Restricting your Blog's readers isn't as secure as you thought

This article explains some of the issues with restricting readership of your blogspot blog to just people who you choose, and why you can appear to have unexpected readers.

When you first set up a blog, anyone in the world can read it (if they can find it - how to get them to there is a different story!).

But some people want to keep their blog private, just for them and their friends (or teachers, students, other parent, classmates, etc).   This is fine, provided they don't mind that only up to 100 people - ever- can be invited to read the blog, and that it doesn't have an RSS feed so cannot offer email subscriptions.

Stopping everyone from reading your blog:

In the Settings / Permissions tab (old interface) or Settings > Basic:  Permissions tab (new interface), there is an area where Blogger lets you restrict the readers of your blog to anyone, selected people, or authors only.


(this picture is from the old interface - then new one is very similar)



Restricting access to readers only

If you tick "only people I choose", the screen lets you enter email addresses of people who you want to invite to read the blog.

When you email someone an invitation, they get a message like this:
"To view this blog, visit:


http://www.blogger.com/i.g?inviteID=someNumbersThatIdentifyYourBlogInvitation


You'll need to sign in with a Google Account to confirm the invitation. If you don't have a Google Account yet, we'll show you how to get one in minutes, or you can view the blog as a guest for up to 30 days."

When someone clicks the link in this email, they are asked which Google account they want to use to sign in to your blog, or given the opportunity to sign-up for a Google account if they don't have one already.

This is good, because it lets you invite people who don't, yet, have google accounts to view your blog. But it does mean that your blog may appear to have readers who you didn't invite.


Signing in with a different address

There is noting that forces the email address associated with that Google account that accepts your invitation to be the same as the one that you sent the invitation to.

Once someone has accepted an invitation, the list of readers just shows you the emails of the readers you have:  it doesn't show you the link between them and the person who you sent the invitation to.

For example, if you emailed an invitation to mary@gmail,com, but the Mary also has a Google account with manager@google.com as it's email, she could choose to reader your blog with the manager account - and you would see manager@google.com in your list of readers.


Exception:  Forwarded Invitations

People who you invite can forward the invitation-email to other people, and they too can sign into your blog.  (Each invitation can be used multiple times).

If this happens, the readers are put into a group, and the Permissions tab shows you the email address that you send the invitation to, and the emails of the people who've accepted the invitation.   And it lets you remove the permssions either from individuals, or from the whole group at once.


Guest sign-on:

If the person you invited wants to, they can choose to sign in as a guest for up 30 days. However Google bases this on the IP address they are using at the time.   This causes a couple of issues:
  • If they're on a shared computer, then anyone else who uses that computer can read your blog (if they can find it - for example, by looking in the browser history file).
  • If their internet service (ISP) uses dynamic IP addresses (ie you get a new one every time you connect) then the person who accepts the invitation will only be able to read the blog during their current internet connection.   And anyone else who gets the same IP address in the next 30 days will be able to read the blog (though it's unlikely that they will be able to find it).


    An Example



    (note to spammers:  using the wonders of MS Paint, I have changed every single email address to something invented - so don't bother!)

    In this example:

    An invitation was sent to Hazel@gmail.com, but she chose to sign in as UglyDuck with an email of motherUgly@gmail.com

    An invitation was sent to KevinLotus,
    • KevinLotus accepted it but signed in as Enquiries, 
    • He also forwareded it to IrishTransport who signed in as herself.
    An invitation was sent to mary@nxtrix.gen, but she chose to view the blog as a guest for 30 days, so it looks like her invitation is outstanding.


    Email isn't secure!

    Having said all the above - remember that email isn't really secure anyway.   Security experts usually say that email is just like a a post-card:  your messages can be read, in plain text, by every postal-worker whose hands they pass through.   Or in computer terms, by every server that that the pass through on the journey between you and the recipient.

    So, if someone really, really wants to read you blog, they may figure out how to "sniff" your email.   This isn't easy (and someone who can do it may be able to find easier ways to hack into your blog anyway), but is possible.

    If what's in your blog really is super-sensitive, you need to choose whether it's worth taking the risk of using tools like this (and I think it is, in many cases, because the risk is small-ish), or whether you need to look for a set of tools that is more secure.



    Related Articles: 



    Understanding Google accounts

    Transferring your blog to a new owner


    Posting by email - knowing who said what