Friday, August 15, 2008

Exposed

Note: There is an important comment from someone at Worpress that explains the situation, so please read the comment from Tellyworth. Essentially, I'm able to read the blog's archives, but won't be able to read anything which is posted after the blog was made private.

If you use Google Reader, you may be familiar with the "recommendations" function. The software looks at your subscriptions and asks you if you'd like to subscribe to various other blogs or sites based on the interests your current RSS feeds indicate you have.

This is a pretty handy function and I've found some good content that way, though there are often far too many recommendations which are essentially "more of the same." Besides opening up the potential for finding interesting sites, the recommendations feature also shows you just how much cannibalism is going on out there. Many niche blogs are all essentially echo chambers and very few have truly unique content. It'd be shocking how many people create sites by just searching and compiling various other types of content if there weren't money in the equation. If there's profit to be had and someone had too little experience or imagination to create, they just assemble.


This evening, I was perusing the recommendations when I came across a personal blog (one post is shown above). Often, I will click on the blog's name to access it through the original site because Google Reader sometimes does not show entire posts, some pictures, or posts past a certain date.


When I clicked on this blog to access the original site, I got the message above. The site is password protected to keep the masses out, but Google Reader invites them right in. I don't use a WordPress blog, but I'm guessing you can choose to have your blog listed for RSS feeds or Google searches or not and this person made a mistake. If I could, I'd contact this person and let them know that their private thoughts are out there for others to see via an RSS feed and advise her to check her settings. However, I can't contact her because I can't get into the blog to leave a comment.

The object lesson here is to keep in mind that even when we think we're undercover when we're on-line and even if we take reasonable precautions to keep our personal thoughts hidden, we can be unintentionally exposed. If it is something that you think should not be read by the masses, it might be better not to put it on-line at all.

Update: I wonder if the blog I accessed is only protected in a weak way. That is, perhaps people with Wordpress accounts can get in without any special password if they just log in with their user accounts? Since I don't have Wordpress, I don't know if it carries such limited (and pointless) protection just to keep out random anonymous commenters. Does anyone on Wordpress know if that is possible?

5 comments:

Anonymous said...

Hmmm. I'm not sure I understand. You got to that private Wordpress blog by way of Google reader? So did someone who subscribes to this private blog scrape the private blog and then post it? Then it got into Google reader?

Sorry, I don't really understand RSS feed.

My understanding is that Wordpress keeps private blogs and posts out of Google searches. And those blogs or posts are unavailable for feeds or searches. Is this not true?

I have only 1 private post, which was once public—what my daughter wrote about her grandmother when my mother died in February—because I saw in my stats that there were searches for her name and specific things in her writing made by people in France, Spain, and languages I did not recognize. Google still probably has it in cache, but it no longer comes up early in regular searches.

There are a number of very young bloggers that are naive enough to share their passwords with friends, so perhaps this is the case?

What ever, I seem to be not understanding something but don't seem to be able to know what it is?

Orchid64 said...

The nutshell version is that I access a private blog via RSS. I can subscribe to it and read the posts that way, but if you type in the URL and visit the site itself, you get stopped unless you enter a passowrd.

Maybe Wordpress is supposed to keep private blogs and posts out of Google searches, but clearly Google knows they are there and includes them in searches (otherwise they couldn't recommend one to me based on my interests - they search and match keywords to pair me up with blogs of interest to me).

I can't say that, on the whole, private blogs are not protected, but this situation would seem to indicate that at least some private Wordpress blogs can be entered through a backdoor via RSS.

The last post on that private blog was August 6, so it's certainly not very old content floating around.

Orchid64 said...

I should also add that I can access this person's archives, though in a very tedious way.

Unknown said...

Hi,

I work for WordPress.com and would like to address your concerns.

Private WordPress.com blogs are only accessible by users who are on the membership list and who are logged in. Private blogs do not have feeds.

There's not enough information here to know for sure but I think this was a blog that previously was public, that the owner later changed to private. Someone subscribed to the blog with Google Reader while it was public and used the Recommend function.

Google Reader archives posts and stores them on Google's servers. That's how you are able to read past posts. Those posts would have been published while the blog was public so there's nothing wrong with that.

Orchid64 said...

Hi, tellyworth, and many thanks for taking the time to clear this up. I've made a note at the top of my post directing people to what you've said in comments.

I didn't want to expose the person who wrote the blog so I didn't offer the name of the blog. However, I will subscribe to it and see if new entries ever show up just as a test. I doubt they will as I'm certain you are right!

Thanks again!