Authenticated and private feeds

Some syndication feeds are not meant to be displayed for the world to see. Our everyday lives contain private and confidential data we wouldn’t want anyone else to see, and especially not search. There are a few options for trying to keep things private in your feed aggregator but the implementations require proper coding and privacy from all implementors.

Examples of private feeds intended for 1:1 communication include bank balances, e-mail notifications, project status, and the latest bids on that big contract. Data in the wrong hands could be dangerous, and many companies will stay away from the feed syndication space until they feel their users’ personal data is secure.

A private feed’s data could be exposed in a variety of ways. A desktop aggregator’s feed content might be available to other users on the same computer, either through directory access or desktop search. An online aggregator might expose a feed and its content in search results or a preview mode.

Security through obscurity

Sites such as Flickr hide private photos from navigational view, but do not restrict access to photo data if shared, or if someone were to guess the semi-scrambled URI. Private things are kept private because no map or directions are available for public navigation.

Permission-based exclusion

A feed might specify a desire not to be available to other users through means such as search but it’s up to each to obey a publisher’s preferences. I proposed feed exclusion using category last February and Bloglines recently introduced a feed access control namespace specific to their application.

Publishers cannot rely on an application to nicely obey access control specified in their feeds of sensitive data.

HTTP Authentication

Feeds can be accessed using HTTP/1.1 and access authentication. A few feeds online currently use this method to deliver personalized information to their users.

  • 37signals Basecamp – Track your project status.
  • Measure Map – a daily update of your blog stats.
  • Daring Fireball – paying members receive a user-name and password to access a full-content version of the site’s feed.

HTTP Authentication works with most desktop aggregators but runs into trouble with most online aggregators which rely on a common feed store based on feed and/or link URIs. Bloglines and Google Reader fail to load authenticated feeds, do not request credentials, and do not provide a meaningful error message. NewsGator Online supports secured feeds.

Feeds with authentication might be exposed to a broader audience than the original provider of proper credentials. A search for “Basecamp” on My Yahoo! exposes the private project management data of over 25 customers of 37signals’ Basecamp.

Summary

A feed publisher could whitelist the user-agents it knows comply with its access policies. SSL encryption might not be a bad idea either as shared aggregation spaces might not store content requested over HTTPS. It would place extra load on the server as each request requires extra processing, but if the alternative is placing your customer’s data in the Yahoo! search index then that’s not such a bad thing.

I believe large publishers such as Salesforce.com or eBay would produce more feed content if they knew their customers’ data was kept private and secure. There’s a definite demand for more content transmitted over feed syndication formats but it will take the cooperation and collaboration of security formats and consistent aggregation practices to really move the needle in the right direction.