Hi since a solid app needs to run on top of some platform, for mobile apps, we need to run on android, ios, and for web apps we need ISP, so if google or apple are not trusted, does it mean we can never have a solid mobile app? I guess my question is, we can’t assume that everything is unsafe, what platforms or systems can we trust to build solid apps with? Thanks
While security is an important issue, it is not the main thing that Solid brings. What it brings is a) control - the user gets to decide who accesses their data and b) diversity - since everyone will choose where to put their data, there will not be huge silos like Facebook storing our data.
Diversity of data storage means that we can have systems of trust. If a Pod Provider loses community trust, users can simply move to another. It will not be financially viable for a provider to mess with their user’s data.
Preventing an ISP or phone manufacturer from stealing data is a legal matter. We need laws that can be enforced to prevent. We also need technical security, but I think most of that will come from other projects and is mostly not specific to Solid.
I am not saying that Solid is not security conscious. There are several encryption and other projects happening. Inrupt’s client and server libraries continually improve security. As you might expect, since Bruce Schneier, is their Chief of Security Architecture.
Yeah thanks for the reply, I think that makes sense, I’m working on security topics that is why I asked that, but I think solid has potential in other aspects. I also agree that we need to finish piece by piece for a secure system, once the high level is there, there will be low-level support later.
If you’d like to see more of Solid’s approach, you might want to look at or participate in a related panel e.g. Authentication or Authorization.