Web 2.0 Privacy and Security Issues Won't Go Away

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

A week after the Web 2.0 Expo showcases the latest and greatest new services on the Web, the San Francisco chapter of the Internet Society will host what's likely to be a comparatively somber, though relevant, INET conference focused on trust and security issues facing the Web.

"The idea is to explore how do we transition to an online community we can trust? What do we want the model to be? Could it be a multi-faceted approach?" Zaid Ali, president of the Internet Society's San Francisco chapter, told InternetNews.com.

"Can you trust that the privacy policy on your favorite social network won't change overnight?" Ali continued, listing issues speakers are expected to address at the conference. "Can you trust a foreign domain name? What happens to information on your mobile phone if someone else uses it?"

The one-day event on May 7 in San Francisco is expected to attract security vendors and industry professionals. "At the end we may have something we can propose to Internet Society, ICANN or the IETF (Internet Engineering Task Force)," said Ali. "The main goal is to get a conversation going on these issues."

Daniel Dreymann, the president and co-founder of e-mail security firm Goodmail Systems, said that while he sees some indications of progress, more trust needs to be built into Web services. "You need to have the right agent behind the scenes doing the heavy lifting so the burden isn't on the consumer," Dreymann, one of the INET conference speakers, told InternetNews.com.

He pointed to the use of a color widget by Microsoft's Bing search engine to indicate whether a site may be a phishing or malware distributor (red means it is, green means it's been cleared) as a good example of flagging trusted sites for consumers. Similarly, his own company, Goodmail, includes an icon to certify when e-mail is coming from a valid sender. "The idea is that the user, or a company, that doesn't do Internet security for a living and doesn't want to, can easily see someone trusted is vouching for the site or the transaction," said Dreymann. "Leave security to professionals."

As more services and applications move to the cloud, Dreymann said he expects a new set of security challenges to emerge. For example, as more Web 2.0 features are added to e-mail services, malware and other unwanted intrusions could launch without the user doing anything. Currently, users are routinely warned not to open attachments from unknown sources.

While he said there haven't been any automated Web 2.0 breaches via e-mail that he knows of, Dreymann said it's very early in the evolution of such services that, for example, might automatically play a video within an e-mail message.

"If you don't implement that the right way, we'll have security breaches unheard of in scope," said Dreymann. "When you open a Javascript file, the foundation for Web 2.0 functionality for video and e-commerce applications, it's suicide if the right security model isn't in place."

In addition to Dreymann of Goodmail Systems, scheduled speakers at the INET conference include ICANN Chairman Peter Dengate Thrush, representatives from Afilias, Verisign, Cisco Systems, Brandenburg InternetWorking, Online Trust Alliance, Internet Society and FireEye.

David Needle is the West Coast bureau chief at InternetNews.com, the news service of Internet.com, the network for technology professionals.