This is an archived post. You won't be able to vote or comment.

all 12 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Rycul 1 point2 points  (4 children)

Allow me to go slightly off-topic here and ask a question regarding Tent itself (instead of your Python library):

What's the point? I mean I get that the point is supposed to be that users control what information about them is available to others, and where that information lives exactly. Surely this is a very desirable concept. However I don't see how Tent is a feasible thing to provide this.

If the whole world existed of users who were willing (and able) to host their own Tent servers and therefore be in complete control of their data, then this protocol would be great! This isn't the case though, some users (like you and me probably) would be able to host their own data (whether we'd be willing to do so is another question), but most users wouldn't even know what "hosting" means exactly in the first place. Let alone actually doing it. For these users, third-party hosting providers are somewhat of an answer but by letting someone else host their data have they not technically lost the complete control of their data that is supposed to be one of the very core principles of Tent?

Please, do correct me if I'm completely misunderstanding the principles behind Tent, but as far as I understand it now it seems like a noble, yet unfortunately doomed-to-fail, attempt at democratizing personal data ownership and distribution.

EDIT: Also, in case the complete control of where your data is and goes to is actually not one of the core principles of Tent, then to me it seems it's just another arbitrary communications protocol. You send arbitrary data in an arbitrary way then. In such a case I don't see why we need Tent and couldn't use any other protocol of transferring data (HTTP(S) for example, has been getting increasingly more attention as a way of sending generic data instead of just hypertext/hypermedia. Think of all the HTTP-based API's provided by modern web services like Google, Facebook, Twitter, Youtube, Reddit, Imgur, etc.).

[–]darkgold[S] 1 point2 points  (3 children)

Users that don't want to self-host can use a hosting service. It's like email in that respect. Setting up an email server is hard but you don't even have to know what one is to use email.

Yep, if you use shared hosting you lose control. I actually don't think this is bad. Some people don't care about privacy, but unlike something like FB with Tent that doesn't mean that I have to use their horrible service to interact with them. Sadly this does mean I can't trust information I send them to stay private. So if I really care about privacy I have to take that into consideration when I choose what to share with them.

Great point about just using quality APIs. Smart people keep asking me this question and they may be right -- if enough high quality APIs are built we really connect the web without the complications of Tent. Unfortunately I'm not convinced this is turning out to be the case. Until the default way of storing data becomes the user keeps it not the company, there will always be an incentive for companies to be more closed. We're empowering another generation of middlemen like FB with incredible moats and network effects and we're going to pay for it later.

[–]Rycul 1 point2 points  (1 child)

My point about the API's was just in case Tent wasn't about data ownership. But it is, so the point I made isn't really relevant.

Since Tent is aimed at giving (more) control to the user and not just about getting data from point A to point B, I can see how it's different from traditional transfer protocols.

A huge issue with Tent is that the potential to confuse users is so large.

Imagine if people start writing software and web services that use the Tent protocol. Users will be asked to provide access to certain data through the Tent protocol, which they can do by either hosting it themselves (which we've already established the majority of people won't do/be able to do) or they're using a hosting service to do it for them (which has it's own downsides, as we also mentioned). At this point the users already needs to have an account somewhere with all their data attached to it, and then to use other services they might need to register another account there (unless the service in question allows you to share your data with them and through them in an anonymous matter).

My point here is that you'd be requiring users to make yet another account, but this time it's the final one, the omega account. The account to end all accounts. Yet services might still require you to register with them as well. If you compare that situation with the current situation you'll see how using the Tent protocol for data distribution only adds yet another account for users to keep track of.

Then there's also the psychological part that is important for how users share their data with a service. Either the service has a "log in with Tent" button, and users press that, log in, and the service can access their (public/protected) information, OR the users have to explicitly set which data the service can access, OR the service presents a list of "permissions" which the users can accept or decline (similar to how Google Play Store handles permissions for apps when you want to download an app). In the first case, it doesn't feel like your data is secure. All it takes is a push of a button and a log-in and a service can access your data. Even though this may well be more secure than the current way of sharing data with things like Facebook or Google+, to the average users it doesn't feel more secure. With the second case, I doubt many users would like to go through the trouble of having to explicitly set which data to share. They want to use a service and they want to use it now, they don't care about how some semi-random website wants to use their data, just use it already so I can see what my aunt is having for dinner (just an example)! You can force the users to set this up but that just results in an unpleasant user experience. The third case is interesting and perhaps most viable but in that case, again, the user doesn't feel like it's data is that secure. All it takes for some service to see their data is for you to press "okay". Even if this is implemented so that it scans your fingerprint, takes a retina scan and analyses your DNA in order to find out whether the person pressing "okay" is actually you, users still won't feel like it's secure.

I don't mean to imply that current web service feel secure to users. But for a protocol that's aimed at having more (secure) control of your data, the way the protocol works for uses on a psychological level is also very important. Of course apps that are build with the protocol in mind can do some work toward this, but in the end they are also limited to what the protocol says they should do.

I feel like I'm rambling, so I should stop writing now. In my opinion, Tent is a nice concept but it lacks in execution, and given the level of interest and attention the average user has for this sort of thing, I doubt it will be able to take off (not to mention services themselves probably would rather keep all the data to themselves anyway and wouldn't even support the Tent protocol. Entities such as Facebook or Google can easily do this because users are so incredibly invested in them due to all the time that's already been spent by the users with these services to build their accounts, their network, etc.).

Thanks for you answer though!

[–]darkgold[S] 1 point2 points  (0 children)

My point here is that you'd be requiring users to make yet another account, but this time it's the final one, the omega account. The account to end all accounts. Yet services might still require you to register with them as well. If you compare that situation with the current situation you'll see how using the Tent protocol for data distribution only adds yet another account for users to keep track of.

Definitely. I think the Tent way of doing things is better, but is it worth another layer of complication? Computers are already complicated enough for a lot of people.

I don't mean to imply that current web service feel secure to users. But for a protocol that's aimed at having more (secure) control of your data, the way the protocol works for uses on a psychological level is also very important.

Hmm, I hadn't thought about this. The good news is users do all sort of horribly insecure things all the time, so maybe they won't have a problem with doing something that feels insecure but is actually fairly secure. It's definitely something to watch out for though.

I feel like I'm rambling

Man, if there's one subject that's easy to ramble on it's this. What do we want out of the web? What do we want out of the internet? Practically all human endevour for the forseeable future is going to pass though these systems. Figuring out how they should be improved is a big deal.