Private Blogger Blogs Not So Secret
I have been looking forward to Google rolling out private blogs. (As much as I criticize them, I am probably one of their biggest fans. I use many of their services.) Basically, I need a place on the web where I can a) post notes either from my computer or by email and b) have them searchable in a Googly way. I do not subscribe to the crowd mentality on private blogs. They're handy as personal productivity tools or to share more intimate thoughts with a small workgroup or your family and friends. Last but not least, corporate public blogs should be kept private until you're ready to announce to the world.
I signed up for the Blogger beta and found the changes to be very intuitive although evolutionary from the last big upgrade. However, already there is a big hole for private blogs. By default Google turns on feeds for all new blogs. When these blogs are private, the feeds are still totally public and therefore can and will be indexed by search engines. Google should treat feeds on private blogs the same way they do in Google Calendar.
Note the two screen grabs below from my test blog. The first shows what the Atom feed looks like in my browser for a blog I set up as private. The second screen shot shows what the blog looks like if I try to access it from the Web. In both cases I am not logged into my account.
This is not the first time that Google has had a major problem with privacy on its publishing platforms. Google Blogoscoped chronicled how Google's Picasa Web Albums have had privacy snafus. Meanwhile, Google is working to reassure us that our search data is safe. I don't doubt that it is, but as they stick their thumb in one potential vulnerability the water is leaking out the others.
::Later: Jason Goldman from Google weighs in that this is indeed a bug.
