|
|
|
Greetings. About two weeks ago, I reported a YouTube privacy-related bug directly to YouTube/Google. It was promptly repaired (thanks YouTube team!), but in the wake of this event I suspect that many YouTube users may not fully understand the privacy aspects of what has become a somewhat complex YouTube user account interface. I am a tremendous fan of YouTube, as regular readers know. I believe that it is a true game-changer that brings an extraordinarily broad range of positive impacts on the Internet and the world at large. The privacy issues that I'm about to discuss are not earth-shattering compared with many other kinds of privacy concerns these days, but are potentially embarrassing nonetheless. The YouTube (YT) "subscription" feature is of course a significant element in YT's success. But given the wide variety of material on YT, it's understandable that some users would prefer not to make publicly available the list of other YT user channels to which they are subscribing, or the videos on their subscribed channels. The sensitivity of this issue is implicitly acknowledged in the YT configuration options, since they do permit the user to choose not to display their subscription list link on their own public YT home page. Even if a subscription list URL is fabricated by hand for such a user (based on the URLs for users who do permit their subscription list to be seen), attempts to use that fabricated URL will fail, as they should. Admittedly, even for people who block their own subscription list link, their individual subscriptions will appear on any displayed subscriber list links on the home pages of the subscribed-to YT users. However, at least in my testing, these lists are indexed (or rather, not indexed) in a manner that makes aggregating this info for any given user impractical, at least when tested via major search engines (I checked Google, Yahoo, and Bing). So by and large the subscription info for persons who wish not to publicize their subscription lists has appeared to be relatively secure from easy collection and tracking. But what many users may not understand is that even when they choose not to display a subscriptions link on their YouTube page, their subscriptions and their associated subscriptions' videos may still be made public via the YouTube API (Application Programming Interface), through settings in their YouTube Account's Privacy "Recent Activity" section (most of which are at "public" settings by default). In fact, when you deselect subscriptions links on your YT page design, a pop-up warning does appear noting that the API may continue feeding this data publicly. But I wonder, how many people fully understand what this means, and that "Subscribe to a channel" doesn't mean a one-time API notification of a subscription, but a continuing public feed of all videos that you receive via your subscriptions? The (now fixed) YT bug that I reported -- as I understand it -- allowed the public viewing of subscribed videos data even when both of the associated settings had been deselected by the user. For example, let's consider former Speaker of the House Newt Gingrich, whose official YT page appears to be at: http://www.youtube.com/newtgingrich Note that while the URL shows "newtgingrich", the channel name listed further down is "ngingrich" -- this is significant for reasons shown below. In fact, both ngingrich and newtgingrich appear to end up on identical YT channels. Now, as we can see, he (or rather, whomever runs the YT channel for him) has chosen not to display his subscription list on his page. But if we make the YT API query (note that no authentication of any kind is required) of: http://gdata.youtube.com/feeds/api/users/newtgingrich/newsubscriptionvideos or http://gdata.youtube.com/feeds/api/users/ngingrich/newsubscriptionvideos we see an easily trackable RSS feed of the latest videos matching the user(s) associated subscription lists. And of course if we know the videos, we know the individual subscriptions. You'll note that the returned listing for "ngingrich" seems much more reasonable than the list for "newtgingrich" -- it isn't immediately clear to me if one of these is utterly bogus, but the point is that it seems problematic whether this user really intended for this data to be public, especially since the subscriptions link was disabled on their YouTube pages. Another example of a YouTube user who has chosen not to show a subscriptions link but who can be successfully probed via this mechanism (with potentially embarrassing results) is: http://www.youtube.com/animesenshiD0Tcom http://gdata.youtube.com/feeds/api/users/animesenshiD0Tcom/newsubscriptionvideos I don't want to overstate the seriousness of this issue. But the now fixed bug aside, it seems almost certain that many persons are unaware of the multiple interface selections that they must make to block their subscription video data from both their YT page and the public YT API. This all might be particularly important to anyone concerned about ridicule or other problems based on their YT subscriptions being subject to tracking by anyone, when they had assumed that they had chosen not to list their subscriptions publicly in an easily accessible and trackable form. My "quick fix" suggestions: -- Better explanations of what the various default settings in "Recent Activity" really mean (especially in regard to "subscriptions") and the associated ramifications of the public YouTube API, ideally emphasized at account creation time. This is especially important when settings are defaulted to their public modes. While this all may not matter to many people, there will be persons to whom the associated exposures might be a quite significant concern. --Lauren-- |
Posted by Lauren at June 19, 2009 07:11 PM
| Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein
