A Private Blog May Not Be Completely Private
We've known for a while that private blogs have limitations, such as latency. If you originally publish your blog as public, and later make it private, cached copies of the blog will be all over the Internet, for anybody to read, after it's supposedly private. This week, we see another, possibly more serious limitation.
Why was my coworker able to read my very private, personal, password protected blog yesterday? I had it set to "Blog Author Only" and yet she found it and was able to read the whole thing.
It has never, ever been public. I started it last September and set the permissions to "blog author only" at the start for all posts. I have never invited anyone else to read it...and have never, ever logged into it at work.
Occasionally, while using a dialup connection, I've had occasion to load a private blog. As the blog loads, the browser enumerates the various components of the blog, such as various pictures loading, in the browser status area (generally, the lower left border of the browser window). The interstitial notice
This blog is open to invited readers onlyseems to come up well after the blog main page contents have loaded.
It doesn't look like you have been invited to read this blog. If you think this is a mistake, you might want to contact the blog author and request an invitation.
If you are surfing from a network which uses a caching proxy server, it's possible that one person who has permission could properly load the blog in their browser. With the blog having been loaded once, the proxy server may not load the interstitial page again. Anyone else on the network could later view the blog without the interstitial page - even if they do not, supposedly, have permission to do so.
If your Blogger profile is part of your public blogs, or people link to your profile while surfing profiles, and your private blog is listed as one of your blogs, someone may click on the link, and may get a view of the blog.
This security deficiency isn't one that you can control, as you have no way of denying anybody access to your profile, if it's published publicly. If you want to keep your blog private, it would be a good idea to at least remove it from the list of your blogs, in your profile.
>> Top
Share This Post!
Del.icio.us
Digg
Facebook
StumbleUpon
Technorati
Twitter
Posts
2 comments:
You name your posts extremely well! It's a mini table of contents.
Quick Note: People who want things private to remain private should NOT put them online.
Post a Comment
Welcome to Nitecruzr Dot Net, and The Real Blogger Status. If this is your first visit here, please help me to help you, and read my commenting policy.
Please, don't post here, asking for technical assistance. Ask for technical assistance in Blogger Help Forum, or in my forum Nitecruzr Dot Net - Blogging, where you benefit from peer support.
Do not post your email address in the body of your comment, unless you wish for it to be visible to the world.