Bloglines, RSS privacy problem

A call to action: the security infrastructure for RSS is not where it needs to be for the mainstreaming of this technology to work and to be adequately protective of user privacy.

I was resetting my Bloglines account this morning, adding some new feeds, taking out some that I don’t read, and so forth. I searched on a friend’s web moniker (“Whirlycott”) to find whatever feeds he might be offering. Up popped a feed related to a web-based invoicing service he uses entitled (“[His Name] Invoices”) to which I could subscribe in Bloglines. I am not sure what it would have rendered — I did not subscribe! — but I thought it worth mentioning to him. It turns out he has been mad about this privacy problem for months. His initial post, worth reading and reviving as an issue of public discussion, is here.

I credit the fact that this may not be (just) a “Bloglines issue” but rather an “RSS industry” issue. But it’s a real problem if we are to continue to express ourselves via these citizen-generated media tools that offer RSS feeds, and moreso if we move into the promising realm of using RSS feeds to support other productivity-type tools. The privacy problems that already exist in cyberspace are enough to tackle; we need to get in front of an RSS privacy problem before it grows into yet widespread issue. After this morning’s experience, it’s clear to me it’s already a problem.

(Following the thread a bit, there’s another post in the series, including, some months ago, a note from someone appearing to be with Bloglines saying that they know it’s a serious problem.  How can we fix it, gang?  If it’s not a Bloglines-only issue and it’s a community issue, what has to get done?)

2 thoughts on “Bloglines, RSS privacy problem

  1. In fact this isn’t a Bloglines issue, or even an RSS industry issue, but rather a Blinksale issue. There are very well-known, simple techniques for securing RSS feeds. Unfortunately Blinksale has decided not to use them and instead employs, “security through obscurity,” which is to say, no security at all.

    In their defense, Blinksale isn’t alone. Google Calendar uses the same mechanism to keep your events “private”, as I’m sure do many others.

  2. I don’t want to get into a hair-splitting contest, but this is an 80% Bloglines issue, in my opinion.

    I knew what the risk was when I gave the URL of a not-easy-to-find feed to Bloglines, but their UI is completely misleading. If their UI had been clear enough to indicate that all feeds that I added to their system would become publicly available, then I wouldn’t have added it.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.