After watching this video, my first thoughts were:
1. I wonder if an attacker could write a command to send arbitrary GMail messages on the users' behalf, watch every page the users visit, steal passwords, and even compromise users' computers.
2. How difficult would it be for an attacker to trick a user into installing the command or cause the command to be installed in an automated fashion?
The short answer to 1. is YES (details provided below)! Answering 2., specifically the automated portion, will require some research.
Ubiquity Developers' Awareness of Security Concerns
Before anyone gets too worked up about these security issues, I should make sure it is clear that this project is far from being complete, the authors are well aware that there a significant security concerns, and they are in the process of determining a method to reduce the risk of malicious commands or other exploits.
Examples of this awareness can be found in Atul's blog entries:
Trusting Functionality and Towards Inter-Community Trust
"So the particular dilemma that needs to be solved here is: how can an end-user trust that a verb won’t do anything harmful to their data or privacy—be it intentional or accidental—while still providing a low barrier of entry for aspiring authors to write and distribute their own verbs?"
More specific concerns can be found in the Ubiquity Author Tutorial.
"In the future, we're going to have something set up that we call a "trust network". When you try out a Ubiquity command from a website, and determine that the command is safe (or unsafe), you'll be able to leave an approval (or a warning). When your friends with Ubiquity installed visit the same site, they'll see the approval or the warning that you left. In this way, users will be able to rely on the judgement of other people they already know and trust in order to help them make decisions about whether a command is safe to install or not."
Possible topics for Part 2 - ?
I plan on digging into these ideas in future posts, and have listed a few possibilities below. If you have a preference or other suggestions, feel free to leave a comment.
Using Ubiquity for Evil:
Basically, a discussion of Ubiquity features and how they could be used maliciously.
Results of research into whether commands could be installed in an automated fashion without the user's permission.
Ubiquity Trust Model:
Examination of how the trust model protects users from subscribing to malicious commands. This article may have to occur once that trust model has been determined by the project developers.