Personal data stores are the new grey?

farm fresh eggs

If I had some money from all the people who sent me details of Tim Burners-Lee’s Solid I would have enough to buy a cheap flight to somewhere in Europe with a cheap airline.

Solid is meant to change “the current model where users have to hand over personal data to digital giants in exchange for perceived value. As we’ve all discovered, this hasn’t been in our best interests. Solid is how we evolve the web in order to restore balance – by giving every one of us complete control over data, personal or not, in a revolutionary way.”

Solid isn’t a radical new program. Instead, “Solid is a set of modular specifications, which build on, and extend the founding technology of the world wide web (HTTP, REST, HTML). They are 100% backwards compatible with the existing web.

Main reason why people seem to be sending it my way is because of another open source project I’m involved in called Databox.

For me the Solid is a personal data store, its like a secure vault for your data. This is good but like 2 factor authentication over SMS, not as secure as other ways. Put all your personal data in one place and its a central point for those who want everything at once. Think about how many times you have seen leaks of databases which contain credit cards, numbers, emails, names, etc… Its the eggs/data in one basket problem…

This came up at Mydata 2018, there was quite a lot of discussion about this through out the conference and touched on in Mikko Hypponen’s talk.

The data in one place is just aspect, others are more about the value proposal to people and technically how verified claims work; as expressed in how solid is tim’s plan to redecentralize the web.

The comparisons between Solid and Databox have been asked by many and I would certainly say Databox (regardless of its name) isn’t a place to hold all your personal data. You could use it like that but its more of a privacy aware data processing platform/unit. I remember the first time I heard about Vendor relationship management (VRM), it was clear to me how powerful this could be for many things. But then again I also identified Data portability as something essential while most people just didn’t see the point.

Everything will live or die by not just developer support, privacy controls, security, cleverness, but by user demand… and it feels like personal data stores still a while off in most peoples imagination.

Maybe once enough people personally experience the rough side of personal data breaches it may change?

For example today I received a email from have you been pwned saying…

You’re one of 125,929,660 people pwned in the Apollo data breach.

In July 2018, the sales engagement startup Apollo left a database containing billions of data points publicly exposed without a password. The data was discovered by security researcher Vinny Troia who subsequently sent a subset of the data containing 126 million unique email addresses to Have I Been Pwned. The data left exposed by Apollo was used in their “revenue acceleration platform” and included personal information such as names and email addresses as well as professional information including places of employment, the roles people hold and where they’re located. Apollo stressed that the exposed data did not include sensitive information such as passwords, social security numbers or financial data.

Till this is a everyday occurrence, most people will just carry on and not care? Maybe theres even a point it should be part of the furniture of the web, like the new grey?

Expectation control on deploy or die!

Joi Ito at SIME'08

Somebody pointed me at a piece from Oreilly’s Solid conference. Like most others I would have loved to have gone but to be fair there would have been people I would rather have gone ahead of myself.

Joi ito I have a lot of respect for and I remember meeting him in London over 10 years ago. But I take a little issue with something Joi says

the Media Lab’s emphasis is on projects that go all the way to manufacturing and distributing: moving from “demo or die” to “deploy or die,” as Joi puts it. Projects that deploy can be vastly more impactful than those that just demo — putting thousands of devices into the hands of users rather than just a couple. Plus, the manufacturing process is a crucial source of both constraints and creative possibility. Joi says, “Understanding manufacturing is going to be key to design, just like understanding the Internet has become key to running a company.”

Deploy or die is a nice idea but there’s issues which are associated with deployment. I understand the cost of manufacturing is getting cheaper however you need to be open and honest with the end user. User experience needs to be great otherwise people will simply drop it or kick it to the bin. Whats the point in putting it in peoples hands if they just put it in the bin?

Saying this is a demo, beta or prototype sets the expectation and this is a important stage which you shouldn’t ignore. Its the reason why Gmail had a beta tag for 10 years.

I’m in agreement the prototype shouldn’t be thrown away once you go into production. The prototype should embody as much of the real thing as possible. Its important to remember, someone needs to support the final thing. If you’re a research institute, this is not what you should be doing… This is the kind of thing which gets in the way of progression and researching the next problem/question.

Also I would point out that Joi is mainly talking about physical things which has always had a problem with being open and putting things out there for people to play with. This is something the internet has over the real world… A place to try stuff in the comfort of your own home.

Whats really needed is a safe place where people can play and try new things, which people understand don’t have the complete story or supply chain behind it. That space shouldn’t be a lab tucked away, it should be somewhere neutral like the number of community spaces which are popping up all over the place. In such a space, you can deploy or die to your hearts content. It shouldn’t be a genius bar either, it should be something comfortable and welcoming.

Yes it doesn’t scale too well but I think you will get more qualitative and qualitative feedback as a result