Decentralized Web (Page no. 1)

What is the Decentralized Web (DWeb, Web3) and which decentralized systems does it consist of? What are decentralized apps? And what is the relationship between the DWeb and PIMS?

From Web 1.0 to Web 3.0

In 1989, Tim Berners-Lee founded the World Wide Web (WWW), inspired by his own preliminary work on "Enquire" as well as that of Vannevar Bush on "Memex" and Ted Nelson on "Xanadu". This first generation of the web (Web 1.0) is characterised by the fact that a small number of producers create hypertext documents, thus creating a "global information space" which is accessed by consumers (the so-called hypertext web).

From 2005 onwards, the term Web 2.0 (social web) became widespread. This discribes the second generation of the web as a platform on which web users are not only consumers, but also producers as a result of more user-friendliness of the web (so-called prosumers). Consequently, a collective intelligence emerged (e.g. Wikipedia, YouTube).

Next, Web 3.0 describes the third generation of the web. However, there is currently no uniform definition. Sometimes, it is understood as the so-called semantic web. The data generated by prosumers is put in relation to other data in such a way that a semantic data network is created (so-called linked data). The meaning of the data should thus become machine-readable and enable web communication between machines or improved search results. In this post, however, the third generation of the web is understood to be the DWeb (or Web3). This generation will be explained in more detail below.

Overview of the DWeb

Even though decentralized apps (DApps) running on a peer-to-peer network are already offered today (e.g. ZeroNet, DTube, OpenBazaar or Matrix), the DWeb as an ecosystem is not expected to reach the plateau of productivity (mainstream) for more than 10 years, according to the Gartner Hype Cycle for Emerging Technologies 2019.

The Decentralised Web Summit was held in 2016 and 2018 to advance the development of the DWeb. The FAQ of the Summit 2018 provide a first overview of the possible components of the DWeb:

A certain consensus seems to have emerged at the 2018 Summit regarding these decentralised systems. However, the technology of the DWeb is still at the beginning of its development phase, so the consensus will probably evolve in the future. However, the following is based on the current consensus.

Decentralised storage and control system

In the DWeb, various web components are decentralised. Since each datum is assigned a URL, a datum is no longer identified based on its location on a particular server – as was the case with the first two web generations – but based on its URL. Instead of being stored on a single server (e.g. from a big tech company), data can be stored on a large number of servers (decentralised storage system). Storage can then be carried out in an encrypted manner so that only the owner of the private key can access his or her data. The data owner thus controls the location of and access to the data he has generated in the DWeb. This is referred to here as "de facto data autonomy", i.e. a more far-reaching sovereignty over data compared to Web 1.0 and 2.0. This sovereignty is not primarily legally justified, but is based on the de facto usage possibilities of the DWeb. In this way, the data owner (regains) de facto sovereignty over “his” or “her" data.

However, servers make use of services of other servers like clients. At the same time, clients (e.g. smartphones) can also function as servers as a result of incentive mechanisms such as tokens or coins. This identity of server and client leads to a shift from the client-server model to the peer-to-peer model (P2P model). In fact, the DWeb is based on distributed ledger technology (DLT) or one of its sub-forms such as blockchain technologies. At this point, however, the concrete design of DLT is still largely unclear. In general, however, there is a network of peers (so-called nodes) that communicate directly with each other and can thus limit or even break the influence of intermediaries (decentralised control system).

Other decentralised systems

To communicate with other nodes, the user must first log in with his DWeb password (private key) as the data owner (so-called decentralised login system). The content of the transaction can then be a granting of access to his or her data (e.g. photos, videos) or a payment flow of cryptocurrencies (so-called decentralised payment system). The communication takes place directly between the peers. To enable secure communication, only the legitimate recipient can decode the cryptographically encrypted communication (so-called decentralised authentication system). Transactions are then stored or archived so that older versions of the DWeb can also be requested (e.g. retrieving a "deleted" website). With regard to the storage of DWeb versions, this leads to an extension from the latest version to all older versions (the here so-called temporally decentralised version system).

Use case: Solid

Since only the contours of the DWeb are currently visible, Page No. 1 will also deal in particular with one of its possible forms with regard to data storage: Solid is an open source project led by Tim Berners-Lee for the realisation of the DWeb. To implement the Solid technology on the market, Berners-Lee and John Bruce founded the company Inrupt Inc. Figure 2 illustrates the most important innovation of the DWeb, i.e. the de facto data autonomy. Here, the data is stored in a "Personal Online Data (Store)" (POD) on the P2P network where data owners can grant apps or people access to “their" data.

Comparison with PIMS

Since the decentralised storage system enables the central collection and management of certain data (as well as their monetisation, if applicable), it can be seen as a form of Personal Information Management Systems (PIMS), sharing the same purpose. However, at least two central characteristics distinguish the decentralised storage system of the DWeb. Firstly, the data generated on the web does not have to be copied into a PIMS by means of data portability. This means that the data autonomy of the DWeb covers the “originals" and not just copies of data whose originals continue to be stored in data silos and are not accessible to the de facto data autonomy.

And secondly, the decentralised storage system is an integral part of the DWeb ecosystem. This gives the decentralised storage system additional functions compared to the (current) PIMS. As indicated above, users can "view" their data through various apps, modify it and share it with others. If the DWeb will be used as often as Web 2.0 is today, it can be assumed that the decentralised storage system could become a driver of everyday information exchange between people and apps/companies. Only time will tell whether this will also apply to other forms of PIMS, which may not benefit or benefit less from the spread of the new generation of the web.

Key Take-Aways of Page No. 1 (data protection part)

• The code, i.e. the DWeb, is the origin of de facto data autonomy. The (data protection) law is its guardian: since autonomy should not be lost again, the law de lege ferenda could contribute to its preservation.

• The DWeb leads to changed power relations between the controller and the data subject. In this respect, the need for a "calibration" of the actors' need for protection under data protection law, along with the distribution of their rights and obligations, will have to be updated.

• In the DWeb, the protection of data owners from themselves could become more important, as they have more to lose as a result of the larger de facto data autonomy. Such data paternalism should be allowed within narrow limits.

• The data subject can enforce the rights of data subjects in their area of autonomy themselves, whereas this is no longer technically possible for the data controller. Part of the responsibility under data protection law thus moves from the data controller to the data owner (self-responsibility under data protection law, "informationelle Selbstverantwortung").

• GDPR is applicable, in particular, if the data on the website is no longer encrypted, i.e. anonymised.

• The DWeb is generally conducive to data protection principles.

• The data owner can decide on the modalities of data processing. Their compliance could be monitored, enforced or a breach reported to the data owner through a Smart Contract (Smart Privacy Contract). The importance of contract law for data subjects and its interconnection with data protection law is likely to increase.

• If data access based on conflicting interests cannot be legally enforced (e.g. due to an unknown data owner), the "data treasure" will move into the exclusive de facto control of the data owner (exclusive de facto data autonomy).

• In the context of the right to erasure, the allocation of the duty of censorship is still unclear (data owner, collective, central body).

• The "disruptive" right to data portability becomes obsolete in view of the disruptive technology of the DWeb (data stored in PODs). Therefore, however, conflicting interests will have considerably less significance.

• In the context of data transfer to third countries, it is questionable whether the DWeb can lead to a similarly high level of data protection worldwide, given the increasing fragmentation of the internet.

• In view of the Privacy Paradox, the problematic point is a careless granting of access, which in the worst case can lead to a loss of autonomy for the data owner. DWeb-based data autonomy thus only solves the technical side of data misuse; what remains is the social problem of careless action.

For more information go to Page No. 1!

Further reading

• Berkman Klein Center for Internet & Society at Harvard University, The future of the decentralized web, Medium of 31 July 2019

• Chelsea Barabas/Neha Narula/Ethan Zuckerman, Defending Internet Freedom through Decentralization: Back to the Future?, The Center for Civic Media & The Digital Currency Initiative MIT Media Lab, Cambridge 2017

• Edina Harbinja/Vasileios Karagiannopoulos, Web 3.0: the decentralised web promises to make the internet free again, The Conversation of 11 March 2019

• Jeff Kaplan, Locking the Web Open: A Call for a Decentralized Web, Brewster Kahle's Blog of 11 August 2015

• K.G Orphanides, How Tim Berners-Lee's Inrupt project plans to fix the web, Wired of 15 February 2019

• Klint Finley, The Inventors of the Internet Are Trying to Build a Truly Permanent Web, Wired of 20 June 2016

• Nupur Choudhury, World Wide Web and Its Journey from Web 1.0 to Web 4.0, International Journal of Computer Science and Information Technologies, vol. 5 (6), 2014, 8096 et seq.

• Quentin Hardy, The Web’s Creator Looks to Reinvent It, The New York Times of 7 June 2016

• Representatives from over 80 organizations, Contract for the Web, November 2019

• Ruben Verborgh, Paradigm shifts for the decentralized Web, Ruben Verborgh (Blog) of 20 December 2017

• Tom Simonite, The Decentralized Internet Is Here, With Some Glitches, Wired of 3 May 2018

• Zoë Corbyn, Decentralisation: the next big step for the world wide web, The Guardian of 8 September 2018

Picture credits

• Figure 1: NicoElNino, https://www.shutterstock.com/de/image-photo/global-world-telecommunication-network-connected-around-1089991652

• Figure 2: Inrupt Inc., https://inrupt.com/solid

Hello, I'm Nadine Rinderknecht

Founder of "Blankpage" with experience in academia and law firms

Master of Law (University of Zurich) and other stuff

Connect with me on LinkedIn

Blankpage's mission is to inform you about technology law and to inspire you to write innovative papers. Time to become a legal innovator.

If you found this blog post helpful, explore my other posts about how to master creative, valuable, and visionary papers. (Yes, it's all free.)