Google Wave secured with 'crypto fairy dust'

By Munir Kotadia on Oct 15, 2009 3:11 PM
Filed under Security
 

Wave goodbye to email spoofing.

Google Wave, the search giant's email-like collaboration tool, has been designed to avoid common security issues associated with traditional email because it contains a 'sprinkle of crypto fairy dust', according to the product manager of the technology, who was speaking to media in Sydney today.

User privacy is a huge concern for Google, according to Greg D'alesandre, Google Wave product manager.

He said Wave has been built with two levels of security designed to stop criminals exploiting the technology by spoofing another account - pretending to be someone they are not - or by sniffing Wave traffic while it is travelling between users.

"It is relatively easy to fake - or spoof - an email address. One thing we built into the Wave protocol is what we call crypto fairy dust. This means every piece of information you are getting on a Wave from another Wave server has authentication information built into it.

"So you know you are getting the Wave from the person that is sending it to you and it has not changed mid-stream. This is a very big problem in current communication technologies - data can be changed mid stream and you will never know," said D'alesandre.

In addition, he said, all Wave traffic is encrypted using https.

"If somebody was watching packets passing between the computer and the Wave server, they wouldn't be able to decrypt the information.

"There are a lot of products where you can choose if you want to use https. If you are at an internet café and decide not to use [https], it means there is a possibility for somebody to sniff that traffic. We don't give you that option," said D'alesandre.

He admitted that forcing encryption on users slows the product down but he said it was a price worth paying.

"Even though it is slower we think it is important to do it anyway. We have built privacy concerns from the ground up rather than waiting till there are issues and addressing them afterwards," D'alesandre said.

Google Wave users will soon also have the option to whitelist people they want to collaborate with. This means only people on their whitelist will be able to contact them - everyone else will be ignored.

Google Wave is currently in a limited beta test. The company has not yet indicated when it will be opened to the general public.


Google Wave secured with 'crypto fairy dust'
5 comments in this discussion
"^^ Don't leave the responsibility in the end users hands, in the end it only endangers the rest of us as a result."
By Mordd
 
Tags
google, wave, greg, privacy, encryption, whitelist, spoof, sniff, networking, services, security
Related Articles
Breaking Stories
 
 
Comments: 5
tsemaj
Oct 15, 2009 5:07 PM
 Mun, I wasn't there - so I can't tell whether the "fairy dust" is meant to be evasive or derisive!
cootified
Oct 15, 2009 6:30 PM
 Google should make this encryption optional in settings. At the end of the day, its up to the user to "lock their doors" at night. There are alot of people who underestimate web security issues and naturally what you dont understand, you fear. There are some people out there who thinks everyone else is here to make their lives miserable.
tobygalino
Oct 16, 2009 8:11 AM
 cheers coot- users rely on the internet/computers/gadgets yet dismiss the responsibility of their maintenance.

At VeriSign we feel email services need to provide more robust forms of protection, ie. Extended Validation SSL, and two factor authentication, which also comes as a mobile app if you hang yourself "out to dry" on wifi. If all those email users had a 2FA token it wouldn't matter if their passwords were hacked.
tallguy
Oct 16, 2009 10:08 PM
 Maybe there is an alternate universe where average users take good care of their security. In the real world it is a great idea to take away the choice.
Mordd
Oct 18, 2009 7:37 PM
 ^^ Don't leave the responsibility in the end users hands, in the end it only endangers the rest of us as a result.
Comments have been disabled for this article.
 
 
Top Stories
Photos: HTC One vs Samsung Galaxy S4
Photos: HTC One vs Samsung Galaxy S4
Android giants battle it out.
 
Project management lessons from the QLD Health payroll inquiry
Project management lessons from the QLD Health payroll inquiry
Analysis: How not to run a major IT project.
 
Review: Asus Fonepad
Review: Asus Fonepad
Calling on the Big Phone.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

Bankwest builds continuous delivery capability
Bankwest builds continuous delivery capability
To automatically deploy test/dev sandboxes by mid-year.
Veterans' Affairs sets sights on modernisation
Veterans' Affairs sets sights on modernisation
Data safe with Human Services, CIO says.
Citi Australia drops platform customisations
Citi Australia drops platform customisations
Technology chief shifts focus from building to leveraging systems.
VicRoads restructures IT team
VicRoads restructures IT team
Department moves to align with industry benchmarks.
Zurich Australia extends IT team offshore
Zurich Australia extends IT team offshore
Malaysian staff served from Australian data centres.
Leigh Berrell - Utilities CIO of the Year
Leigh Berrell - Utilities CIO of the Year
Yarra Valley Water CIO Leigh Berrell accepts his Benchmark Award for Utilities CIO of the Year.
Wayne McMahon - Retail CIO of the Year
Wayne McMahon - Retail CIO of the Year
Domino's Pizza CIO Wayne McMahon accepts his Benchmark Award for Retail CIO of the Year.
Inside Perpetual's ongoing IT transformation
Inside Perpetual's ongoing IT transformation
CIO Jenny Levy discusses how outsourcing will help the firm "simplify, refocus and grow".
Managing Complexity - Defence's Daniel McCabe
Managing Complexity - Defence's Daniel McCabe
Daniel McCabe, Assistant Secretary of Australia's Department of Defence, provides the audience at the iTnews Data Centre Strategy Summit with a deep dive into the organisation's data centre consolidation program.
How Facebook designed the data centre from scratch - Marco Magarelli
How Facebook designed the data centre from scratch - Marco Magarelli
The full keynote by Facebook data centre architect Marco Magarelli at the Australian Data Centre Strategy Summit. Magarelli details the design considerations behind the social network's Prineville, Oregon; North Carolina and Luleå, Sweden data centres.
Modernising Legacy Data Centres - Telstra's Jon Curry
Modernising Legacy Data Centres - Telstra's Jon Curry
Telstra general manager of managed data centres Jon Curry guides the audience at the iTnews Australian Data Centre Summit through the build of the telco's Clayton, Victoria data centre.
NSW Government launches NABERS data centre rating tools
NSW Government launches NABERS data centre rating tools
Matthew Clark from the NSW Department of Environment guides facilties managers through the details of the new NABERS data centre energy rating tool at the Australian Data Centre Strategy Summit.
NABERS launch panel: Australian Data Centre Strategy Summit
NABERS launch panel: Australian Data Centre Strategy Summit
Matthew Clark (NSW Dept of Environment), Greg Boorer (Canberra Data Centres), Glenn Allan (National Australia Bank), Mike Andrea (Strategic Directions) and Bob Sharon (Green Global Consulting) discuss the impact of the NABERS data centre rating.
Judges notes: Fortescue Metals [The Benchmark Awards]
Judges notes: Fortescue Metals [The Benchmark Awards]
iTnews' panel of judges discuss Fortescue Metals 'New World of Work" project, one of three shortlisted finalists for the Industrials category of the CIO Benchmark Awards.
Judges notes: Retail [The Benchmark Awards]
Judges notes: Retail [The Benchmark Awards]
iTnews' panel of judges discuss the shortlisted finalists for the Retail category of the CIO Benchmark Awards.
Judges notes: Pacific Aluminium [The Benchmark Awards]
Judges notes: Pacific Aluminium [The Benchmark Awards]
iTnews' panel of judges discuss Pacific Aluminium's lightning fast service desk refresh, one of three shortlisted finalists for the Industrials category of the CIO Benchmark Awards.
Judges notes: Domino's Pizza [The Benchmark Awards]
Judges notes: Domino's Pizza [The Benchmark Awards]
iTnews' panel of judges discuss Domino's Pizza's shift to hosted services, one of three shortlisted finalists for the Retail category of the CIO Benchmark Awards.
Judges notes: McDonald's Australia [The Benchmark Awards]
Judges notes: McDonald's Australia [The Benchmark Awards]
iTnews' panel of judges discuss McDonald's Australia's new self-service portal for employees, one of three shortlisted finalists for the Retail category of the CIO Benchmark Awards.
Judges notes: ING Direct [The Benchmark Awards]
Judges notes: ING Direct [The Benchmark Awards]
iTnews' panel of judges discuss ING Direct's 'Bank in a Box', one of three shortlisted finalists for the banking and finance category of the CIO Benchmark Awards.
Judges notes: Yarra Valley Water [The Benchmark Awards]
Judges notes: Yarra Valley Water [The Benchmark Awards]
iTnews' panel of judges discuss Yarra Valley Water's insourcing project, one of three shortlisted finalists for the Utilities category of the CIO Benchmark Awards.
Latest Comments
Powered by Disqus
Polls
Do you prefer the Coalition's NBN policy?
   |   View results
Yes
  19%
 
No
  81%
TOTAL VOTES: 1663

Vote
view previous polls »