Forgot your password?
Document Actions
Why Google Wave might wash away privacy
Google Wave might become another major threat to your privacy due to its design. Make an informed and conscious decision on how you want to use it.
A short disclaimer upfront: I must confess that I have very limited knowledge of the wave protocol besides that from the Wave keynote. If there are technical errors in this article please feel free to report them in comments, such that I can post an updated article in the future.
What is Google Wave?
Google Wave is a promising new Web application and protocol trying to improve online communication and collaborative activities. It allows for multiple users to cooperatively change documents called "Waves". A wave is composed of "Wavelets" that are the unit of access control.
The documents are stored online on servers. There isn't one single central server for all collaborating wave users, but each Wave user will have to log in to their wave server to send and receive updates to their waves. When users of different wave servers ride on the same Wave, updates to the Wave are distributed to any of the participating Wave servers, such that all users which are assigned to a particular Wavelet have an eventually consistent view of the document (or the Wavelets they are assigned to).
The distribution of the changes is immediate. The Google Wave keynote presentation focuses largely on the speed of update distribution (and this is very impressive).
How does Google Wave affect my privacy?
In principle, Wave has a lot in common with the way e-mail and XMPP works. Communication is not user to user but server to server. That is, the (e-mail, XMPP, Wave) server has access to the information of its users.
My major privacy concerns with Google Wave are twofold. Firstly, even though the protocol is open, how many independent Wave servers will there be? Fortunately there are already people working on easy installation of alternative Wave servers. But, given the success of GMail, I don't take it for granted that reasonably small groups will have their own Wave servers. On the contrary, I guess most Wave users will be on Google's servers.
Whenever you participate in a Wave that has at least one Google user on it, you will give the information in that Wave to Google. Is this a problem, now? I'm not sure. I still think Google is not evil. The problem lies in the future. Google will keep some of the information you give them forever, willingly or not, for example on backups.
When Google merges with some other company with less philanthropic mission, they might start to change privacy policies. When Google is hacked, the information will spread. When a Google account on your Waves is hacked (which is rather likely), your information leaks, too. When governmental institutions approach Google, they might disclose your information. When data protection laws are weakened (there is such a trend in Germany and in the USA after 9/11) Google will have to give your information away.
You don't know which of your information will mean what to criminals, the police, a future employer, your insurance company.
Of course in the above, "Google" could be any large Wave provider.
The second major concern is the quality of information given away. The small, fast incremental updates and the replay facility mean, that all your typing errors, temporary wordings, etc. are visible to any of the users on the wave and all of their servers.
If you think you shouldn't worry about that and are a software developer, think of Wave as your source code repository. I don't want to show all of my stupid mistakes to all co-developers immediately. I'd rather clean up the mess before I commit. And I don't want suggestions like "People coding this way should read the GoF book immediately" from some marketing bot. But something like that is likely to happen: Why should Google promote Wave other than to make money of it? How could they make money from Wave? By using your information. Whether it is for direct marketing or in a more subtle way, you will have to pay for using Wave in one way or the other.
The functionality that has been shown in the Wave keynote is impressive. I'd like to use that functionality, better today than tomorrow. But the privacy issues should at least be discussed openly before committing fully to that service. Users should be able to effectively control which information they give away, and their choice should be consciously. Until there is a model to control your Waves you should always assume you are on camera. For those in my age, just google yourselves to check if Google represents well what you think you have been years ago.
Further reading: "Googling Security" by Greg Conti.
tags:
Why Google Wave doesn't hurt your privacy any more than everything else
As a recently self-proclaimed Google fanboy, I have to add my two cents here ;-) Although I understand the points you make, let me play devil's (or Google's?) advocate here for a minute and counter some of em. I'll try to remain objective, I totally swear!
> Firstly, even though the protocol is open,
> how many independent Wave servers will there be?
How many XMPP Server do you know? Ok. Now, take ejabberd, jabberd and openfire out, what's left? I don't remember anyone claiming that having such little choice of "serious" XMPP servers was an issue, but hey, XMPP itself didn't have a Google sticker on it, right? ;-) Furthermore, let's be honest, what could Google possibly do more than make an open protocol (feel free to join the discussions over at http://groups.google.com/group/wave-protocol and bring in your concerns) and propose the source code of about every Wave-related line of code they write? If you don't trust them, feel free to inspect the code (yeh I know, noone does that... we're all just sooo lazy it hurts ;-)).
> [...] I guess most Wave users will be on Google's servers.
That's very likely. Who could blame them for using Google's Wave service if it's as epicly(tm) fast and pleasant as GMail, Maps and Search? If you try to hit the average end user with the privacy side of things, well, good luck with that...
> Whenever you participate in a Wave that has at least one
> Google user on it, you will give the information in that
> Wave to Google.
Yes, from what I know, this is true. But on the other side, if you start a new wavelet between 2 non-google-hosted wave users, even if that wavelet is part of a Wave started on the Google server, the content of that newly created wavelet will never reach any other servers than these of the 2 participants of the Wavelet. Isn't that an indication that they did what they can to make it a _good_ protocol instead of an _evil_ OOXML-type one?
Besides this, let's compare that to email: By sending an eMail, you also trust not only the sender's and recipient's eMail servers but also all relay servers in between (which you don't necessarily know!!) I find that way more alarming, but hey, no Google sticker here either ;-)
Ultimately, you could also decide never to talk to any Wave user using Google's Wave service if you want to avoid Google getting any byte from you, but my guess is that this wouldn't exactly be acting in favor of your sociality ;-)
> I still think Google is not evil. The problem lies
> in the future. Google will keep some of the
> information you give them forever, willingly or not,
> for example on backups.
I totally agree with you on that one. But that problem unfortunately isn't just Google's. I a court orders any company to give out any data, they'll have to do it, period. If someone would want to avoid that, he/she shouldn't use the Internet.
But for the time being, and for the companies currently out there in the cloud, Google and Apple (please, don't start a flamewar here) would be the two companies I'd trust the most when it comes to private data, and I don't speak technically here, I mean the good/evil side of things. I could only imagine what Micro$oft would do with the kind of data they could gather if they proposed a Wave server... I'd much rather use Google than Bing, but hey, it's up to anyone who they trust...
> The second major concern is the quality of
> information given away. The small, fast incremental
> updates and the replay facility mean, that all your
> typing errors, temporary wordings, etc. are visible
> to any of the users on the wave and all of their
> servers.
OK let's make this one fast: you can turn that off in the client so that blips are only transmitted when you're ready for it, w00t! :-)
-----
OK again, I hope the comment didn't feel like I was _attacking_ you in any way. I know you take privacy very serious and that's a good thing. I just don't like (in general, that's not limited to this thread) how everything Google does is immediately criticized and hammered to death with the privacy sledgehammer just out of paranoiac lust.
Greetings,
Mike
Servers / Implementations
Just to clarify, I meant servers as opposed to implementations. I have no problem with Googles software, but with the large wave provider getting too much sensitive information.
I *love* the Google
I think...
The better Wave
- Content encrypted to the people on the Wave, such that the server cannot use the content.
- Keys are on the clients (in the browser for web clients).
This is just the need-to-know principle. The server does not have to decrypt the content to deliver it.
This leaves topics like traffic analysis, social network analysis, but I don't want to be too paranoid. Just paranoid enough.
Encryption
Just because e-mail is inherintly insecure, and most people probably don't realize it, doesn't mean we have to accept that insecurity in future products
are you using gmail?