Google Wave is a highly anticipated collaboration tool that is still on the
horizon. What kind of security options is Google working on for its Wave
protocol in 2010? Have some of the big security holes present in the September
2009 protocol release been addressed?
Google is certainly hoping that Wave will become a killer app, bringing
together email, instant messag-ing, wikis, forums and other social networking
tools to allow multimedia collaboration and real-time editing within a Web
environment. In fact, Google wants Wave to replace email as the dominant form of
Internet communication.
But as we all know, email has long been plagued with security problems, so
any intended replacement should come out of the starting gate having tackled the
problems we've already painfully dealt with, like not executing scripts or
automatically loading content such as images . Google claims that Wave is more
secure than email and plans to release most of the source code; it's current
security features include TLS authentication and encryption of all Wave traffic,
and the ability to whitelist users. Yet Wave is struggling to balance
collaboration functionality with security.