Same But Different

[Update: 28th Dec] Link updated as the author has moved the post.

Google has been in the news over the past couple of days, introducing a feature that has upset a few people by opening up their ‘shared’ news items to everyone in their contacts list (as opposed to them notifying selected users to view their shared items). Check out the following link for a quick overview (bit of an extreme and inaccurate title, but hey ho) – Google Reader shares private data, ruins Christmas. One of the comments highlighted within the post is interesting from a different perspective:

¨Please fix this and let us OPT IN to who we want to share with… Don’t make me leave my Google apps¨

If you are using Google services, you get the same set of applications regardless of whether its for personal or business use. Chances are, you will use those applications in different ways depending on context. But it easy to forget what context you are in when everything looks the same. This has happened before…

Back in the early 90s, I was a local area networking (LAN) newbie, starting out with Novell NetWare 2.2. At the time, my lucky users had Windows 3.1 on their desktops. (If you remember GPFs, you’ll know just how lucky they were.) The network server sat in the office and nobody ever dared touch it. It was different. Physically, it looked the same (because it was, from a hardware perspective – aside from a whopping double the RAM at 8Mb). But the monitor displayed gobbledygook that looked nothing like the software on their desktop PCs.

After a couple of years, a mandate from above and beyond (ours was a small satellite office, HQ was in a land far far away) resulted in a network migration to Windows NT. When I first started to learn about NT, I hated it. For one simple reason. It looked just like Windows on the desktop. I could no longer risk leaving the server in the office. If someone was stuck with a GPF on their own computer, they might go and try using the network server, not realising it wasn’t just another desktop PC. If there was a problem with the network and I wasn’t around, the more ambitious users would have a go at fixing it. It looked similar to their desktop PC – the icons looked familiar – and they often figured the same trick of doing a reboot ought to sort it out… Thank goodness nobody had mobile phones back then, I could carry on at college blissfully unaware and sort out the mess the next morning. When the Finance Dept had enough of not being able to access accounts because somebody had crashed the network again, we converted a kitchen area over the weekend and, from that day forward, servers have been kept locked up in server rooms.

The Google-gate that has occurred over Christmas (and ditto for Beacon-gate that Facebook caused earlier this month) is history repeating itself. The challenge this time around is that business is being mixed with pleasure, providing plenty of opportunities for trouble and strife.

Google introduced a new feature to its Google Reader service – connecting Google Reader with Gmail. Anybody who had chosen to share items in Google Reader discovered that the items were now being shared with everyone in their Gmail contacts list. People have been upset because their Gmail contacts list contains a mix of contacts – friends, family, business, occasional communications etc. They are the same, but different. People didn’t consider ‘share’ to mean ‘share with everyone’.

Any software company that produces tools to be used in different contexts needs to be sensitive to the differences. And we. as users of those tools, need to be equally sensitive to the similarities. When you decide to ‘share’ something, it is no longer private. Yes, you ought to be able to opt in/out of new features when they are introduced. But web-based services make beta testers out of us all. Like it or not, you can’t choose to wait for service pack 3 to avoid unexpected outcomes. And if you use the same tool for both business and pleasure, be prepared for the two to mix…

*GPF = General Protection Fault, a regular occurrence in Windows 3.1 that would freeze the machine (this was back when there was no multi-tasking – if your computer was printing, you couldn’t even play Solitaire whilst you waited)

Security challenges in Web 2.0

An interesting blog post has highlighted how Gmail accounts can be hacked – Google Email Hijack Technique. Aside from the issue that it appears quite easy for someone/thing who knows what they are doing to start snooping on your email (more than slightly worrying), the blog post highlights a new security challenge for anyone beginning to rely on hosting data in ‘the cloud’ – i.e. stored on remote data centres and accessed using online services. Think Gmail, Flickr, YouTube, Facebook, Office Live, MySpace, LiveJournal, SalesForce

When viruses first appeared, the primary method of spread was through infected disks. People had a habit of leaving floppy disks in computers. When the computer was next switched on, a virus would copy across from the floppy disk (way back when, the floppy disk drive was the first item read when your computer started up and the most common form of network for file sharing). Your computer would start to behave oddly as files became corrupted and you lost all your data. People, through training, threats and learning the hard way through experience, began to get better at not leaving disks inserted in computers when they switched off. But it didn’t matter because the threat changed…

Along came email and networks. New ways of hacking accounts, crashing computers and corrupting data arose that no longer relied on a floppy disk to spread the havoc. And new challenges appeared – spam overwhelming inboxes, phishing scams persuading people to willingly hand over bank details. Whilst some attacks were purely web-based (fake sites pretending to be your friendly bank), the majority of attacks still focused on taking control of your computer and doing bad stuff with it. But having a computer crash has become less of a worry as more data is being uploaded onto the web. Our need to have our data available regardless of the device we happen to be using means our devices are more resistent to damage. If your computer gets hacked, wipe it and rebuild it, then re-sync with your online services. And so the threat changes again…

The Gmail exploit doesn’t care about your computer, or your mobile phone or whatever device you choose to use. It lives in ‘the cloud’, hacking directly into the online services that are hosting your data. If Gmail gets hacked, what do you do? You can’t just format and rebuild, as has worked in the past with computers. You don’t control the service or the computers where your data is stored. Instead, you have to trust Google (or whichever service provider you happen to be using) to fix the issue. It’s a different dynamic and one that will need to be considered by any organisation planning to switch from local servers to fully hosted services.

Technorati tags: Web 2.0; Enterprise 2.0; Gmail

Who controls your data

There is a bit of a furore going on over a piece of code being leaked to the web that enables you to crack HD-DVDs. However, one of the blog posts/news articles includes a snippet of information that I am more interested in, because it highlights a big flaw in the strategy for moving your data into the Internet cloud. Snippet from a blog on Wired, documenting a takedown notice from Google to someone using their Google Notebook application (bold highlighting is mine):

… Google has been notified, according to the terms of the Digital Millennium Copyright Act (DMCA), that content in your notebook Google Notebook Entry allegedly infringes upon the copyrights of others. The particular section of your notebook in question is the section covering www.digg.com/users/entangledstate/news/dugg

…. If you do not do this within the next 3 days (by 4/30/07), we will be forced to remove your entire notebook. If we did not do so, we would be subject to aclaim of copyright infringement, regardless of its merits. We can reinstate this content into your blog upon receipt of a counter notification pursuant to sections 512(g)(2) and (3)of the DMCA…

Back in March, I wrote a post – Google and Microsoft looking alike – talking about Google’s strategy for getting us to use their online services for storing our data. If they are happy to act as big brother on behalf of people who use the DCMA as an easy form of censorship, will we be comfortable to hand over the keys to our information?

Take a simple scenario. I use Gmail for email. Someone sends me an email containing content that might infringe copyright. Google receives a notification from the copyright owner and issues notices similar to the one above with 3 days to comply. I happen to be on holiday and don’t check my email, so have not even read the allegeded offending email, let alone seen the takedown notice. When I return to work, my entire Gmail account has been deleted. What if I ran my entire business using Google services? Would they all be deleted too? Hmmm…

I last blogged about the DMCA in January 2006 – Post and be damned. The NewScientist magazine had published an article examining the use of the DMCA as a form of censorship. One study found that 47% of takedown notices concerned material that would likely have been deemed fair use. However, the DMCA enables content owners to issue takedown notices without having to go to court, placing the onus on the individual to legally challenge them. Targeting the Internet Service Providers (ISPs) has proven effective – they will simply remove the content unless the individual web site owner is prepared to finance a legal challenge to the notice. Picking on Google (and any other player in the web software/services playground) makes it even easier. Google can simply shrug and say ‘we have to do this or else we would be subject to a claim’. But the impact on the individual or organisation targeted is now even bigger. You don’t just lose your web site, you could lose your entire ability to do business if you rely on web-based services…