The problem isn't technical but relates to the tendency and reflex of essentially every big company to not want to work with their competitors. Federated identity protocols have existed for quite long and as long as they've existed, companies have declined using them properly. I remember playing with OpenID as early as 2007.
It's successor, OpenID Connect is actually widely used. But with one important caveat:
None of the big identity providers actually accept each other's identities. Like literally none at all. You can't log in with your Google account to a Microsoft service and vice versa. Or Apple. Or Meta. Or X. Or whomever. That's because they all want to "own" your account and control where you are going. Which is why you need many accounts instead of just one.
If you had just one account, you could do sane things like add multiple layers of security and some sane fall backs. Including maybe some delegating to some legal representative if you are ill or incapacitated. Ideally, you should be able to use your government issued passport to prove who you are and recover your identity. A passport is a government issued paper assertion that you are who you claim you are. Anything important in life, you kind of need such a strong assertion for e.g. getting bank accounts, international travel, buying real estate, etc. And while they can be forged, it's getting pretty hard these days. That's a lot harder than getting your hands on some passwords.
Why do we settle for less protecting our online accounts?
The weird thing is that where I live, someone knowing your social security number can buy your medications in the pharmacy. My parents do this for me and all they need is the number, not even the card, the number is enough. I never had to provide any form consent either. It is scary. What do I do if I do not want them (or anyone else) to be able to do this?! I have no idea where to begin. Call up all the pharmacies in a radius? That is not going to work. Cops? Doubtful, or too late.
It's nice when a technical solution exists for a people problem, but as much respect as I have for both Sir Berners-Lee and Schneier, I don't think this is one of those instances.
The rights of individuals come into conflict with the interests powerful organizations precisely at the points in which the great documents deem it necessary to enumerate them as rights: this is by construction.
Whether you are reading the Bill of Rights or the Universal Declaration of Human Rights (or in a sense, the Magna Carts) the themes are around personal sovereignty, presumption of innocence, ownership and disposal of property, freedom from surveillance and coercion and other abuses of power. This is because absent such norms and their enforcement by principled leaders, the powerful in general find it in their interests to infringe the rights of the less powerful.
We are at such a moment today: the consolidation of power in the hands of unaccountable organizations and the capture of institutions by the unprincipled has met an explosion of activity and possibility in the digital realm, but it is not unique to it.
This is usually solved by violence, sometimes blessedly by negotiation, but it is always solved: once the wishes of ever smaller in number choke out the hope and dignity of the ever larger in number to sufficient degree: change happens as surely as winter turns to spring.
This really captures something important about how power operates across different eras you're drawing from some heavy hitting historical precedents.
I'm curious about the full sweep of political philosophy (Magna Carta through UDHR), it feels like it has something to inform us about people problems vs. technical problems.
That final image about seasons changing is quite evocative, really drives home the cyclical nature of these power struggles. A technical standard cannot prevent blood shorn for man's freedom.
> This is usually solved by violence, sometimes blessedly by negotiation, but it is always solved: once the wishes of ever smaller in number choke out the hope and dignity of the ever larger in number to sufficient degree: change happens as surely as winter turns to spring.
A friend of mine urged me to read 'War and Peace and War', Peter Turchin, last year. It's essentially a book-length confirmation, with examples, of your final point.
My reading of their comment: A piece of paper (or bit in a computer) means nothing if the person who wants to take your property puts a gun in your face.
I think this is a problem with most blockchain solutions. They purport to replace existing societal controls, but depend on them to actual enforce anything. So you are left in the situation where either traditional solutions work so why bother with a blockchain, or traditional solutions aren't working, in which case the blockchain isn't worth the imaginary paper its written on. Either way, the blockchain solution is worthless.
Edit: i commented before i rtfa. Shameful i know. Appearently this is not a blockchain thing. I still think most of my comment applies.
I notice you just blew right past my preferred outcome of negotiation: is it so unlikely that the current elite might negotiate to keep their position rather than lose it in bloodshed?
How does solid solve the social problem of what happens to copied data once it leaves the user's control?
>Users can specify who has access to what data with granular precision, using simple statements like “Alice can read this document” or “Bob can write to this folder.”
After this Alice and Bob have a copy of the data, and you end up still having to solve the social problem of preventing Alice and Bob from abusing their copy of the data by selling it to data brokers.
Solid would only work to centralize the attack surface. You now have one centralized data store with all the information about a person, and all tech giants would employ every dark pattern to extract this data. This is not an improvement, considering that every digital citizen has undergone years of conditioning to ignore permission requests.
In the article, it is mentioned that « we can grant temporary access to cardiac-related data » (paraphrased). This is where it gets difficult: how am I to know that some data is cardiac-related or not? Is it important to share my thyroid levels or not? This is a very difficult problem. I wouldn’t know what to share for medical history.
I’ve been thinking about confidential data sharing in the food supply chain. Imagine using Solid pods as user-owned vaults for provenance docs and contracts under WAC, paired with Matrix’s federated E2EE messaging (via Solid WebID-OIDC SSO) and archiving chats/attachments back into your pod—yielding a fully decentralized, data-sovereign collaboration.
I see this Schneier's post as serving partly as business promotion of Inrupt, which feels different from the more neutral tone of his earlier essays. From readers like me, who have followed his public commentary extensively, the post creates a kind of dissonance. I expected a more open exploration of this vision.
From what I have seen about this it's all tied up with academic research projects, and if there is one group of people with absolutely no sense for engineering, it's modern academics. They seem to not get that software that can be used for some commercial application (i.e. something that serves some actual user) is much more important than software that can pad your resume.
Readit News
It's successor, OpenID Connect is actually widely used. But with one important caveat:
None of the big identity providers actually accept each other's identities. Like literally none at all. You can't log in with your Google account to a Microsoft service and vice versa. Or Apple. Or Meta. Or X. Or whomever. That's because they all want to "own" your account and control where you are going. Which is why you need many accounts instead of just one.
If you had just one account, you could do sane things like add multiple layers of security and some sane fall backs. Including maybe some delegating to some legal representative if you are ill or incapacitated. Ideally, you should be able to use your government issued passport to prove who you are and recover your identity. A passport is a government issued paper assertion that you are who you claim you are. Anything important in life, you kind of need such a strong assertion for e.g. getting bank accounts, international travel, buying real estate, etc. And while they can be forged, it's getting pretty hard these days. That's a lot harder than getting your hands on some passwords.
Why do we settle for less protecting our online accounts?
The rights of individuals come into conflict with the interests powerful organizations precisely at the points in which the great documents deem it necessary to enumerate them as rights: this is by construction.
Whether you are reading the Bill of Rights or the Universal Declaration of Human Rights (or in a sense, the Magna Carts) the themes are around personal sovereignty, presumption of innocence, ownership and disposal of property, freedom from surveillance and coercion and other abuses of power. This is because absent such norms and their enforcement by principled leaders, the powerful in general find it in their interests to infringe the rights of the less powerful.
We are at such a moment today: the consolidation of power in the hands of unaccountable organizations and the capture of institutions by the unprincipled has met an explosion of activity and possibility in the digital realm, but it is not unique to it.
This is usually solved by violence, sometimes blessedly by negotiation, but it is always solved: once the wishes of ever smaller in number choke out the hope and dignity of the ever larger in number to sufficient degree: change happens as surely as winter turns to spring.
I'm curious about the full sweep of political philosophy (Magna Carta through UDHR), it feels like it has something to inform us about people problems vs. technical problems.
That final image about seasons changing is quite evocative, really drives home the cyclical nature of these power struggles. A technical standard cannot prevent blood shorn for man's freedom.
Important to keep them in circulation in my view.
A friend of mine urged me to read 'War and Peace and War', Peter Turchin, last year. It's essentially a book-length confirmation, with examples, of your final point.
Schneier's solution is bad and violent revolution is most likely the answer?
It's difficult to really parse your reply.
I think this is a problem with most blockchain solutions. They purport to replace existing societal controls, but depend on them to actual enforce anything. So you are left in the situation where either traditional solutions work so why bother with a blockchain, or traditional solutions aren't working, in which case the blockchain isn't worth the imaginary paper its written on. Either way, the blockchain solution is worthless.
Edit: i commented before i rtfa. Shameful i know. Appearently this is not a blockchain thing. I still think most of my comment applies.
It doesnt have to be violent, can also just be civil disobedience Gandi style and/or create parallel system as the parent article is recommending.
>Users can specify who has access to what data with granular precision, using simple statements like “Alice can read this document” or “Bob can write to this folder.”
After this Alice and Bob have a copy of the data, and you end up still having to solve the social problem of preventing Alice and Bob from abusing their copy of the data by selling it to data brokers.
Solid would only work to centralize the attack surface. You now have one centralized data store with all the information about a person, and all tech giants would employ every dark pattern to extract this data. This is not an improvement, considering that every digital citizen has undergone years of conditioning to ignore permission requests.
[1] https://graphmetrix.com/trinpod-server
I wonder if this would work