Gmail makes me nervous because it’s actually a giant advertising data farm. Google harvests the text of every message and uses it to place little advertisements that suit my personal tastes or vices. The Gmail threading system is smart. It’s a terrifically designed web application. It’s just worrying when we think about personal security.
I think the paradigm of ‘free’ services powered by advertising is not necessarily a good thing. It offers a certain immediate service (free email!) but at a serious cost (Google gets to read everything you write). People are going to have to realise that nothing is actually free. There is a cost somewhere down the line when it comes to providing server farms with these services.
I don’t think that future web applications will be free. I actually think I’ll be paying for a private web application when I take out my subscription to my operating system. You know, I’ll buy my UbuntuPLUS package which will bundle a year of UbuntuMAIL and UbuntuPRODUCTIVITY and other web goodies to ensure my data can follow me around the world regardless of whether my laptop makes it with me or not.
I think there are two primary reasons for this occurring. The first is that I don’t want Google reading my mail (calender, instant messages, office documents). The other is that boxed software is becoming a commodity and the provision of useful web services is the next logical profit arena.
I posted a couple of days ago talking about how we can have private personal data on servers that provide web applications. A comment replying to this assertion was posted to my blog suggesting that if a server does not interact with personal data its just a big storage mechanism and no more useful than a USB key. I respectfully disagree. Let me explain why.
There is personal data and there is personal data. For instance, I am glad that my webmail provider knows my name because this allows us both to be pretty sure only the real Shane has access to the webmail account. That’s personal, and that’s fine. Google can have it. However, I don’t want my webmail provider reading my incoming mail. That’s personal and Google cannot have that. I want encryption. I want privacy.
Now, let’s imagine a service called ‘GooglePRIVATE’ which I paid for. I give Google $24.95 a year to use their spiffy web application under the condition they never read my email. They get my name and my credit card. I get encrypted email. We’re both happy.
GooglePRIVATE could work by storing my email in an encrypted database. When I go to log onto GooglePRIVATE a session is established between my computer and their server. My name and password give me access to my account and the password is also used to decrypt a local session of the database incrementally. First of all the index arrives and shows my threads. As I’m being absorbed by the message subjects the rest of the database is streaming and decrypting in the local session ready for use.
The server is providing storage, authentication and the algorithms for searching my mail. It’s also the place where the web application lives (meaning updates are simple and automatic). My local session is providing horsepower for decryption and the temporary session that holds my unencrypted mail. When I’m done my database re-encrypts and drifts back to it’s home in the larger database at Google.
I’m sure you see where I’m going with this. That’s a rough example of how I can envision web applications that don’t require a total loss of user privacy. That’s the type of web application I would pay for because it would give me convenience without opening a door into my brain. It’s bad enough with just me living in here.