Serious Privacy Problems with Bots on Google Wave
Posted by knorby on February 25, 2010 under Python, app engine, facebook, fortune, google, internet, privacy, wave | 
Be the First to Comment
I started writing this post while Google Wave was still pretty new, but it has been out for a while and half forgotten. It is still in closed preview, but it shouldn’t be hard to find an invite if you want to check it out. As I mentioned in my last post on wave, I wrote a quick fortune bot for wave. The bot got a decent bit of use at first, as many people played around, but now use has dropped to almost nothing. Based on my own use, I figured early on that most of the use was from 1 or 2 real people interacting with a bunch of bots. I tested and confirmed that with the data google records by default.
Google App Engine, on which all bots must be hosted, by defaults logs any request and any error. A bot can register a number of different events, which will trigger a request to the bot. In the request, the state of the wave is contained in a json format. The log files can easily be downloaded, and the json easily parsed. From that, you see everything. You see the addresses of everyone, you see what has been entered, even if it doesn’t relate to the events of the bot. As far as I am aware, no TOS or privacy agreement exists that covers the use of this data, and even if it were, the most nefarious uses still would be silent.
By putting data on any web app, you put yourself up to the same risks and invasions. The google ads in gmail are targeted at you for a reason after all. If you are using gmail though, it is a safe belief that google will be the only one other than you to see your data. A bot could be maintained by anyone. Facebook apps are a decent comparison. I have looked at the API a couple times, but my understanding is even with the permissions a user can grant or deny, apps get to see a lot. A fair bit of criticism has been made of this platform, but it is very safe to say the privacy structure in place on bots is much worse. Aside from the lack of permission controls, would you use something like facebook apps on your e-mail or google docs (to the extent that makes sense…)? I hope not.
A wave user has a somewhat unique problem here. If a bot provides a useful service to a particular use, and the wave for this use is private, should you use it? That isn’t a question anyone should have to ask. The question of “put this data in this web app or not” is one thing, but you shouldn’t have to worry about using a pivot tables tool on an online spreadsheet, which is essentially what is going on with bots here. There isn’t really way to distinguish what is a good bot vs. a bad one either. If I wanted to snoop on people on wave, I would write a useful bot, and no one, google included, would be the wiser to what I was doing with the collected data.
I don’t think there is an easy way to fix bots as they are. Anonymous search results aren’t really that anonymous, and I would guess wave data would be much worse. The problem isn’t that App Engine logs requests; the problem is what wave sends. If you consider the data in a wave in anyway private, I would recommend against using bots.