More on Google Wave Trust Model

I wrote briefly about Google Wave, and Ben Laurie points out that my statement on the Google Wave trust model is misleading. He’s right. I said that the Google Wave trust model is the same as email (and thus I think Google Wave will succeed). What my words unfortunately and misleadingly implied is that it’s no better than email. What I wanted to say is that it’s no worse than email. Well duh, one might think, how can you do worse than email? But actually, not duh.

Take any of the Web 2.0 services you see today, such as Twitter, company-specific versions of Twitter, online project management / bug tracking tools… These are fantastic, but their trust models, as far as companies go, are noticeably worse than email. You have to trust the provider fully with your data. You have to assume that they will defend against subpoenas and hackers and insiders trying to access your data, just as much as you would. Now, maybe they will. But the trust model is different, and in some ways worse, than hosting your own email server.

Google Wave does not require you to trust Google. Sure, Google will almost certainly offer a Google Wave hosted service, just like Gmail is a Google-hosted email service, and many companies will opt for it. But that won’t be the only option. You’ll be able to host your own server within your Intranet, and when Company A sends a Wave to Company B, Google’s servers aren’t involved. Very similar to the way email works, where trust delegation to an entity like Google is a choice you make, not a decision you’re stuck with when you want the new features. Intranet-hosted servers is something big IT departments are already comfortable with.

Now, in addition to that, Google Wave looks like it will provide significant end-to-end crypto for authentication and confidentiality (at least by domain). That’s obviously better than email.