When I first heard about Google Wave, I thought it sounded a little gimmicky and mostly ignored it.

When next I heard about Google Wave, I heard some interesting things about what people will be able to do with plugins to add their own functionality. I looked into the promised capabilities a bit more, and found that I might have at least one use for it, as a tool for running an online Pathfinder RPG campaign.

Because of the potential use for it as a gaming aid, I applied for an “invitation” for Google Wave testing. I got a few more invitations I can distribute to others, which is kind of a necessary capability — since it is an interactive service — and requires the participation of other people before it becomes particularly useful.

It is a new service, still in testing, however. It will be interesting to see whether any bugs bite me or any of the functionality changes while I use it. More importantly, it remains to be seen where the unexpected security implications will arise. Because of this, I will not be using it for anything involving any kind of sensitive or private information, at least during the preview/testing stage of development.

Like any new service, particularly if it offers new functionality or uses old functionality in a new way, it pays to be very cautious. This is especially true when it is the sort of thing that encourages its users to share or store information through the service itself. Even for a  well-known organization like Google, it’s important to note that the service is in testing, which means the service provider is not confident in its stability. The whole point of testing, after all, is to find bugs so they can be eliminated before the official release.

If you come up with a good use for something like Google Wave and acquire an invitation before its general release — but after the end of the official testing period — make sure that however you use it will not involve sharing any sensitive information. Depending on how things work out while I play around with it, I may end up using it to provide real-time client security training and online support sessions — but I will not do so while I am uncertain of any potential security pitfalls. Until the security implications of using a service like Google Wave are better understood, it is best to keep your private communications restricted to channels that are more thoroughly tested, where the security benefits and dangers are much clearer, and the means to protect oneself against those dangers are well established.

Of course, if you do business anything like the way most banks do business, with little or no concern for the preferences of your more security-conscious clients and customers, simply diving into Google Wave without any thought for the dangers of entrusing a new online service with your most sensitive data may not be any worse than how you already do things. If you are more careful — and care more about privacy and security  than the average bank, you should definitely apply a little practical paranoia to the way you use Google Wave, or any other online service, while it is still so new.