Niall Kennedy has an interesting post on his weblog titled, “Authenticated and private feeds” that reminded me of our early experience with SocialMail. When we launched SocialMail we had a few people who used the platform to publish their personal email via RSS. One prominent venture capital firm made this mistake and very quickly they began to see their emails appear in Technorati. Very quickly they learned what Niall commented about today:

Some syndication feeds are not meant to be displayed for the world to see. Our everyday lives contain private and confidential data we wouldn’t want anyone else to see, and especially not search. There are a few options for trying to keep things private in your feed aggregator but the implementations require proper coding and privacy from all implementors. Examples of private feeds intended for 1:1 communication include bank balances, e-mail notifications, project status, and the latest bids on that big contract. Data in the wrong hands could be dangerous, and many companies will stay away from the feed syndication space until they feel their users’ personal data is secure.

Niall’s post does a great job of summing up the various types of RSS security including: “Security through obscurity”, “Permission-based exclusion” and “HTTP Authentication”. His point is that adoption of RSS (feeds in general) could be significantly enhanced if large publishers knew their client’s data was private and secure. He suggests further “cooperation and collaboration” of security formats to get us past the current fears. Charlie Wood, our buddy from Austin, commented on Niall’s post that his service, Spanning Salesforce, helps add secure feeds to Salesforce.com (http authentication and ssl). He notes:

The problem I’ve run into is support on the client side. As you point out, most of the hosted readers (with the notable exception of NewsGator Online) don’t support secure feeds. Disappointingly, neither does the Windows RSS Platform. (It supports NTLM/Kerberos, but not Basic HTTP Auth. Microsoft says such support was planned, but was the victim of time constraints. Uh, ok.)