Big Tech is violating internet users’ privacy on a large scale
One does not have to look far for examples of Big Tech firms violating users' privacy. These range from Facebook leaking information on millions of users' accounts to Cambridge Analytica, to Google 'accidentally' collecting unprotected Wi-Fi data through street view cars, and more recently, Amazon silently tracking every move on the Kindle app. Suffice to say, this is not the web sir Tim Berners-Lee (TBL) envisioned when he created the World Wide Web three decades ago. Fortunately for us, TBL has not yet given up on his original vision, and, in the last few years, he's gained newfound attention for a number of initiatives to correct the wrongs he sees in today's web. Recently, he helped launch the Contract for the Web, a plan to "make our online world safe and empowering for everyone," which has now been signed by more than a thousand companies.
Solid: storing user data on private and secure ‘data pods’
TBL's efforts extend beyond petitions. Three years ago, he launched the Solid project to give users back control over their data. At its heart, Solid provides a web specification, a standard that describes the construction of ‘data pods’. These are essentially internet-connected hard-drives with an API. Solid-enabled applications are able to store a user's data in that user's own pod rather than have to provide their own central storage. According to the Solid team, this would make it easier for developers to build applications as they no longer have to manage central infrastructure for storage. Furthermore, this shift gives users full oversight and control over their own data. Around this specification, members of the Solid community have built tools to instantiate pods: easy-to-get-started pod-hosting services for users and libraries to build solid apps for developers.
Can Solid challenge the Big Five?
Some of the claims surrounding Solid are quite bold. According to Inrupt, a provider of pods, Solid "underpins a movement," and it, allegedly, "provides a platform for the next generation of truly empowering and innovative applications." But how far is the Solid project really? Is it currently posed to challenge the big 5–– Apple, Google, Microsoft, Facebook, and Amazon?
Exploring Solid with Bit
In September 2019, SURF began a project, ‘SURF Safety Pod,’ with the consultancy group Bit, to explore the future of privacy and autonomy on the web. During the project’s research phase, SURF decided to dive into Solid, to see what Solid could mean in practice. This article was written on behalf of Bit to summarize and share our findings with the SURF community. A version with more detail can be found on the Bit website.
Too immature to use at scale…
As we began exploring Solid in practice, we came to the conclusion that Solid is still too immature to use at scale. We identified 3 major hindrances preventing Solid from being used at scale.
1. Incomplete Specification
The most glaring limitation is that the specification which underpins the entire Solid ecosystem is incomplete. Large swathes and entire sections are missing. On the positive side, the Solid team is quite transparent about its progress and has set milestones for completing these sections. However, these milestones are not timeboxed, and recent commits on the specification’s GitHub page reveal that this problem is getting little attention. This is a concern because missing specification means certain functionalities cannot yet be implemented, and certain use cases can simply not be realized. This brings us to the next point.
2. Missing Features and Scope Creep
In our project with SURF, we wanted to explore the role friction has on influencing individual's decisions to share personal data. The key functionality we were interested in giving users was fine-grained control over what information they could share and with which parties. We quickly came to a serious obstacle: Solid currently does not allow for granular control over permissions: as a pod-user, you can only choose between sharing all of the data on your pod, or nothing at all. In light of the incomplete specification, it’s perfectly natural for certain functionalities to remain on the back-burner. However, what is concerning is the ratio of missing features to active members of the Solid team. The Solid GitHub hosts roughly 8 repositories for every member of its core team, which means Solid is highly reliant on open-source contributions. Although this emphasis on the open-source community is laudable, it is risky in that open-source contributors have a significantly smaller investment and can back out of commitment much easier. Solid is at risk of having taken on too many issues and use cases at the same time, a classic example of ‘scope creep,’ which leads to the third point.
3. Lack of Attention for End-Users and Front-End Developers
In particular, Solid has focused on catering to developers, the expectation being that creating a powerful development environment will encourage external developers to implement the use cases that are valuable for pod-owners. The first risk already mentioned is that this approach may breed overreliance on the open-source community. What’s more, this emphasis on developers may come at the cost of the other end-users: pod-owners. If you sign up with a pod-hosting service like Inrupt, you’ll gain access to an almost unnavigable and quite buggy interface. Arguably, this is less of a concern while the project is still immature. However, this is an example of what Ruben Verborgh, a member of the Solid project, has detailed on his own blog: that Solid has given too little attention to the front-end experience for both developers and users. The Solid ecosystem will be nothing without pod owners. To attract these users, the experience for pod-owners should be seamless.
… but it is worth it to remain hopeful
All in all, Solid is far from complete. Then why has the Solid team released such an incomplete initial product? We believe it again stems from their focus on the open-source community. By having shared their product earlier, even if in an incomplete form, the team gets a chance to develop Solid with the community and to gain more feedback and input. Unfortunately, the result is that Solid has gotten media attention that perhaps does not accurately capture how far its development is. Solid may not be ready yet, but for an initiative as audacious as Solid is trying to be, we can afford to be patient a little longer. We have enough need to remain hopeful.
About Bit
Bit is a prototyping and consultancy firm of 50 young tech talents (mostly students!), and we are on a mission to fast-forward the impact of emerging tech. This we accomplish by organizing projects like ‘SURF Safety Pod’ with established organisations to investigate tough problems and prototype novel solutions.
0 Praat mee