(Design: Lily Yeh/PCmag Composite | Image Credit: Bruce Schneier/JuSun/Getty Images)
It’s impossible to imagine an RSAC Conference, or any security conference, without a keynote or presentation by Bruce Schneier. He’s written 14 books, and not just for security wonks. Some, such as A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend Them Back, are New York Times bestsellers.
Most recently, Schneier's been working on a new project called Inrupt with Sir Tim Berners-Lee, the inventor of the World Wide Web. On the Inrupt website, Berners-Lee says he "founded Inrupt because it was vital to the future of the web." Vital in what way? Schneier, in his role as Chief of Security Architecture for Inrupt, is well-placed to answer. I was fortunate enough to get a one-on-one with him at the RSAC 2025 Conference to hash out what Inrupt will do and how it will hopefully change the internet for the better.
Tech Designed for a Decentralized Web
A little research reveals that Inrupt relies on an earlier Berners-Lee project called Solid, and comments suggest that Solid is better than Web3. But the average consumer knows nothing about Web3 and even less about Solid. Most people understand Web3 as a slightly fluffy term associated with blockchain and shady cryptocurrency, but I don’t have a clear handle on Solid. Schneier helped me understand it.
At the core of Solid is the pod, short for personal online data. “This abstract concept, I think, is as revolutionary as Tim's other big idea, which was the web,” says Schneier. “Because what it does is, instead of your data being in silos, it's all in your pod.
"If you invent an app that uses your refrigerator data and your location data and (I'm making this up), your blood pressure, you could do that. But your blood pressure was in your Fitbit app, and your refrigerator data was in your refrigerator. You couldn't pull them together because the different companies owned the silos," he says.
Schneier goes on to explain that the pod concept was a bit too abstract for most people, so they’re reframing it as a kind of wallet. “You have a wallet today, and it’s a pretty basic thing,” he says. “It stores my tickets, credentials, and it has a software version of my credit card. That’s kind of all it is. The place you keep your personal stuff.”
The Solid pod holds all of your personal information, and lets you giver other entities read or write access to only what they need.
This Wallet Has Help From AI
What makes the Solid pod, or wallet, different is its AI element. “Tim's vision years ago included a personal agent we called Charlie," says Schneier. “We want an agent that knows your stuff. What the pod does is allow the agent to combine data about you and data that you are a party to, and then general data about the world, stuff on the web.
“You can ask things like 'what kind of running shoes should I get?'” he adds. The AI has access to your exercise data, your financial transactions, and more, and thus can come up with a recommendation that’s truly tailored to you. It’s completely different from just doing a web search and struggling to find what you want.
“In Tim's vision, your medical data is there,” continues Schneier. “Your credentials are there. Your photos are there. Your email is there. You might want to give the agent access to your email. Like, read my email first, answer the ones that are obvious, and tell me the ones that I need to deal with, in order of precedence. That’s going to exist.”
The Internet But You Own It
That may sound problematic, but Schneier notes that the concept was built with your privacy in mind. The data in your wallet belongs to you and you alone, much like a physical wallet.
“How do we distribute power in the way email does, and Facebook Messenger does not,” he says. “With email, you can have any email you want. You can send an email to anybody else you want. That's very different than Facebook Messenger, which goes through Facebook only to other Facebook users. In the distributed way of thinking about data, instead of your data being controlled by those companies, it is in your pod, controlled by you.”
“I think there's a security play,” he says. “Remember the Marriott hotel breach?” He pointed out that if Marriott didn’t store all those credit card numbers, they couldn’t have been exposed. “You don’t need everybody’s credit card data. You just need to know you can get it when you need to," Schneier explains. "If I give you permission to get the info from my pod, you don’t need to have a copy, and if people stop needing to have copies, then integrity goes up because there's one ground truth.”
Schneier points out some side benefits, like changing your address when you move house. Instead of finding and changing the information on dozens of sites, you just change the address in your pod. “This is Tim's vision of a Solid-enabled ecosystem,” he concludes.
With all this talk of wallets and pods, I asked Schneier what there is to Solid other than pods. “It’s the pods, and then the code around getting pods, reading them, writing to them, accessing them, giving permission, revoking permission, auditing who went into your pod,” he says. “It's like, what is HTML except web pages, right? It's web pages and all the rules around web pages. So, in the same way to think about it, Solid is pods and all the rules around dealing with them.”
Where's My Pod?
I asked Schneier where I should go if I want a pod right now. Unfortunately, Solid and its pods are “more of a hobbyist thing than a consumer thing right now," he says. "Pods never really took off, and that's why we think wallets are the way to sort of backdoor into pods. There are wallets available, though they tend to be branded these days, but the government of Flanders gave everybody a pod. So, I think it's super exciting.”
Most average consumers are concerned about privacy, as they should be. But they don't know what to do about it. I asked Schneier if he had any advice for the average person.
“It's hard to know what to do, and I get that,” he says. “In this pre-pod world, your data is not under your control. I used to tell people to secure their email and all that, but your email is at Google. Your photos are over there. Your address book is over here. It is hard to give people good advice because their data is not under their control.”
He notes that when your data resides in a pod and nowhere else, your data is in your hands, and you choose when to allow others to see it, what they can see, and how long they can access it. Inherently, that means your privacy is vastly more secure. It’s not happening soon, but remember the name Inrupt, and the Solid concept for a better internet.