Keeping It Private On Google Reader

Almost two weeks ago, I wrote my Google Reader Gets Social With Friends Shared Items post detailing how disturbing it was that Google Reader was now sharing items with people it considered my friends, on an opt-out basis. Privacy concerns over this finally exploded this week, with Google Reader itself now reacting mainly to highlight how friend sharing can be enabled or disabled. Lost in the outcry seems to be the point that it’s always been the case that sharing any item would share it with the ENTIRE WORLD, and that hasn’t changed. But the change was significant in making more public a list of items that generally was hidden. Below, a revisit on sharing for the privacy concerned.

In a word, if you don’t want that "secret" item you’ve read via Google Reader to spill out in a way that your friends, family, enemies, or anyone can find it, DON’T SHARE IT!

How does sharing work in Google Reader? It looks like this:

See the big arrow pointing at the "Share" link? If I click on that link, the items gets Shared via my public list. MY PUBLIC LIST, as in a list the entire public can see.

Here’s how my shared items list looks internally to me. I just click on the "Your shared items" link in the left-hand navigation (the big red arrow is pointing at the right link):

After selecting that, I get a page listing my items with a message telling me that they are "publicly accessible," like this:

This isn’t new. Google’s been making shared items available to the entire public since March 2006. Here’s how my public page of shared items looks:

Because the URL is publicly accessible, ANYONE can see it. The only caveat is that they have to know where it is. If you’ve never given out the URL, then your items are somewhat safe. In addition, Google blocks these pages from being crawled and listed in search results.

Of course, click on an item from your public list (or if anyone else does), and your browser will pass along "referral" information that reveals the location to the site owner you visited from that page. So pretty safe, fairly private, but certainly not foolproof.

So why the freakout over this month’s change? As I wrote before in my earlier article:

I have a public feed of shared items here that anyone can access, if they know where to look. Why should these exact same items, being shared with a tiny subset of the entire world that they are already accessible to, freak me out?

The answer is because, as explained, while your shared items were public, pretty much no one knew where they were unless you proactively told them the location. But with Google’s change, Google Reader itself started proactively deciding people in your contact list were "friends" that should get a heads-up. Again, as I wrote:

Google Reader never asked if I wanted to be connected with my friends, i.e., whether I wanted to have Google itself start behind-the-scenes making relationships in Google Reader for me with people that previously were restricted to chat. It’s disconcerting.

Today’s Google Reader blog post doesn’t change the situation. By default, it’s still going tell all your contacts that you’ve shared an item, as my previous article details. Don’t like that? Then Google Reader suggests that you individually unshare items. Alternatively, it suggests that you tag items, then within the Settings area, enable items tagged with a particular word to be shared to the public.

Huh? How’s that help? Well, it goes back to the original situation where you have a public page, but no one knows the URL unless you tell them. Steve Rubel also describes the process here.

Frankly, a better solution would be to dump the friends sharing feature until it comes back in a new form, where you specifically and deliberately create a list of contacts that you do want to share material with. Again, as I wrote before:

I just think that if Google is going to start socializing its various applications, I need more granular control over who sees what, in the way that Facebook offers.

For more discussion, see Techmeme.