With respect to security the problem comes in two parts. First there properties of information intentionally shared, and second, there is the security of information intended to be secret.

Web 2.0 is about sharing, community and collaboration. The idea is about sharing, be it a blog (or blog comment), or opening an API. As with any type of data–a phone call, document, expense report–there is always the issue of where the limits are for information sharing. Some wikis, for example, do support having certain restricted pages, but from what I’ve seen they aren’t well designed for that (certainly not to the extend that a *nix file system is). Blogs, as Ed pointed out, have the risk of violating corporate communications policies, but then so do emails, IM, etc. I think the tools of Web 2.0 can be made to support security issues, but culturally have not been designed at this stage to do so.

The second half of this first issue is the reliability of this information. A friend of mine at a large Dot Com still alive and kicking did some research with college students. Many are distrustful of information they see online (someone once blogged 78% of all blogs make up statistics), and yet they cite wikipedia as a reliable source, admitting that this view is contradictory. What is clearly needed going forward is some type of filtering system.

Early attempts at this in the 90’s include Pattie Maes’ FireFly and Ron Rivest’s SDSI system. Current attempts are more along the lines of Del.icio.us, following the open source philosophy that many eyeballs make problems shallow. Still issues remain; wikipedia for example has issues with “defacement” of pages on President Bush, Nazi’s, etc. as people try to spin the page for their own goals. I think the larger issue is, rightly or wrongly, we trust the fourth estate to remain impartial, and the journalistic code of ethics requires it. If two bloggers both talk about some military activity that took place in their neighborhood 24 hours ago, how do we know which side to believe? Some type of SDSI chain of trust will be needed.

To the second point, I don’t think Web 2.0 tool/technology security is there yet. By this I mean, I have faith in the efforts that Sun and the Java Community put into the Java Security Architecture, and whether your like Microsoft or not, you know they put in effort into their security design. More importantly, we have seen Java and .Net used for years in high profile systems. I have not yet seen Ruby used in such a way, nor do I think there is a sufficient security infrastructure in place (e.g. tools, vendors, experts) to make it yet viable for very secure systems. I’ not saying that it isn’t, just that when I’ve made the call at some companies, I didn’t feel comfortable enough yet that the security has been time tested. (I cited languages but feel the same holds true for tools.)

5. NYC Web 2.0

NY Tech Meetup (www.meetup.org, then search for “NYC Tech Meetup”) seems to be the place where Web 2.0 folks are aggregating i the city, having thousands of members and monthly meetings of hundreds of people. There are also smaller groups such as the NY Video 2.0 group, NY Web 2.0 Social Networking Tech Meetup, etc. The MIT Enterprise Forum also has some events but isn’t necessarily so Web 2.0 oriented. Fred Wilson is very into the space and his blog is a good place to keep up on things, as is TechCrunch.

6. YouTube

My $.02 is that YouTube will be a poster boy of web 2.0 irrational exuberance. I hate the business model, which is currently that when a user goes to the website to get a video, he sees ads. The model is not profitable–it’s basically free online file storage with large bandwidth costs! Additionally, YouTube is getting sued by every major content provider for copyright infringement. Also, MySpace recently moved to block flash applications, so you can no longer easily click back to YouTube from MySpace (which is where many of their videos are posted).

YouTube can charge for the service, but given that their demographic believes music should be free, I don’t seem them paying for this service either. They can also put pre- or post-roll ads into the system, which have a much higher CPM. However, the demographic (teenagers) will revolt, not wanting to be corporate shills and having people make money off their webpages. There are scores of other YouTube clones, many of whom can operate outside US jurisdiction. I think ultimately we’ll see sites outside the US hosting the content and some type of meta-sties letting you search across them. Hopefully the broadcasting and MPAA won’t make the same mistake as the RIAA and try to sue people –into compliance.

(Caveat: I do think recently launched PornTube will be a money maker.)