The World Wide Web is at a crossroads.
For all the benefits it has brought society over the past three decades—faster and easier communication, instant knowledge access, a seemingly inexhaustible marketplace of goods and services—the Web has also morphed into an “engine of inequity and division,” according to its inventor, Tim Berners-Lee (pictured above). In order to use “free” apps and Web services from the likes of Facebook (NASDAQ: [[ticker:FB]]) and Google (NASDAQ: [[ticker:GOOGL]]), people are required to share personal data that gets used by brands and companies to try and sell them stuff. That online contract has eroded personal privacy and contributed to data breaches. Meanwhile, powerful outside forces (such as Russia) have reportedly used social media networks and other Web tools to sow political and social discord.
Now, Berners-Lee is stepping up his efforts to shift the balance of power on the Web toward individual users, giving them more control over their data and privacy. To achieve this, the MIT professor has been working for the past few years on an open-source software project called Solid, alongside other developers at MIT and elsewhere. Last month, Berners-Lee announced that he has taken a sabbatical from MIT and reduced his involvement with the World Wide Web Consortium in order to spend more time on Inrupt, a Boston-area startup he co-founded to help build the applications, services, support tools, and other infrastructure needed to enable individuals and businesses to use Solid.
Berners-Lee serves as Inrupt’s chief technology officer, working alongside co-founder and CEO John Bruce, a fellow U.K. native who previously led cybersecurity firm Resilient Systems, which was acquired by IBM (NYSE: [[ticker:IBM]]) in 2016.
The pair founded Inrupt 10 months ago and raised an undisclosed amount of venture funding—“in the millions” of dollars is all Bruce would say—from Boston-based Glasswing Ventures and unnamed wealthy individuals. (Side note: Inrupt stands for “innovative disruption,” Bruce says. He says Berners-Lee already had the name in mind when they started talking about forming the startup. “Also, we could get the dot-com [address], so that helps,” Bruce adds.)
While Berners-Lee recently told Vanity Fair he thinks the Web, in many ways, has “failed instead of served humanity,” Bruce doesn’t frame the problem that dramatically.
“I don’t think the Web is broken,” Bruce says in a phone interview. “It’s just the use it’s being put to that we think is inappropriate. We definitely believe … we can right the ship.”
The approach has potential, according to several tech experts Xconomy contacted, who are not involved with Inrupt. But the effort faces enormous hurdles in trying to win widespread adoption, ensure data security, and take on powerful tech companies. (More on this in a minute.)
The crux of the idea behind Solid is that people would have more control over where their data gets stored and who or what can access and use their personal information. Users would house all of their data—photos, calendar entries, addresses and phone numbers, music files, how many miles they ran after dinner last night, and so on—in “personal online data stores,” or “PODs.” People could create and manage as many PODs as they want, which would be maintained on Web servers running Solid software. The servers could be located in a home or office, or run remotely by someone else, such as Inrupt or a member of Solid’s developer community.
Users would be able to grant apps permission to access select data, and the system’s design would make it easier to sync information between apps, Inrupt says. People could also share photos and comment on others’ photos, but they would keep more control over the process than with the current setup of Facebook and other social media.
“It’s a big undertaking to basically drive away the silos and the lack of control that consumers and enterprises have around data—and create value around it,” says Rudina Seseri, Glasswing Ventures’ co-founder and managing partner.
Some of Solid’s core concepts aren’t new. For example, Dries Buytaert, the creator of open-source Web publishing system Drupal and co-founder and CTO of Acquia, has proposed the creation of a “personal information broker” that would function in similar ways to Solid PODs. There are also startups such as Datawallet that enable individuals to store personal data in one online repository, control access to it, and get paid to share it with businesses.
At the same time, the idea of Web “decentralization” that Inrupt and Solid developers aim to achieve is being pushed by a number of computer scientists and other tech leaders. Blockchain technology is seen as one potential avenue to decentralizing many functions of the Internet. Bruce says Solid isn’t built on blockchain software, but it can interact with and use blockchains “where it makes sense.” Efforts to combine the two technologies are underway, he adds.
Instead, the Solid system is built on standard Web tools, including HTTP and HTML protocols. One of Solid’s core principles is that every piece of data is stored on the Web with a unique HTTP URL address. For example, a photo stored in my POD would have its own URL; a friend’s comment about that photo would be stored in his or her POD, and would have its own URL; and the action of commenting on my photo would have its own URL that links the photo with the comment.
Inrupt pitches Solid not only as a path to increased agency for individuals on the Web, but also as a way to enable apps to work together more seamlessly. Today’s apps receive only a “sliver” of a person’s data, and therefore can only deliver a narrow service, Bruce says. If each app in Solid’s ecosystem were given access to a broader set of personal data, that could result in new and more powerful tools and services, he argues. But it’s still too early to say exactly what they’ll look like.
Data security will be critical, says Bob Ackerman, founder and managing director of AllegisCyber, a bicoastal venture capital firm that backs startups in cybersecurity, data science, and connected devices. Ackerman has reviewed Solid’s and Inrupt’s background materials online, and he thinks it’s smart to store personal data in separate repositories, rather than keeping all users’ data in one online vault. Distributing data reduces the risk of a massive hack, such as last year’s Equifax breach, he says. “That said, those PODs better be bulletproof, or they could be compromised en masse with automated attacks,” Ackerman says in an e-mail message.
Bruce says some of Solid’s initial security controls include encrypting data while it’s being transferred, encrypting passwords, and never transmitting passwords outside of personal devices.
The bigger issue for Inrupt might be “implementation,” Ackerman says. He thinks the startup might get a boost from regulations such as Europe’s GDPR, which is forcing companies to rethink how they handle individuals’ data. But even if the timing is right for Inrupt and the technology works as well as advertised, will it be compelling enough to convince people to make the switch from Facebook, Google, and other apps and Web services they’re accustomed to using?
Inrupt “imagines an organic restructuring of the Internet and personal data storage to ensure data security,” Ackerman says. “The key question is how do you get to the critical mass necessary to open a market for applications?”
Acquia’s Buytaert, who met with the Inrupt team last week, sees that as a big challenge for Inrupt, too. In a blog post, he wrote that Inrupt will also have to