Introducing Private Data Pod — a hosted Solid pod provider with a free tier

I wanted to introduce Private Data Pod — a hosted Solid pod service I’ve been building and just launched.

What it is

A managed pod hosting service running on Community Solid Server. The goal is to lower the barrier for non-technical users to get a Solid pod without having to self-host — free to start, no credit card required.

Free tier · Pro tier

• Free — 1 GB pod, full Solid protocol support, connect any compatible app

• Pro — 10 GB + daily backups, $9.99/month

Pod privacy

One thing I spent time on: pods are private by default. The root ACL is set to owner-only at creation, with a separate explicit public ACL on the profile/card so WebID resolution works correctly for Solid authentication. Happy to discuss the ACL setup if anyone has thoughts on better patterns here.

Apps running on it

I’ve also built two Solid apps that use pods for storage:

• Pod Drive — personal cloud storage (drive.privatedatapod.com)

• Pod Resume — professional resume builder (resume.privatedatapod.com)

Looking for feedback

Particularly interested in feedback from the Solid developer community on:

• Interoperability — are there apps or use cases you’ve tried that don’t work as expected?

• The onboarding flow for non-technical users — does the “what is a pod?” explanation land?

• Anything missing that would make it more useful as a pod provider

Thanks for building the Solid ecosystem — this wouldn’t exist without CSS and the work done on the spec.

Are your apps open source ?
Where can I report issue ? Example I cannot login with Solid NSS servers on Pod Resume

Thanks for trying it out and the feedback. The apps are not open source at this time but that could change in the near future. I’ve added a “Get Support” link to the app, you can also email support@privatedatapod.com

Excellent you are providing this service.

I think it is fundamental for a POD provider to put on the website of the service who you are and where data is hosted.

Thank you for the recommendation, I’ve added those details to the site.

@sjoerdvangroning

I have that info already for years in the terms, but they are in textfiles on a different server:

https://serverproject.de/files/solidweb_org_terms.txt

https://www.serverproject.de/files/solidweb_me_terms.txt

https://www.serverproject.de/files/teamid_live_terms.txt

because of openness and transparency I have noted my name, pod and data location also to the respective startpages https://solidweb.org https://solidweb.me https://teamid.live

I thought this is the right behaviour in spirit of open source. wdyt ?

Hi, I’ve sent you an email with some security concerns.

In general: when hosting CommunitySolidServer (or NSS) always use the Content-Security-Policy: sandbox header and if possible do not serve files with the html or svg content types. Allowing arbitrary html files makes it easily exploitable.

Here is some background information (though it does not show the complete attack surface): Prevent or sanitise HTML on write by default for unauthenticated users · Issue #1596 · CommunitySolidServer/CommunitySolidServer · GitHub & Solid Security Considerations