My Mind is Wave-ering on the Utility, Security and Privacy Aspects

Wednesday, October 14, 2009

Sudha Nagaraj


Like many other Wave-wannabes, I am also awaiting an invite from Google to try out their all-in-one communication solution Google Wave. But I have my trepidations: over making my private work public, over opening up for comment work that is still being worked out, over messing up “my thoughts” with a thousand other theories, over starting something with the full knowledge that it could end up as something altogether different from what I want. However over and above all these fears, the sheer uncertainty of who is doing what to my precious mail, document, image or video makes me want to check if Google Wave protects users.


As most of us now know Google Wave which is still in beta is a collaborative tool which promises the benefits of email, instant messaging, chats, social networking, blogs and forums in a single shared web-based application. One can start a conversation and include as many participants in it (creating a wave), each of whom have rights to craft the piece as they wish, inviting fresh participants in turn.


If my email account is full of spam or my social networking account is hacked, I can still get on with part of my daily activity –blogging, IM, chats and so on. Web apps are prone to security risks and inherent flaws as well . So what if I put all my apples in one cart only to have it overturned, is my knee-jerk reaction to such a disruptive technology..


Some in-depth reading of the features did educate me about how a wave is created and made public, how parts of a wave or wavelets can remain private. It is apparent however that the primary user will have no control over who is invited once a wave turns public. There is the danger of bots taking over the entire project. Of course there are ways of blotting out bots too –Google Wave makes it possible to “bounce” them, but that is possible only when a bot is identified with email ID. What about bots masquerading as humans? And more importantly, what about humans who are as bad as bots (in terms of non-value add to the main discourse)? It seems like Google Wave can only work for me if it has people of the same wave-length riding it.


Obviously the solution is to open up to public only those pieces of information which can withstand crowd-inputs. From reports that are trickling in, after wondering what Google Wave can actually help achieve, most people are veering round to the opinion that it can help in group discussions and workgroups. While a scientific or technical debate in open forums would definitely benefit from diverse opinions, it is difficult to see why every word spoken by team members in a corporate setting needs to be recorded, that too on external servers owned by Google. It is like having a closed door brain-storming session in a public park.


The fact that the data collected by Google cannot be deleted even if a user wants to quell the wave is another point of concern. Similarly, access to Google Wave data being made available to third party application developers is worrisome.


So much from the security and privacy angle.  I am still awaiting the invite, first distrusting thoughts notwithstanding. After all I do go around with a Swiss-army knife in my handbag, though I have never really had the need for it. I am aware that a good part of the world swears by the utility of this tool, but I have never got it past the security check!  

Possibly Related Articles:
Cloud Security Privacy
Information Security Service Provider
Google Privacy Wave
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.