Wednesday, March 27, 2019

Restricting who can read your blog

Labels: , , ,
This article explains some of the issues with restricting readership of your blogspot blog to just people who you choose, and why you can appear to have unexpected readers.

When you first set up a blog in Blogger, anyone in the world can read it (if they can find it - how to get them to there is a different story!).

But some people want to keep their blog private, just for them and their friends (or teachers, students, other parent, classmates, etc).   This is fine, provided they don't mind that only up to 100 people - ever- can be invited to read the blog, and that it doesn't have an RSS feed so cannot offer email subscriptions.



How to stop everyone from reading your blog

In the Settings > Basic:  Permissions tab , there is an area where Blogger lets you restrict the readers of your blog to anyone, selected people, or authors only.

If you click the Edit link in this section, you can choose one of: 
  • Private - Only blog authors
  • Private - Only these readers
If you choose the first option, then In the first option, only blog authors can read your blog.  Other attempted visitors get a message that this is a private blog, and they will not be able to read any posts.

If you choose the second option, you need to click the + Add readers link and enter the email addresses of the people you want to allow to read the blog.     Each email address that you enter will get a message like this:
"Hello,

The purpose of this message is to inform you that YourName has invited you to join their private blog "yourBlogName". To accept this invitation, click on the button below.

<<Accept invitation button>>

Important: You will need to sign in with a Google Account to accept the invitation to view this blog. If you don’t have a Google Account you can create one here.

Happy blogging,

The Blogger Team

Email address you invited vs the email address that accepted

When someone clicks the button in the invitation email, then are asked to confirm that their currently-logged-in Google account is to be used to sign in to your blog, or given the opportunity to sign-up for a Google account if they don't have one already.

But notice that there is noting that forces the email address associated with that Google account that accepts your invitation to be the same as the one that you sent the invitation to.

Once someone has accepted an invitation, the list of readers just shows you the emails of the readers you have:  it doesn't show you the link between them and the person who you sent the invitation to.

For example, if you emailed an invitation to mary@gmail,com, but the Mary also has a Google account with manager@google.com as it's email, she could choose to reader your blog with the manager account - and you would see manager@google.com in your list of readers.

As well as this, people who you invite can forward the invitation-email to other people, and they too can sign into your blog - thankfully these days, each invitation can be used exactly once.

If this happens, the readers are put into a group, and the Permissions tab shows you the email address that you send the invitation to, and the emails of the people who've accepted the invitation.   And it lets you remove the permssions either from individuals, or from the whole group at once.


Guest sign-on

This feature has not been removed - and this makes your blog-readereship a lot more secure. 

Before it was removed, then the person you invited wanted, they can could to sign in as a guest for up 30 days.  However Google based this sign-in on the IP address they were using at the time, which caused a couple of issues:
  • On a shared computer, then anyone else who used that computer could read your blog (if they can find it - for example, by looking in the browser history file).
  • If their internet service (ISP) used dynamic IP addresses (ie you get a new one every time you connect) then the person who accepted the invitation was only be able to read the blog during their current internet connection.   And anyone else who gets the same IP address in the next 30 days will be able to read the blog (though it's unlikely that they will be able to find it).

Email isn't secure

Having said all the above - remember that email isn't really secure unless you are certain that it is encrypted at each end.   Security experts usually recommend treating it just like a a post-card:  assume your messages can be read, in plain text, by every postal-worker whose hands they pass through.   Or in computer terms, by every server that that the pass through on the journey between you and the recipient.

So, if someone really, really wants to read you blog, they may figure out how to "sniff" your email.   This isn't easy (and someone who can do it may be able to find easier ways to hack into your blog anyway), but is possible.

If what's in your blog really is super-sensitive, you need to choose whether it's worth taking the risk of using tools like this (and I think it is, in many cases, because the risk is small-ish), or whether you need to look for a set of tools that is more secure.


Related Articles

Understanding Google accounts

Transferring your blog to a new owner

Posting by email - knowing who said what


Share this Article

URL:

HTML link code:

BB (forum) link code:

Subscribe to Blogger-hints-and-tips

FeedBurner will send a confirmation message. Click the verify link in it to start your subscription.

Follow Me on Pinterest Subscribe to Blogger-HAT on Google + RSS subscription icon Follow BloggerHAT on Twitter

1 comment:

Subscribe to: Post Comments (Atom)