[HN Gopher] Solid Project: All of your data, under your control ___________________________________________________________________ Solid Project: All of your data, under your control Author : gibsonf1 Score : 236 points Date : 2021-02-01 15:54 UTC (7 hours ago) (HTM) web link (solidproject.org) (TXT) w3m dump (solidproject.org) | twiddlebits wrote: | too complicated. | anderspitman wrote: | Solid is awesome and I'm bullish on this model in the long-run, | but it seems to be caught in a classic chicken/egg problem. | Nobody is going to use it until there are good apps. and nobody | is going to make good apps until there is a market of users. IMO | this is the same problem that kept Sandstorm and remoteStorage | from getting big. | | I see 2 solutions currently: | | 1. Make an awesome storage product, that just happens to | implement Solid. It might have to start out also implementing S3, | which unfortunately doesn't support OAuth, which basically kills | it for apps. You could try making it compatible with another | proprietary protocol like Google Drive, or provide a frontend | library that easily talks to all the major cloud storage | providers, plus Solid... | | 2. Take the slow track. If developers themselves want to use it, | they'll write useful open source apps over time. This can take | forever though. Even after 30 years there are still large feature | gaps on Linux because the market is too small to attract big app | developers. | passive wrote: | Lovely to see this come up again. It's really a great time to | promote Solid, with the evidence of shady practices at the big | corporations mounting, I know lots of folk would like a way to | reclaim some of their data. | | That said, I feel like the big starting point for Solid is | exfiltration/syncing of data between services, and that appears | to be missing, for the most part. | | Give folk an app that will pull their music preferences from | Spotify, and let them try out Amazon or Apple music with the same | collection. It's a very simple data set, and a fairly common and | comprehensible use case. | | Doing photos from Facebook/Instagram/Twitter/etc would be a | bigger lift, but not too much different in concept, and I think | very compelling in terms of selling the value of the service. | smm11 wrote: | I self-host via a 1T SD card in my phone (encrypted). Why pull | from/risk "the cloud" when I can have my stuff on me in the first | place? | anderspitman wrote: | Something like Solid is more useful if you want to share data | with other people, or use apps that only support cloud storage. | There are many such apps (Google Docs for example), but most of | them are currently embedded in their respective cloud storage | provider. Solid decouples the apps from the storage. | oakfr wrote: | So if you lose your phone, you lose all your data? (asking in a | genuine manner) | smm11 wrote: | I have a glacier store of my phone and SD card data that I | upload every weekend. I'm good with 5 or so days of phone | data loss in that event. (I use a desktop VM that does | nothing other than touch Glacier, and my phone, for this.) | mawise wrote: | I've never seen a compelling explanation of how this is supposed | to work. Do people self-host their pods? Is the pod one more | thing to sign up with an external provider? | | If I'm self-hosting my pod anyway, then wouldn't I want my self- | hosting to include the (for example) photo-library viewing layer | instead of giving google photos or flickr access to the photos in | my pod? If I did give them access, then how is it more private | than if they hosted it themselves? Maybe the pitch is more about | mobility of services and avoiding lock-in than it is about | privacy and security, but that doesn't seem to be the message I | get. Does anyone have any pro-solid blog posts or articles you | think might be helpful in convincing me? It smells like it is | well aligned with my values but I just can't see how it will | actually work. | treis wrote: | >photo-library viewing layer instead of giving google photos or | flickr access to the photos in my pod? | | IMHO, privacy is the wrong tack for these arguments. The issue | is that Flickr or Google Photos can shut down and/or raise | prices while all your data is stuck there. | ocdtrekkie wrote: | Solid seems like an idea that only makes sense if your key goal | is allowing cloud providers to offer proprietary services that | use your data, while still storing it elsewhere. | | But I'd say most people fall either into "I don't mind | proprietary services holding my data" or "I want to self-host | the preferably open source application and my data". I don't | see the benefit of separating the two at all, and I think the | only reason this project keeps coming up and around is the name | of the guy pushing it. | | "Solid is a mid-course correction for the Web by its inventor, | Sir Tim Berners-Lee" is very literally the only selling point I | think Solid has. | | Sandstorm or Cloudron have a better model, self-host (or pay | someone to host for you) all of your apps and data together, in | an easy interface for adding new apps like an app store. | Vinnl wrote: | You can choose whether to self-host or whether to have someone | else handle that for you. | | As for also hosting your apps: I think the answer to that is | the same as for why you might still choose to use an email | client even if you're hosting your email server. | | However, I would expect the majority of people not to self- | host, but to have that handled by a party they trust. They | would then not be limited by that host also having to support | the particular photo-viewing layer they are interested in, but | instead are able to choose one independently. | | (Disclosure: I work for Inrupt, but opinions are my own.) | passive wrote: | The hosting story is still a little messy, but in my version of | this, I think it needs a trusted third-party to offer hosting, | along with an open committee to manage the data specifications. | | The advantages of separating data storage from usage are | similar to those in application development. If you have a | robust model for defining and retrieving your data, the tools | for working with that data can be iterated on independently | from the data itself. | | So let's say your photos are in Google Photos, because your | phone backs them up there automatically, but all your friends | who you want to see the photos are on Facebook. Theoretically, | "Solid" could be pulling those photos into a standard data | specification, and provide easy tools for automating how they | get shared into Facebook. | | Then let's say you wanted to edit some of those photos, so you | open up PhotoShop Solid, and get editing. | | But then you join Instagram, and you want to quickly show off | your Photoshop skills. All you need to do is connect Solid. | | The key aspect here is that you can use as many different tools | as you like to work with your data, but it's the same data, and | if Facebook goes belly-up tomorrow, or you just don't want your | photos there anymore, Solid has your back. | | One thing that I don't think is well defined yet, but really | should be, is how services will request access to your data. | This needs some kind of standard interface, very similar to how | phones let you customize app access. It should make it very | clear what data you are "selling" to the Facebook, and what | they are providing in return for that data. | mawise wrote: | That makes sense, but it also means the selling point is data | portability more than data privacy/security. Since I would | already need to give an application access to my data, I | might as well have them host it for me. It still feels like | Solid is a more complex and harder-to-reason-about solution | to the same problem that GDPR data takeout tries to solve. | Consistent open standards are nice, but it doesn't take that | much work for Facebook (or others) to accept a Google Photos | takeout dump as an input format. | | If the only real problem that Solid solves is "I loose my | data if provider X locks me out or goes bankrupt", then it | isn't even good enough since the third-party pod-hosting | company can have the same failure mode. Maybe we should | expand on GDPR data takeout legislation to require something | like API-driven access that would allow people/companies to | build automated backup/export solutions. | | That becomes a much simpler thing to build and get buy-in for | instead of a whole new paradigm which companies aren't | incentivized to follow and is hard for users to understand. | passive wrote: | I think data portability is the most obvious value | proposition for most people, especially between potentially | hostile services (Facebook and Google Photos could easily | inter-operate, but that's not something either company | wants to invest in). For someone like me, who has moved a | streaming music "collection" between 4 services over the | past decade or so, it would have been real handy. | | It also, conceptually at least, dramatically lowers the | barrier to entry for new services in the same space, since | they can use the existing data models and persistence | layers. | | The privacy aspects are secondary, at least to start, | though I think the last few years have helped establish | more context for them. Providing granular controls for data | access in a common format across services seems like a big | win, at least compared to my experience hunting through | preferences/settings/account details/etc menus in Facebook | and other places. | | Finally, I think there's significant potential value in | this being used as way to authenticate the source of media. | As deepfakes are getting better and easier to create, | having all the video and audio of you connected to a known | identity seems like a necessity. Letting Facebook or Google | be that identity provider would be very bad. | cratermoon wrote: | The privacy aspects need more attention. There does need | to be a neutral and trusted identity provider. It should | be possible for the pod owner to control access via some | kind of scope/role/policy setup. That's going to be | complicated for most people. Using an example from | elsewhere in this thread, I probably would want PhotoShop | to be able to have full access to many (but not all) | images my pod, but Instagram should really only be able | to read the images I want to post there. | anderspitman wrote: | I think federated identity is the way to go. Technically | that's what we have now, ie every identity provider I'm | aware of lets you reset your password via email, which is | federated. | | But we tried federated and users didn't care. They want | convenience. Maybe with privacy apparently picking up | some public interest, we can try again. | seph-reed wrote: | I had this idea a while ago when trying to figure out how we're | going to do web-tech in space. Obviously you don't want to send | an entire web page, just the data. | | If data is clearly templated, it's up to the user to choose a | UI for displaying it. Many UIs can compete. They don't have to | proprietary. | | In time, UI would become an art form; like music. | fuzzybear3965 wrote: | Is this related to Jaron Lanier's vision of union (in the labor | sense) groups which sell to companies access to the group's | anonymized data? In his model, one individual can belong to many | groups and their information is like a share/stock they have in a | pool of data with other people. They sell in a cooperative | fashion to select companies, gaining power through anonymity and | group bargaining power. | Nasrudith wrote: | Data in those contexts nearly always have "reciprocial actions" | fundamentally and those who gather the data know what they | actually want out of it. Company-user interactions would likely | produce better data. It feels like half of an understanding of | both data usage and union style collective barganing. | | Unless I am missing something it seems a bit like trying to | combine a semitruck and a bicycle to get green bulk cargo | transportation. Sure both things individually have these | advantages and it would be great to have all in one but | implementing it is fundamentally nonviable. | rapnie wrote: | Interesting. Do you have any good links? | rencire wrote: | Would love to learn more about this. Any resources/links on | this subject? | kodah wrote: | Do I understand this | (https://solidproject.org/developers/tutorials/getting-starte...) | correctly: you can only write Solid applications with frontend | Javascript? | brabel wrote: | No, you're looking at a Getting Started Page targeted at web | developers, hence they use the tools they are familiar with. | These tools take care of auth/data format and other glue code | so you can get started easily... But because Solid is based on | open standards, you could write a desktop app that makes HTTP | requests using your language's clients without issues, but | you'll have to write some boilerplate code yourself until | there's frameworks in your language that handle that for you. | | I believe working with Solid is mostly about working with HTTP | and RDF... so, if you're into the JVM, try Apache Jena[0]. | | PHP? Try EasyRDF[1]. | | Python? rdflib[2] | | [0] https://jena.apache.org/ | | [1] https://www.easyrdf.org/ | | [2] https://rdflib.readthedocs.io/en/stable/ | kiwidrew wrote: | _> Solid is mostly about working with HTTP and RDF_ | | Surely _this_ incarnation of the RDF-based Semantic Web | nirvana will succeed where all other attempts have failed! :) | jopsen wrote: | How would you build something with this? | | Given that none my prospective users have a pod, or would want to | go through additional sign-up steps. | | Also all pod providers seems to be experimental, and have no | pricing. | mikedc wrote: | Philosophically, and in the long-term, Solid is compelling to me | for all of the reasons that the project purports to exist. But we | have a classic chicken-and-egg problem with the absence of both | reputable pod providers and the development of an application | ecosystem. | | Practically, and immediately, it is compelling to me as a | developer of small-ish applications (plugins, etc.) in which I | want to give users the ability to store some data (preferences, | etc.) in the cloud without my having to manage that data, or the | associated services/infrastructure - including having to deal | with absorbing or recouping the cost. | | Dropbox once offered the Datastore API[0], which was a handy | little bring-your-own-database service allowing apps read/write | access to a key/value store in a user's account (Dropbox accounts | being quite common then), but it was deprecated[1] due to lack of | traction at the time. | | [0] https://dropbox.tech/developers/the-datastore-api-a-new- | way-... | | [1] https://dropbox.tech/developers/deprecating-the-sync-and- | dat... | gklitt wrote: | 1) I am a big fan of the general philosophy of Solid. But as | others have mentioned, I've found it extremely difficult to | understand specifics of the proposal or to see concrete progress, | based on publicly available resources. | | The best place I've found is Ruben Verborgh's blog (he's a | researcher who's affiliated with Solid). For example here's a | nice post which goes into more detail on the ideas behind Solid: | | https://ruben.verborgh.org/blog/2017/12/20/paradigm-shifts-f... | | 2) In terms of applications, I'd personally like to see more of a | focus on productivity applications, rather than so much focus on | social media. Better interop between cloud SaaS apps would be | valuable to businesses and professionals, and would sidestep many | thorny challenges like decentralized moderation. | | As a concrete starting point: what if I could store my Google | Docs text files on my own storage layer, and edit them in | realtime using a variety of editor apps? This would resemble my | ability to edit a .txt file on my computer in vim or TextEdit, | but would port that metaphor to the world of modern online | collaboration. | | Here's a short Twitter thread I wrote on this topic: | | https://twitter.com/geoffreylitt/status/1355255162626068482 | | 3) I'm very curious to see more incremental paths from the | current web to a decentralized approach. For example, what if we | could start annotating existing websites with private data and | sharing those annotations P2P, rather than starting over from | scratch? | | I've explored this a bit with my Wildcard project, where users | can store annotations in a "spreadsheet" that is linked to a web | page: | | https://www.geoffreylitt.com/wildcard/ | Blake_Emigro wrote: | March 2020 I was investigating Solid for legaltech projects I'm | designing. I thought it sounded like a great way for a user to | create a master profile that can be used with multiple web apps | and service providers, while maintaining more control over | their data. I engaged with the Solid community and with Ruben, | who was very nice and helpful. However, I found that the tech | was still at the hobby stage, and I didn't really think the | toys being built on it were very compelling. It was very | disappointing considering it was already a couple years old and | had a lot of hype around it. I hope that this moves forward, | but it's almost a year later and seems to be the same story. | gcblkjaidfj wrote: | there's a "joke" on the dweb groups that "SOLID is freenet | with less caching of other people's _illegal content_ " | er4hn wrote: | I think that with a problem statement of "I want to control my | data and how third parties use my data" Solid makes a good deal | of sense. Personal information should be owned by you and you | should be able to take it from service to service as you see | fit. The two problems that I find with Solid, based on my own | limited understanding are as follows: | | (1) Services don't need to give back to Solid - Services, | Facebook, your medical provider, whatever else you are using, | does not have a clear incentive to provide their own data on | you back to your Solid pod. It is far easier for them to keep | it: it lets them do offline processing, and it keeps you more | locked into their service. I'm not sure how one would solve | this issue. | | (2) Much like mobile apps with excessive permissions and the | abuse of tracking elements - I don't see how Solid prevents the | abuse of its service. If Solid catches on and Facebook has a | permissions check saying "Let Facebook do 'SELECT * FROM _._ ;' | on your Solid data, how many people will click yes? Even if you | request it each time, once the data is copied out, it is out | there and can be packaged and resold, used to build advertising | profiles, etc. You're back to the original problem of not being | able to limit access to your data, but with extra steps. Where | I think this could be solved is by Solid not providing the data | directly, but by being a service which can answer queries. | Queries could be items such as "Does user like cats? y/n/m". Or | it could be something like "Here is an anonymized dataset being | built out. Please add your input to it." Replies to queries | could also have an amount of deliberately wrong or misleading | answers given, depending on the service and endpoint to | obfuscate your personal data on places that don't need it. | While this can still be abused, it raises the bar for abuse. | alfonsodev wrote: | The problem with Facebook is not that they are using user | uploaded content, is that the user has no clue whatsoever the | data is being collected by means of tracking actions (likes, | time spend on a video...) and cross site tracking and what is | going to be used for (Ads, make the site more addictive ?, | recommendations?). | | It's an issue of collecting user generated data without | awareness, and with lack of transparency, that's very | different from "I upload a picture and I share it with my | closest friends only" for that issue, one could argue | Facebook has a fair enough UI/UX. | | I'm assuming that what would go into a pod is decided by the | user and therefore is a separate issue. | | I imagine the permission you are describing more like, "Let | Facebook Access your Wedding photo's Pod" if well | implemented, and "Let Garage Band access your Music pod". | er4hn wrote: | You raise a good point - my example of asking if the user | likes cats is something that could be an inferred metric | based on their clicking on cat pictures and having lots of | pictures of cats. It isn't the user data itself which Solid | aims to control. | | Trying to subdivide pods so that services map access from | album A -> pod B and album B -> pod C sounds like a painful | UX problem as well.. Do I place my ambient music in my | music pod or my "office music" pod? Do I have a hierarchy | of musical pods? I am joking a little, but it is a hard | thing to have fit into an easy flow. | bachmeier wrote: | > The problem with Facebook is not that they are using user | uploaded content, is that the user has no clue whatsoever | the data is being collected by means of tracking actions | (likes, time spend on a video...) and cross site tracking | and what is going to be used for (Ads, make the site more | addictive ?, recommendations?). | | I'd say the two biggest questions that outweigh any others | are: | | Who will access the data? | | What will they do with it? | | The problem is that few of us know how our data is being | used against us. "We will use the latest artificial | intelligence methods to convince you that [political issue] | is a good thing, since you're just on the other side of the | fence." | | The key thing you didn't mention is who the data will be | sold to. I doubt the extremist nonsense, not related at all | to any videos I've watched, creeps into my YouTube | recommendations by accident. Who's paying them to generate | clicks and viewing hours? What conversion are they | attempting with my information? Only one side understands | this game. Is there any justification for not having to | reveal who paid them for my information or my clicks? | khimaros wrote: | another problem is that once data has been accessed, it can | be stored and analyzed. maybe we need to play big tech's | own game and apply ToS to any data we allow them to access? | er4hn wrote: | When you put it that way it feels like Solid is a | technical solution to a legislative issue. | mikedc wrote: | One possible answer to both of your questions is "with | legislation", and I feel like to some extent a tightening of | the rules here is what Solid anticipates. Perhaps not to the | point that we could expect the big players of today to adopt | a platform like Solid, but perhaps where the companies of | tomorrow looking to avoid the headaches of compliance see | offloading data storage to a dedicated entity managed by the | user as an appealing option. | er4hn wrote: | I think that may be the answer! If data is toxic waste then | offloading the storage of toxic waste may be the new way to | focus on your "core competency" of running your service. | gcblkjaidfj wrote: | > If Solid catches on and Facebook has a permissions check | saying "Let Facebook do 'SELECT * FROM .;' on your Solid | data, how many people will click yes? | | Excellent point. For the answer, just look at how many people | give FB app permission to all their contact and photos. | | Hint, if you add an observer on android, you will see that | whatsapp and fb app, both scan your contact list every few | minutes! | | If you allow anything (access my contact list so i can find | person X), they will take it literally everything they can | (you entire contact list, every few minutes). | [deleted] | sbazerque wrote: | Look at Hyper Hyper Space! | | https://github.com/hyperhyperspace | | Its goals are similar, the approach is more pragmatic (p2p data | layer using standard web browsers and webrtc). | rasengan wrote: | I read and it says you have to use a third party host or host on | your own [1]. I'm not sure how this differs from the WWW - could | someone explain? Thank you! | | [1] https://solidproject.org/users/get-a-pod | XCSme wrote: | I was also confused by this, on the home-page it says | | > Solid lets people store their data securely in decentralized | data stores called Pods. | | Then in the "Get-a-pod" it suggest you should get Amazon for | hosting? | FlorinSays wrote: | It's an inversion of control over your data. Instead of all the | data being stored in multiple places outside of your control, | your data is stored on a pod and you have better control over | what happens to it. | alpaca128 wrote: | To me the whole pitch is a bit too nebulous and seemingly | inconsistent. What does it mean with "portable" and | "interoperable" data standards? Does that mean specific file | formats? Protocols? Apps? | | What do they mean with "Linked Data"? What's novel about this, | what makes it different from hyperlinks or shared Dropbox | folders? | | Why does it say pods are decentralized data stores, but then on | the "about" page it tells me I have to host the pod on a server - | how is that decentralized? | syats wrote: | Linked Data does have a concrete definition: RDF data that is | accessible through SPARQL, with well defined semantics. That | is, following a published ontology and re-using existing | vocabularies as much as possible. | | Linked Data itself is not novel: | https://www.w3.org/standards/semanticweb/data | eivarv wrote: | I think it's important to point out (if only for end-users) that | Solid puts your data "under your control" in the "allows you to | authorize third party access to your data" - not in the "can | actually control your data in practice, post-access". | | It'll let you granularly authorize first party access what data | you have in your pod, but there can't be any technical guarantees | with regards to illegitimate sharing or otherwise copying (many | might at least cache, for instance) - nor about what is collected | and shared outside this system. It's own documentation even | states this, if you dig a little. | | I keep seeing data-hubs and identity-providers touting themselves | as solutions to the web's privacy issues, but I don't see how | they actually solve anything. It seems like an attempted | technical solution to a social problem to me. | | The real problem with data how data is used these days is really | that a bunch of data is collected opaquely, unethically, and in | some cases illegally - and possibly shared. The whole system | including data brokers and real time bidding is out of control. | gameman144 wrote: | How does this work in practice, I didn't see a worked example on | the site. | | For instance, say I give Solid Social access to my contacts and | my photos. At that point, Solid Social can access all my contacts | and photos, copy them, and then do whatever they please with them | (even if I later revoke permissions). In the current web, I | upload my photos to a website, which I then trust not to use them | inappropriately. In the Solid world, it seems like I give photo- | access to a website (which could then copy them) and trust that | website to not use them inappropriately. This seems like the | current system, but with extra steps. | | In terms of data compatibility, I think that there's a | potentially compelling case (user-driven standards vs. bespoke | handling per website), but again I fail to see the practical | implications. For example, if I upload a video to a website and | it becomes incompatible with other websites, my assumption is | that there's some reason for that step. It _could_ be out of | walled-garden malice, but it also could be that the website is | encoding it and co-locating it in such a way that it 'll be | really fast for other users to watch. In Solid-world, it's | unclear what the flow here should be: does the website only get | to consume the videos as I have them on my pod (potentially | terrible performance)? Does the website get to still do | optimizations (and potentially keep artifacts of my video after I | revoke permissions?) | | I like the drive towards consistent standards for interfacing | with data, but other than that I could just be missing the | important bits here (and please let me know if so), and I fail to | see the positive change in most web-based user-experiences for | the most part. | anderspitman wrote: | Solid is just the technical part. You're also going to need the | regulatory part that says it's illegal for a company stores | data after you revoke access. | | But the technical part is still necessary. | woudsma wrote: | I attended the presentation of Tim Berners Lee at MozFest 2018 | where he outlined the Solid Project, and I've been waiting to see | this project evolve. I'd like to see some more documentation and | a 'get started' kind of tutorial to make this pretty abstract | concept understandable. Looking around the project pages doesn't | give me much incentive to start using it yet. | | I'd love to see a 'Solid for dummies' kind of approach in the | documentation, things are quite technical still. Some easy to | understand examples would be nice! | sharathr wrote: | Love the idea but how does Solid prevent any malicious actor from | over time replicating all the data that user authorize into a | centralized repository - in this case, it only makes it even | easier for data consolidation. | Vinnl wrote: | In my (personal) view, Solid is technology that enables service | providers to put you in control of the data, not that forces | them to do so. In other words, it's just part of the puzzle, | where the other part is e.g. customer demand or regulation. | stefanha wrote: | Do pods support queries or just HTTP GET/POST/PUT/DELETE? | | Queries are important for performance. They avoid transferring | all data over the network from the pod to the application. | | Although it's possible to define an open index format (metadata | built from the actual data), it's probably still less efficient | to access and also tricky to update without race conditions, data | corruption, etc. | hezag wrote: | This post[0] by Ruben Verborgh helped me understand the problem | Solid is trying to solve: | | > _In December 2019, Google and Facebook proudly announced a | major milestone, which was echoed in news media all around the | world: it is now possible to copy a picture from Facebook to | Google Photos. This news came in mere months after we celebrated | the 50th anniversary of another technological feat: the moon | landing of 20 July 1969, when millions of households witnessed | Neil Armstrong take a giant leap for mankind._ | | > _So let me get this straight: two of the largest tech companies | in history make headlines because in 2019, they move a single | photo over the whopping distance of 11 km it takes from the | Facebook headquarters in Menlo Park to the Googleplex in Mountain | View, whereas in 1969, we sent live video signals from 380,000 km | away on the actual moon?_ | | > _If those two companies, both widely hailed as pinnacles of | technology, genuinely consider this to be innovation they are | proud of, the only logical conclusion is that data-driven | innovation today is fundamentally broken._ | | > _The problem is widespread and not limited to technology or | social media. Any sector that requires personal data to deliver | services, from retail over insurance to health, suffers from the | damaging effects of siloization. Companies increasingly need more | access to data, but they won't get there if they keep on | collecting that data themselves._ [...] | | 0. https://ruben.verborgh.org/blog/2020/12/07/a-data- | ecosystem-... | mfer wrote: | Solid seems like a great technological idea. It empowers people | to own their data and give others and apps access to it. This is | empowering. | | But!!!! people want useful things. Things that help them solve | problems so they want to pick up those things. Solid is lacking | these solutions right now. | | Where is my todo list, contact app, calendar app, and so forth... | all built on solid? This is an opportunity. But, until these | kinds of the solutions exist for solid it's going to stay as a | neat technology that's not bridged the gap to be useful. | ocdtrekkie wrote: | Indeed, I feel projects like this can invest for years on | platform, but fail to foster or develop the core useful apps | people want to use. Ultimately, if your platform lacks that, | few people will invest long enough to bring those apps from | third parties. | Vinnl wrote: | There's definitely not many Solid-supporting apps at the | moment, but as for the todo list, there is | https://noeldemartin.github.io/solid-focus/ | angst_ridden wrote: | What Solid really needs to do is create a page that I could show | to my nontechnical friends where it explains _how_ it works and | _what_ services /sites support it. Without those two things being | front and center, I can't see Solid being anything more than a | niche interest for technical folks. | zepatrik wrote: | I think the problem there is that there is not much to show. | But it will require that page at some point. Maybe it would | help now as well as managers and other "decision makers" might | understand it more. And they have to implement it in the end | right? | kthejoker2 wrote: | I think something like this makes sense at some # of users closer | to 10-20, or maybe even higher numbers, kind of monkeysphere / | Dunbar's number level. | | That is, a smaller group of people (an extended family, a | neighborhood street, a collective ... fine, a cult) band their | resources together to pay for pod hardware to realize some | savings / distributed back-up, and have "edge" apps for trusted | sharing within the pod, and then P2P (pod-to-pod?) apps for | sharing outside the pod. | | Right now, the economics just don't quite make sense. | passive wrote: | If this were to take off, I would expect to see some | governments offering it to all citizens, both to support | whatever digital services they provide, and as a tool for | helping users manage their privacy. | azinman2 wrote: | Exactly what I want in my tech... gov control of my data, | combined with gov-paced innovation... | oakfr wrote: | How would governments finance this? Developing these | offerings with the quality of service of the GAFAM (which | users take now for granted) costs a fortune (financed by | advertising in practice as of today). | Vinnl wrote: | Such as that of Flanders, for example: | https://inrupt.com/flanders-solid | ocdtrekkie wrote: | I absolutely think the self-hosting story definitely only works | for the widespread world if those of us capable of self-hosting | provide services to less-technical users we know. | egypturnash wrote: | Every now and then this gets shared again and every time I am | struck by what a terrible job the front page does of explaining | what Solid is and why anyone would want to use it. Like, okay, | yeah, "control my own data" is a nice pitch in this day and age I | guess, but... what can I do with it? "Any kind of data can be | stored in a Solid pod, including normal files like you might | store in Google Drive or Dropbox" - that sounds kinda useful, | where's the link to SolidFile? _Is_ there even a SolidFile app or | is that just a thing someone _could_ make with this protocol? | | Hell, where's the front page link to check out the list of _any_ | apps using Solid? It 's like two or three random clicks to find | this page (https://solidproject.org/apps) if you are curious, and | it's super uninspiring - why does one of the apps in the | "Showcase" section at the top not even have a _description?_ | | Solid always just feels like a solution looking for a problem. | TimTheTinker wrote: | I'm in the early stages of bootstrapping a SaaS app that | prioritizes security and privacy. For my business, this would | be _great_ : users are far more likely to trust an app if the | app won't be storing any of the application data itself -- if | they can choose their own data hosting provider. | | Google Cloud Drive, Box, and others already allow this kind of | model to an extent. Third-party apps can access and modify user | data hosted there, although not through a standardized API. | NearAP wrote: | You're right. It is still not clear to me what/how this will be | used (I think I have an idea but not sure; the front page | should have made it quite clear). | | It would have been great if they had described a target use- | case right there on the front page. | | The writeup seems to be targeting developers but it looks to me | like the product is for the public (end-users). The site | doesn't seem to have done a good enough job linking both of | them. | whoisstan wrote: | How would querying the data work? Will a pod provide querying | capabilities as well? Example use case would be finding all | pictures around a certain location. It "seems" unavoidable that | certain data still has to be at a service provider since they | enrich the original data. How would that work? | natural219 wrote: | Has anyone built anything with this yet? | hackpert wrote: | Last month, I was working with some people on building a | decentralized health data store for vaccine waitlists (a la | Mailbox) and certificates and we were looking at Solid as one | potential backbone. I really admire what they're trying to do. | However, as some other people have observed, their example | applications are quite awful and not very useful(?) and they seem | to be marketing it to end users, not developers. In my | experience, most end users do not care about privacy and security | until 1) they either lose a lot of money or other valuables 2) | some hacker comes knocking on their door for extortion and they | lose a lot of money or other valuables. | | It would be so much better if they just made it so easy and | simple for developers to use that it becomes their default, and | not rely on hope that end users will suddenly start using | decentralized apps in the name of privacy. | dreamling wrote: | I haven't looked into it for a couple years, I was initially very | excited about the concept. TLDR: Unless the user | experience/accessibility/hosting experience is improved, I just | couldn't suggest anyone use it. | | Last time I really dug in the user interface and accessibility | concerns were not great. | | I understand the idea was more about the data handling, and that | anyone could produce something based off the framework but I had | all sorts of issues with the login tokens/usability. (ie, if you | logged in with the wrong cert it didn't have an easy way to clear | it, and would 'log in' to an error page. ect. ) | | as far as I can tell, each pod/data host can run different | versions of solid, so your experience may vary between them. You | can self host as well. | | I'd have to dig in again to see if things have gotten better, but | I don't have time at the moment. on quick look, some of my data | sites are no longer working. oh! link says it was shut down in | oct. https://lists.w3.org/Archives/Public/public- | solid/2020Oct/00... | | That said, the community was pretty nice and willing to answer | questions. | | Maybe things have improved? | | I was hoping that maybe they'd start using DAT as well, because | it seemed like it might be nice to dovetail with some of the | beakerbrowser/distributed web stuff going on. re @pfrazee | dreamling wrote: | quick followup, after checking my old links and making a new | sign up. it does seem like the inrupt.com pod has a bit better | /more up to date design. Accessibility, while not perfect, does | seem to be improved. (quick WAVE tool check) | | Things are still fairly confusing for new users though. And | some how tos I wrote down from then no longer work. Which is | not the worst thing, as some of the tutorials required you to | hover over and wait to be able to edit things. | | Much easier to look at though. ymmv | | for historical/hysterical reference, I uploaded my old solid | adventuress file, it is not up to date, and some of the css is | not always showing the right colors, ect. | | but you can see some of the directions I was looking into then: | https://pod.inrupt.com/metahari/public/solidnotes/SolidAdven... | peterburkimsher wrote: | I like the concept of Solid, and proposed it to the BeWelcome | community (who are running a hospitality exchange network like | CouchSurfing, but free). | | Although Solid is a better technical idea, I'm not sure how the | migration from PHP/MySQL would work. Nobody on the Solid forum | replied to my post asking about it. Another guy, Chagai, is | pushing for Matrix and the fediverse. Ultimately, there's many | great technical ideas, but the real solution doesn't lie in | writing code - it's in building the community. | | Therefore I'm trying harder to create more activity in | BeWelcome's existing community (which is hard when nobody's | travelling), like an online meetup every Thursday. If it gets | critical mass, I believe it could be as widespread as Wikipedia | or OpenStreetMap (which it models in org structure). I wish that | Solid could be a part of it, but that requires active developers, | and currently it's hard enough to find someone willing to make an | API or native iOS app, never mind a breaking back-end change that | people aren't asking for. | azinman2 wrote: | This project is doomed in isolation. It needs to be coupled with | at least one major popular/killer service, and preferably more | than that. Plus make that as easy as uploading data to "the | cloud," and as transparent, plus "free" to meaningfully compete. | | Right now it just looks like technology in search of a problem. | kevincox wrote: | Reminds me of https://remotestorage.io/ which I have used in a | (mostly personal) website. I like that I can provide a service as | a static website, and users pay for, manage and have control over | their own storage. One of the things that could help it bootstrap | is that they also support client-side Google Drive and Dropbox | shims, so users who want to use something else can, but most | users will just use one or the other. | | There are downsides though. | | - The API may be less than ideal for some use cases. This can | make a well-performing app hard. For example there is no | relational-sql API. | | - You can't migrate user's data. So if you make changes to the | format you need to retain backwards compatibility "forever". | | - If you want to provide "discovery" or cross-user features you | will need to have your own storage anyways. | anderspitman wrote: | I actually started working on just such a shim yesterday. The | idea is to represent all major cloud storage through a single | simple frontend API. You have to implement each provider's | OAuth flow, but once you have the files it's pretty much the | same. | | Dropbox, Google, and my own protocol[0] will come first, but | Solid is planned eventually. | | What I've learned so far: | | * Google is extremely draconian unless you use their JavaScript | picker. To really integrate nicely you would have to spend at | least $15000-$75000 getting your app audited by a 3rd party. | | * Dropbox picker integration is very easy and slick. | | [0]: https://github.com/gemdrive | foolinaround wrote: | a project with similar goals is Sandstorm.io | | i plan to check it out soon.. | [deleted] | yiyus wrote: | From a quick look at the site and a quick look at perkeep's site, | both projects look quite similar. Could anyone with some | experience comment on their differences? | dang wrote: | If curious see also | | 2019 (a bit) https://news.ycombinator.com/item?id=20017493 | | 2019 (a bit) https://news.ycombinator.com/item?id=20617506 | | 2018 https://news.ycombinator.com/item?id=18100895 | | 2018 https://news.ycombinator.com/item?id=16355311 | | 2018 (a bit) https://news.ycombinator.com/item?id=18119227 | | 2016 https://news.ycombinator.com/item?id=12280764 | | Others? ___________________________________________________________________ (page generated 2021-02-01 23:00 UTC)