How solid is Tim’s plan to redecentralize the web?
05 Oct 2018 — Irina Bolychevsky
The internet and near-costless scaling of digital has allowed the concentration of too much power in too few hands. Our systems for accountability can’t or won’t keep up. By building alternatives, the decentralisation of networks, governance and control are a promising antidote. That’s why it’s exciting to see web inventor Tim Berners-Lee announce a commercial venture to support the Solid platform. Solid is a linked data personal data store (PDS) that puts control into the hands of the user, and Inrupt is the first commercial offer to build on it. When we started Redecentralize in 2013, there were a few people who really cared about decentralisation, and a lot of people who really didn’t care at all. Tim’s backing and endorsement has helped change that.
However, I’m concerned Solid is ill-equipped to tackle the challenges of the data ownership space and deliver impact. This article explores some of the problems PDSs face and suggests we need a strategic approach that’s user centered, systemic and allows for a diversity of approaches to overcome centralisation.
Can we sell privacy?
The scandals over Cambridge Analytica’s abuse of Facebook’s app privileges, and the implications in terms of political influence and the spread of disinformation, has led to a significant rise in interest in the decentralised web. People increasingly distrust Facebook which shares your phone number with advertisers to target ads and Google which tracks your location even when tracking is explicitly disabled. More recently, the unwitting exposure of at least fifty million Facebook profiles to the prying eyes of random hackers will only increase the pressure on companies to demonstrate that they can be safe custodians of personal data. So earlier this year, myself and Simon decided to explore the personal data store space to assess the effectiveness of the approach Solid takes.
How does a Personal Data Store work?
Solid’s model is typical of a lot of the PDSs we looked at. User data lives in a datastore. The user either self hosts, or pays for someone to securely host a PDS on their behalf. Applications read/write to that data through user controlled granular permissions.
In the best case scenario of this model, app developers simply provide the interface and functionality of, for example, a calendar or journal app. The data always lives in your datastore. When you browse your journal or calendar in a web or desktop/phone app, the data from your datastore is displayed in the interface, but it’s securely transmitted between you and your datastore. No other parties are able to access it. This would be game changing.
But there are challenges
1. Most digital transactions require verified claims
Much of Tim’s narrative assumes that there is clear ownership of data, which is far from straightforward. Different entities are looking for different kinds of data:
- For the majority of digital transactions and interactions (buying things online, applying for services, booking a flight, proving my age), the most valuable data is data asserted about me from an authoritative source. For example, that I have a valid driving license or verified address, bank account, passport.
- For advertising, it’s what I bought and where I clicked as well as profile data (email address, demographic and interests info). This data is generated by the services I use (e.g. Facebook, Google, Twitter).
- For AirBnB and Uber it’s the ratings that other users have given me that’s important, which isn’t data I obviously ‘own’.
Yes, some of this can be self-asserted, but organisations often want objective data based on behaviour and decisions made about us not what we say is true. Mortgage brokers don’t just want my assertion that I have income, they want proof.
This means that Solid’s use cases will be limited unless it partners with institutions like banks and governments to assert and verify such data. Luckily there are standards being developed in the W3C to facilitate this, but we still need good frameworks and incentives for why such institutions will spend the time/energy to share and verify data about us, how this happens securely and how GDPR requirements are met.
2. If we narrow the market, the value proposition is hard
Putting aside verified claims, we then have the potential market of apps or services which only need self created data, preferences or quantified self data. This could be my calendar, todo list, journal entries, emails, messages, Apple/Google health app stored data, Fitbit data, what websites I use, time spent online, and so on. This is still a major market, but one already well catered for.
What’s the offer to users?
I want to see user research that identifies real problems users have with the current status quo which Solid will solve well enough to overcome switching cost and inertia. Most privacy concerns are centered around Facebook — but people are not on Facebook because they lack alternatives. There are numerous well designed, encrypted, decentralised and privacy preserving, even blockchain-based, alternatives. However, your current social network isn’t portable and the value of Facebook and Twitter comes from the people using it. The way we tackle this is to push for regulation around open protocols, not by expecting everyone to switch.
So if we can’t sell privacy as a product in social media, we need evidence of where else these priorities will bring users. Alternatively, decentralised or PDS-integrated tech must deliver novel and valued functionality or be solving major problems users have with existing centralised solutions.
What’s the offer to companies and app developers?
For companies, service providers and app developers the value proposition is hazy. I have yet to come across a PDS provider with an impressive or long list of partners and companies. Most existing business models depend on controlling the data and using it to improve a service and provide valuable analytics to up-sell paid plans or directly monetise the data collected through advertisers and third party data marketplaces. Giving this up requires incentives or regulation.
If Solid uptake is big enough to attract app developers, what stops the same data exploitation happening, albeit now with an extra step where the user is asked for ‘permission’ to access and use their data in exchange for a free or better service? Consent is only meaningful if there are genuine alternatives and as an industry we have yet to tackle this problem (see how Facebook, Apple, Google, Amazon ask for ‘consent’). What’s really going on when users are asked to agree to the terms and conditions of software on a phone they’ve already bought that won’t work otherwise? Or agreeing to Facebook’s data selling if there’s no other way for users to invite friends to events, message them or see their photos if those friends are Facebook users? I wouldn’t call this consent.
The answer may lie in partnering with civic or NGO organisations that have different incentives, but many users. Organisations like the BBC, governments, local authorities, the charity sector, and even financial organisations like Funding Circle and other peer-to-peer lenders. This is a worthwhile avenue to explore, but it doesn’t feel enough.
Alternative approaches
It’s time to challenge the standard economic approach when it comes to digital. The economies of scale are fundamentally different and we need bold new frameworks to ensure that technology benefits and protects everyone in society. Governments could and should invest in open infrastructure so that the basics of communicating online or connecting with people, cannot be ‘owned’ by companies, but is a shared basis like the internet or email protocol.
I’m thrilled Tim is pushing forward with Solid, but we need to be thinking bigger. Let’s start tackling the broader challenges and opportunities for a decentralised web to deliver a better ecosystem for all. Solid and similar projects need user research, user centered design, marketing and coordination to ensure interoperability and a user experience that can compete with the status quo. Common authentication and authorisation standards for digital identity and login and communication standards that work across applications and services will help break down silos and create real benefits to users and companies to motivate the move away from digital monopolies. It’s time to push for serious funding and resources into such public infrastructure to create an internet and web that works for everyone, just like Tim’s original vision.