Tuesday, April 14, 2009

Facebook “Private” RSS Feeds Probably Don’t Leach Data…

Last year I experimented with private group microblogging systems via authenticated feeds. Didn’t go anywhere, because many of the biggest newsreaders don’t properly support authenticated feeds. And “obscure but public” feeds get indexed by aggregators like Bloglines, by design, making sensitive content much less obscure.

Enter feed access control, a several- (3-?) year-old RSS/ATOM extension that tells Bloglines, and anyone else who is listening, that this feed should be treated as private, even though it’s public.

Facebook’s feeds are intended to support this protocol:

fb

Which seems reasonable enough.

There are a couple of issues though. First, this approach is based on a third-party’s positive action to prevent or “opt-out” of publishing and indexing, in a system that normally defaults to syndication, indexing, etc. So it’s easier for a glitch to expose data.

Second, the whole “fac” extension is a gentlemen’s agreement among parties that couldn’t even agree on making authenticated feeds work well. Perhaps they all make a best effort to isolate the marked content. But tomorrow, a startup with a rocking aggregator could simply ignore “fac” and expose all of the feeds it has.

In some sense, the same vulnerability exists with other systems – if you signed up with some random webmail provider, who’s to say they don’t expose your mail. But because RSS is public by nature, almost all feeds live utterly unprotected, and this extension is one vendor’s hack, it’s not quite the same.

All in all, probably not a big reason for concern. But when people tell me how private things can be on facebook (where you can sneeze and end up revealing your data because the IxD is tilted so heavily toward sharing everything) it always seems worth noting how your data (via your friends’ feed subscriptions) can slowly leach out into the open ocean of the indexed net.

8 comments:

RS Gold said...

I'd personally label your site your dreamland! Though Santa claus hits from all of our home just the once a year, you actually blog is actually open up an entire twelve months

http://www.buylovejewelry.com/
http://gamepartygogo.com/

Anonymous said...

In some sense, the precise same vulnerability Buy rs gold
exists with other software programs – if you actually signed up with some arbitrary webmail provider, who’s to say they don't expose your mail. But using the performance that RSS is community by nature, Cheapest Diablo 3 goldmore or much less all feeds reside utterly unprotected, and also this extension is simply one vendor’s hack, it is not reasonably the same.

Robert Welain said...

You should also take a look at this blog guys, there are more articles on this topic.

Kelly0989 said...

If I spent less time on my Facebook account I would have done more writings and paperwork. It just I don't like all of those literary analysis papers. This is too much for me. I can't take it anymore. I need a break. At least sometimes.

kopi.J said...

WOW! I Love it...
and i thing thats good for you >>

MOVIE TRAILER The Witches แม่มด
Thank you!

edok69 said...

I will be looking forward to your next post. Thank you
UFABET แทงบอลเงินสด สมัครวันนี้ "

boy said...

This is my blog. Click here.
ราคาต่อรอง ระวังราคาไหลหลอกทำให้ไขว้เขว…"

UpdateNewth said...

Update News Games nintendo switch
Pumpkin Jack