Why is this web 3.0?
Is this essentially a Domain controller for the internet for each user and their web facing data?
How secure are the ACLs for the users data, what stop someone from logging onto the seemingly centralized DB2 or MSQL db and changing a users ACLs for all their web data that is now in one pod?
Am I missing something. Is is possible to chose what countries a Pods data is limited too?
I’d ignore the “web 3.0”, it’s mostly marketing BS, and easy to confuse with “web3”, which gets more hyped. Roughly, people are trying to use “web 3.0” for projects using RDF, which Solid uses. (And “web3” is roughly blockchain-related, which Solid is not.)
I don’t know what a Domain controller is.
ACL are not implemented by all Solid server software yet, unfortunately, but they’re basically as secure as the software implementing them is, although I guess the fact that they’re pretty hard for users to understand doesn’t help. But yes, a server administrator can (today) read all non-encrypted data stored on that server, and I’m not aware of any apps yet that encrypt the data sent to the Pod (and that would also conflict with the spirit of Solid, as far as I’m aware). But the “seemingly” in “seemingly centralised” is relevant, because you can host your own server and then you’re the server administrator.
I’m not sure what exactly you mean by limiting data to a country. There’s not currently any specification that specifies how apps can tell a server to limit data access to a country, though a Solid server could implement that (but none currently do).
3 Likes
As @Vincent said, Solid isn’t “web3”, that term was co-opted by the blockchain/cryptocurrency community and they actually do very little that’s actually web based, they just wanted a neat name that built on top of the idea of “web 2.0”.
Solid is just a different way of building apps; Yes, at the end of the day, data is stored somewhere (it has to be), but rather than data being stored in per-application databases where your user data is all mixed in with everyone else’s, in Solid, your data is stored in your pod. Yes, in theory, the storage provider could access, mutate, or otherwise interact with your Pod data, so instead you have to largely work on trust. Alternatively, you self-host your pod via an open-source server such as node-solid-server or community-solid-server (newer).
Additionally, a pod provider who’s found to mess with your data is probably going to get people to review them badly; there’s also processes teams can put in place to ensure that unauthorized access isn’t allowed (e.g., ESS from Inrupt does a lot of encryption of data in transit and at rest using security keys that aren’t accessible to those with access to the servers: Encryption — Inrupt Enterprise Solid Server)
Perhaps it’s best to see Solid as a stepping stone towards a more decentralized web, with more user control over their data, less mass data collection, more interoperability, etc.
3 Likes