World Wide Web's Sir Tim swells his let's-remake-the-internet startup with Bruce Schneier, fellow tech experts

Inrupt promises a pro-privacy solution to managing, protecting personal data

44 Reg comments Got Tips?

Sir Tim Berners-Lee, inventor of the World Wide Web, has staffed up his startup, dubbed Inrupt, with a handful of notable hires that make its internet salvation mission a bit more plausible.

On Friday, he announced the hiring of cryptography legend Bruce Schneier as chief of security architecture, computer science lecturer Davi Ottenheimer as VP of trust and digital ethics, project manager Osmar Olivo as VP of product, development specialist Emmet Townsend as VP of engineering, and Sarven Capadisli as technical architect.

Sir Tim last year sounded the alarm that the potential of the web could be squandered "by those who want to exploit, divide and undermine" – whoever that might be. Among various concerns, he believes people should have control over their online lives and should be empowered to make decisions about their data and privacy.

It's not clear what that means in practical terms because people currently make privacy decisions that tend to prioritize access and free services over data protection. Nor does Sir Tim's vision touch on difficult questions of data ownership and the rights individuals may or may not have to demand data deletion, royalties, or the like.

Nonetheless, Sir Tim and John Bruce, who helped build a security biz called Resilient that IBM acquired, announced Inrupt in 2018 to help commercialize a distributed data project called Solid – derived from "social linked data" – that promises some measure of control over your information.

"Solid is a platform, built using the existing web," wrote Sir Tim at the time. "It gives every user a choice about where data is stored, which specific people and groups can access select elements, and which apps you use."

PCI conference

The internet is going to hell and its creators want your help fixing it

READ MORE

In short, Solid aspires to provide the kind of data control that companies like Google and Facebook suggest with their respective permissions dashboards but don't actually deliver. The technology is a bunch of specifications, intended to be modular and extensible, that handle things like authentication, authorization, access control, content representation, reading and writing files, and social web interoperability.

The spec is based on the Resource Description Framework (RDF) data interchange model and imagines internet users maintaining a secure personal data storage space, self-hosted or through a service provider, called a pod that can communicate with other Solid-enabled services.

"Your data lives in a pod that is controlled by you," explained Schneier in a blog post on Friday. "Data generated by your things – your computer, your phone, your IoT whatever – is written to your pod. You authorize granular access to that pod to whoever you want for whatever reason you want."

Schneier envisions Solid turning personal data into something similar to domain registration data held at a registrar, in that people could move their personal info from one corporate steward to another if they've unsatisfied with the way it has been handled.

He acknowledges that building secure technical infrastructure depends largely on policy – Solid would not be very appealing if encryption is outlawed or companies can ignore it like Do Not Track – but he contends Solid has the potential to move the internet toward decentralization, privacy, and freedom.

All it will take is to win over the businesses that profit from the current status quo and the internet users who have consistently traded privacy and control for free services and delegation of responsibility. ®


Biting the hand that feeds IT © 1998–2020