Skip to main content

Avoid Use Of FeedBurner "Password Protector"

Some Google products contain features that have limited usefulness, when applied to Blogger blogs.

FeedBurner has a feature, "Password Protector", which may be useful, to newsfeed readers that support HTTP authentication. Within FeedBurner, we have the "Email Subscriptions" service - which does not support feed authentication.
Your readers will be required to use newsreader or aggregator software that supports authentication to view your feed.
Some Google, and non Google, services will have a problem, with a FeedBurner protected feed.

Newsfeeds, published by Blogger blogs, are supposed to be publicly accessible.

A blog with designated readers will not produce a newsfeed. Blogger does not support authenticated newsfeeds.

To use Password Protector, look on the FeedBurner dashboard, under the Publicize tab, for "Password Protector". Enter a Username and a Password, and hit "Activate". But don't do this, without knowing the downsides.

Password Protector uses a single username / password combination. All blog readers will use the same username.

FeedBurner warns us of possible problems, caused by this service.





Important: This service prevents our Email Subscriptions service from delivering email updates from your feed, and it will also password protect your feed's content when redisplayed using our Headline Animator graphic. This graphic itself becomes password protected, which is undesirable if you wish to use it to promote your site/feed. Therefore, we recommend not using Headline Animator or Email Subscriptions, and this Password Protector service, with the same feed.

From what I can see, Blogger Reading List may ignore the authentication requirement. People may use Reading List, and view the blog feed, redirected through FeedBurner - even if not authorized.

We know, however, that email subscriptions will not work, with a protected feed. Looking at an HTTP trace of the feed from my test blog http://techdict.nitecruzr.net, we see a symptom of the problem, with this option.

http://techdict.nitecruzr.net/feeds/posts/default

http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://techdict.nitecruzr.net/feeds/posts/default&uag=Mozilla/5.0+(X11%3B+CrOS+armv7l+7834.70.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/49.0.2623.112+Safari/537.36&ref=http://www.rexswain.com/httpview.html&aen=&req=GET&ver=1.1&fmt=AUTO

Sending request:

GET /feeds/posts/default HTTP/1.1
Host: techdict.nitecruzr.net
User-Agent: Mozilla/5.0 (X11; CrOS armv7l 7834.70.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
Referer: http://www.rexswain.com/httpview.html
Connection: close
• Finding host IP address...
• Host IP address = 74.125.28.121

• Finding TCP protocol...
• Binding to local socket...
• Connecting to host...
• Sending request...
• Waiting for response...
Receiving Header:

HTTP/1.1·302·Found(CR)(LF)
ETag:·W/"32e869db-18a9-4ccf-8ad9-dbded29f2b25"(CR)(LF)
Date:·Wed,·27·Apr·2016·15:04:06·GMT(CR)(LF)
Content-Type:·text/html(CR)(LF)
Server:·blogger-renderd(CR)(LF)
Expires:·Wed,·27·Apr·2016·15:04:07·GMT(CR)(LF)

Cache-Control:·public,·must-revalidate,·proxy-revalidate,·max-age=1(CR)(LF)
X-Content-Type-Options:·nosniff(CR)(LF)
X-XSS-Protection:·1;·mode=block(CR)(LF)
Location:·http://feeds.feedburner.com/ChucksTechWorld(CR)(LF)

This appears to be just a redirected blog posts newsfeed, targeting a FeedBurner published feed.

Here, we see a normal redirected blog posts feed.

But what happens, when we try to open the feed?

http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://feeds.feedburner.com/ChucksTechWorld&uag=Mozilla/5.0+(X11%3B+CrOS+armv7l+7834.70.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/49.0.2623.112+Safari/537.36&ref=http://www.rexswain.com/httpview.html&aen=&req=GET&ver=1.1&fmt=TXT

Sending request:

GET /ChucksTechWorld HTTP/1.1 HTTP/1.1

Host: feeds.feedburner.com
User-Agent: Mozilla/5.0 (X11; CrOS armv7l 7834.70.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
Referer: http://www.rexswain.com/httpview.html
Connection: close
• Finding host IP address...
• Host IP address = 172.217.0.14

• Finding TCP protocol...
• Binding to local socket...
• Connecting to host...
• Sending request...
• Waiting for response...
Receiving Header:

HTTP/1.1·401·Unauthorized(CR)(LF)

WWW-Authenticate:·BASIC·realm="FeedBurner·feed·ChucksTechWorld"(CR)(LF)

The "HTTP Viewer" service does not support feed authentication (and only works with "HTTP:" protocol). And, we see the result.

It's possible that this feature will be useful, with feeds that are used outside Blogger (noting the Reading List ability). If you're publishing a Blogger blog, however, you're not likely to get any useful result.



Owners of #Blogger blogs, which use the FeedBurner "Password Protector" service, may find that the service delivers less protection - and some interference - other than the service name suggests. It would probably be best to avoid use of this service.

Comments

Yudi Anto said…
i have a dilema ...Using blogspot+Feedburner really help to auto post blogspot to twiteer and then from twiteer to facebook or any other method to distribute/promote blog post to any service Etc....the problem is feedburner doesnt add any security feature to help combat Content scrapper..using password protected feature really help a lot 90% content scrapper unable to steal content as it return 401..if only i can manage to allow feedburner post to twiteer ,do you know work around for this matter? perhaps from their "socialize" feature setting?


Nice reading btw
Chuck Croll said…
Hi Yudi,

Thanks for the explanation.

Will a content scraper stop when encountering a FeedBurner "password protected" feed?

The original Blogger feed remains unprotected - so what's to stop anybody from creating a second feed using FeedBurner - or simply scraping from the original Blogger feed, with feed redirection blocked?

Note that one does not have to be the blog owner, to make a FeedBurner feed from a blog.

http://blogging.nitecruzr.net/2011/01/make-email-based-feed-from-somebody.html

Popular posts from this blog

Custom Domain Migration - Managing The Traffic

Your blog depends upon traffic for its success.

Anything that affects the traffic to your blog, such as any change in the URL, affects the success of your blog. Publishing the blog to a custom domain, like renaming the blog, will affect traffic to your blog. The effects of the change will vary from blog to blog, because of the different traffic to every different blog.Followers. People who find your blog because of recommendations by other people.Search engines. Robotic processes which methodically surf your blog, and provide dynamic indexing to people who search for information.Subscribers. People who read your content from their newsfeed reader, such as the dashboard Reading List.Viewers. People who read your content from their browser.No two blogs are the same - and no two blogs will have the same combinations of traffic sources.

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.