Private feeds are public for everyone to see

  • 4
  • Problem
  • Updated 6 years ago
Today when I opened NewsBlur I was logged out, but because the tab still had the URL of my last feed open I was still redirected to it. This feed happened to be a private GitHub feed with sensitive information of my company, so I was quite shocked that this feed is visible even to anonymous, logged-out users (verified with another browser where I have never logged into NewsBlur).

This is a *huge* privacy violation. Is this deliberate and/or documented anywhere? Granted, you still need to know the exact URL of the feed, but at the moment nobody's stopping anybody from going through all the possible IDs and looking for sensitive feeds, or search engines from indexing my private information (why is /site not in robots.txt?)
Photo of toupeira

toupeira

  • 36 Posts
  • 3 Reply Likes
  • sad

Posted 6 years ago

  • 4
Photo of Frank Dosh

Frank Dosh

  • 26 Posts
  • 0 Reply Likes
You're not alone. Samuel responded in this thread, but the problem still hasn't been fixed.
Photo of toupeira

toupeira

  • 36 Posts
  • 3 Reply Likes
I think you linked the wrong thread, or at least I can't see what the sharing bookmarklet has to do with this problem ;-)
Photo of lgladdy

lgladdy

  • 5 Posts
  • 0 Reply Likes
Is there such a thing as a private feed? It looks like everything gets an ID the first time someone subscribes to it and then its publicly accessible? I've not seen anything anywhere that suggests things are private?
Photo of toupeira

toupeira

  • 36 Posts
  • 3 Reply Likes
Why should I assume that a feed I add to my own, private account will be made accessible to anyone else?
Photo of toupeira

toupeira

  • 36 Posts
  • 3 Reply Likes
Samuel, any answer on this? I would be very surprised and disappointed if this is intentional.