# Holochain holds the missing pieces that Solid & Inrupt need First I will start off with a detailed comparison between Holochain and Solid and Inrupt. When I refer to Solid in this article I am referring to Inrupt as well but when I refer to Holochain, I am not also referring to Holo the company. If you want to learn in depth what the difference between Holochain and Holo is please take more than a few moments to read this article. ## What is Solid? As you would all know there is a lot of projects out there claiming to be the new web, next internet, internet 3.0, 4.0 etc Most of the ones I have reviewed & compared to Holochain are Blockchain projects attached to centralized cloud servers, and to be honest Blockchain is just not viable for hosting applications and its prohibitive old technology is just doing the best it can to remain relevant while being 11 years old. There is a plethora of “New generation” blockchains coming out but they still carry the burdens of not being able to scale, consensus issues, trying to tokenize everything because that's what they think is “normal” to normal people when it isn’t. So I was intrigued and surprised when I learned about Solid and the more I read into it the more I could see how philosophically aligned it is with Holochain. In this article I am going to point out what I personally see as both the strengths and weaknesses of Solid. Solid (Social Linked Data) is a web decentralization project led by Tim Berners-Lee, the inventor of the World Wide Web, developed collaboratively at the Massachusetts Institute of Technology (MIT). The project “aims to radically change the way Web applications work today, resulting in true data ownership as well as improved privacy” by developing a platform for linked-data applications that are completely decentralized and fully under users’ control rather than controlled by other entities. The ultimate goal of Solid is to allow users to have full control of their own data, including access control and storage location. To that end, Tim Berners-Lee formed a company called Inrupt to help build a commercial ecosystem to fuel Solid. ## Solid is very big on data privacy Solid is an open source web decentralization project and Inrupt is the company created to run it as a business. As I said earlier Solid and Holochain have the same philosophical approach to a user’s right to retain their data. This is what Solid’s main focus is whereas Holochain includes that as one of its ideals but it also provides a suite of other benefits to facilitate this and empower anyone else to do the same, more on that later. How does Solid work? Solid lets people store their data securely in decentralized data stores called Pods. Pods are like secure personal web servers for data and these Pods are accessed by the users WebID and are apparently interoperable. (Sounds very similar to the “Cannisters” for smart contracts that Dfinity blockchain uses) The idea being that the data stored in Solid pods can power ecosystems of interoperable applications then the user will decide through the App what accesses and permissions are given to each individual application. So as a user my data is all managed by my WebID and is then stored on a pod or several pods and because these pods are siloed sets of data associated to a person or entity access is given through a specific web browser. I found this a little confusing when researching because on the Solid Github it says you need a “data browser” to manage your data but on the FAQ’s it says you can use any browser to access it. I will take a guess and say that one is read access only the other is read/write. ## Who hosts the Solid Pods and who pays for it? I could not find too much information about the hosting metrics of the Solid pods. From their FAQ’s Solid I found the following; This will be determined by the market. It is likely that several business models emerge, some where the user pays for storage, and some funded by advertising for instance, like on the current Web platforms. However, with Solid, if the terms of your Pod Provider change, or if you want to switch to an advertising-free Provider, you can do so conveniently without losing your data, such as your contacts and chat history. And When using Solid, how is data stored? It depends on the Pod Provider. From a user point of view, how the data is stored is not as important as how it is accessed and controlled. No matter who the Pod Provider is, in order to be Solid compliant, it has to expose data the same way: as resources in folders. However,the implementors of the standard are free to pick the underlying technologies according to their own purposes and constraints. That is why performance may vary from one Pod Provider to another. More details As any standard, Solid only describes the interaction model the system must be compliant with. The Pod Provider only exposes a REST read-write interface to the clients, to which the storage technology is irrelevant, as it is in most Web-based systems. How this interface binds with the storage is specific to each Pod Provider. So from that one can assume that they are eventually going to set up some kind of marketplace for their pods. Maybe it is because it is early days but there does not seem to be many options as yet ## Is it really decentralized? As you can see from the words and images above, just like every other next web, next internet, including blockchain, they all and I mean ALL require centralized hosting. This is one major distinguishing piece of tech between #Holochain & all of the rest of them. Holo hosting is its own decentralized CloudComputing service using thousands & eventually millions of peoples spare computing capacity to take part in shared hosting, there is no single data center, there is no single point of failure from the hosting side because if one or even 10 or 20 hosts drop out there is built in redundancy to assign further decentralized hosts. Holo is the Airbnb of Web hosting and is a new innovation that has never been created before & is also why it is THE only truly decentralized hosting platform. When it is live late 2020/early 2021 it will allow people who purchased Holoports or those who simply download the software to plug in, sign up and be paid for hosting with Holo’s hosting internal currency HoloFuel. Holo the company facilitates decentralized web hosting which acting the same as Airbnb or Uber makes its money by taking a 1% or less transaction fee for millions of concurrent micro-payments taking place. The DHTs of Holochain apps DHT (Distributed Hash Tables)shard the data across hundreds or thousands of Holochain nodes and Holo may host some of those nodes which can interoperate with locally installed app nodes. This provides distribution at both a direct peer-to-peer level for the app and decentralization of the app hosting for regular web users. This would be ideal for Solid to steer its Pod holders towards because it means they will actually be operating a fully decentralized internet, not just a data center based closed bubble type of internet. It should also be pointed out that all of the thousands of Holochain nodes connected via Holo hosting means that unlike regular cloud computing where the greater the demand the weaker the service, Holochain is the opposite, the heavier the workload the faster it becomes. Like a torrent, you can look at Holo hosts as Seeds and end users as leeches to use torrent terminology. ## So what is the difference between a Pod and a DHT? From what I understand of Solid and Holochain a Solid Pod may be your personal Pod or hold an application in which the user connects to that pod using their WebID and tells it what information you are willing to share, from there the interaction would be the same as any app/user relationship. What I am unclear about is how that application then interacts with other users in real time which i think would be dependent on the number of users, latency and the amount of data that needed to be called. There is also the question about browsers and whether or not to access your information you will need to have one of those browsers handy for write access and not just read. Holochain applications are able to be pointed directly to HTTPS and there are two methods for interacting with hApps from a developer POV. First, the conductor API, WebSocket, allows direct communication with Holochain applications. The process using this API can interact with any other system. Secondly, when writing a web UI to interact with HOLO, you can have the UI interact with any classic web APIs, REST services, etc. Holochain apps aren’t directly accessible through the DNS system; but Holo the web hosting service, bridges the peer-to-peer world of Holochain to the centralized world of DNS, name servers, and static IP addresses. For example, https://Johndoe.solid-holo.net or something similar to this. ## Security At the time of writing I am unable to find any documents from Solid about security so will update this further when available. The only information I could find related to security suggests that encryption is optional? All of Holochain security is based on three pronged security standards which are Peer to Peer validation, Cryptographic signatures and Gossip. Holochain is designed to make fit-for-purpose distributed applications, where you can scale the cost to meet the need. Each agent is responsible for its own source chain, committing actions to it and then publishing those actions to a random selection of peers in a global data store (the DHT). Those peers then validate that the data is correct and the agent has not attempted to tamper with their chain. Holochain maintains data integrity without the need for global consensus. It uses an agent-centric approach, combining ideas from BitTorrent and Git, along with cryptographic signatures, peer validation, and gossip. An overview: hApps have validation rules. 2. Agents have their own local, tamper-resistant hash-chains recording their actions, built upon hApp rules. 3. Each hash-chain entry is cryptographically signed (multi-party actions, like transactions, are mutually countersigned). 4. Data is shared to random peers who validate it. 5. Validators gossip to share good data, warn against bad data, and blacklist bad actors. Further to this from the Solid Faq’s it says; Is data on my Pod in one physical place? Data on your Pod is stored where you choose your Pod to be. You can either store your Pod on a Pod provider or chose to self-host. All data on a single Pod is centrally stored in the same place. If all my data is in one place, does it not become a vulnerable target for hackers? All of your data will not necessarily be in one place, since you can store pieces of data across several Pods. When it comes to malicious cyber attacks, an attack on a single source of many people’s data is generally more likely than on an individual level. This is very important, while one individual may be an attractive target and vulnerable to attacks, in general the big money is when lots of people’s data is colocated in one place. Holochain removes this security risk of having all data stored in one place. With Holochain your data is encrypted and sharded across multiple hosts so that there is no single attack vector or point of failure. And with you data safely on the DHT without a centralized failure point, you aren’t affected by network or server outages elsewhere. Depending on how well an app is designed, you can even work in an airplane or rail tunnel. ## Self Hosting This is an area where Solid is not quite where it wants to be. According to the FAQ’s self hosting does require some technical know how. With Holochain self hosting is very easy and in fact ideal for personal or business scenarios. If you read the words in the image below this is exactly what Holochain does “topologies of patch-passing sync networks” so its a perfect description of gossip and the DHT. ## Offline and Mesh network capabilities It appears that Solid cannot yet be used offline but as you can see from the image above Holochain can. Every device running Holochain apps can run completely on its own without a network connection. Then when it gets one, it can sync up the data for as long as the network is available. Holochain is designed for “eventual data consistency.” It does not immediate update. It’s perfectly designed for communities where they are already used to unreliable power and internet. You get a functioning distributed application without having to wait for major infrastructure development. ## Web identity and ownership of a users data This is one area where Solid and Holochain are aligned. Solid will have a WebID. Holochain will be using DeepKey to manage identity on installed Holochain apps and will be use their Verifiable Claims App to manage and connect identity for hosted Holochain applications. Verifiable Claims DNA (new for Holochain RSM) Verifiable Claims will support KYC and because it is based on the W3C Verifiable Credentials standard, it will more generally allow users to express credentials on the Web in a way that is cryptographically secure, privacy respecting, standards-compliant, and machine-verifiable. ## There is some confusion about what Solid really is Reading up on Solid and some developer discussions (This author is not a developer) there are several viewpoints being put forth about what exactly Solid is. Some examples below Are there “Solid-apps” and “Solid-compliant-apps”? “Is Solid a roaming identity that you can use anywhere on the web?” “But if you say Solid Apps, then you create a confusion. Is that different than Android Apps, or Apple Apps, or Atlassian Apps, or whatever else kind of apps there are? If however, I do not have the same understanding of apps you just referred to, and there indeed is something solid-specific to these apps (other than integrating, say, a library to achieve solid-standards-compliance), then talking about Solid Apps is still confusing. That android developer when hearing about Solid will say “Solid Apps? Nah, I create Android Apps”.” “I, maybe foolishly, think of Solid as a privacy tool, holding my data in a secure manner that allows me to control how and to whom it is shared. To that goal I think the primary function of a Solid Homepage is to show me what Pods I have created, to whom have I shared that content and what activity has taken place with my data.” “In the spec it says “ A Solid app is an application that reads or writes data from one or more data pods.” so that means — correctly — any application that incorporated the standard. But ‘Solid app’ and ‘app’ are just contextual to the specification document and care should be taken to not have that creep into the common language / terminology used to communicate to the outside world, as there everything in every standard is also an app, and then Solid apps appear to be in a different sub-category, a niche, to that.” “In my opinion, that impression would be correct and is a key point that needs to be gotten across to developers — Solid apps are meant to work in the Solid ecosystem and can not operate entirely outside of that ecosystem.” There is also some further reading here from a developer. I apologize for adding so many quotes there but I thought it important to convey the misunderstanding of what Solid is or the breadth and depth of the ecosystem. I do this without malice and to point out that there are some gaps when it comes to their defined plans and how they will execute them and what they are hoping to achieve. When it comes to understanding an entirely new ecosystem and then explaining it to people with varying degrees of skill or knowledge it can be very difficult, Holochain itself is the perfect example. After writing this entire article based on readings from the Solid FAQ’s and their forums I was about to wrap it up and finish with s summary on how Holochain could really benefit Solid from the hosting side of things. Especially when it comes to data ownership and the non reliance on big multinational cloud companies that can pull the plug at anytime. But before I wrote this I decided to re-visit the Inrupt website only to find out that their business is just like the many others that I mentioned in my opening paragraphs here, they are cloud re-sellers. I could have edited this article to hide my initial incognizance about their cloud hosting re-selling business but I think its better to show the raw information that I was aware of at the beginning and drawing from a the time of writing. Because this highlights what many in this field do, they offer a “New Internet” where you own your data but the truth is yes their systems may offer you choices when it comes to your data and where it is shared and who sees it but at the end the day you data it is still sitting in a pod in a giant server on AWS, Azure or Google Cloud next to many other pods. It isn’t decentralized, only Holochain is a pure version of decentralization. If you click on the enterprise tab you are then offered to sign up and learn about Solid can help your business. From this it looks like they are operating as their own version of AWS Then if you move onto the “Products”page you can see that Inrupt is selling server time and it looks like this is their actual business model that is not really touched upon or discussed too much on the Solid website. Re-selling cloud services from large centralized companies and pushing people towards their siloed version of the internet which in the end is just another centralized internet controlled by a company. So when I found out that Solid/Inrupt are cloud resellers I checked how much they spend per month on the cloud. Inrupt spends north of $50,000 USD per month through its parent Janeiro Digital, and they use Amazon EC2 as their main cloud service. As time goes by if Solid takes off then you could expect that monthly spend to be much higher. Unless of course if they used Holochain themselves. Using Amazon to decentralize the web. What happens if they didn’t pay their bills? So what now? I think I will end this article on a positive note and I promise you from the moment I looked at the Inrupt website until this section I have not made a single edit, I went into this article thinking Holochain could really be what Solid needs. And I still do, because they are allowing pods to be hosted or created anywhere, developers on Solid should really consider using Holochain to host their pods because it is the only true decentralized cloud which is hosted by the crowd. I wish Solid and Inrupt all the best moving forward. www.holo.host for a truly decentralized cloud. > Notes about the author: > > I am an individual person, I do not work for Holo the company or Holochain, thoughts and opinions are my own and not those of Holo or Holochain. > > If you are from Solid or Inrupt and would like something corrected or removed please DM me on Twitter and thank you for taking the time to read this article. > > Written by Cloudthings https://cloudthings.medium.com/holochain-a-simple-guide-to-a-complex-architecture-part-1-c33a4980838f