Preventing POD data from being copied

Hey all,
New to the Pod / Solid concept but I like the way it sounds and it potential benefits. I’m wondering what provisions are in place for preventing a POD app / agent from copying one’s data?

I realize that might sound silly, given that you’ve granted them access to some piece of your personal Pod, but if the intent is to make sure that one controls one’s own data, doesn’t that also extend to agents use of that data? Let’s say I delete my Facebook account and start a new one using a Pod. And let’s also say that I grant them access to some information and revoke it 24 hours later. What’s to stop them from taking the data granted, however temporarily, copying, storing and monetizing it as they always have?

1 Like

@Frito If you want to prevent your pod data from being copied, make your pages private. You can do this by setting the .acl controls for that URI while logged into your pod on that specific URI your looking to set controls on. If you choose to leave your page public, then your essentially giving your permission for the pages to be copied. Solid offers a duel set of permissions known as acl and trusted apps. If you do not want your data copied, my advice to you is to make it private.

@adventure Sure, that makes sense. If I don’t want someone to view some data, then I just keep it private. But my question is around trusted apps. Do we essentially have a way to say, here’s data you can use while I’m on your app, but when I’m done please don’t use it anymore?

I suppose you can say, Please don’t access the data anymore, but we don’t have a way to say please don’t use the data you have just gotten. :man_shrugging:

1 Like

Here is a link to a gitter conversation regarding trusted apps.
They should be called trusted web apps if that makes any sense.

Hi Frito,

Indeed, once you have given access to data to an app or Pod provider there is nothing technically stopping the app or Pod provider from copying it.



My view on this is that Solid provides a standard that gives organisations that want to give you control over your data the technical means to do so.

In other words: Solid cannot and does not force organisations not to copy your data, just as it cannot force them to use Solid in the first place.

Thus, as consumers, we need to see data ownership as a unique selling point. Then organisations can offer products in which they explicitly state in the terms that they will not copy, store or sell your data and thus are legally bound not to do so, and they can use Solid to allow you to choose where you want to store it instead.


This seems to me a major point, since it is not technically feasible to prevent apps from harvesting and reusing user data, similarly to how they do it now.

Similarly to how rights to digital media are hard to enforce, rights on personal data are also hard to guarantee. Since they can be copied and moved without affecting the source.

Requiring some legal “promises” from apps, which is a form of licensing out own data, seems necessary, and I’d guess will emerge.
I strongly suspect there are more discussions about this.
One, with great points about connections to GDPR is here:

Indeed, looks like Solid provides technical basis to support GDPR (and similar policies).
But as far as I saw, there is not an established framework to implement this link.

Or is there? I am quite new to this. Are useful developed guidelines how to “license” (restrict use, by time and purpose) of data which is allowed to be read from the pod?

Does anyone know of relevant standards, documents?

I should say that I tried to some of my own apps, and solid makes it so much easier, conceptually, to handle user data, by never storing it at the app itself. Maybe not all developers are used to this approach, but I really hope it is widely adopted.

Perhaps there would emerge something like a certified “Solid auditor”. Persons/organisations that would audit how companies access and use Pod data to ensure it is being safely handled and privacy maintained.

Companies that undergo this audit could receive a verified status they would then market as a benefit to using their platform.

This of course still doesn’t fully eliminate bad players as that’s impossible, but it could provide another level of trust in the system. As well as open up a whole other market in regards to audit agencies.

1 Like