RSS & Atom Feed "Leaks"

Dear wiki owners,

A few people have been surprised recently when their users accidentally republished information from private wikis to the world at large by way of an RSS / Atom feed. Here is the low-down on how this can happen and how you can avoid it.

Your users must be careful when using a private wiki to not share the private, unguessable feed URL with third parties. If a user uses a third party web-based feedreader like Bloglines or Google Reader and pastes in the private feed URL, they have given that third party access to the feed, which may likely contain private data, such as email addresses, page names, and snippets of page content.

Some of these third parties may decide to publicly republish the feed’s content, or make it indexable by Google and other search engines. This is in spite of our servers very clearly telling third party services (with the Robots exclusion policy, the Google indexing Atom extension, and the Bloglines access control feed extension) that they should not allow any material obtained on a human’s behalf available to other users. But that doesn’t always stop them, either by accident or malice, from republishing data that a user has given to them.

In order to help protect our private wiki communities from accidental disclosure in this way, we’re going to be disabling feeds by default for all private wikis starting March 15, 2007. If you own a private wiki and want to keep feeds enabled, no problem – just surf on over to the “Feeds” tab of your settings page any time before March 15 and pick “enable” and we won’t get in your way. Or you can disable them immediately if you want to prevent the above situation.


David Weekly
PBwiki’s CEO

Published by David Weekly

I like starting things. I founded PBworks (originally PBwiki) and am the cofounder of SuperHappyDevHouse and Hacker Dojo. I advise a dozen startups and am a mentor for Founders Institute, i/o Ventures, and Women 2.0.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: