David, I know of one application where there are potentially hundreds of thousands of users with personal RSS feeds. It is up and running, and you'll never guess who's behind it. Microsoft's Bungie division offers gamers a personal RSS feed of their stats from recent games played in Halo 2 on XBox Live. Of course this feed is public, if you know the correct URL. Many gamers want to share the information for bragging rights, so privacy is not a concern. No personal information is included in the feed.
In a phishing situation, the communication is one-way from the company to the customer, and privacy is not always required. Email itself is no private. What the e-commerce site wants their users to do is to be able to receive a message asking them to log in and update their account information. Handling this with a customized RSS feed is elementary. And the phishers can't control the feed unless they hack the RSS server. The e-commerce site simply has to ask all their users to subscribe to an RSS feed to receive communication from the company. Most emails from e-commerce sites requesting this right now are from unmonitored email addresses (ie. no responses will be read), so switching to RSS would not impact the communication channels. So the first thing a user has to do when they sign up with the company is to subscribe to their own RSS feed with the RSS reader of their choice. Then the company would send a Response Requested message over the feed (perhaps containing a link or a some other code) to return to the company. At this point, the e-commerce site knows that the customer can receive messages, and the customer knows they can receive them. If the RSS URLs are complex enough, no one can guess them, so the illusion of privacy is the same as when reading email.
So I think that everything you're suggesting is possible David. It just takes the right people with the right technology to do it.
Discussion on:
Message 8 of 1
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
