Data Privacy Gets Solid Upgrade With Early Adopters

  /     /     /  
Publicated : 23/11/2024   Category : security


Data Privacy Gets Solid Upgrade With Early Adopters


The United Kingdom and the regional government of Flanders kick off four pilots of the Solid data-privacy technology from World Wide Web inventor Tim Berners-Lee, which gives users more control of their data.



Solid, a technology aimed at redesigning the way users data on the Web is accessed and giving users more control of their privacy, passed another hurdle on Nov. 9 when four organizations announced pilot projects with startup infrastructure provider Inrupt.
Designed by Tim Berners-Lee — the inventor of the World Wide Web — and Massachusetts Institute of Technology, Solid is an open standard that gives users the ability to share their data with websites and companies while retaining control of who can access the information. Based on encryption and granular access controls, Solid allows users to grant or revoke access at any time to the information stored in its data structures, known as personal online data storage or pods.
On Monday, the United Kingdoms British Broadcasting Corporation (BBC), the National Health Service, and UK-based financial house NatWest, as well as the Belgiums regional government of Flanders, all announced pilot projects in conjunction with Inrupt, the company said. Berners-Lee and John Bruce, a veteran of the cybersecurity industry and CEO of the firm, founded Inrupt in 2018.
Until now, we havent had much to say to people, except watch this space, Bruce says. We now have an enterprise-grade version of what the open source community has been working on.
The Solid project aims to turns the diaspora of data spread out among proprietary Internet services into a more reliable and reusable — but still distributed — semantic web of linked data controlled by users. An application that needs access to a users address will be able to access their pod — given prior permission — at any time. For the user, the pod represents their authoritative source of data: If the users address changes, for example, that person only has to change the data in one place.
For companies, Solid promises to reduce their risk of violating privacy regulations because of breaches that steal sensitive user data by minimizing the data that is in their custody and, thus, part of their responsibility. Companies get the most recent data, and with less worry about leaking the data, but only for as long as the user allows them access, says Bruce Schneier, noted encryption expert and chief security architect for Inrupt.
The basic idea is that your data is in your pod, under your control, he says. If you want to do something, for example, that mirrors the data from your fridge with the data from your Fitbit, both of those datasets are both under your control, not under the control of the refrigerator manufacturer and of Fitbit.
While giving up data may be a hard to sell to data-centric companies like Facebook — whom Schneier and others have called out for
treating people like products and not customers
— competitors to Facebook may embrace the technology to gain users, he says.
Berners-Lee
has called out
the current ecosystem of the Web for allowing deliberate malicious actions, creating perverse incentives that sacrifice its value to the user, and for giving rise to unintended consequences. To partly fix the problem, he worked with MIT to create a distributed data system that included user-controlled access policies. The Solid project
took off in 2015
, when a $1 million donation from Mastercard funded the research effort at MIT. 
The specification for Solid is open, and a version of the project is
hosted on GitHub
. Solid uses vocabularies — definitions of data that can be standardized so that applications know how to access specific types of data relevant to the application. The developer website
describes
a number of vocabularies for talking about specific types of data, from social interactions to licenses, and from online meetings to events.
One of the core ideas behind solid is to make data independent from applications, so that one can be in control of his/her own data and share it with the apps of his/her choice,
according to the Solid developer site
. For this to be possible, the same piece of data must be understood consistently from one app to another.
The promise of the Solid specification can be seen in the pilots announced on Nov. 9. The UK National Health Service will use Solid pods as a user-accessible medical record that can be a central location doctors, in-home nurses, and caretakers to keep details about medical treatment. The BBC intends to create a content-recommendation engine that could allow third parties to access user data, with the users permission; NatWest will create an app that allows users to cache important data, such as address or current employer, which will allow customers to create a single authoritative source of information about themselves that they control.
The government of Flanders, the northern part of Belgium, aims to go big with its adoption. The government will give every citizen a pod — or Citizen Profile — using Solid to use as a home for their personal data. The profile will be the authoritative source of up-to-date information on the user.
Inrupt is creating enterprise versions of the server and infrastructure needed for companies to create their own Solid applications. 
I tend to think of this as the Red Hat model, Inrupts Schneier says. There is a public standard, and we have a commercial implementation. There is a public server, and then there is the enterprise-grade server and infrastructure that we are creating.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Data Privacy Gets Solid Upgrade With Early Adopters