As the Internet has evolved our collaboration options have evolved with it. We have gone from email to ftp to web to im. Now everyone’s talking about Web2.0, which offers social networking and online worlds as personal and, increasingly, as business collaboration tools. Each new collaboration method has ignored security issues at first, and has encountered reputation and take-up problems as a result. Web2.0 is set to conform to this time honoured pattern. One of the very difficult things about Web2.0 is its similarity to real life. On-line networking is like real-world networking and on-line worlds are like the real world – even to the point of having convertible currency in many cases. But on the other hand, we want the freedom in an on-line world to do things which would be dangerous, illegal or impossible in real life. That makes it very difficult to know what the rules should be in Web2.0. Is hate speech in an online world as bad as in real life? Should virtual smoking be banned in virtual restaurants? Most Web2.0 hosts are doing as little as they possibly can and legislating on a case by case basis when real problems come to their attention. They aren’t attempting to work within an overarching framework. Actually, I think this is the correct approach. Web2.0 hosts are developing common law rather than Roman law. As a member of the Anglosphere, I approve. But will Web2.0 be able to develop the security, privacy and reliability levels that business needs? If not, it will have to stay as ‘just a game’. I am indebted to my colleagues in the UK’s Security Consulting Practice, Anish Mohammed and Steve Allen, for contributing their know-how in this area.