Say No to Private Syndication

It’s no secret that I believe RSS is a broadcast solution. So I was in a bit of a tough spot when ZDNet posed a compelling application for personalized RSS: tracking packages. But then I realized that I missed a key point. Package delivery status is not a personalized topic; rather it is a topic with a very limited audience. There is no presumption of privacy and subscription is open to anyone with access to the tracking number.

The argument for private RSS is that the message source is intrinsically verified (authentic unless site or DNS are hacked). But it does nothing to insure that the messages are actually private. And many news aggregators do not provide adequate support for authentication (at a minimum, keeping authentication separate from the feed url to prevent accidental sharing).

Tim Bray is interested in truly private syndication, with bank account and stock portfolio information available by RSS. I’m not quite ready to trust my news aggregator with the username and password to either my bank or my broker accounts. I’m not enthusiastic about having to enter them every time I launch my aggregator. And I’m not sure that I can trust developers to properly protect my username and password once I’ve entered them (not in an accessable memory location while running and not dumped in a program crash).

Me, I’d like to see more use of digitally signed email to prevent phishing. I’d like to leave RSS for broadcast. And I’d like to keep my financial information both private and secure.