Pop Goes the Library

Using Pop Culture to Make Libraries Better.

by Sophie Brookover, Liz Burns, Melissa Rabey, Susan Quinn, John Klima, Carlie Webber, Karen Corday, and Eli Neiburger. We're librarians. We're pop culture mavens. We're Pop Culture Librarians.


Not the Elf Again

Mary Minow at LibraryLaw Blog has found a weakness in Library Elf's RSS delivery method. Apparently, if you use RSS instead of email delivery, you may be making your private information public.

Mary did a search for Library Elf in Bloglines and found people's personal Library Elf reminder notices. Based on Mary's experiment and the comments, the exposure seems to arise from three things: the use of RSS, using a public aggregator for that RSS feed, and the type of information Library Elf includes in its RSS.

For what its worth, it doesn't look like this experiment has been tried with other public aggregators so I don't know if this is unique to Bloglines or any public aggregator. And, at least with Bloglines, it doesn't matter whether or not you marked the feed/ account public or private.

I'm stubborn; so I'll be keeping my Library Elf account. But it's an email account, and it will stay that way.

It will be interesting to see how Library Elf responds to this; I'm sure I cannot be the only one who sent them an email after reading Mary's post. It will also be interesting to see what this means for RSS feeds that contain personal information.

I, for one, am glad of this "heads up" to stay away from using RSS for anything that is remotely personal or private. And I hope that someone who has more technical knowledge than I do lets us know about the real risks here, and what can be done about it.

Updated to add: Meredith at Information Wants To Be Free points out that Library Elf has added a notice in its FAQ about possible exposure of your private information via Bloglines.

Updated Again: Library Elf's notices about the risks of RSS & Bloglines also appears in its What's New section and its information about RSS in general under "Delivery Method". It appears to be responding pretty promptly to consumer concerns.

Update the Third: My love for Library Elf continues because of co-developer Jeff Chow's quick response to this matter, as shown in the changes on Library Elf's website and his own comments on Mary's original post on this at LibraryLaw Blog. As I said above, this is more an issue of confidentiality/ privacy of any RSS feed than an issue of Library Elf itself; Library Elf is serving to highlight something we should be aware of. I still have my account, using email notification.


Post a Comment

<< Home