On a technical level, Box.net’s announcement today of “Instant Mode” may seem more incremental than revolutionary. Part of the rollout of the cloud storage service’s new, more RESTful API for developers, it plays directly into last month’s launch of the OneCloud platform: It’s a new way for other apps - including Google Docs - to connect more directly and even more securely with users’ Box storage.

But Instant Mode takes on more meaning in the context of yesterday's announcement of GDrive. Usually, “drives” are not the tools of specific applications, and since Google Docs syncs with files on your computer anyway, what extra benefit do users get from having cloud-based storage that’s essentially bound to Google Docs? By comparison, Instant Mode operates more like a service... more like a hard drive.

“There’s so many third-party apps that need file and content storage, and simple collaboration. And most of them don’t want to have to work with [Amazon] S3 to do it,” says Box.net VP Christopher Yeh, in an interview with ReadWriteWeb. “It’s too low-level, and there’s too much code to write to make S3 work well for it. If they could work with someone like Box, it’s way easier for them than to write all that code for S3.”

Freedom of Access, Security of Files

Up until now, Yeh explains, whenever a third-party app needed to access a user’s Box.net storage, it had to trip the user’s account authentication. If the user didn’t have a Box.net account, naturally, that process would help her create one; but if she already did, she’d have to log in again. You might not think this to be a terrible bother, but imagine if your word processor had to “log on” to your hard drive.

Box’s Instant Mode solution sounds a little scary at first but makes sense when you drill down. The idea is this: Using the new API and protocols, a third-party app may be given the email address of the Box account holder. With just that email address, the app can request access to the user’s storage area without tripping the authentication process. So the user does not have to log on to Box to give the app access to the area.

That’s the scary part, but once the app has access, it cannot see anything except a single folder that’s specific to the app itself. The app must go through the motions of creating the secure folder, and that trips a new, once-only process of user approval. All other files and folders inside that storage space are invisible to the app.

The folder’s purpose is obvious to the user: It’s created by the app and named after it. (When you install an application in Windows, it often creates a folder for itself under the hidden AppData directory, so this is roughly analogous.) But its contents are encrypted, and only Box can decrypt it. So the app must use the new Box API to access the file contents of the protected folder, which Box itself calls a sandbox.

“We put a sandbox into the account in the form of a folder,” says Yeh. “That sandbox contains the files that are needed by the application, and we give the opportunity to accept or reject that folder [see above]. If they reject, then they won’t be able to use the app with files. But if they accept, then they’re enabled.” Conceivably, an app could be programmed to adopt the old ask-each-time model if the user rejects the folder creation, Yeh told us.

The benefit, Yeh explains, becomes self-explanatory: Under the old system, when a third-party app was given access to the account, it could theoretically see everything in the user’s storage. Talk about scary. Now, it only sees what’s in the sandbox. 

What’s more, only the app and the account holder can see what’s in the sandbox, because it’s Box.net that’s doing the decryption and encryption. Users of third-party apps will still be able to make use of Box storage, even if they haven’t actually established a Box account for themselves yet.

File Storage That Literally Waits for You

One of the first services to make use of the new API and Instant Mode, as Yeh demonstrates, will be LinkedIn. Already, LinkedIn uses Box to enable members to store resumes and career-related materials, and to make those materials available to selected other members.

“In today’s world, if you were to go to your LinkedIn profile and install Box now, what would happen is, it would ask you for a Box login and password, and if you do not have one, then we would ask you to go create a Box account and use that to tie to your LinkedIn account,” says Yeh. “Remarkably, there are still thousands of users of this app on LinkedIn, but the extra step to do that is a big deal and holds us back from being more tightly integrated. Here, what happens is, you’ll be in LinkedIn one day, and you’ll say, ‘Hey, I’d love to load my resume so everyone can see.’ And you’ll go to this spot on LinkedIn... and it will tell you at that point, ‘As part of this, we’re provisioning an account for you in Box.’ And you can say yes or no. If you say yes, at that point, we will create this account for you in Instant Mode, if you don’t have it. And then we will load a folder into your pending mode for you to look at, if you ever open the account yourself. If not, the Box account will be provisioned there, and you’ll never have to worry about it.”

What Box.net is creating, by leaps and bounds, is the foundation for a true cross-platform apps environment where both storage and functionality are accessible everyplace. Remember that the first operating systems were built around accessibility to storage, which in many respects renders Box.net a cloud-based operating system. And if it continues in this direction, equalizing the functionality of Web apps across devices, then the Box.net way of working could become competitive to the Windows 8, OS X and even the iOS and Android ways of working. Customers may begin to ask, what are the virtues of installing operating systems locally? And if the answers continue to get more trivial and esoteric, Box will have gone further than one-upping Google Drive. It will have disrupted the foundation of personal computing.