Decentralization vs centralization in the context of Solid


#1

Any thoughts about the impact of centralisation vs decentralisation.

Here’s an article on this theme to kick off the conversation https://ruben.verborgh.org/blog/2017/12/20/paradigm-shifts-for-the-decentralized-web/


#2

That is a great article by @RubenVerborgh. Thanks for sharing it, @MitziLaszlo. Very thought-provoking and I would say its an excellent primer for introducing people to these ideas. Sharing it widely on social media over the next few days…

One question that this does bring up and I was talking about this yesterday with @45H is how to deal with rogue apps that don’t abide by Solid norms. For example, I might agree to a wellness app having access to some of my basic health data and its developers might then make a copy of that data, associate it with me, and sell it to my insurer. As apps becoming easier to build in a world where data and apps are no longer fused, we are likely to see much more competition and a kind of Wild West frontier.

The question this raises is whether that will in turn require some sort of app certification process and if so how centralized might something like that be? Would the verification be crowdsourced or tightly controlled like the app markets controlled by Google, Apple and Salesforce?


#3

At that point, it becomes a legal matter.

Solid’s purpose is to limit the amount of information apps can see, through very granular permissions, and to revoke access once they are not allowed to see it anymore. However, information is digital, so whatever can be read can be copied. (There’s homomorphic encryption, but that currently wouldn’t provide enough information to build the kind of app you want.)

Another option is that apps run locally, in a sandbox. Then you can prevent them from calling home.

But this shows that the Solid idea is not a purely technical matter, and our most pressing challenges might even not be technical ones. Technology is important, but there are more facets to the solution.