[pents90]

How do you grant a company access to your data but prevent them from storing it? And how does it apply to data a company generates about me? For example, if I listen to songs on Spotify, are they supposed to somehow not store it, but still give me recommendations?

[gnarbarian]

>How do you grant a company access to your data but prevent them from storing it?

Outlaw it.

>And how does it apply to data a company generates about me?

You store it on a server you control, then provide access to 3rd parties. This is how https://urbit.org/understanding-urbit/ is setup to work.

[pents90]

Ok, so it’s more of a legal framework than a technological one.

[Vinnl]

I see it as technology that enables the legal framework.

[monksy]

If you don't want them to know what it is, encrypt it. Even if they store it, it's not much use.

If you don't want them to keep it, find a way to invalidate it. (This would be for where the read key is time sensitive.. not sure how to make that work)

[chrisseaton]

> Outlaw it.

Companies always follow the law.

[treis]

I think the privacy angle is misguided. Most people don't really care about it. Even moreso for stuff like what songs did I listen to on Spotify.

The better angle is that we're becoming digital serfs. Google decided that they didn't want Google Music to exist anymore and poof went my listening history and playlists. Any service that I use today can do the same thing. If that data were stored somewhere I had access to I could have imported it in to Spotify.

This is an area I think Amazon or CloudFlare could step into. Sell consumers a NAS type box that keeps their data local. Sell companies on Lambda/Workers @ Home and have their applications run on that NAS.

[monksy]

> If that data were stored somewhere I had access to I could have imported it in to Spotify.

At the moment we've been pushing services in the wrong direction to create their own schemas. However, we may win back control with standards on this one.

But yes, the idea is that you are able to remove the control they have over the data you've produced. It's such a terrible arguement to claim they own the data. (Also, why do they need to control that other than to try to prevent you from leaving)

[cxr]

People do care about privacy, it's just that they have Snapchat-style privacy concerns, not the hypothetical ones that technologists tend to talk too much about. You're right that people don't care about YouTube having access to their stuff; they care about people having it—people like Regina, or their manager (or Regina, their manager). The whole "digital serfdom" concept is as abstract of a concern (and in the minds of many, as irrelevant) as the classic surveillance capitalism arguments that you're putting down, even if the digital serfdom concept is accurate. People just don't care about anything that isn't an immediate concern.

[nhumrich]

If you are asking how it would be technically feasible, there are essentially two ways at the top of my head. 1. End to end encryption. They store your data, but without your password, its encrypted in the db and useless. 2. You pass all your data in every request, like a sqlite file or something.

[ocdtrekkie]

To me, this is the major flaw with Solid: Why use a third party's service at all? Why should your apps and your data be on your own server? Sandstorm and Cloudron already do this, and make it user-friendly to install, remove, and share web apps with people from a private space. Furthermore, Sandstorm also assumes apps are malicious, so it is relatively safe to install proprietary apps on-device and still prevent data exfiltration.

There are very few types of apps which truly need a third party server to work.

[throwaway2245]

>if I listen to songs on Spotify, are they supposed to somehow not store it, but still give me recommendations?

This is perfectly possible.

In your example, Spotify could store the data they needed for their recommendation algorithm in aggregate form so that any link to a person was destroyed and not reversible.

And then make recommendations by running that algorithm on your locally/privately stored data, with no loss of functionality.

As such, a recommendation algorithm does not technically benefit from storing your personal data, at all.