The rights of individuals come into conflict with the interests powerful organizations precisely at the points in which the great documents deem it necessary to enumerate them as rights: this is by construction.
Whether you are reading the Bill of Rights or the Universal Declaration of Human Rights (or in a sense, the Magna Carts) the themes are around personal sovereignty, presumption of innocence, ownership and disposal of property, freedom from surveillance and coercion and other abuses of power. This is because absent such norms and their enforcement by principled leaders, the powerful in general find it in their interests to infringe the rights of the less powerful.
We are at such a moment today: the consolidation of power in the hands of unaccountable organizations and the capture of institutions by the unprincipled has met an explosion of activity and possibility in the digital realm, but it is not unique to it.
This is usually solved by violence, sometimes blessedly by negotiation, but it is always solved: once the wishes of ever smaller in number choke out the hope and dignity of the ever larger in number to sufficient degree: change happens as surely as winter turns to spring.
I'm curious about the full sweep of political philosophy (Magna Carta through UDHR), it feels like it has something to inform us about people problems vs. technical problems.
That final image about seasons changing is quite evocative, really drives home the cyclical nature of these power struggles. A technical standard cannot prevent blood shorn for man's freedom.
Important to keep them in circulation in my view.
Schneier's solution is bad and violent revolution is most likely the answer?
It's difficult to really parse your reply.
I think this is a problem with most blockchain solutions. They purport to replace existing societal controls, but depend on them to actual enforce anything. So you are left in the situation where either traditional solutions work so why bother with a blockchain, or traditional solutions aren't working, in which case the blockchain isn't worth the imaginary paper its written on. Either way, the blockchain solution is worthless.
Edit: i commented before i rtfa. Shameful i know. Appearently this is not a blockchain thing. I still think most of my comment applies.
Policies that the powerful don't like can and do stay in place typically because of fait accompli - they waited too long to do anything about it and now it's too entrenched and changing it would be too difficult.
It doesnt have to be violent, can also just be civil disobedience Gandi style and/or create parallel system as the parent article is recommending.
A friend of mine urged me to read 'War and Peace and War', Peter Turchin, last year. It's essentially a book-length confirmation, with examples, of your final point.
Passively snooping on health info you have no business looking on gets health personnel sanctioned regularly in the present system. It would be even more risky if they actively had to ask for the information they didn't need.
Of course, for medical information there often has to be emergency overrides because you might need immediate help and you (or your designated trusted person) might not be accessible and capable of giving active consent.
> Let’s take healthcare as an example. The current system forces patients to spread pieces of their medical history across countless proprietary databases controlled by insurance companies, hospital networks, and electronic health record vendors.
If by "system", you mean the available technical standards, they in no way force that. If by "system" you mean capitalism … then perhaps, but an additional technical standard is not going to fix that. People build systems the way they build them because of barriers such as the unwillingness of other players to share data, the lack of technical knowledge of those implementing the systems, and the technical but-non-standards-related barriers of having disparate entities sharing infrastructure (e.g., what if someone sends too much load, if the system housing the data is down, etc.).
> Patients frustratingly become a patchwork rather than a person, because they often can’t access their own complete medical history, let alone correct mistakes.
(IANAL.) This is one of those problems already solved de jure, but not de facto. By law, you have the right to access your own medical history, and with minor caveats, the right to correct mistakes in your data; not being able either of those is a violation of HIPAA.
Enforce the regulation, is what I'd say would be needed in that specific case, but good luck with that, of course. But that's the problem: even if Solid were amazing, did everything you ever wanted, what would cause industry to ever adopt it?
There's also HITECH, but it's vaguer, AIUI.
(HIPAA is about the only federal privacy law we've got; outside of that, I agree more firmly. Esp. the right to correct mistakes in other industries is practically non-existent. The end result of the argument above is still the same, though.)
I agree w/ Schneier, people need better control over their data. But I think that's a regulatory/legal problem, not a technical one. And that is the problem: the Dems are, at best, weak on privacy law and consumer protections, and the GOP is outright against it; worse, rulings like the striking of Chevron Deference are going to make enforcing existing laws hard enough.
It's successor, OpenID Connect is actually widely used. But with one important caveat:
None of the big identity providers actually accept each other's identities. Like literally none at all. You can't log in with your Google account to a Microsoft service and vice versa. Or Apple. Or Meta. Or X. Or whomever. That's because they all want to "own" your account and control where you are going. Which is why you need many accounts instead of just one.
If you had just one account, you could do sane things like add multiple layers of security and some sane fall backs. Including maybe some delegating to some legal representative if you are ill or incapacitated. Ideally, you should be able to use your government issued passport to prove who you are and recover your identity. A passport is a government issued paper assertion that you are who you claim you are. Anything important in life, you kind of need such a strong assertion for e.g. getting bank accounts, international travel, buying real estate, etc. And while they can be forged, it's getting pretty hard these days. That's a lot harder than getting your hands on some passwords.
Why do we settle for less protecting our online accounts?
But on the other hand, my grandma MUST talk on the phone (even if my mother is there) if we want to talk to the ISP's customer service. Then my grandma has to tell customer service that she is giving permission to my mother. Sure. What if something happens to my grandma? Pharmacies are too lax, ISPs are too strict. Certainly there should be a middle path, similarly to how post offices do it.
I think it is safe to assume (I would hope) that this did not happen, otherwise surely they would have made it more strict.
ISP contacts are remote and go to call centers.
>Users can specify who has access to what data with granular precision, using simple statements like “Alice can read this document” or “Bob can write to this folder.”
After this Alice and Bob have a copy of the data, and you end up still having to solve the social problem of preventing Alice and Bob from abusing their copy of the data by selling it to data brokers.
Solid would only work to centralize the attack surface. You now have one centralized data store with all the information about a person, and all tech giants would employ every dark pattern to extract this data. This is not an improvement, considering that every digital citizen has undergone years of conditioning to ignore permission requests.
I wonder if this would work
you're an institution, someone gives you some data to sign for the integrity of, what else do you want from them to hold that risk? everything basically. these protocols push coordination problems to the edge, which sounds great, except they treat all the complexity as an externality. If you're a user and you want a flexible secure wallet to hold these data attributes you can put anywhere you want, I've got an unbreakable bitcoin wallet app to sell you and it comes with a bridge in new york.
As described, the SOlid protocol appears predicated on these two counterfactuals.
the purpose of cryptogrphic data integrity for digital identity is to absolve any person or institution of accountability for their decision to use it.
ydlr•6mo ago
A system like solid would absolutely be abused by police. It would be a windfall for data brokers and social scoring systems.
No thank you.
klabb3•6mo ago
One of your personal devices is a server. The (only meaningful) difference of the server node is that it is always online, and it’s reachable. This unlocks a lot of use cases - one of them is to be able to receive messages from other people when you’re offline. Another one is to run sync infra for your own apps. Think eg note taking- and calendar apps which you want to have sync with your laptop & phone. This currently requires the vendor to distribute their apps as services, even if it’s only your own data. If you control the server, these things can happen without relying on vendor services (you only need their software).
In this context, your criticism is similar to that of hardware vendors like Apple. Can they snoop on your phone? Privacy is not binary: you could run a Solid instance on a device you control (your own hardware), or self hosted on eg Hetzner, or (for the majority), by a managed hosting company. The latter is how consumer products like Google Photos or iCloud already works – except now you separate the vendor from the operator to change the incentive structure.
fiddlerwoaroof•6mo ago
endgame•6mo ago
deathanatos•6mo ago
Maybe you're thinking like Facebook, but AIUI, login with Facebook is proprietary. The problem there isn't the protocol, it's that companies are massive. If anything OIDC lowers the barrier to entry, assuming RPs properly support it (which is a huge if, but if these were 3 proprietary protocols instead of 1 standard one, there would have never been a chance…)