Read It Later extension for Firefox
By glazou on Tuesday 9 September 2008, 14:20 - Mozilla - Permalink
Read It Later was exactly what I needed. A way to temporarily store URLS in a ToRead list instead of having a "ToRead" bookmarks foolder where bookmarks are pushed to but never popped from... I installed it and started immediately loving it. Well, until I discovered my ReadItLater list is by default - without asking me - saved on an external and unprotected web page.
First, even if I'm a bit paranoid, I certainly don't want an extension - whatever its kind and whoever is the author - to save my own data on an external web site without asking me permission first. ReadItLater authors have then access by default to the ToRead list of all ReadItLater users... The privacy policy of the extension reads:
If the RSS feed is turned on, your reading list will be sent to Read It Later servers
But that's clearly the problem : I never turned it on, it's on by default (I checked on two different machines) !!!
Second, the URL shown in the preferences is not password-protected at all. Anyone having a few seconds access to my computer will then know my feed URL and will have permanent access to my ToRead list.
I think ReadItLater is just breaking my privacy. That is not acceptable and I think ReadItLater should be removed from addons.mozilla.org until a new version turns the RSS Feed off by default and prompts the user - with detailed information - about turning it on. I also think it's not acceptable to have the feed reachable w/o user/password authentication. That should be added to the preferences. The if you disable the feed in preferences, the online feed should be deleted, and it's not the case.
Sorry to be rough, but I just hate when data - and data about my personal interests and readings - are stolen from my computer. Because that's what happened here.
Comments
Agreed about turning this on by default - definitely bad.
Regarding the password, it sort of depends on whether or not the part of the url you've given above is linked from somewhere or guessable.
If it's random string without external links then it's basically password-protected.
Worst the password to add stuff to your feed is random and not changeable (as far as I know), I am not sure how easy is to deduce or calculate the password. Once this password is found you could spam user's read list.
I user Instapaper. It stores either a URL, or compact text version. Your reading list can be synced with an iPhone app as well (just in case).
Feedly's "Save for later" is also an option, if you already use this extension and you need to save links while using it.
glazou, can you file a bug on bmo under addons.mozilla.org :: Add-ons about this?
Instapaper! Fantastic, exactly what I was looking for. Thanks uri.
> but I just hate when data ... are stolen from my computer
I guess you and Google Chrome were love on first sight
Hey Dan,
This is Nate, the developer for Read It Later.
First off, let me say I'm sorry, I have no intention what-so-ever to deceive or steal from users. I fully respect user's privacy, I'm on your side.
The automatic RSS feed is there simply to make it easier for users. I tried to make this clear on the description of the add-on and the privacy policy but I can easily see how it can be misunderstood.
I'm talking with the heads over at Mozilla add-on's site on how best to describe the privacy policy to make this clearer.
Just so you know, I have a new version of RIL that is coming out near the end of Sept that will provide the ability to protect your RSS feed as well as giving more options about hiding your sync id / pass in the browser. The id/pass, which is initially randomly generated, has to been viewable so that users can transfer it to another computer to setup syncing, so it's a little tricky making this user friendly while providing the best security. The thought is that if they are on your Firefox, then they can modify your list just by using the extension anyway. Regardless I am working on some ideas on how to protect it and still give to the ability to access it for syncing.
As Ami mentioned above, the feed is not linked-to anywhere except for in your browser, and the feed id is random, so it would be very difficult to find your feed off the bat.
In addition, this new version will allow users to edit/delete items from their feed on the server, so I will make a point of letting users know in case there are others who are not aware of this.
Until you have the ability to protect the feed yourself, if you'd like me to delete your feed from the server, shoot me over your feed id to my email nate@ideashower.com and I'll wipe it for you.
If you have any more questions about this, please email me. I continue to work on Read It Later because of it's users. So if you have suggestions on how to improve it, I'm always open to it.
Thanks for your help,
Nate
Also, side note, Victor, you can modify your username and password. Click the 'Access Anywhere' button at the top of your list.
Cela me penser à la manière dont FF communique directement avec Google pour récupérer la liste des sites indésirables. C'est activé par défaut pour rendre service à l'utilisateur. Maintenant à partir de quand on considère que des données sont personnelles ?