web-accessible personal online datastore (or pod). Each user can have one or more pods from different pod providers, and can easily switch between providers. Applications access data in users’ pods using well defined protocols, and a decentralized authentication and access control mechanism guarantees the privacy of the data. In this decentralized architecture, applications can operate on users’ data wherever it is stored. Users control access to their data, and have the option to switch between applications at any time.

The code for Solid has been freely available on GitHub under an open source license for some time now, and there is a dedicated Web site. However, so far its ideas have made relatively little impact on the mainstream Internet world. Berners-Lee is hoping that will change with the recent launch of a new company, Inrupt. As he explains in an open letter about his new venture:

It is going to take a lot of effort to build the new Solid platform and drive broad adoption but I think we have enough energy to take the world to a new tipping point.

So I have taken a sabbatical from MIT, reduced my day-to-day involvement with the World Wide Web Consortium (W3C) and founded a company called inrupt where I will be guiding the next stage of the web in a very direct way. Inrupt will be the infrastructure allowing Solid to flourish. Its mission is to provide commercial energy and an ecosystem to help protect the integrity and quality of the new web built on Solid.

There are many examples of open-source efforts that have benefited hugely from the contribution of a well-resourced company. While the open-source community provides initiative and a deep source of innovation, everyday web users as well as businesses often look for applications and services from a commercial entity that also provides technical support and vital, ancillary business services.

The Inrupt site contains more details about how Solid’s distributed ecosystem will work. Key aspects include giving users the ability to store their personal data on Solid PODs – personal online datastores, which are likened by Inrupt to “secure USB sticks for the Web”. PODs might be located at home, at work, or in the cloud. There is sample code for setting up PODs on Solid-enabled Web servers, and the plan is to encourage third parties to offer a variety of PODs too. The ability to move data freely at any time between different PODs is an important aspect, since it prevents today’s lock-in to huge silos like Facebook and Google.

Once information is held in a POD somewhere, users give other people and applications permission to read or write parts of the data. One benefit is that it is not necessary to enter personal data for new apps. Instead, they can simply be given the appropriate permissions to read existing data held on a POD. This approach is also a boon for developers. One of the reasons for the great power of Facebook and other Internet giants is because of network effects. It’s hard to persuade someone to use a new, rival service until many other people are already using it. With Solid PODs, users can join new offerings instantly, and with no effort. This means that mass migrations, where large numbers of people switch overnight, can take place very easily. Another application of PODs is to use them for establishing identity:

In order to prove ownership of your data, you need a way to identify yourself. Rather than relying on a third party, you can use your Solid POD to say who you are. So no more “Log in with X” or “Log in with Y” on the Web — just “Log in with your own Solid POD”.

For developers, the Inrupt site offers a Getting Started page, with links to the Solid specification; an introduction to linked data; how to write Solid applications; and details on installing and running a Solid server.

Although interesting in themselves, these ideas are not new. One of the first people to warn about the privacy problems of centralized social networks, was Eben Moglen, General Counsel of the Free Software Foundation for 13 years, and the person who helped draft several versions of the GNU GPL. Back in 2010, he said:

The services are centralised for commercial purposes. The power that the Web log holds is monetisable, because it provides a form of surveillance which is attractive to both commercial and governmental social control. So the Web, with services equipped in a basically client-server architecture, becomes a device for surveillance as well as providing additional services. And surveillance becomes the hidden service wrapped inside everything we get for free.

His solution was a small, low-cost device that held all your personal data, and allowed controlled access to it from similar units running in the homes of friends and family. In other words, what Inrupt calls a Solid POD. Moglen’s solution never took off. It lacked visibility, and it lacked enough backing to gain that visibility.

Some fear that Solid might also be “ill-equipped to tackle the challenges of the data ownership space and deliver impact”. But the key advantage of Solid is that it has the very high-profile Berners-Lee out there promoting it as a way of regaining control of our personal data, plus the startup Inrupt supporting its uptake by developers and companies. According to an article on Cnet, more than 40,000 people have already signed up to try out Solid. It will be interesting to see whether these moves are enough to break the stranglehold that centralized services have on the Internet today, to the great detriment of security and privacy.

Featured image by Inrupt.