Comments on: A Serious Bloglines Privacy Issue

By: Bloglines: uma boa alternativa ao Google Reader « Leonardo Fontenelle

Bloglines: uma boa alternativa ao Google Reader « Leonardo Fontenelle — Mon, 11 Jan 2010 22:07:14 +0000

[...] está disponível na versão beta, então ainda não usei. Em 2006 algumas pessoas relataram que cada feed que você assina pode ser visto por quem quer que descubra o URL aleatório associado. Isso não deve ser um problema de privacidade para a maioria das pessoas, porque não é possível [...]

By: Bloglines: a fine alternative to Google Reader « Leonardo Fontenelle

Bloglines: a fine alternative to Google Reader « Leonardo Fontenelle — Mon, 11 Jan 2010 20:49:51 +0000

[...] still missing from Bloglines beta, so I didn’t use it yet. In 2006 some people reported that every feed you subscribe to can be seen if someone finds out the random URL assigned to it. This shouldn’t be a privacy issue for [...]

By: John Palfrey » Blog Archive » Bloglines, RSS privacy problem

John Palfrey » Blog Archive » Bloglines, RSS privacy problem — Wed, 23 Aug 2006 14:26:42 +0000

[...] A call to action: the security infrastructure for RSS is not where it needs to be for the mainstreaming of this technology to work and to be adequately protective of user privacy. I was resetting my Bloglines account this morning, adding some new feeds, taking out some that I don’t read, and so forth. I searched on a friend’s web moniker (”Whirlycott”) to find whatever feeds he might be offering. Up popped a feed related to a web-based invoicing service he uses entitled (”[His Name] Invoices”) to which I could subscribe in Bloglines. I am not sure what it would have rendered — I did not subscribe! — but I thought it worth mentioning to him. It turns out he has been mad about this privacy problem for months. His initial post, worth reading and reviving as an issue of public discussion, is here. [...]

By: Whirlycott / Philip Jacob » Skewering Bloglines (again)

Whirlycott / Philip Jacob » Skewering Bloglines (again) — Fri, 05 May 2006 04:25:45 +0000

[...] In addition to Bloglines’ inability to make a sane feed reader, there are also very serious unresolved privacy problems, security problems and specification compliance problems. [...]

By: Whirlycott - Philip Jacob » Harvard Blogs vs. Bloglines, Part 2

Whirlycott - Philip Jacob » Harvard Blogs vs. Bloglines, Part 2 — Tue, 11 Apr 2006 21:25:20 +0000

[...] Suddenly, all the Harvard blogs start displaying content again in Bloglines (Bloglines hasn’t been displaying any content from Harvard blogs since late February). I tried Rojo and Google Reader. If you like Ajax and little sliding boxes on your web pages, you’ll love them. I prefer interfaces that work. And despite Bloglines’ quirkiness, I still think that it’s the least sucky web-based feed aggregator. [...]

By: Philip Jacob

Philip Jacob — Sun, 09 Apr 2006 16:38:40 +0000

Paul,

Thanks for the additional info. But the issue here isn’t the lack of a UI for authenticated feeds. The issue is that the privacy setting in the account settings page is misleading in the sense that it doesn’t make clear the fact that all feeds provided to Bloglines are going to be made publicly available via the search mechanism. I see two solutions:

1) Give me the ability to mark a feed as ‘private’ (which really means sort-of-private through obscurity as Gregor explains) so that it doesn’t appear in the Bloglines search results

2) Disable Bloglines search altogether

phil.

By: Paul Querna

Paul Querna — Sun, 09 Apr 2006 15:47:19 +0000

Bloglines does support authenticated feeds, it just doesn’t have a UI for them. In the Feed URL box, just put the URL in this form:
http://username:password@host/feed/

And then it will work in Bloglines, and never show up in search, your public blogroll, or anywhere else.

By: Philip Jacob

Philip Jacob — Sat, 08 Apr 2006 20:07:05 +0000

The problem is that Bloglines misleads users into thinking that these added feeds are private. If they didn’t make the content searchable by default, this wouldn’t be the issue that it is.

By: Gregor J. Rothfuss

Gregor J. Rothfuss — Sat, 08 Apr 2006 18:18:43 +0000

They seem to take a very ‘architecture of the web’ position on this, which is their right. It is not Bloglines job to guess which public urls are not really meant to be public. Too many useful features (and a big part of their value as a company) rely on being able to share public URL (related blogs discovery, etc). At fault here are the companies that made these feeds public. There is no way to rely on these URLs staying private with proxies, log file analyzers, etc. 37 signals has demonstrated their understanding of standards when they had to be clued in to the meaning of idempotent after they raised a stink over GWA. It is quite saddening that we seem to have to relearn web architecture for every novel use of HTTP. A couple years back, it was all the /secret urls that showed up in Google queries, now it is the rediscovery of HTTP authentication in the context of feeds.