Would potentially be useful if you could take advantage of this _after_ you've been excommunicated from a service for whatever unknowable violation you committed.
Presumably, compliance with this standard would enable the "here's your shit" part of "here's your shit, now get out." for your "excommunication".
That's what Coinbase does.
Not quite. If you never gave them ID back in the day, you canât get out any more.
That should be in the digital bill of rights.
I'm curious... has anyone drafted a digital bill of rights? If not, maybe someone should in order to get the ball rolling.
I've wanted one for the better part of a decade. It would be great to have something like the first-sale doctrine for digital goods, some method of eliminating phone-home DRM when a business shuts down or service is discontinued, etc.
It's in the GDPR - right to data portability (and associated sections). I guess that's as close to a data bill of rights as we have right now.
Some EU states have said that internet access is a human right, which is not the same thing, but it's a step in the right direction and should be on any digital bill of rights.
GDPR, as a side effect, entitles users to get a copy or their data after a ban, as long as the service has not already deleted the data.
But it could be a pdf?
GDPR says it must be machine readable:
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided
And just below this article is currently another saying how companies donât really give a proper damn about GDPR.
Would you be able to trust GDPR to actually return âusefulâ data?
If curious, past threads:
Data-Transfer-Project - https://news.ycombinator.com/item?id=23887000 - July 2020 (27 comments)
An open source platform promoting universal data portability - https://news.ycombinator.com/item?id=17596146 - July 2018 (10 comments)
The Data Transfer Project - https://news.ycombinator.com/item?id=17580502 - July 2018 (47 comments)
The Data Transfer Project - https://news.ycombinator.com/item?id=17574707 - July 2018 (50 comments)
Others?
Not sure if there are others, but thanks for this.
For me, it is difficult to pin down what exactly this type of thing should be.
Is it purely for data migration? ie: I am closing my facebook account and want to extract an archive copy of all my contacts, posts, uploads, etc
Is it better to function as a direct transfer? How could it possibly make sense to transfer my old hackernews comments to my new facebook account?
The more I think about it, the more I just come back to email. Not necessarily the specific implementations, just the high level design: From any domain, I should be able to send a direct message to a contact in any domain. They should be able to view any basic[0] content I post (text, images, calendar) and respond in kind with basic content regardless of the domain either of us use.
I'm not sure that fully-federated-everything is the best answer and I would expect most reasonable implementations to include "Sign in at facebook.com for the best experience" or whatever.
I can't personally imagine the ideal system yet but I assume it must be somewhere in the unmapped middle ground between Facebook/Twitter/Apple silos and thousands of impossible-to-trust sloppily-federated micro-domains hosted by random individuals.
Edit: As an aside, the issue of authentication seems critically important with no clear designs that would provide a secure and usable solution. Though, the issue of account name squatters does already exist, it is relatively manageable with so few domains and no inter-operability between domains.
[0] This concept of "basic" data seems to be more-or-less captured by the "verticals" described here https://datatransferproject.dev/documentation
On authentication - or rather, authorization, it's usually not relevant to establish identity ass opposed to access rights - I strongly feel this should build upon cryptographic decentralized identifiers - on registration, send the service a signed number of your choice.
You can now sign in on future visits by signing messages with the same key. No e-mail or phone number needed (but can still be requested by the service, of course).
We're kind of seeing this by a second-order effect in the Ethereum dapp space, where you need this functionality to interact with the blockchain etc. Every user has some form ow Web3-compatible software, most commonly Metemask browser extension. I think it's an interesting ground where this could start spreading - the key infrastructure etc are already in place!
(And in case anyone gets confused, it can be used perfectly fine without actually transacting to any blockchain or holding any cryptocurrency - it's just normal elliptic curve keys with easy-to-use APIs)
You can talk about authorization alone but only because authentication is necessary to handle authorization and so can be assumed.
send the service a signed number of your choice. You can now sign in on future visits by signing messages with the same key
This part is the authentication.
My extreme opinion is that the post office should run OAuth servers.
Possibly related to Appleâs recently added feature to transfer photos from iCloud to Google Photos: https://news.ycombinator.com/item?id=26344739
Yes, that's exactly what it is. It's Apple's implementation of DTP.
After antitrust action from regulators and lawmakers from EU and the US seems inevitable, the contributors to the Data Transfer Project now, suddenly, believe portability and interoperability are central to innovation.
Well yes, that's how it works.
Laws create incentives and businesses respond rationally.
I'm personally glad it works.
Businesses are supposed to make money and lawmakers are supposed to set the rules of the playing field to benefit consumers. It's a good combination.
Exactly. This where I disagree with the left camp when they paint corporations as evil. No, big companies are not inherently evil. They played by the rules that, you, in congress laid out. It is foolish to expect a profit driven entity to do things out of the goodness of their heart when their competitors are utilizing the rules available to them. It like saying a football team is evil because they are physically tackling their opponents.
I think most people see acting entirely and solely in the pursuit of maximizing profits as evil and they use "corporations are evil" as a shorthand for that.
That evil behaviour from corporations is largely due to the focus on maximizing shareholder value to the exclusion of all else. That's a fairly recent way of running a business that came about around 1970, primarily from Milton Friedman.
I think most people expect a company to work towards healthy profits, while also taking into account all stakeholders, not just shareholders, their business interacts with.
You're right in the sense that the rules are the way they are, so corporations act within those rules. However, those rules were largely put in place to make it easier to pursue the maximization of profits and were pushed by corporate lobbying.
So, if an entity wants to act in an evil way, but is constrained by rules, then gets those rules changed so it can act evilly with impunity, surely that entity should be seen as evil?
The âleftâ made laws, then the ârightâ weakened them and stopped enforcing them. Corporations are not even playing by the laws on the books now, especially the antitrust laws. Whatâs missing is the will to hold companies accountable for breaking the laws that are destroying competition.
Both left and right populism personalizes things.
Traditional leftist position is that evil is structural, class etc. People are people. Changing structures fixes problems.
Traditional right position is that structures don't matter, less the better. People are mainly poor because they are lazy. Corporations are evil because they have bad people in them. Remove those people and you fix things.
> No, big companies are not inherently evil.
No they aren't. They are mostly amoral. Meaning they aren't inherently moral or immoral. They just act in accordance with their main directive which is to make the largest possible profit while keeping with the letter of the law (mostly).
However, what the left emphasizes and the right often forgets is that they (corporations) aren't just reacting to pressures from the competitors, the public and the law makers. They also exert enormous pressure in all these spheres in the direction that benefits them. Not too rarely to the detriment of the public at large. That's when they can and do sometimes turn evil.
The US took very long pause from this principle.
It all started with Robert Bork and his book The Antitrust Paradox https://en.wikipedia.org/wiki/The_Antitrust_Paradox
Google and Twitter have been offering data exports for ages though, but importing that data into different products often required either purchasing shitty propriety software or using scripts that were hacked together and abandoned on someone's GitHub. Don't know if there's something similar for Microsoft and Apple though, but in the end this is just a standardized API on top of already existing APIs and no one involved had to reinvent the wheel here.
I'd be surprised if this wasn't a widely requested feature that all involved companies have been ignoring in their backlogs for too long and now they've accelerated this, got management approval and finally managed to get a couple of senior engineers together because of impending legislation that might force their hand.
>or using scripts that were hacked together and abandoned on someone's GitHub.
I think you meant to say 'thankfully provided by their benevolent creators for my benefit'.
Obviously, yeah, that's actually something I should have added. It just isn't a solution for most people who want to switch from X to Z. But of course it's awesome of everyone scripting and reversing these things, which takes a lot of time. They definitely deserve praise and/or at least a coffee.
An alternative would be to self-host with something like sandstorm.io, and granting temporary permission to cloud providers to access some of the data, on a per-grain basis.
I have no idea how the economics would work with this.
FYI, talked about 3-years ago here: https://news.ycombinator.com/item?id=17574707
Nice to see it's finally landing.
Can someone please eli5 how this relates to Solid [0]? Is it an alternative? Completely unrelated? Would they work together -- and if, how?
In Solid the primary copy of your data lives in a neutral server and multiple apps can access it. In theory, since Solid isn't really deployed and major apps will never be willing to adopt it.
With data portability you can export data from one app and import it into another but there's no ongoing sync.
Neutral server ends up as a reconciliation engine for eventual consistency if unable to gain enough traction to be the source of truth.
solid is dumb. and something that only makes sense for a comp sci from the 60s. everyone else who reads the project in simple english will see how dumb it is today.
in simple english: It is the dream project of whoever come up with cookies. basically cookies as first party data that you can download, upload, shared. All while having either the trouble of hosting a lot of infrastructure (just like the creators of email protocol thought everyone would do, ha!) or relaying all that info to a 3rd party like google or facebook. The nightmare scenario to everyone saying 3rd party cookies are bad.
Get a daily email with the the top stories from Hacker News. No spam, unsubscribe at any time.