Okay, those who know me know that I'm the first to defend a product when it is unfairly being accused of being insecure. However, this is a real problem. I'd say the problem lies more with Bloglines than with Gmail, but its nature makes me worried about e-mails that I'm sending.

Whenever you send e-mails in general, you should always be aware that the recipient might turn around and post the contents of your e-mail publicly. But if you feel you can trust the person, you can usually trust that the conversation will remain private. That isn't necessarily the case anymore. Gmail has offered an Atom feed of your e-mail inbox for a while now. When the feed is requested, it returns a request for a user name and password which, upon sending, will allow you to get the newsfeed of your inbox. That newsfeed contains the subject titles and beginnings of the messages in your inbox. This is usually a secure system, unless the client that you use to request the newsfeed decides to share the contents of your feed.

It seems logical that a newsreader wouldn't share the contents of a feed that required HTTP authorization in order to access, but it appears that at least one does. Bloglines allows users to search messages in newsfeeds that people are subscribed to. The fact that it requires a user name and password to access the newsfeed doesn't seem to matter to Blogline; it will share it with the world anyway.

So the bottom line is, if you use Bloglines to subscribe to a Gmail inbox newsfeed, the contents of that feed (the subjects and first lines of the e-mails) will be available for the world to search through. More importantly, if you send an e-mail to a Gmail user who happens to use Bloglines in this way, the beginnings of the e-mails that you send may be publicly readable.

I'll repeat, this is a fault of Bloglines, not of Gmail. The model that Gmail uses should, in theory, be secure. But newsfeed services that make the contents publicly viewable without intelligently designed security create a serious privacy risk. Now that this issue is out in the open, Bloglines and some other services will no doubt work to make necessary fixes, but you should always be aware that some services might continue to put your privacy at risk.

As long as you yourself don't use these kinds of newsreader services with your Gmail account, no one will be able to read the e-mails that you receive. But regardless of what e-mail service you are using, if you e-mail a Gmail user who does use a newsreader service like this, some of your e-mail may be publicly exposed. To account for this, you might be more careful about what subject lines you use and how you start your e-mail, you might want to make sure that the person that you're sending the e-mail to isn't using the Atom feed via a service that makes its newsfeed contents publicly viewable (unless the service already takes this privacy issue into consideration), or as a last resort, you might choose not to send sensitive e-mails to Gmail users. Unfortunately, Google can't do anything to fix this issue without actually removing the feature (not that the feature itself was badly designed).