A “Solid” New Approach to Data Privacy and Consent?

The inventor of the Web is trying to restore online privacy.

This week, Tim Berners Lee, inventor of the world wide web, proposed a new standard for returning control of online identification back to users. It’s called Solid. According to the website: “Solid empowers users and organizations to separate their data from the applications that use it. It allows people to look at the same data with different apps at the same time.”The idea is that users compile their own data profiles and give or restrict permissions on an application by application basis. For example, a consumer could grant Amazon permission to know their name, address and credit card information, but not access their browsing history. And, in this case, Amazon would read that data from a data file stored and controlled by the consumer, not at or by Amazon. Technologically, this is a smart, seemingly robust solution, not to mention one that was more than a decade in development. Practically, however, I have my doubts about the long-term viability of this solution and, frankly, broad stroke data privacy in general.

Is it even possible to control your personal data online?

In the real world, we all forfeit some expectation of privacy while traversing or transacting in a public space. Any paparazzi can tell you, what one does out in the fresh air can be documented by anyone. And that documentation, whether it’s a photo, video or audio recording, can be distributed, posted, sold, etc., while the subject of that documentation has little or no right to stop it from occurring. Legally, we’d say people have no reasonable expectation of privacy in public.It’s arguable that despite the best efforts of all of us to control how we are watched online, a certain level of “publicness” will always trail data behind us. We may be able to cover our more identifiable tracks with technologies like those presented in the Solid standard, but the wake of metadata will remain around for some entrepreneurial data analyst to harvest. And, as we’ve learned in numerous analyses of large, theoretically anonymized data sets, our behaviors are as identifying as anything we can keep safely behind an encrypted lock and key.

Why would the major players play along?

The Achilles heel of Solid, in my humble opinion, is the network effect hurdle. In other words, a standard can’t actually be a standard until there is widespread adoption. Bitcoin has this problem. One can hypothesize ad infinitum that bitcoin is the currency of the future, but today, the reality is there are few places the cryptocurrency can actually be used as currency. Its value is at best pure speculation.The same holds true for Solid. One can secure one’s data privacy with Solid only if Solid is implemented by the online properties and applications you use. And, as it stands, there would seem a massive disincentive for the major players, e.g.: Google, Facebook, et al, to adopt and support such a standard. Their business models are founded in monetizing the data profiles they build about their users, on and off their sites. Those businesses would surely argue that the profiles they create are their differentiating intellectual property and/or their competitive advantage. I think it highly unlikely they will acquiesce and hand control of that I.P. back to users any time soon.It reminds me of the opening scene if Bill & Ted’s Excellent Adventure where they discuss the conundrum they’re facing wherein they cannot make a righteous music video without having Eddie Van Halen on guitar, but they cannot get Eddie Van Halen on guitar without a righteous video. The only way the Facebooks and Googles of the world would adopt Solid for authentication is if everyone demanded it. But everyone won’t adopt Solid unless the protocol is demanded by the Facebooks and Googles of the world.

Historically, security hasn’t trumped convenience.

The final point, and maybe the nail in the Solid coffin, is that implementing it is conceptually complicated. As a consumer, you can host and manage your own profile data on your own server. Or, you can contract with a cloud service to host the data and you manage provisioning access to your profile remotely. In either case, in Solid’s current form, one must be decently technical to deploy and maintain the tools. Solid is solidly inconvenient.And, as the history of online commerce has shown, while everyone enjoys complaining about violations of their online privacy, the facts are most will hand the rights to their online activities gladly over to the services they use for free online, unquestioning.