Reclaiming data autonomy: The role of Solid in a safer Web
This article was originally for the Oxford University department of Computer Science as part of the DPhil the future series.
The modern Web has seen a significant erosion of data privacy and control. User-generated data, stored in centralised data silos, is often used without the knowledge or control of the individuals it belongs to.
In the age of AI and Big Data, this lack of data autonomy becomes increasingly detrimental to both individuals and society.
A striking example is a recent lawsuit against Meta by U.S. states, alleging the unlawful collection of minors' personal data without parental consent and exposing them to harmful content. This is but a glimpse into the dangers posed by emerging technologies such as personal AI agents if they are not designed to “legally, ethically and algorithmically” work for you and with data you control (Charlie works for Bob, Berners-Lee 2023).
Celebrating Safer Internet Day
Today, we celebrate the 20th anniversary of Safer Internet Day, with a theme that resonates deeply with our current digital challenges: “Inspiring change? Making a difference, managing influence and navigating change online.” This aligns with the mission of the The Ethical Web and Data Architectures (EWADA) programme funded by the Oxford Martin School. EWADA aims to address the concentration of power on the World Wide Web by developing new technical and legal infrastructures.
Solid Project - A Beacon of Hope
In the context of data autonomy, EWADA is putting a spotlight on Sir Tim Berners-Lee’s Solid project which was created with the aim of revitalising the Web. Where the current system of centralised data silos creates an ecosystem of limited integration, availability and innovation, Solid brings a course correction for the Web. Based on the separation of data and applications, the vision defines an ecosystem that facilitates the integration of data in different applications, while keeping people in direct control of their data.
Understanding Solid Pods
At Solid's core is the ‘pod’ - a personal online data store. Utilising the Linked Data Platform (LDP), pods offer an HTTP interface for access-controlled storage of documents to a personal server or trusted cloud storage. Coupled with OAuth - the same protocol we use every day for SSO login - this system facilitates a global single sign-on across all Solid-compliant web applications.
Together, these pods form a decentralised Solid ecosystem, from which applications can directly integrate data from people’s Solid pods, after receiving their permission. Solid applications are encouraged to store data using the RDF data model of the Semantic Web (I strongly recommend reading the design issue if you’ve not heard of it before) - and serialised in a syntax such as JSON-LD or Turtle. By having applications read/write data with explicit semantics rather than using the typical smorgasbord of JSON, GraphQL and other platform-specific API’s that modern Web developers are accustomed to it becomes possible for applications to re-use one another's data.
Such applications include BBC Together, itsme, Umai, Solid Focus, KNoodle and SolidFlix,.
To learn more about the anatomy of a pod - see What is a Solid Pod?
Benefits and Future of Solid Architecture
In 2009, Berners-Lee enumerated a number of benefits to this architecture which remain relevant to this day (these come from his design issues; if you’ve never come across these it’s definitely worth a read):
- Users control data access, including the ability to revoke an applications’ access to your data at any point in time.
- It allows the data from various applications to be cross-linked, at great derived extra value. For instance, if I relocate, there's no need to separately inform my bank, insurance agency, and driving authority. By simply updating my address in my personal data pod, any authorised organisation can access the new information instantly.
- It allows innovation in the market for applications, because the bar for launching an app is far lower, as the app can run in the open data cloud.
- The persistence of applications and data may be very different. In some cases, a well-established application which people have grown very familiar with may be used to make an online discussion which is ephemeral, in another case an application may be developed to solve a short-term problem in an enterprise where the life of the data exceeds that of any of the applications the enterprise uses. By decoupling the application and data, these persistences can be managed independently.
Concluding
By reimagining the web as a place where users have sovereignty over their data, initiatives such as Solid pave the way for a more ethical, transparent, and user-centric online world. Realising this ambitious vision demands a collaborative approach that spans various sectors and roles. Whether you're keen on exploring personal pods, disseminating your research through a Pod, engaging in privacy-focused computation with Solid, developing innovative applications, or shaping relevant policies, your contribution is vital. Let's join forces and work together to make this vision a reality!