Users love the experience of web-2.0. They love the rich web UIs and the interactive applications. This has been made possible by the Ajax and Comet techniques that allow the web client to interact with the server behind the scenes and without explicit interaction from the user.

But the problem is that users hate applications that talk to servers behind the scenes without any explicit interaction from them. This sort of software is normally called spyware. This has not yet become an issue for users because Ajax apps have to date mostly been limited to asking the server to look up postcodes. Because Google has been a primary developer of Ajax apps, there is also the “Google is not evil” effect, where users are happy for Gmail to read their communications for marketing purposes, even though they would be furious (and litigious) if Outlook sent a single byte of info to Microsoft.

With Comet, the scope for a web client to interact with server behind the scenes has increased enormously, and we should not assume that the Google effect will apply to all applications using these techniques.

Ajax, and Comet in particular, are changing the “contract” between a user and a webapp, and we need to consider how we educate the users about the new deal they are getting.

Users need to know that the page they are looking at can update without the refresh button being pressed. For example, how does a user know that a stock portfolio page is active and will update if a price changes? If the price has not changed, how do we stop them hitting reload just to check that the page is still working? Once they have the confidence that the page will update on its own, how do we tell them if it really is broken and updates won’t be coming?

Users need to know that communication with the server is happening in the background and that bandwidth is being consumed, potentially over an expensive mobile link.

Users need to be aware that a Submit button is no longer required for their actions, choices and interactions to be sent to the server. Most of us have turned off the dialog warning about data being sent over the web when we press submit, but no new warning has been given that even something as simple as a hover can now be sent to the server to gather information about what the user is doing or considering.

We also need to empower our users to disable the server communications without leaving the page. Just because a user no longer wants to consume bandwidth to get live price updates doesn’t mean they don’t want to keep looking at their portfolio page.

I believe the solution to this educational need is some form of branding and brand awareness. Something like the “Intel inside” logo but for Ajax and Comet. If web pages using Comet techniques were to carry a small icon showing the status of the Comet connection, then users could be educated to know what that means: e.g. green Comet icon means no need to refresh, red icon means communications disabled, click on the Comet icon to toggle the communications status, and hover over the icon to get a help tooltip about the current privacy status.

While such a widget would not prevent evil apps from acting maliciously, if the non-evil apps make the effort to communicate their capabilities then it is much simpler for a evil webapp to be identified as one that goes beyond the capabilities that it represented. Legitimate webapps would not be tarred with the same brush as spyware once Ajax and Comet spyware becomes common.

Obviously such a widget needs to be well designed (red and green are poor choices if we want to include color blind users) and well marketed. I will ensure that the 1.0 release of Cometd next month will support such a widget, but I need an actual design for the widget. So this is call to all those who are graphically inspired to come up with suggestions for the look and location of an active Ajax Comet status and control widget.

Once we have a cool widget, the challenge will be to get all Comet frameworks and applications to adopt it. There is only so long that we can keep calling our new apps Active-Foo or Live-Bar to indicate their “push” nature, and eventually a simple branding solution would be much better.