I certainly don't want to be a party pooper before the party even starts, and the Mozilla Security crew certainly know what to do, but even the concept behind Mozilla Weave scares me. And I suppose I'm just paranoid about the possibility of saving my personal preferences in a "cloud" anywhere.
Right now they're just designing Weave. But there are two areas of risk that need to be secured early, before they get really far into developing this:
- The security of the online storage itself needs to be addressed. The results of everybody's information in one place (even discounting passwords) is very serious. The idea of a place on the internet that knows who I bank with, my social networking sites of choice, my bookmark sites of choice, my search engine of choice, the wikis I participate in, the feeds I subscribe to, and my favorite sports team really frighten me. Imagine if all this information were compromised.
- The security of the API to get the information needs to be addressed. How long is the data "unlocked" (like your Keychain or Keepass safe - they lock at intervals, even while you're logged in). If I get up and walk away from my browser, how much information is available? And is this necessarily any different than walking away from an unlocked workstation when the data is stored locally? Probably - because when it's distributed, while it's not all up-to-date, there are multiple points of failure. But when it's in a cloud and centralized, can all my information quickly be altered?