I honestly laughed when I saw the new “Open Social Web” Bill of Rights launched yesterday, not because it isn’t to some extent a useful idea, but because of one specific term…
Control of whether and how such personal information is shared with others
10 months ago I fired off a heated debate about RSS sharing, and how Google with it’s easy to share feeds could be killing the future of RSS.
Now I say I fired it off, but honestly it would have been a storm in a teacup without Robert Scoble taking part with one of his most controversial headlines.
I think I had about 30 subscribers at the time.
Today Robert is championing the Bill of Rights he signed up for, but unfortunately Google Reader and Google’s recently purchased Feedburner don’t support the level of control over your feeds to allow Robert, and his friends wishes to be fulfilled, and they really only have their selves to blame, for championing Google Reader without encouraging Google to allow for self determination of what happens with the data.
RSS Sharing – Path of Discovery
I already knew that RSS could be protected using RSS Authentication, and that was something Google doesn’t support, but Bloglines does, and they block your ability to share authenticated feeds. +1 Bloglines
Open Social Web is really about applications such as Facebook, and my voyage of discovery into content access control in Facebook actually started quite by accident about a week ago.
Facebook provides a way to get your notification by RSS
The URL looks like this
Google Reader allows you to add that feed, and share it
I could have also shared it in a primary shared feed totally by accident.
Now there currently isn’t any really private information in there, other than allowing others to know who my friends are, and who I am communicating with, but then you wouldn’t want to share your email headers either…
Being allowed to share data doesn’t mean it should be as easy as hitting a hotkey when reading a “river of news”
I Appologise To My Facebook Friends
I will remove the sharing in 24 hours, but I feel it is important to use real data to demonstrate this point because for some reason 99% of the tech industry just didn’t understand it 10 months ago.
Facebook & Bloglines Understand it
Facebook point to their help information on notifications
Lets take a look at what Facebook think about sharing and privacy, and why they implemented specific security measures.
Does this mean that everyone can see all my notes now?
No. Each person that can see your notes on Facebook is given a different RSS or Atom feed URL that is unique for them. Only the notes that they are allowed to see will be syndicated via that URL. If you change your privacy settings or friend links, then all the feeds will be appropriately updated.
Unfortunately those people can share those links by accident
Won’t Bloglines and other similar services make my notes content searchable by the world if my friends enter the URL for my Notes feed into those services?
Atom and RSS feeds from Facebook include the Bloglines Feed Access Control extension , and we set the access parameter to “deny” for all of our feeds. We also indicate in our robots.txt that feeds should not be visited or indexed by bots. The major aggregators and search engines (Bloglines, Technorati, Google, Yahoo!) all appear to respect these directives. If you are very concerned about the possibility of someone seeing your notes that you don’t want him or her to see, we’ve added a privacy option that you can set on your notes privacy page which will prevent any of your Notes from being syndicated in any RSS or Atom feed.
The major search engines do support Robots.txt, though I am not sure robots.txt would be sufficient to stop someone hacking.
Bloglines Feed Access Control extension was introduced last August, and it seems no one in the Technology blogging world really took an interest.
Google Reader certainly doesn’t support it as I have proven above.
People can make all this content searchable by mistake, broadcast it on Twitter etc
Doesn’t providing different URLs to every person that views my notes create inefficiency because services that do aggregation will have to retrieve and store my Notes from multiple feeds?
Yes. This is the only way that we can maintain your privacy settings on a per-viewer basis.
Facebook (and Bloglines) seem to be very keen to support privacy and choice, but Google Reader by not supporting “access:restriction relationship” seems to think privacy (and copyright) is a waste of time.
Feedburner is now owned by Google and you would expect them to treat all services the same, and to support initiatives that give content owners a choice in what happens to their content.
They have an interface to allow introduction of sharing control within Feedburner, but for some reason only support the blocking of sharing with a service provided by a Google competitor, Yahoo Pipes.
This adds the following code to your feed, and I currently have on my feed, though I will probably switch back.
<xhtml:meta xmlns:xhtml="http://www.w3.org/1999/xhtml" name="robots" content="noindex" /><meta xmlns="http://pipes.yahoo.com" name="pipes" content="noprocess" />
this means that it is not indexed, but all links are still followed (so links back to the feed still give me some juice), and is meant to prevent someone using your content in Yahoo Pipes.
Of course it doesn’t….
Once any content enters Google Reader, it can be tagged and filtered automatically, and Google Reader doesn’t include any of the access controls.
I have fed my protected feed into Google Reader, and then shared it
It took me 2 minutes to set that up and is realistically unblockable – any splogger using Google Reader cannot be prevented from taking your content and feeding their “Made for Adsense” sites.
Facebook Opening Up?
Actually they are already wide open, because the various feed readers other than Bloglines are not supporting their controls.
The announcement today of limited search ability doesn’t matter, someone could easily program an app that would allow people to share everything and have everything searchable, without seeking permission from those sharing.
Ownership and Control of RSS Content
10 months ago everyone seemed perfectly happy to slam me and tell me that I was wrong. The tech blogging fraternity thought at that time that once something is in RSS format, you should no longer have control of it, and have no legal right to complain about other people using it.
The more creatively and more personal RSS feeds become, the more control the owners of that content need for how that content is used, either on purpose, or by mistake.
It shouldn’t be possible to hit a hotkey and share Facebook content with 50,000 subscribers, but it is currently possible.
This is about choice, and privacy
This also isn’t the only problem with Feedburner as as I pointed out when Feedburner were purchased by Google.