Thursday, December 6, 2018

Irina Bolychevsky on Solid

Although I'm an enthusiast for the idea of a decentralized Web, I've been consistently skeptical that the products proposed to implement it have viable businesses. Two months ago, in How solid is Tim’s plan to redecentralize the web?, Irina Bolychevsky (@redecentralize founder and self-described "product person") made related points. Below the fold, some commentary.

The first point Bolychevsky makes is perhaps the most important:

1. Most digital transactions require verified claims

Much of Tim’s narrative assumes that there is clear ownership of data, which is far from straightforward. Different entities are looking for different kinds of data:
  • For the majority of digital transactions and interactions (buying things online, applying for services, booking a flight, proving my age), the most valuable data is data asserted about me from an authoritative source. For example, that I have a valid driving license or verified address, bank account, passport.
  • For advertising, it’s what I bought and where I clicked as well as profile data (email address, demographic and interests info). This data is generated by the services I use (e.g. Facebook, Google, Twitter).
  • For AirBnB and Uber it’s the ratings that other users have given me that’s important, which isn’t data I obviously ‘own’.
Yes, in theory I own data on the Internet that I originate, such as this blog post. Storing and disseminating these items from a personal pod doesn't pose problems. But this kind of data isn't valuable, partly at least because it isn't objective:
Yes, some of this can be self-asserted, but organisations often want objective data based on behaviour and decisions made about us not what we say is true. Mortgage brokers don’t just want my assertion that I have income, they want proof.
The valuable data almost all comes from Web interactions that have at least two sides; logins, purchases, clicks, etc. These generate data on both sides. Why do I think I own the data that the other side of these transactions collects? So, even if my pod stores a copy of my purchase data, Amazon will also have a copy. Anyone wanting to use my purchase data will want to get it from Amazon as being more objective.

My pod could store signed attestations of data about me from third parties such as Amazon, but why would anyone want those in preference to data straight from the horse’s mouth? If the only data that has to be accessed from my pod is data I generated there’s not going to be much decentralization.

In What Does The Decentralized Web Need I quoted scalability expert Todd Hoff:
Decentralized systems will continue to lose to centralized systems until there’s a driver requiring decentralization to deliver a clearly superior consumer experience. Unfortunately, that may not happen for quite some time.
Bolychevsky agrees:
So if we can’t sell privacy as a product in social media, we need evidence of where else these priorities will bring users. Alternatively, decentralised or PDS-integrated tech must deliver novel and valued functionality or be solving major problems users have with existing centralised solutions.
In What Does The Decentralized Web Need? I discussed a range of possible business models for decentralized apps and concluded:
At present no-one has identified a viable business model for the decentralized Web.
Bolychevsky makes essentially the same point differently:

What’s the offer to companies and app developers?

For companies, service providers and app developers the value proposition is hazy. I have yet to come across a PDS provider with an impressive or long list of partners and companies. Most existing business models depend on controlling the data and using it to improve a service and provide valuable analytics to up-sell paid plans or directly monetise the data collected through advertisers and third party data marketplaces. Giving this up requires incentives or regulation.
I agree with Cory Doctorow that the key requirement for a decentralized Web is anti-trust enforcement. Otherwise even if a decentralized Web company has a viable business model and starts to be successful, it'll get bought by one of the FAANGs.

Bolychevsky gets to the heart of the problem in a different way, via the idea of "consent":
If Solid uptake is big enough to attract app developers, what stops the same data exploitation happening, albeit now with an extra step where the user is asked for ‘permission’ to access and use their data in exchange for a free or better service? Consent is only meaningful if there are genuine alternatives and as an industry we have yet to tackle this problem (see how Facebook, Apple, Google, Amazon ask for ‘consent’). What’s really going on when users are asked to agree to the terms and conditions of software on a phone they’ve already bought that won’t work otherwise? Or agreeing to Facebook’s data selling if there’s no other way for users to invite friends to events, message them or see their photos if those friends are Facebook users? I wouldn’t call this consent.
And neither does the GDPR:
Under the new directive, every time a European's personal data is captured or shared, they have to give meaningful consent, after being informed about the purpose of the use with enough clarity that they can predict what will happen to it.
Building pods that confirm to the GDPR will involve a very complex protocol.

Bolychevsky concludes with a call for public funding to build a decentralized Web infrastructure. Alas, in the absence of meaningful anti-trust enforcement this would simply subsidize the FAANGs. Overall it is well worth reading.

Tip of the hat to Herbert Van de Sompel for pointing me to Bolychevsky's post.

1 comment:

David. said...

Martin Tisne's It’s time for a Bill of Data Rights makes the same point about "ownership" of personal data as I made above:

"To see why data ownership is a flawed concept, first think about this article you’re reading. The very act of opening it on an electronic device created data—an entry in your browser’s history, cookies the website sent to your browser, an entry in the website’s server log to record a visit from your IP address. It’s virtually impossible to do anything online—reading, shopping, or even just going somewhere with an internet-connected phone in your pocket—without leaving a “digital shadow” behind. These shadows cannot be owned—the way you own, say, a bicycle—any more than can the ephemeral patches of shade that follow you around on sunny days."

He reports on:

"The Data Care Act, a bill introduced on December 12 by US senator Brian Schatz, a Democrat from Hawaii, is a good initial step in this direction (depending on how the fine print evolves). As Doug Jones, a Democratic senator from Alabama who is one of the bills cosponsors, said, “The right to online privacy and security should be a fundamental one.”