views:

222

answers:

9

At the moment it seems that most webapps store their user-data centrally.

I would like to see a movement towards giving the user total access and ownership of their own personal information and data; ultimately allowing the user to choose where their data is stored.

As an example - with an application like facebook, the user's profile data could exist on any device that they own (e.g. their mobile phone) ... facebook would then request the data from the user, and make use of it.

Does anyone see this idea becoming a reality? Is it a ridiculous idea?

CLARIFICATION:

The information would at least need to be cache-able. The motivation behind the idea was to give the user more control over their own data - the user is self-publishing an authoritative version of what they are happy for the world to see.

I'm imagining a future which is largely dictated by choices which are made now. Perhaps physical location of the data isn't actually important - and is more a symbolic gesture... but I think that decoupling the relationship between our information and the companies that make use of it could be a positive thing.

But perhaps, the details do need a bit more work ;)

+1  A: 

What's with performance? Imagine you want to search for data that is located on hundreds of mobile phones or private distributed systems.

danimajo
A: 

There are quite a few conceptual problem with what you are suggesting.

Firstly, everytime you reconnected to the system, you would need to upload your personal information back into the system so that it could interact with you. This adds quite an overhead to the signin/handshake/auth with the remote system.

Secondly, alot of online systems (particularly online communities) rely on you leaving an online profile of yourself so that other users can interact with you (via your profile) when you yourself are offline. This data would have to be kept somewhere central.

At the very least, the online system would need a very basic profile to represent you, so that you could login & authenticate against... which sounds like a contradiction to what you are suggesting.

Eoin Campbell
The information would at least need to be cache-able. The motivation behind the idea was to give the user more control over their data, in a similar way to desktop applications. Perhaps physical location of the data isn't actually important - and is more a symbolic gesture... ie. not so useful ;)
codeinthehole
A: 

Performance would suffer should the user have physical possession of the data; e.g., thumb drive, local drive. However, if a "padded cell" solution were possible where the user has complete rights to a vault that the application could reach quickly, then there might be a possibility.

This really isn't a technology solution, rather one of corporate policy. Facebook could easily craft a policy that states that your records are yours, just like a bank should. They just don't. For that matter, many other institutions who are supposed to guard our personal information - our property if I can evoke John Locke - but fail miserably. If they reviewed their practices for violation of policy and were honest, you could trust. Unfortunately this just doesn't happen.

The IRS, Homeland Security and other agencies will always require that an institution yield access to assets. In the current climate I can't see how it would be allowed for individuals to remain in physical possession of electronic records that a bank or institution would use online.

Don't misinterrpret me - I think your idea is a good one to pursue, but it's more of a corporate policy issue than a technical solution.

David Robbins
I think you're right - it is more of a corporate policy idea... I suppose their are two sides to information access; privacy and transparency. Unfortunately it often seems that corporations are at an advantage when it comes to calling the shots; ie. we have less privacy while they can remain opaque
codeinthehole
A: 

You need to clarify what you mean by ownership. Are you trying to ensure that the data is only stored on your own devices? As others have pointed out, this will make building social networks impossible. You would disappear from Facebook when you weren't connected to it, for example.

Or are you trying to ensure that a single authoritative copy exists and that services defer to it? This might be more possible, and would require essentially synching the master copy on your cell phone with the server when possible.

Or are you trying to ensure that you can edit/delete your account at any time? Most sites already work like this.

Ned Batchelder
A: 

The user still wouldn't be sure they 'own' their data, simply because they'd have to upload it every time they connect, and the company it's being sent to could still do whatever it wants with it. It could just not display your profile when you're not online, but still keep a copy of it somewhere.

Claudiu
+1  A: 

what your describing is simulator to a combination of OpenID Attribute Exchange, Portable Contacts and OpenSocial. Having one repository of user data that every other provider would feed off. Its nice for a user but I would not go so far as to tie it to a specific device. Rather a federated identity that you control from one vendor's website/application.

Aaron Fischer
Thanks for the links - I haven't heard of these projects
codeinthehole
A: 

Please read Architecture Astronauts.

Michael Pryor
If I understand your point correctly, you're saying that technology is often the tail that wags the dog, and to a certain extent I agree. But I also feel that as long as there's more than one way of doing something - it's worth discussing possibilities.
codeinthehole
In the blog post - the point is made that users don't actually require the tech that's being peddled... I think that most computer users are blissfully unaware of how their own use of technology affects their liberties, which perhaps makes waiting for the consumer to demand protection unrealistic?
codeinthehole
My point was just to say that you're trying to solve a problem that people don't have by creating an "architecture" for sharing profile info.
Michael Pryor
+1  A: 

I am with you on this one.

And I think the key technology might be RDF. Since protocols such as F.O.A.F. are already used in these social applications, it is a small step from $Facebook storing your RDF Graph, to you storing it yourself, and saying: This is me, these are my friends, or anything else you might want someone to know.

This approach might be globalised to other personal information you might ened an authorised party to know, like Health Records.

Ali A
A: 

Total access, ownership and location choices of personal information and data is an interesting goal but your example illustrates some fundamental architecture issues.

For example, Facebook is effectively a publishing mechanism. Anything you put on a public profile has essentially left the realm of information that you can reasonably expect to keep private. As a result, let's assume that public forums are outside the scope of your idea.

Within the realm of things that you can expect to keep private, I'm a big fan of encryption combined with physical and network security balanced against the need for performance. You use the mobile phone as an example. In that case, you almost certainly have at least three problems:

  1. What encryption is used on the phone? Any?
  2. Physical security risk is quite high - have you ever had an expensive portable electronic device stolen? There seems to be quite the stolen phone market out there....
  3. The phone becomes a network hotspot - every service that needs your information would need to make an individual connection to your phone before it could satisfy a request. Your phone needs to be on, you need to have a sufficiently fat data pipeline, etc.

If you flip your idea around, however, it becomes clear that any organization that does require persistent storage of your sensitive private information (aka SPI) should meet some fundamental (and audit-able) requirements:

  1. Demonstrated need to persist the information: many web services already ask "should I remember you?" or "do you want to create an account?" I think the default answer should always be "NO" unless I say otherwise explicitly.
  2. No resale or sharing of SPI. If I didn't tell my bank or my bookstore that they can share my demographic information, they shouldn't be able to. Admittedly, my phone number and address are in the book, so I can't expect that I'll stay off of every mailing list but this would at least make things less convenient for the telemarketers.
  3. Encryption all the time. My SPI should never be stored in the clear.
  4. Physical security all the time. My SPI should never be on a laptop drive.

Given all of the above, it would be possible for you to partially achieve the goal of controlling the dissemination of your SPI. It wouldn't be perfect. The moment you type anything in, there is immediately a non-zero risk that someone somewhere has somehow figured out to monitor or capture it. Even so, you would have some control of where your information goes, some belief that it would only go where you tell it to go and that the probability of it being stolen is somewhat reduced.

Admittedly, that's a lot of weasel words in a row....

Bob Cross