« Breaking Discovery - Library Elf blasts a giant hole through privacy - and why I terminated my account | Main | Ann Arbor District Library, RSS feeds, and patron privacy »

Library Elf quick to respond - "private" RSS feeds in Bloglines are public

If you search on "library elf" at Bloglines today - you get Error Error Error.  Jeff Chow, a Library Elf developer was quick to respond to my post yesterday.   It turns out that the problem is that Bloglines considers all feeds public unless the RSS feed is HTTP authenticated. (thanks also go to Jenny, Glenn and Chris). Lots of good comments on that post.

Really persistent folks can still click on Elf "error" entries in Bloglines and see frozen snapshots of what people checked out -- I don't know if those will ever go away. Significantly, the email addresses are gone. 

But worse, as Jeff points out, the problem exists for other "private" RSS feeds turned public (my phrasing).  Search "Seattle Public Library" in Bloglines to see more patron records (no email addresses).  Some patrons may be willing to trade in some library privacy for convenience, but they should at least know what's happening. Seattle has a notice to this effect, though it makes it look like marking a feed "private" is enough.

Question for Jeff or other Library Elf folks: The Elf FAQ says it won't give out my personal information without a court order, but the privacy policy allows it to give my information to "government investigations" .... a much broader reach. Any comments?

Update: See below for Jeff's response - Elf has now changed its privacy policy to "court orders" only.  Good show. - mm

Comments

Thanks Jeff - your responsiveness is impressive. I'm very pleased to see the policy change.

Posted by: Mary | December 28, 2005 at 03:10 PM

Mary, thank you again for finding this difference between our FAQ and our privacy policy. We've changed the privacy policy to reflect what it says in the FAQ. In other words we have taken out the "government investigation" part in the privacy policy.

As for sending unauthenticated info, Elf trys to work with as many RSS readers as possible and most RSS readers do not support authentication. To compound the issue, HTTP authentication comes in several flavours. Nevertheless, we are looking into it to see if we can provide ways to handle authentication.

Posted by: Jeff Chow | December 28, 2005 at 01:30 PM

good work cub reporter! I question their agreement. also why does this program send unauthenticated info? that aint bloglines' fault...right?

Posted by: kgs | December 28, 2005 at 11:45 AM

The comments to this entry are closed.