However, I’m concerned Solid is ill-equipped to tackle the challenges of the data ownership space and deliver impact. This article explores some of the problems PDSs face and suggests we need a strategic approach that’s user centered, systemic and allows for a diversity of approaches to overcome centralisation.

Can we sell privacy?

The scandals over Cambridge Analytica’s abuse of Facebook’s app privileges, and the implications in terms of political influence and the spread of disinformation, has led to a significant rise in interest in the decentralised web. People increasingly distrust Facebook which shares your phone number with advertisers to target ads and Google which tracks your location even when tracking is explicitly disabled. More recently, the unwitting exposure of at least fifty million Facebook profiles to the prying eyes of random hackers will only increase the pressure on companies to demonstrate that they can be safe custodians of personal data. So earlier this year, myself and Simon decided to explore the personal data store space to assess the effectiveness of the approach Solid takes.

How does a Personal Data Store work?

Solid’s model is typical of a lot of the PDSs we looked at. User data lives in a datastore. The user either self hosts, or pays for someone to securely host a PDS on their behalf. Applications read/write to that data through user controlled granular permissions.

In the best case scenario of this model, app developers simply provide the interface and functionality of, for example, a calendar or journal app. The data always lives in your datastore. When you browse your journal or calendar in a web or desktop/phone app, the data from your datastore is displayed in the interface, but it’s securely transmitted between you and your datastore. No other parties are able to access it. This would be game changing.

But there are challenges

1. Most digital transactions require verified claims

Much of Tim’s narrative assumes that there is clear ownership of data, which is far from straightforward. Different entities are looking for different kinds of data:

• For the majority of digital transactions and interactions (buying things online, applying for services, booking a flight, proving my age), the most valuable data is data asserted about me from an authoritative source. For example, that I have a valid driving license or verified address, bank account, passport.
• For advertising, it’s what I bought and where I clicked as well as profile data (email address, demographic and interests info). This data is generated by the services I use (e.g. Facebook, Google, Twitter).
• For AirBnB and Uber it’s the ratings that other users have given me that’s important, which isn’t data I obviously ‘own’.

Yes, some of this can be self-asserted, but organisations often want objective data based on behaviour and decisions made about us not what we say is true. Mortgage brokers don’t just want my assertion that I have income, they want proof.

This means that Solid’s use cases will be limited unless it partners with institutions like banks and governments to assert and verify such data. Luckily there are standards being developed in the W3C to facilitate this, but we still need good frameworks and incentives for why such institutions will spend the time/energy to share and verify data about us, how this happens securely and how GDPR requirements are met.

2. If we narrow the market, the value proposition is hard

Putting aside verified claims, we then have the potential market of apps or services which only need self created data, preferences or quantified self data. This could be my calendar, todo list, journal entries, emails, messages, Apple/Google health app stored data, Fitbit data, what websites I use, time spent online, and so on. This is still a major market, but one already well catered for.

What’s the offer to users?

I want to see user research that identifies real problems users have with the current status quo which Solid will solve well enough to overcome switching cost and inertia. Most privacy concerns are centered around Facebook — but people are not on Facebook because they lack alternatives. There are numerous well designed, encrypted, decentralised and privacy preserving, even blockchain-based, alternatives. However, your current social network isn’t portable and the value of Facebook and Twitter comes from the people using it. The way we tackle this is to push for regulation around open protocols, not by expecting everyone to switch.

So if we can’t sell privacy as a product in social media, we need evidence of where else these priorities will bring users. Alternatively, decentralised or PDS-integrated tech must deliver novel and valued functionality or be solving major problems users have with existing centralised solutions.

What’s the offer to companies and app developers?

For companies, service providers and app developers the value proposition is hazy. I have yet to come across a PDS provider with an impressive or long list of partners and companies. Most existing business models depend on controlling the data and using it to improve a service and provide valuable analytics to up-sell paid plans or directly monetise the data collected through advertisers and third party data marketplaces. Giving this up requires incentives or regulation.

If Solid uptake is big enough to attract app developers, what stops the same data exploitation happening, albeit now with an extra step where the user is asked for ‘permission’ to access and use their data in exchange for a free or better service? Consent is only meaningful if there are genuine alternatives and as an industry we have yet to tackle this problem (see how Facebook, Apple, Google, Amazon ask for ‘consent’). What’s really going on when users are asked to agree to the terms and conditions of software on a phone they’ve already bought that won’t work otherwise? Or agreeing to Facebook’s data selling if there’s no other way for users to invite friends to events, message them or see their photos if those friends are Facebook users? I wouldn’t call this consent.

The answer may lie in partnering with civic or NGO organisations that have different incentives, but many users. Organisations like the BBC, governments, local authorities, the charity sector, and even financial organisations like Funding Circle and other peer-to-peer lenders. This is a worthwhile avenue to explore, but it doesn’t feel enough.

Alternative approaches

It’s time to challenge the standard economic approach when it comes to digital. The economies of scale are fundamentally different and we need bold new frameworks to ensure that technology benefits and protects everyone in society. Governments could and should invest in open infrastructure so that the basics of communicating online or connecting with people, cannot be ‘owned’ by companies, but is a shared basis like the internet or email protocol.

I’m thrilled Tim is pushing forward with Solid, but we need to be thinking bigger. Let’s start tackling the broader challenges and opportunities for a decentralised web to deliver a better ecosystem for all. Solid and similar projects need user research, user centered design, marketing and coordination to ensure interoperability and a user experience that can compete with the status quo. Common authentication and authorisation standards for digital identity and login and communication standards that work across applications and services will help break down silos and create real benefits to users and companies to motivate the move away from digital monopolies. It’s time to push for serious funding and resources into such public infrastructure to create an internet and web that works for everyone, just like Tim’s original vision.

The post How solid is Tim Berners-Lee’s plan to redecentralize the web? appeared first on P2P Foundation.

As the decentralisation movement grows, I consider the characteristics of decentralisation, what decentralisation is a tactic for, why and what work still needs to happen to re-decentralize the digital world.

Decentralisation has gone mainstream

Between Tim Berners-Lee raising the call to arms to re-decentralize the web, Mozilla, Internet Archive and other institutions pledging support, to the incredible financial success of blockchain and cryptocurrency projects — decentralisation is increasingly sexy.

(If you haven’t seen the hype, some of the mainstream coverage includes the New Yorker covering ‘the mission’ in 2013 to the Guardian calling decentralisation ‘the next big step’ earlier this month and Make Use Of wondering if blockchains are the answer).

Yet, what does decentralisation actually mean? Does it only apply to technology or is governance more important? Who gets to call themselves decentralised and does it matter?

The number of times I’ve heard ‘it’s decentralised’ as a reason to use or move to a particular application or platform recently, is impressive. All kinds of crypto/blockchain companies are branding themselves as ‘decentralised’ — every day there’s a new decentralised social network, decentralised file storage solution, decentralised identity app, decentralised syncing, contract management, health data sharing, dating service, avocado delivery — all decentralised! As if decentralisation is something wonderful and worthwhile in and of itself. Yet, when I ask ‘why does that matter?’ or ‘how are you decentralised?’ the answers tend to be very different and even inconsistent with the actual business proposition people are working on. How did we get here and what’s beyond the hype?

Decentralisation means different things to different people. When Francis and I picked Redecentralize to name our decentralisation-promoting side project 6 years ago, it was precisely because we cared about a number of things: privacy, competition and resilience. It wasn’t just about one solution (such as encryption) that we wanted to promote, it was a set of values: freedom, autonomy, collaboration, experimentation. Those values were tied up to the original spirit of the open web and net — the sense of freedom and possibility that we wanted to remind people of, and protect.

As decentralisation becomes more popular, those values and goals are getting lost as the community fractures into various roles. We need a way to distinguish and assess decentralisation meaningfully.

First, what does decentralisation actually mean?

At its most basic level, it is a distinction between a centralised hub and spoke model and a distributed connected network:

I drew this myself. You’re welcome.

Some people distinguish between ‘decentralised’ and ‘distributed’ — I’m talking about the general idea of decentralisation that encompasses distributed, federated and decentralised systems. This post is about the characteristics of decentralisation and the outcomes and implications of those characteristics rather than the specific configuration. (For more discussion on types of decentralisation, Vitalik wrote a great post on ‘the meaning of decentralisation’ last year).

While the diagrams are a simplification, they do immediately suggest certain characteristics. The centralised system on the left obviously has one much more important or powerful node — the middle one. All the other nodes depend on it to reach each other. It will know about all communication in the network. It’s a central point of failure and a central point of control. If you contrast this with the diagram on the right — which nodes are more important there? It’s hard to tell. Most nodes have multiple routes to other nodes. It seems like a more resilient system, but it’s harder to know how you can quickly make sure all nodes have the same information at once.

What we need is a more formal way to assess if something counts as ‘decentralised’.

Characterististics of decentralisation

The key characteristic I propose is that a system is decentralised to the extent it distributes power. Specifically, the distribution of control, knowledge and capability between many users. What does this look like?

Control is about ensuring user choice — adapting to user preferences and giving users decision making power. It’s fundamentally about autonomy. Decentralised control looks like end-users having a choice between service providers and not being forced into accepting terms and conditions that exploit them due to a lack of alternatives (see Facebook). This also looks like users having the freedom to adapt and customise the products and services they use to their specific needs. It looks like being able to opt out of targeted advertising or choosing to store your data locally. It looks like having applications that don’t require an internet connection to work.

Knowledge is about access to data and information. Knowledge distribution avoids information asymmetry and helps people recognise dependencies and the consequences of their choices. Decentralised knowledge looks like users having local copies of their data, being able to export data or choose to store the authoritative copy of their data locally. It looks like users understanding how the services they use actually work and their business models (for example whether it is advertising based, personalised advertising, selling your profile and preferences to external advertisers, something else etc). It looks like users being able to have private conversations and share photos securely with end-to-end encryption where the content of communication cannot be accessed or deleted by external organisations. It can look like the company providing the service not knowing or storing the metadata of who contacts who and when.

Capability is about infrastructure — the storage, processing and computation power needed to run systems and services. In a centralised model these are either all in the same place or in a small number of places controlled by one company. This creates a central point of failure both in the event of natural disasters (hurricanes, floods, earthquakes) and attacks (whether virtual such as data breaches, data taps, denial of services attacks, or physical destruction and manipulation). Centralisation often means that people’s data, which we rely on and want to protect (such as our conversations, photos and work), can be compromised or even lost. Privacy can be easier to compromise in central systems. A decentralised approach tends to be more resilient, but also offers greater control and knowledge distribution. It looks like apps which work offline, users being able to communicate, collaborate or share data across devices without mobile networks or wifi through peer-to-peer networks or user data federating across a network (e.g. mastodon.social).

Why decentralise?

Importantly, decentralisation in and of itself is neither good or bad. It depends on the context and what is being decentralised. Decentralisation can bring new capabilities, privacy and flexibility or surveillance, inefficiency and waste. How and why it is done, matters.

Not all things need decentralising. Unlike some, I don’t think code should be law. I like the law. It has been iterated on and developed and tested over thousands of years by millions of people. I would trust British Law above even a dozen smart contract developers. (Disclaimer: I’ve worked in tech for over 10 years, but never in law).

Institutions have value and not all expertise can or should be replaced by an immutable list and algorithmic consensus. However, in many other aspects, we desperately need to redecentralise and serve people, not corporations, much better. Even so, simply decentralising in some fashion does not magically bring about utopia. Much of the rhetoric of blockchain and other ‘decentralisation’ startups offer no plausible way from where we are today to the autonomous secure empowered world of decentralisation via their service or application. Let’s be intentional and clear about what changes we want to realise and what exactly it might take to get there. If you’re not building all of it, then be clear on what else will need to happen. We will most likely succeed as an ecosystem, not as one ‘killer app’.

This brings me back to how and why decentralisation is done, matters. And for me, the meaning and value of decentralisation is closely related to the purpose and expected outcomes of it. That means understanding the problem, articulating an alternative and roadmap for how we get there and testing the roadmap and showing it’s better by tracking the impact.

Everybody in the decentralisation space needs to do this.

Understanding the problem

Centralised systems lead to increasingly monotonous and unaccountable power. Over time this encourages exploitation and disinterest in user needs. Take Facebook for example, a platform that on the face of it is designed to help people digitally connect with their friends and family — share photos, talk, organise events and keep in touch. If my needs were a genuine priority then I should be able to share and showcase my photos from flickr or talk to my friends using my favourite app (such as telegram, signal or wire) — which would be most convenient for me. If Facebook cared about connecting people, it would not have dropped xmpp support — an open instant messaging protocol that allowed people to choose their own interface (mine was pidgin!) and from one place and talk to anyone using gchat, facebook, AIM, msn or jabber. Instead, Facebook’s interface and functionality is optimised around keeping me scrolling and in-app as long as possible since their business model depends on selling my attention.

Amazon has become a near monopoly for buying things online with their brand recognition, efficiencies of scale and great customer service. As real-world bookshops close down and everyone else sells on amazon marketplace, few have the infrastructure, supply chains, funds or brand to be able to compete any more. When there are no alternatives, why be cheaper? Why have great customer service? Users have little choice or control and Bezos (the owner of Amazon) is the richest person on the planet. Instead of thousands of independent flourishing businesses, we have one very very very rich man.

Centralisation makes it easy to undermine privacy and use personal information in ways individuals cannot control. As the Snowden revelations showed us, Governments tap network cables and can curtail freedom of speech. Digital monopolies now hold unbelievable amounts of data on us which can be used to manipulate us into spending money, but potentially also to impersonate, blackmail or silence.

An alternative

Keeping power accountable requires alternative competing sources of power which are independent. This could be government, assuming government is there to represent the interests of the many above the few. It could be alternative companies and services. It could be many people choosing together.

An alternative, decentralised world is one of:

• Choice, diversity and competition — where many different business models and structures co-exist beyond the ‘winner takes all’ surveillance capitalism model (which depends on closed networks which don’t integrate or talk to each other). Centralised models, especially with data selling / advertising business models, have been deeply explored and within any new vertical often one or two winners take all and price out new competitors. This is uninspiring compared to the wealth of innovation that might be possible with local organisations tailoring their offering to particular sectors, cultures, interests and preferences. The same open source software can be provided in different configurations and alternative service standards to fit different user needs, budget and cultural context. It’s a world where providing ethical and environmentally friendly products and delivery services is possible and discoverable.
• Resilience — where our valuable data and services are persistent and safe from companies being bought, new management decisions, natural disaster or hacking. No more losing your journal or portfolio gallery when a company is bought up by a monopoly.
• Autonomy and privacy — where we control what kinds of terms and conditions we’re willing to agree to. A world where people can opt out of data sharing or choose to pay for their social network — choosing security and no adverts while still being able to communicate with friends using different providers. A world where end-to-end encryption works seamlessly.

How do we make it happen?

We all can contribute!

At Redecentralize.org we’re encouraging viable alternatives that work together (‘small pieces loosely joined’). This means ensuring that decentralised products and services are usable and work well with other privacy preserving user centered services and products. A key goal of redecentralize is to promote decentralised projects and platforms and bring people working in this space together through events and discussion forums.

Secondly, open protocols and regulation that incentivises or enforces their use is vital. The beginnings of this already exist in the data portability requirements of GDPR. Open protocols allow for collaboration between different and competing products and services, giving the user maximum flexibility and control without losing access to others in their network. The forced exclusion of closed proprietary protocols over network type services (such as social networks or marketplaces like amazon, airbnb, uber) has led to monopolies and lack of innovation and should be consigned to history.

Lastly we all have a role to play to disrupt the surveillance capitalism business model by choosing with our wallets and spending money on respectful software. A promising path may be to have payment built into how things work (cryptocurrency style) so that when you use IPFS and help store content you collect Filecoin you can then spend on the applications and services you value.

Conclusion

Decentralisation in and of itself, is unlikely to achieve all the outcomes that many people in the decentralisation movement care about. Yet it does offer a powerful way to tackle the problems of digital monopolies, growing inequality and loss of autonomy in our societies. Decentralisation incentivises power to be distributed across users. It’s an alternative infrastructure and way of being that creates space for autonomy, collaboration and local control. So, let’s be explicit about the change we want to see and test the impact.

Decentralised governance (knowledge and control in this model) is vital and must be considered alongside infrastructure and capacity. Let’s assess projects on all three characteristics of decentralisation and treat technology as a powerful tool to get us to a better world, but by no means the only intervention needed!

Can I get involved?

Yes of course. Join the discussion list and come chat on the #redecentralize matrix channel. We’re about to start fundraising —shout if you’d like to sponsor our work or come contribute!

Photo by Thomas Hawk

The post There’s more to decentralisation than blockchains and bitcoin appeared first on P2P Foundation.