Alternatives to the CompuServe of Things; Technometria - Issue #17
The current model for connected things puts manufacturers inbetween people and their things. That model negatively affects personal freedom, privacy, and society. Alternate models can provide the same benefits of connected devices without the societal and personal costs.
In Peloton Bricks Its Treadmills, Cory Doctorow discusses Peloton’s response to a product recall on its treadmills. Part of the response was a firmware upgrade. Rather than issuing the firmware upgrade to all treadmills, Peloton “bricked” all the treadmills and then only updated the ones where the owner was paying a monthly subscription for Peloton’s service.
Peloton bricks its treadmills. Your kids are dead because you didn’t… | by Cory Doctorow | Jun, 2021 | Medium
“Tread,” a $3000 “smart” treadmill from Peloton, is a deathtrap. 125,000 Treads have been recalled after the devices injured 72 people and killed a child. Say what you will about Peloton’s safety…
When I talk about Internet of Things (IoT), I always make the point that the current architecture for IoT ensures that people are merely renting connected things, not owning them, despite paying hundreds, even thousands, of dollars upfront. Terms and conditions on accounts usually allow the manufacturer to close your account for any reason and without recourse. Since many products cannot function without their associated cloud service, this renders the device inoperable.
I wrote about this problem in 2014, describing the current architecture as the CompuServe of Things. I wrote:
If Fitbit decides to revoke my account, I will probably survive. But what if, in some future world, the root certificate authority of the identity documents I use for banking, shopping, travel, and a host of other things decides to revoke my identity for some reason? Or if my car stops running because Ford shuts off my account? People must have autonomy and be in control of the connected things in their life. There will be systems and services provided by others and they will, of necessity, be administered. But those administering authorities need not have control of people and their lives. We know how to solve this problem. Interoperability takes “intervening” out of “administrative authority.”
On the Net today we face a choice between freedom and captivity, independence and dependence. How we build the Internet of Things has far-reaching consequences for the humans who will use—or be used by—it. Will we push forward, connecting things using forests of silos that are reminiscent the online services of the 1980’s, or will we learn the lessons of the Internet and build a true Internet of Things?
The architecture of the CompuServe of Things looks like this:
The Architecture of the CompuServe of Things
We’re all familiar with it. Alice buys a new device, downloads the app for the device to her phone, sets up an account, and begins using the new thing. The app uses the account and the manufacturer-provided API to access data from the device and control it. Everything is inside the administrative control of the device manufacturer (indicated by the grey box).
There is an alternative model:
In this model, the device and data about it are controlled by Alice, not the manufacturer. The device and an associated agent (pico) Alice uses to interact with it have a relationship with the manufacturer, but the manufacturer is no longer in control.
Can this model work? Yes, we proved the model works for a production connected car platform called Fuse in 2013-2014. Fuse had hundreds of customers and over 1000 devices in the field. I wrote a lot about the experience, it’s architecture, and advantages on my blog.
Fuse was built with picos. Picos are the actor-model programming system that we’ve developed over the last 12 years to build IoT products that respect individual autonomy and privacy while still providing all the benefits we’ve come to expect from our connected devices. I’ll write more about picos as a programming model for reactive systems in future newsletters.
Our current model for connected devices is in conflict, not only with our ability to functions as autonomous individuals, but also our vision for a well-functioning society. We can do better and we must. Alternate architectures can give us all the benefits of connected devices without the specter of Big Tech intermediating every aspect of our lives.
Life-Like Anonymity and the Poison Web
Natural anonymity comes from our ability to recognize others without the aid of an external identity system. Online interactions will only be able to mirror life-like anonymity when we can use decentralized identity systems that don’t force all interactions to be under the purview of centralized, administrative identity systems.
The Self-Sovereign Internet of Things
Self-sovereign identity offers much more than just better ways to log in. The identity metasystem is really a sophisticated messaging system that is trustworthy, secure, and extensible. While decentralized identifiers and verifiable credentials have much to offer the Internet of Things (IoT), the secure messaging subsystem promises an IoT that goes well beyond those initial scenarios. This post gives and introduction to SSI and IoT. The follow-on post goes deeper into what a true Internet of Things founded on SSI can provide.
Relationships in the Self-Sovereign Internet of Things
DIDComm-capable agents provide a flexible infrastructure for numerous internet of things use cases. This post looks at Alice and her digital relationship with her F-150 truck. She and the truck have relationships and interactions with the people and institutions she engages as she co-owns, lends and sells it. These and other complicated workflows are all supported by a standards-based, open-source, protocol-supporting system for secure, privacy-preserving messaging.
That’s all for this week. Thanks for reading.
Please follow me on Twitter.
If you enjoyed this, please consider sharing it with a friend or twenty. Just forward this email, or point them at my news page.
I’d love to hear what you enjoyed and what you’d like to see more (or less) of. And if you see something you think I’d enjoy, let me know. Just reply to this email.
P.S. You may be receiving this email because you signed up for my Substack. If you’re not interested, simply unsubscribe.
Vaccination card image courtesy of Wikimedia Commons.
© 2021 Phillip J. Windley. Some rights reserved. Technometria is a trademark of PJW LC.
By Phil Windley
I build things; I write code; I void warranties
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue