When I looked at IPFS, briefly, over a year ago, encryption was not (yet) supported and was raised in that community as well. I haven’t checked since or now but I think if a future NSS can have the option to write to an encrypt-able IPFS node that would be my preferred solution as encryption would be completely transparent to NSS.
Encrypting/decrypting content on client side only would be safe, right? Downside is that there would need to be a separate mechanism to deliver decryption key to all parties who have access to content.
There is no reason why non-technical people can’t setup their own POD if it is designed with them in mind.
I have no idea how my TV works, but have no trouble using it.
I have no idea, how MS Windows code works, but have no trouble using my laptop.
I have no idea how my radio works, but have no trouble turning it on and tuning to a radio station.
I have little idea how a car engine works, but I have passed the advanced driving test.
So complicated technology is not a problem provided design makes it easy for people to use.
That is the real challenge for those designing Solid.
4 Likes
I agree with all this [cough] but am skeptical that this is how things will develop because there are other models already changing things.
Firstly we have the centralised service model which is of course what we are trying to change. So we require businesses to develop a decentralised alternative along the lines you suggest, and to be able to compete and take business away from the already powerful entrenched incumbents.
I don’t accept that because it happened with TVs and cars etc it will inevitably happen with pods. How would you have created a centralised car industry without the Internet? Things are different now, and that’s why we are trying to change them. Pods are easy to centralise, cars less so, although I believe we may be seeing the beginnings of that.
At the same time we see incumbents like Facebook habitually buy up the businesses that would compete with them (cf Instagram and WhatsApp) in order to retain their dominance.
And we see centralisation spreading into new domains with the help of Internet technology. The so called ‘sharing’ economy (Uber, Airbnb) turns individual assets into centralised markets where the asset owners and workers have less power than ever and the service provider is in control of the terms, fees etc. This battle is just starting, but serves here to illustrate that because we want big business to help us decentralise, we cannot expect it to happen unless it serves big business.
I’m not saying there won’t be any decentralising pod businesses, but I can’t see how they can impact the ecosystem at scale. I think any that grow will be bought out (to the delight of those who set them up with VC investment).
Others may have ideas about this which I don’t understand, but I’m not able to see for myself how pods can decentralise things at scale.
Wishful thinking plays its part and is useful in that it inspires us to try. So I’m not saying give up, I’m saying don’t just expect this to happen because it happened with cars or TVs - recognise it is a tough challenge and don’t neglect that aspect.
So this is my challenge to everyone who believes in this approach! How can we ensure this happens? What’s the mechanism and how do we help it to work? I don’t have answers to that, which is of course why I’m still helping to put Solid on SAFE Network.
6 Likes
Very interesting read about encryption and the lack of it. Next to that I want to add to this: what about phishing? Because the ability to share data with whoever you want, makes it very easy to just create a look-a-like trusted Solid client app, where when authorizing, complete access to all data is acquired. 
Just curious. Has there been any developments in what you suggested POD encryption, Verifiable Claims, ZKPs, etc. ?
I am probably way behind the times with this, as it is 2024. I think it would it would be nice to see some process for versioning and labeling, key management to support Provenance. Also libp2p to allow for multiple means of Transport. Sorry for the shotgun spray of ideas, but this the first piece of something technical, I have inquired about.
Hello.
Here is some literature and implementations I have encountered in my studies so far.
Libertas at Oxford This one is excellent, I do not know Rui’s handle, but they are in some of the weekly Solid meetings. I think in the Solid Practitioner’s Group call.
Solid Verifiable Credentials @ kezike did this work, it is very good and still relevant, if a bit old.
SISSI at Karlsruhe Also a very good paper and modern
1 Like
Rui = @renyuneyun.
1 Like
Thanks. The idea of the incorporation of MPC in to Solid sounds like a step in the right direction. My view is whatever can be added in the furtherance of extreme privacy, should be the default. Make that the gold standard, then pair back to whatever level of risk is indicated, ie. encrypt at rest any PII while my current list of YouTube music videos is in the clear. All done at the decisions of the RP and the User. I still haven’t found any references to JSON LD BBS+ in what I have read about Solid. Hopefully it is something obvious that I have yet to find.
1 Like