Spyware that wants your feed list from RSSOwl needs to target RSSOwl files. Spyware that wants your feed list from Pluck needs to target Pluck structures. Bloglines… ok, nevermind about Bloglines. But with Vista, the Feed API gives all apps a one-stop shop for all the data they desire. That API raises my concerns about privacy, hence the title. If Vista had a Unified Contact API to expose address book info, I’d have the same concerns.

The title is sincere, so I believe it to be fair. (If you look back over this year’s articles, you’ll see that I am not out to bash Microsoft nor given to sensationalist titles.)

In any case, thanks for sparking some follow-on discussion, Larry — I really do appreciate your feedback. I guess we’ll have to agree to disagree on this one. My ultimate goal with this thread was not to declare “Beware of Vista” or anything like that, but rather to get a discussion going about privacy and feed lists, especially when an OS has explicit functionality to expose them to all apps.

Hopefully the Longhorn RSS folks will respond in some manner to shed further light on this topic. Perhaps the ability to restrict read access to the RSS Repository is already in place.

I know you have a background in security and identity issues when it comes to IT, likely much more so than I do. You sound sceptical about encryption as a viable solution to privacy… if you like, lets take this discussion to your venue. Perhaps you could blog on the topic and offer up your ideas: How do application developers (or more broadly, OS developers) tackle the issues of read/write access to private user data on the desktop, especially in Windows? Let me know, and I’ll add a link here.

Encryption? Maybe. But that argument seems to be the white knight of security everyone waves with few details on how it can be actually done. I am not saying it isn’t the answer but it certainly isn’t available today as a general solution.

In the end, I think headlines like “Vista Feed API Raises Privacy Concerns” is not fair to Microsoft. You could have easily published the same headline regarding any other RSS aggregator or any application for that matter.

And no, you don’t always have control over what is run on your machine. At home, you probably do. However, there are plenty of corporate environments where applications are installed with Admin rights and run on a desktop without the end user having any say in the matter. I consulted at one company that ran such an application late at night ostensibly to see what users had installed on their machines that day. The app had admin rights to everything on the box; all file access was granted. Basically, it was corporate-level spyware.

As you say, “Spyware should be able to read any file you have access to.” Agreed, that’s how it usually works. But I disagree that it has to be like that. Read Marcus Ranum’s “Six Dumbest Ideas in Computer Security” for a good elaboration. Specifically, “Default Permit” and “Enumerating Badness” address my heartburn on this issue. An easy step toward “Default Deny” at the file level is simply to encrypt it.

All that being said, I am encouraged by what Amar Ghandi (on the IE7 team) had to say in an audio interview with John Udell. It sounds like the Vista folks are taking steps to be considerably more pessimistic in cross-process security issues. Ghandi specifically talks about a situation where IE is compromised unknowingly and yet is NOT allowed to change information in the RSS Repository without user permission.

This seems to indicate a departure from the “Default Permit” we are all so used to. My desire would be that the RSS Repository has Default Deny not only on changing data, but also on reading data without my consent. Granted, most people would probably turn it off, but that should be an active choice, not an obscure feature disabled by default.

Of course, RSS subscription lists are a minor example of the bigger picture: We need easy ways in the OS to restrict read and write on all information we deem private, whether feed choices, or address books, or credit card data.

Heh… let’s just hope it doesn’t wind up in another version of Microsoft Wallet.

How do today’s desktop rss aggregators prevent that from happening? Spyware should be able to read any file you have access to. How can you restrict a file (or a section of the registry) to only be used by a particular program?

Boy, what will those kids up in Redmond cook up next? Operating system calls from web based programs perhaps?