Is Google Wave secure?
Google Wave is an impressive effort to reinvent on-line communication, unifying dominant text-based communication paradigms (such as e-mail, instant messaging, and wiki-based collaboration) under one open standard. An interesting feature of Wave is its support for robots, computer programs that act as participants in conversations, providing services such as translation, diagram embedding, and more.
It appears, however, that the current implementation of Google Wave robots opens up the possibility of compromised communication security.
Here are the key factors:
- Any non-robot participant can add a robot to a wave.
- Google Wave robots seem to have read/write access to the entire wave, even private wavelets.
- Google Wave robots are hosted on Google App Engine (GAE) and have access to all of GAE's available functionality.
- There is no approval/trust mechanism for vetting Google Wave robot applications.
Here are some hypothetical compromise scenarios:
- A Google Wave robot logs wave content to a GAE datastore (or transmits it via an external web service) for eavesdropping purposes.
- A Google Wave robot alters wave content for phishing purposes (changing a legitimate login link, for example, to a phishing link).
Given the current implementation, it appears that there is nothing one can do to insure that sensitive data discussed on Google Wave won't be compromised if any participant introduces a robot. One possible improvement to this situation could be to introduce robot vetting, crowdsourced or otherwise, using a checksum to fingerprint each version of a robot's codebase. This, however, would make wave robot development extremely difficult given that wave robots can't be tested locally on a developer's own workstation.