[eivarv]

Interesting in a technological sense, but what problem it solves isn’t obvious to me. It lets me granularly authorize first party access what data I have in my pod, but there can’t be any technical guarantees with regards to illegitimate sharing or otherwise copying (many might at least cache, for instance) – nor about what is collected and shared outside this system.

I keep seeing data-hubs and identity-providers touting themselves as solutions to the web's privacy issues, but I don't see how they actually solve anything.

It seems like an attempted technical solution to a social problem to me.

The real problem with data based services (ads, Google search, etc) is really that a bunch of data is collected opaquely, unethically, and in some cases illegally. The whole system including data brokers and real time bidding is out of control.

[pwdisswordfish5]

It's partially related the webmail-vs-IMAP problem: direct access and control over your data.

An example: There is a pending suit that will ultimately be settled with an insurance company by the courts. Crucial to the case is data collected by a mobile app that helps establish some relevant facts. The incident in question was >1 year ago, and we're going to move forward with the case this week (originally planned for last spring but put off due to COVID). Yesterday, I logged in to the site associated with the app, and it threw up a screen that cannot be dismissed, in the style of "please take care of <these issues with your account> before you can proceed". This is an account which is nowadays dormant, and there is in fact no way to take care of these issues. I dug out my old phone in an attempt to access the records in-app and take screenshots for the benefit of the court. The app itself had had an update released, and the records are now inaccessible, because the old version of the app is treated as an obsolete client. Fortunately, I'd already earlier exported all the data I could readily get my hands on—so the only thing I'm giving up are those screenshots that I determined in a last-minute decision would be helpful as supplemental resources—but this could have been a problem for someone who's never heard the phrase "move fast and break things" and who took it on faith that all this stuff wouldn't just disappear underneath their nose for seemingly no good reason.

If we transition to a world where apps are always writing to (and pulling from) data stores that are under your control, then this would be a total non-issue, even for people less paranoid/guarded than I was. The truth is that there are social hurdles, but there are technological hurdles, too, and dealing with the technological part is a precondition to society being able to be effective in doing its part. People can't solve problems with solutions that don't exist.

[Vinnl]

In my (personal) view, it's the technical part of a solution that definitely also needs to have a social/legislative component. It cannot prevent parties from illegitimate sharing of my data, but it does give them the option to hand over control to me. There are lots of companies that currently hold data on us but for whom that data is not their primary competency, and they only need a small nudge (like GDPR) to make having the customer responsible for that data an attractive proposition.

[eivarv]

You might be right, but I think it's disingenuous to market it as though this "solves privacy". Worst case, people are lulled into a false sense of security.

Data-storage + authorization doesn't solve any (new) technical privacy-issues; this is "data protection" rather than "data privacy" in my book.

[westurner]

While I recognize the value of W3C LDP and SOLID, I also fail to see anything in SOLID that prevents B from sharing A's now pod-siloed information.

Does it prevent screenshots and OCR?

So it's in standard record structs and that makes it harder for the bad guys?

Who moderates mean memes with my face on them?

It is my hope that future Linked Data spec tutorials model something benign like shapes or cells instead of people: so that we can still see the value.

[cxr]

Laws still exist against things like perjury, even though the existence of the law is not a technical means in itself able to prevent perjury. Note that one of the comments upthread specifically mentioned legislation. The current notion that many people in the tech world have, which roughly states that what determines whether something is kosher is whether it's technically possible to accomplish, is something that needs to change, instead of things just staying a permanent Wild West forever.

There's also an old phrase that putting locks on your doors doesn't actually stop a determined attacker, but that it's okay because they're not meant to—that they're meant to "keep honest people honest". It's a principle that applies here.

[westurner]

No, there are few to no actual privacy improvements over centralized systems.

Perhaps even functional regression: what, are you going to run a hash blocklist across all nodes? Like spamhaus? Is there logging or user accounting? Is anything chain of custody admissable, or are we actually talking about privacy and liberty here?

Is everything just marked, "not for unlimited distribution"? And we dwpend upon there not being bad actors?

Real costs are very different with just friendly early adopters.

Cryptographically signing posts (with LD-Signatures) may help with integrity, but that can be done with centralized systems and does nothing to help with confidentiality.

What about availability? Is it a trivially-DOS'able system?

[alisonkisk]

Who is marketing it as "solving privacy"?

[kvark]

Maybe we need a quantum leap in technology first? Operating on data that can't be immutably copied (i.e. quantum state) opens up interesting possibilities in privacy space.

[BlueTemplar]

How? The 3rd parties will still need to copy the data, even temporarily, to be able to do anything with it.

[kvark]

If I understand correctly, that's the point. Nobody should be able to read or copy your data without permission.

[BlueTemplar]

Again, the issue is that once you did share (= sent to) the data once with anyone, you don't have any technical control over what might happen to it (see the pirate bay as an example).

Quantum anti-tampering isn't going to help here, where it's your interlocutor that is the one that can't be trusted.

[monksy]

Depends on what the data is and if the aggregators can understand it.

You could have the model where the silo produces encrypted blobs and the end client can read it. (What's stored and connected is nothing but encrypted blobs)