Sunday, June 22, 2008

Trust, Privacy and Applications


There are some pretty cool new applications out there that I would like to try.  The only problem is that I have some problems trusting them.  Xoopit and Skyfire are two examples of this.



Xoopit is an extension to Gmail that lets you easily access and share your photos, videos and files that are in your Gmail account.  The problem with this is that you have to give them your gmail username and password, in order for them to index the data. 



Skyfire is a Windows Mobile web browser.  This browser is supposed to deliver a PC based browsing experience that is supposed to be really fase.  The problem that I have with this is in their implementation.  Essentially the Skyfire browser is a VNC or RDP client.  When you enter a web address in the "browser", it gets sent to their servers which fetch the html and renders web page, and then sends the rendered page to the "browser".  When people enter a secure https url, they have the expectation that their data will be encrypted between their browser and the server on the other end.  With Skyfire, the connection is encrypted between Skyfire's severs and the destination server.  I don't know how the connection is encrypted between the "browser" and Skyfire's severs.



I am sure that both Xoopit and Skyfire are not going to do anything malicious with my data, but what if their servers are broken in too.  For mail, I already am trusting Google with my data, adding another third party, adds another potential point of failure.