Part two of the NDTV RSS feeds saga sees me, the poor information junkie, still waiting for the kind gentlemen and gentlewomen there to send me the the confirmation e-mail for accessing the feeds. Two days have gone and still no mail. Information junkie, being a proud member of the early adopters club, is now growing desperate. To get an immediate fix the city's best peddler, Google, is called up and asked a few pertinent questions and viola, more details trickle in.
The peddler points to a prominent pusher, Bloglines, who asked for the fix of the NDTV variety and finally produces one. The curious thing is the link on the Bloglines page that says "subscribe" that links to the URL of the actual feed. Interestingly, NDTV passes the username and password of the user in the query string of the feed URL, which is a patently stupid thing to do since users do put up the link on sites like Bloglines to use the feeds from different computers.
Now, this is an issue that has two sides. The first being that NDTV is sending out user login details in plain text, while the second is that asking a user for his e-mail id as a login id is one of the worst ideas anyone could have ever thought up since most users, to avoid maintaining multiple passwords, tend to use the same password as the email account for the login too. One of the subscriptions listed with the pusher has an email id and password that works on the email service provider. Not good at all.
In all fairness, NDTV does specify that the feed should not be used outside the personal sphere (which they go on to contradict that if it is used it has to be credited to NDTV with image and so on), but like I said before it does defeat the purpose of providing the feeds if they cannot be shared. In the spirit of fair disclosure, the account listed at Bloglines has been notified and a friendly reminder has already been transmitted to the brethren who run the NDTV site.
Update: More Bloglines gripes, this time from Phil, spiced up with some excellent XSS troubles for taste.