frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Solid protocol restores digital agency

https://www.schneier.com/blog/archives/2025/07/how-solid-protocol-restores-digital-agency.html
35•speckx•3d ago

Comments

ydlr•3d ago
I really don't get why I would want this. I like that the data that brokers have is fragmented, inconsistent, and out of date. That is the only thing preserving even a tiny bit of privacy.

A system like solid would absolutely be abused by police. It would be a windfall for data brokers and social scoring systems.

No thank you.

klabb3•3d ago
I don’t know the details about Solid, but I think one interpretation is:

One of your personal devices is a server. The (only meaningful) difference of the server node is that it is always online, and it’s reachable. This unlocks a lot of use cases - one of them is to be able to receive messages from other people when you’re offline. Another one is to run sync infra for your own apps. Think eg note taking- and calendar apps which you want to have sync with your laptop & phone. This currently requires the vendor to distribute their apps as services, even if it’s only your own data. If you control the server, these things can happen without relying on vendor services (you only need their software).

In this context, your criticism is similar to that of hardware vendors like Apple. Can they snoop on your phone? Privacy is not binary: you could run a Solid instance on a device you control (your own hardware), or self hosted on eg Hetzner, or (for the majority), by a managed hosting company. The latter is how consumer products like Google Photos or iCloud already works – except now you separate the vendor from the operator to change the incentive structure.

fiddlerwoaroof•5h ago
Well, as I remember, the thing about solid is it’s a protocol. So, if you don’t trust one vendor, you can trust another vendor or implementation without losing interoperability. So it goes the opposite direction of consolidation because it allows arbitrary storage services to be used transparently by arbitrary services in a secure fashion.
endgame•4h ago
They said that about OpenID and now you have the choice of ~three bigtech ID providers.
deathanatos•3h ago
…Google, …and? Who are the other two?

Maybe you're thinking like Facebook, but AIUI, login with Facebook is proprietary. The problem there isn't the protocol, it's that companies are massive. If anything OIDC lowers the barrier to entry, assuming RPs properly support it (which is a huge if, but if these were 3 proprietary protocols instead of 1 standard one, there would have never been a chance…)

benreesman•5h ago
It's nice when a technical solution exists for a people problem, but as much respect as I have for both Sir Berners-Lee and Schneier, I don't think this is one of those instances.

The rights of individuals come into conflict with the interests powerful organizations precisely at the points in which the great documents deem it necessary to enumerate them as rights: this is by construction.

Whether you are reading the Bill of Rights or the Universal Declaration of Human Rights (or in a sense, the Magna Carts) the themes are around personal sovereignty, presumption of innocence, ownership and disposal of property, freedom from surveillance and coercion and other abuses of power. This is because absent such norms and their enforcement by principled leaders, the powerful in general find it in their interests to infringe the rights of the less powerful.

We are at such a moment today: the consolidation of power in the hands of unaccountable organizations and the capture of institutions by the unprincipled has met an explosion of activity and possibility in the digital realm, but it is not unique to it.

This is usually solved by violence, sometimes blessedly by negotiation, but it is always solved: once the wishes of ever smaller in number choke out the hope and dignity of the ever larger in number to sufficient degree: change happens as surely as winter turns to spring.

refulgentis•5h ago
This really captures something important about how power operates across different eras you're drawing from some heavy hitting historical precedents.

I'm curious about the full sweep of political philosophy (Magna Carta through UDHR), it feels like it has something to inform us about people problems vs. technical problems.

That final image about seasons changing is quite evocative, really drives home the cyclical nature of these power struggles. A technical standard cannot prevent blood shorn for man's freedom.

benreesman•2h ago
Very kind of you to say, though I can't take credit for any of the ideas: they're all a lot older than I am.

Important to keep them in circulation in my view.

crabmusket•54m ago
Sincerely, I do not think blood is ever shorn?
rockskon•2h ago
So your response is....

Schneier's solution is bad and violent revolution is most likely the answer?

It's difficult to really parse your reply.

bawolff•47m ago
My reading of their comment: A piece of paper (or bit in a computer) means nothing if the person who wants to take your property puts a gun in your face.

I think this is a problem with most blockchain solutions. They purport to replace existing societal controls, but depend on them to actual enforce anything. So you are left in the situation where either traditional solutions work so why bother with a blockchain, or traditional solutions aren't working, in which case the blockchain isn't worth the imaginary paper its written on. Either way, the blockchain solution is worthless.

Edit: i commented before i rtfa. Shameful i know. Appearently this is not a blockchain thing. I still think most of my comment applies.

keysdev•3m ago
The idea using technology to solve a political issue has never gone well in the long run. Look at the nuclear proliferation issues.

It doesnt have to be violent, can also just be civil disobedience Gandi style and/or create parallel system as the parent article is recommending.

FrancoisBosun•5h ago
In the article, it is mentioned that « we can grant temporary access to cardiac-related data » (paraphrased). This is where it gets difficult: how am I to know that some data is cardiac-related or not? Is it important to share my thyroid levels or not? This is a very difficult problem. I wouldn’t know what to share for medical history.
vintermann•2h ago
The requester would know what to request.
febusravenga•1h ago
And he would request all you have... like many apps do today ( in case of permissions)... and refuse to provide service if not given all.
vintermann•54m ago
We have laws regulating what personal information you are allowed to ask for, and what you're allowed to do with it. These laws have teeth too, at least in the EU.

Passively snooping on health info you have no business looking on gets health personnel sanctioned regularly in the present system. It would be even more risky if they actively had to ask for the information they didn't need.

Of course, for medical information there often has to be emergency overrides because you might need immediate help and you (or your designated trusted person) might not be accessible and capable of giving active consent.

QuaidCarloB•3h ago
@"nutrition data" Could be done with grocery purchases specific receipt, might need to co-ordinate with visa or another point of purchase service (and the store's grocery list data which may vary) to do so. etc
deathanatos•3h ago
Let's take this as a specific example of the general complaint lodged:

> Let’s take healthcare as an example. The current system forces patients to spread pieces of their medical history across countless proprietary databases controlled by insurance companies, hospital networks, and electronic health record vendors.

If by "system", you mean the available technical standards, they in no way force that. If by "system" you mean capitalism … then perhaps, but an additional technical standard is not going to fix that. People build systems the way they build them because of barriers such as the unwillingness of other players to share data, the lack of technical knowledge of those implementing the systems, and the technical but-non-standards-related barriers of having disparate entities sharing infrastructure (e.g., what if someone sends too much load, if the system housing the data is down, etc.).

> Patients frustratingly become a patchwork rather than a person, because they often can’t access their own complete medical history, let alone correct mistakes.

(IANAL.) This is one of those problems already solved de jure, but not de facto. By law, you have the right to access your own medical history, and with minor caveats, the right to correct mistakes in your data; not being able either of those is a violation of HIPAA.

Enforce the regulation, is what I'd say would be needed in that specific case, but good luck with that, of course. But that's the problem: even if Solid were amazing, did everything you ever wanted, what would cause industry to ever adopt it?

There's also HITECH, but it's vaguer, AIUI.

(HIPAA is about the only federal privacy law we've got; outside of that, I agree more firmly. Esp. the right to correct mistakes in other industries is practically non-existent. The end result of the argument above is still the same, though.)

I agree w/ Schneier, people need better control over their data. But I think that's a regulatory/legal problem, not a technical one. And that is the problem: the Dems are, at best, weak on privacy law and consumer protections, and the GOP is outright against it; worse, rulings like the striking of Chevron Deference are going to make enforcing existing laws hard enough.

Enough AI copilots, we need AI HUDs

https://www.geoffreylitt.com/2025/07/27/enough-ai-copilots-we-need-ai-huds
389•walterbell•9h ago•116 comments

The ultimate meeting culture

https://abitmighty.com/posts/the-ultimate-meeting-culture
8•todsacerdoti•41m ago•1 comments

Performance and telemetry analysis of Trae IDE, ByteDance's VSCode fork

https://github.com/segmentationf4u1t/trae_telemetry_research
824•segfault22•14h ago•298 comments

Big agriculture mislead the public about the benefits of biofuels

https://lithub.com/how-big-agriculture-mislead-the-public-about-the-benefits-of-biofuels/
112•littlexsparkee•6h ago•83 comments

SIMD Within a Register: How I Doubled Hash Table Lookup Performance

https://maltsev.space/blog/012-simd-within-a-register-how-i-doubled-hash-table-lookup-performance
23•axeluser•2h ago•0 comments

Dumb Pipe

https://www.dumbpipe.dev/
712•udev4096•17h ago•164 comments

How I fixed my blog's performance issues by writing a new Jekyll plugin

https://arclight.run/how-i-fixed-my-blogs-performance-issues-by-writing-a-new-jekyll-plugin-jekyll-skyhook/
23•arclight_•3d ago•5 comments

Blender: Beyond Mouse and Keyboard

https://code.blender.org/2025/07/beyond-mouse-keyboard/
139•dagmx•3d ago•40 comments

Multiplex: Command-Line Process Mutliplexer

https://github.com/sebastien/multiplex
15•todsacerdoti•2h ago•1 comments

I hacked my washing machine

https://nexy.blog/2025/07/27/how-i-hacked-my-washing-machine/
217•JadedBlueEyes•11h ago•98 comments

Software Development at 800 Words per Minute

https://neurrone.com/posts/software-development-at-800-wpm/
55•ClawsOnPaws•3d ago•12 comments

Making Postgres slower

https://byteofdev.com/posts/making-postgres-slow/
248•AsyncBanana•10h ago•26 comments

EU age verification app to ban any Android system not licensed by Google

https://www.reddit.com/r/degoogle/s/YxmPgFes8a
631•cft•9h ago•316 comments

LLM Embeddings Explained: A Visual and Intuitive Guide

https://huggingface.co/spaces/hesamation/primer-llm-embedding
4•eric-burel•1h ago•0 comments

Claude Code Router

https://github.com/musistudio/claude-code-router
64•y1n0•7h ago•10 comments

ZUSE – The Modern IRC Chat for the Terminal Made in Go/Bubbletea

https://github.com/babycommando/zuse
57•babycommando•9h ago•28 comments

Solid protocol restores digital agency

https://www.schneier.com/blog/archives/2025/07/how-solid-protocol-restores-digital-agency.html
36•speckx•3d ago•18 comments

Formal specs as sets of behaviors

https://surfingcomplexity.blog/2025/07/26/formal-specs-as-sets-of-behaviors/
24•gm678•19h ago•3 comments

Ask HN: What are you working on? (July 2025)

173•david927•14h ago•514 comments

Why I write recursive descent parsers, despite their issues (2020)

https://utcc.utoronto.ca/~cks/space/blog/programming/WhyRDParsersForMe
69•blobcode•4d ago•31 comments

The JJ VCS workshop: A zero-to-hero speedrun

https://github.com/jkoppel/jj-workshop
124•todsacerdoti•19h ago•12 comments

VPN use surges in UK as new online safety rules kick in

https://www.ft.com/content/356674b0-9f1d-4f95-b1d5-f27570379a9b
135•mmarian•5h ago•97 comments

“Tivoization” and your right to install under Copyleft and GPL (2021)

https://sfconservancy.org/blog/2021/jul/23/tivoization-and-the-gpl-right-to-install/
44•pabs3•3h ago•1 comments

IBM Keyboard Patents

https://sharktastica.co.uk/topics/patents
63•tart-lemonade•11h ago•4 comments

Digitising CDs (a.k.a. using your phone as an image scanner)

https://www.hadess.net/2025/07/digitising-cds-aka-using-your-phone-as.html
7•JNRowe•3h ago•0 comments

Fourble turns lists of MP3 files hosted anywhere into podcasts

https://fourble.co.uk/podcasts
5•42lux•3d ago•0 comments

Designing a flatpack bed

https://kevinlynagh.com/newsletter/2025_07_flatpack/
42•todsacerdoti•9h ago•14 comments

Bits 0x02: switching to orion as a browser

https://andinfinity.eu/post/2025-07-24-bits-0x02/
49•fside•2d ago•11 comments

How big can I print my image?

https://maurycyz.com/misc/printing/
16•LorenDB•3d ago•4 comments

Tom Lehrer has died

https://www.nytimes.com/2025/07/27/arts/music/tom-lehrer-dead.html
540•detaro•14h ago•96 comments