Question: what if the applications copy data that I only show them for reading

Hi, everyone. I want to do a phd research about Solid & law but I am not sure about how it works in technology. I have several questions, maybe someone can help me with them?

  1. What if the applications or websites copy, store, or even share data that I only grant them for reading or viewing? Does solid avoid this happen? Or maybe that’s impossible in this technology?
  2. I know that the Flander government is using Solid, named “My Profile”. Can citizens refuse their data to be collected or shared by the government technically? Can anybody give me more links about this?
  3. If other applications or websites,like facebook or twitter, don’t support Solid, then users can’t use Solid to control data from these applications or websites? In other words, is it true that we can only use Solid when the applications or websites support it? If not, what we can do is only waitting?
  4. Are there any apps in phone that’s avaliable?
  5. What are the updates about this technology? In reality, can Solid be capable for all of these funtions: read, write, share, retrieve, delete?

Thank you! I really hope someone could answer me these or at least some of them. Really appreciate. Have a nice day!

I can’t answer all the question but I can give a few hints with a few of them:

  1. When any website (not only in Solid use-cases) grants you the right of reading/viewing data, then data must be transferred to an other computer. If you don’t control that computer (e.g. it is a personal laptop of some person), then this person can do anything with that data. Even when you control that computer, people still can make screenshots. If the data is outside the Solid pod, then the Solid pod can’t control it anymore. Other technologies are needed to make it difficult to further share the data. Preventing it is, as far as I know, in the IT world an unsolved issue.
  2. I know of the Flanders project but alas have not more legal details
  3. In your question you need to differentiate between ‘to use Solid’ (as protocol as pod) and ‘to control’. If data is somewhere else out there in the cloud, then a Solid pod can’t control it (it can’t put access rights on that data). Solid can be ‘used’ in many ways. I can post a tweet or a toot and put link to an image on my Pod that only a few people have access rights to. I don’t need Twitter or Mastodon permission to do this. People can indeed wait and keep their personal data on the servers of Facebook and Twitter. People can also decide to move this data to a Solid pod under their own control. It is an option to donate your data for free to Twitter if you want to. It is also an option ignore this centralisation and put your data somewhere else.
  4. Most of the Solid Apps are Javascript apps that run on desktop and phone
  5. Yes Solid is used to read, write share , retrieve and delete.
2 Likes

Regarding this, I want to note that most of the apps run in browsers (which works on the desktop and the phone). Are there also native mobile phone apps?

1 Like

The apps I use are all browser apps, or apps that were written for running on a server (command line apps). I didn’t check for native mobile phone apps. I don’t know if they exist. But, I also don’t see a technological reason that prevents native mobile phone apps to be build.

1 Like

Really appreciate your reply! Also, regarding to your answer, I have several more questions hoping to hear your opinions. Many Thanks!

  1. If it is an unsolved question in IT world, then what’s the point (in your opinion)of this technology-SoLid that aimed at gaining more control for individuals over data? Once you let others see your data, you cannot really retrieve it. Then how can Solid retrieve data that I let others view?

  2. If I want to post a tweet now, and I also want to use SoLid to protect this tweet, what should I do?

Thanks for your noting smile:

  1. If it is an unsolved question in IT world, then what’s the point (in your opinion)of this technology-SoLid that aimed at gaining more control for individuals over data?

It is unsolved in the tech world. No one lives in the tech world. We live in a human society and use tech. We need laws that protect against data theft and webs of trust where we can share information on bad actors. Tech is part of the solution, but not the complete solution.

3 Likes

I second what @jeffz said: someone copying data and then misusing it is a social & legal problem, not a technological one.

Sure, there’s DRM systems, but those are typically requiring vendor buy-in to support, and they layer on top of other protocols & formats.

As with any web service, read the terms of service documents & privacy policies, those are the binding legal contracts, not the technology.

If there’s anything we can do in this community, it might be to make those documents more approachable to the everyday person, and make having those documents accessible be a community standard.

Though, historically that’s been against companies interests where you are the product.

3 Likes
  1. With Solid I can decide for myself who I trust my data to. With Twitter , Facebook I have to trust a very big company to handle my data well. If on my own Solid Pod my trust is misused only a (part) of my data is affected. If in Twitter , Facebook data is compromised, it affects millions of users. Examples are over where companies such as Cambridge Analytica (and that is not the only one) used your data in anyway possible to influence large masses.

In general, there is no absolute protection that one user will misuse your trust. In the general there is also no protection that a big company (or other companies that use their data) misuses your trust.

If you want you can always put an encrypted file on your Solid pod and have a viewer technology that can only access this encrypted data for a while. This is something you can develop on top of any protocol (including Solid).

  1. If you want to post a tweet now, then you post a message to a server over which you have no control. You can write the content/data of the tweet in a pod and make a link in the tweet:

“Hey I’ve written a post about XYZ. Read it on my pod https://mypod.org/post/123”.

2 Likes

This can’t actually be done, as you can’t do time bound encryption, the only thing you could do is encrypt on each retrieval and hope that the retrieving system deletes it’s locally cached copy of the data, and the associated keys. This is the classic DRM problem.

The only thing you can prevent is continued access to data on the server by that client/agent, and rotate encryption keys and not distribute the new keys to the client/agent you no longer trust, but anything they’ve seen they’ve seen.

2 Likes

Many thanks for hochstenbach andThisIsMissEm. It’s much clearer for me to understand this technology. And really appreciate jeffz ,you are right, that’s why we need laws to regulate our behavior.