Privacy and RSS
The convenient RSS Repository exposed by Vista is a good opportunity to re-examine issues of privacy and data security on the Desktop. Do I want all applications, whether run by me, my company, or malware to have easy read access to my subscription lists? For that matter, how about my address book and calendar? Why not expose it all?
For those who say, “Who cares? It’s just a URL”, I would caution against short-sightedness. URLs carry a lot of information with them, because they show where you get your information. The FBI wants to know what you read, after all.
For the sake of discussion, I’m going to divide RSS/Atom feeds into four categories: Public, Customized, Private, and Authenticated.
- Public Feeds. Most RSS and Atom feeds are “one feed fits all”, so there is little personal information to be gleaned in the URL itself. Then again, these URLs reveal some interesting information…
http://www.jeepaholics.com/rss/rss_whatsnew.xml
http://rss.groups.yahoo.com/group/gun-news/rss - Customized Feeds. These RSS/Atom URLs contain information you have specified to customize the feed contents. Look what these URLs can tell about you:
http://google.com/blogsearch_feeds?hl=en&q=Shoe+Fetish&num=10&output=rss
http://shopping.msn.com/xml/xmlresults/shp/?text=Bikini+Wax&format=rss - Private Feeds. Some RSS/Atom providers are experimenting with unique URLs that are given to individuals only, and are not to be shared with the public; they have authentication information built-in to the URL. In terms of security, this is hopelessly flawed, but it is out there. BaseCamp does this, for example, warning users not to share the URLS, because “sharing your feed with a client will allow them to see messages marked as “Private” or other content they shouldn’t see.”
- Authenticated Feeds. There aren’t too many out there yet, but there are authenticated RSS/Atom feeds which require you to enter a user name and password to access the feed, and they may even be transported using HTTPS. Gmail users might recognize this one:
All of this amounts to some pretty personal stuff. In Vista, it would seem that all of these URLs, and (more importantly) the feed content provided by them, are open to all comers on your Desktop. This can include apps run or compromised without your knowledge.
As a reader has pointed out, none of the desktop RSS/Atom aggregators are protecting this information, so Vista isn’t introducing a security hole. It is simply making everything readily available in one convenient API. The Vista RSS team could give users the ability to restrict read access to the RSS Repository, but I haven’t heard anything to suggest they are planning to do so.
Beyond Vista, however, we have a lot of questions to ask ourselves, starting with this one: At what point do I need to start treating my feed subscription lists as private data? And then perhaps we should ask, “What applications out there will help me keep it private?”
This leads me to suggest a fifth category of syndicated feeds:
- Content-Encrypted Feeds. These theoretical feeds would contain encrypted data in the titles, descriptions, URIs, etc. A third-party reader (or plug-in) would be required to decrypt the data in “for your eyes only” fashion, similar to the way HTTPS works in a web browser. The feed contents, however, cached in whatever mechanism on your Desktop, remain encrypted. Depending on the use case, decryption would depend on a password, or a license key, or whatever the situation calls for.
I have read a couple of press releases from companies lately that suggest they are doing something like this, but I haven’t seen any real examples to know for sure. If you know of content-encrypted feeds being used in the wild, please drop me a line or comment below.
