"Social" Needs Privacy Controls

  • 17
  • Problem
  • Updated 7 years ago
Now that blurblogs have launched, several slightly scary things just clicked in my head:


  1. It appears that I can reply to any comment on a story by any user and that users can similarly comment on my shares' comments. There appears to be no setting to prevent this free-for-all by people I don't even know.

  2. Using only a rough guess at username search, I successfully found and followed someone I knew to be using newsblur without her consent. I can't find a setting to prevent any random person from similarly seeing and following my blurblog.

  3. While reading a popular feed (xkcd, for example) I saw another user's comments below the story indicating that they had read and shared it. After some digging, I am convinced this is a person to whom I have no social connections. I can find no control for this behaviour in the settings. When I started using the social features, I was never given any warning that my shares and comments might be visible to the entire userbase of newsblur.


Those are listed in ascending order of shock and horror for me. Especially for the third item, my primary concern is documentation and consent and then some sensible privacy controls. I merrily shared about a dozen items before realizing just how forcefully public they would be.
Photo of ojiikun

ojiikun

  • 475 Posts
  • 62 Reply Likes

Posted 7 years ago

  • 17
Photo of ojiikun

ojiikun

  • 475 Posts
  • 62 Reply Likes
As an addendum, there is a relatively painless workaround for this right now:


  • go to your blurblog folder

  • share each story to another medium (I use a non-public tumblr feed, for example)

  • delete each story from your blurblog



Credit where credit is due to the dev for not only keeping the sharing features open and flexible but for making it an easy UI task to move items to a different choice of destination.
Photo of Samuel Clay

Samuel Clay, Official Rep

  • 6514 Posts
  • 1474 Reply Likes
Yup, Blurblogs are like Twitter or Tumblr in that everything you share, you are putting on the web. We are considering privacy controls on pools, which are shared group stories. Pools will have three privacy settings: open, read-only, and private. You will want to share only to a pool in that case.

If you don't feel comfortable sharing on NewsBlur, I will continue to refine the third-party sharing, eventually adding OAuth for Tumblr, Pinboard, and Instapaper, so sharing to those services will be even easier.

You'll notice that the comments you saw on XKCD were under the heading "N public comments". I will be introducing a setting that allows you to hide public comments so you never have to see them. However, because sharing is a public action, anybody can reply to you, just as they can reply to you on Twitter.

I will be writing a feature to both block a user from replying to you and to allow you to remove any replies on your own shared comments.
Photo of ojiikun

ojiikun

  • 475 Posts
  • 62 Reply Likes
I have to pretty strongly disagree with the comparisons to Twitter and Tumblr. Twitter lets me mark my entire account private so I have absolute control over who follows me, who sees my shares, and who sees my replies. Absolutely zero content from my Twitter account is on the public web to unauthenticated, unapproved users. Tumblr has less absolute privacy controls, but at least lets me mark my feed as private so that it will not show up unless explicity accessed by name (call this security by obscurity, at least). I regularly share things to Tumblr and no newsblur users know of this unless I have given them the URL to my Tumblr feed.

I respect that it takes non-trivial developer hours to implement privacy the right way, but I just want to make sure the dialogue stays open so that other users are well-informed and this does get prioritized if popular, since I actually like newsblur and would prefer to use native sharing if possible. :)
Photo of karen

karen

  • 178 Posts
  • 31 Reply Likes
I vehemently agree with ojiikun here in every way (with the one update that Tumblr allows for password-protected feeds as well). While the majority of users on those other networks might be completely public, there's a reason those of us who protect our feeds do so.

I'm not an attention seeker and it isn't my aim to use social networks to cultivate my brand or what have you. There are posts and discussions I share with my friends that I don't care to share with my family or company, for obvious reasons. Clearly, one solution is a slightly more obscure username than what I'm using, but this requires that all people I share with do the same, so that none of us can be found simply by association.

The reason we were all clamoring for social in Newsblur is that we wanted it IN Newsblur - that is, we wanted to be able to share things within our feed reader, and comment on them within our feed reader. Some of us just like our privacy a great deal, as well.
Photo of Garrett Guillotte

Garrett Guillotte

  • 31 Posts
  • 0 Reply Likes
"I merrily shared about a dozen items before realizing just how forcefully public they would be."

I just ran face first into this realization and am backing down from Blurblogs.
Photo of Samuel Clay

Samuel Clay, Official Rep

  • 6514 Posts
  • 1474 Reply Likes
To address the problem of communication, we will soon be emailing people the first time they share a story so they know what's going on.
Photo of karen

karen

  • 178 Posts
  • 31 Reply Likes
Is this your way of telling us that Blurblogs are forever public and that's that? If so, that's definitely an ...unideal situation, to say the very least.
Photo of Samuel Clay

Samuel Clay, Official Rep

  • 6514 Posts
  • 1474 Reply Likes
Nope, it just means that we have a lot of work to do before we can properly address this. You can to understand that we are trying to turn NewsBlur into a business, and that requires building things that get more people excited about paying. This means privacy controls, but in order to get more people initially, we have to build something more compelling than a straight news reader.

We're working on it, and if you take a look at this thread you'll see where we're heading: https://getsatisfaction.com/newsblur/.... But that means pushing off on some features while building out others.