Why Google Wave might wash away privacy
Google Wave might become another major threat to your privacy due to its design. Make an informed and conscious decision on how you want to use it.
A short disclaimer upfront: I must confess that I have very limited knowledge of the wave protocol besides that from the Wave keynote. If there are technical errors in this article please feel free to report them in comments, such that I can post an updated article in the future.
What is Google Wave?
Google Wave is a promising new Web application and protocol trying to improve online communication and collaborative activities. It allows for multiple users to cooperatively change documents called "Waves". A wave is composed of "Wavelets" that are the unit of access control.
The documents are stored online on servers. There isn't one single central server for all collaborating wave users, but each Wave user will have to log in to their wave server to send and receive updates to their waves. When users of different wave servers ride on the same Wave, updates to the Wave are distributed to any of the participating Wave servers, such that all users which are assigned to a particular Wavelet have an eventually consistent view of the document (or the Wavelets they are assigned to).
The distribution of the changes is immediate. The Google Wave keynote presentation focuses largely on the speed of update distribution (and this is very impressive).
How does Google Wave affect my privacy?
In principle, Wave has a lot in common with the way e-mail and XMPP works. Communication is not user to user but server to server. That is, the (e-mail, XMPP, Wave) server has access to the information of its users.
My major privacy concerns with Google Wave are twofold. Firstly, even though the protocol is open, how many independent Wave servers will there be? Fortunately there are already people working on easy installation of alternative Wave servers. But, given the success of GMail, I don't take it for granted that reasonably small groups will have their own Wave servers. On the contrary, I guess most Wave users will be on Google's servers.
Whenever you participate in a Wave that has at least one Google user on it, you will give the information in that Wave to Google. Is this a problem, now? I'm not sure. I still think Google is not evil. The problem lies in the future. Google will keep some of the information you give them forever, willingly or not, for example on backups.
When Google merges with some other company with less philanthropic mission, they might start to change privacy policies. When Google is hacked, the information will spread. When a Google account on your Waves is hacked (which is rather likely), your information leaks, too. When governmental institutions approach Google, they might disclose your information. When data protection laws are weakened (there is such a trend in Germany and in the USA after 9/11) Google will have to give your information away.
You don't know which of your information will mean what to criminals, the police, a future employer, your insurance company.
Of course in the above, "Google" could be any large Wave provider.
The second major concern is the quality of information given away. The small, fast incremental updates and the replay facility mean, that all your typing errors, temporary wordings, etc. are visible to any of the users on the wave and all of their servers.
If you think you shouldn't worry about that and are a software developer, think of Wave as your source code repository. I don't want to show all of my stupid mistakes to all co-developers immediately. I'd rather clean up the mess before I commit. And I don't want suggestions like "People coding this way should read the GoF book immediately" from some marketing bot. But something like that is likely to happen: Why should Google promote Wave other than to make money of it? How could they make money from Wave? By using your information. Whether it is for direct marketing or in a more subtle way, you will have to pay for using Wave in one way or the other.
The functionality that has been shown in the Wave keynote is impressive. I'd like to use that functionality, better today than tomorrow. But the privacy issues should at least be discussed openly before committing fully to that service. Users should be able to effectively control which information they give away, and their choice should be consciously. Until there is a model to control your Waves you should always assume you are on camera. For those in my age, just google yourselves to check if Google represents well what you think you have been years ago.
Further reading: "Googling Security" by Greg Conti.