- For public information, it's far better to use social networking.
- For private information, it's insecure.
Lets deal with RSS for public information first. How do end-users consume RSS feeds? Well non-techies probably try clicking on one of those RSS buttons on sites and following one of the plethora of buttons and sign up procedures for RSS reader services that follow, before getting quite confused. Perhaps their browser or mail reader will try to help them keep track of RSS feeds too, but then moving to a different computer will leave them confused all over again. So most people fall at the first hurdle. Even those who choose a great reader have to be pretty disciplined to stay in the habit of following most feeds, and that's because they're usually much too narrow. The typical RSS feeds that universities expose include departmental news stories, custom search results, new books in the library, etc. It looks good, but the results for even the most assiduous RSS consumer is a river of unexciting, unconnected, over-machined news that quickly begins to feel like a millstone around their neck. Much of this information would be better framed as pithy updates to be consumed in a timely way via (shudder!) email, or displayed in context in a web page (gasp!) that is connected to the content.
Many would say that RSS hits its stride when building clever mashups. To be fair, RSS feeds with geolocation data makes for great maps. Yahoo pipes and other engines for chopping, sorting, auto-translating and otherwise crunching feeds can do some wonderful things, clearly potentially useful in some research scenarios. Perhaps. The most common mashup approach however is to populate "channels" of news on otherwise static web pages. You see them everywhere: lists of headlines, text-heavy article snippets, the odd icon. This is fine, but the advertising world knows that very little money is made on sidebar ads that Google and others have made ubiquitous. People gloss over them unless they're very nicely integrated. Now, advertisers have the bucks, and Google has the might, to make sure they only advertise to you - for yes, they know who you are - what they think you want. These ads unleash a world of intelligence on our unsuspecting minds, but if people still ignore all this, what chance have we of encouraging clickthroughs from our dumb RSS channels? No, the advertisers get their spoils out of search requests that return "featured results". It's not rocket science. To be there at the right place at the right time, be there when someone's looking for something. The fact the universities should make much more of their website's search capabilities to disseminate important information is probably the subject of another blog article.
But these days there's something else. Something that leads to much more referral traffic than even search. All the evidence shows that discovery through, you guessed it, social networking is driving users to web content as never before. This makes sense. Where RSS feed readers are only worth bothering about for content with high production values, your Twitter stream or Facebook page is the perfect place to keep up with everything else that's interesting in the world because following actual people is far more interesting than tracking anonymous "machined" RSS feeds. People gossip. They snigger. They post fun stuff alongside making serious points and linking to heavier content. You find the good stuff because you care about what the people you follow say in these networks, and enjoy all the "phatic" stuff that comes along with it. Twitter is particularly good for this, as it's easy to follow (and be followed) without feeling harrassed either way, and all updates have the great strength of being shorter than a text message. Yes, if you want your content to be found, it has to be interesting enough to be shared, and you have to get personal. All bloggers know this. Along with their email subscription buttons, they Twitter like mad, advertising their wares all the while. Guilty as charged.
If RSS is being crowded out in the public arena, what then its use in the private web? After all a university, like any large organisation, has plenty of news to share with its own and friends, but which isn't intended to be completely public. The (theoretical) power of standard RSS feeds comes through their use in mashups by third-party reader applications or websites. To consume a protected RSS feed such apps and sites need a standard way of authenticating the user to access the feed, no matter its source. To date the only way to do this has been to use standard HTTP authentication known as "Basic Auth". If browser pops up its own login prompt before showing a page, rather than redirecting to a new page with a login form rendered in HTML, then its Basic Auth you're seeing. Disappointingly, very few RSS readers and almost no mashup websites support RSS feeds authenticated this way, making such feeds next to useless. When the benefits seem obvious, why so? Well, mashup sites generally want to splurge information to Joe Public for advertising reasons. Given all the other usability hurdles already covered above, for many RSS readers handling authenticated feeds is a step too far. The real problem however is Basic Auth itself. To use it you have to give your third-party RSS client or website your precious university username and password, and that's insecure. To be clear, if a Russian website offers to generate a crazy map of your authenticated (geolocated) RSS feed containing your latest confidential research findings, all in return for just your university username and password - please don't give it to them.
OAuth instead of Basic Auth to secure personal news feeds. This allows, say, a third-party iPhone Twitter app to redirect a user back to the Twitter website, where they can login securely and instruct Twitter to trust their iPhone app with your data, whereupon you return to the original site. The end-user experience of this "dance" between websites is just seamless enough, and the advantages are clear. You never handover your login details to the third-party app, and you can revoke the trust that you granted at any time in your Twitter preferences without having to change your password. There are phishing and man-in-the-middle attack nasties to fret about here, and for sure OAuth is not entirely mature yet. But OAuth is non-proprietary, and is becoming a "standard" that many are jumping on because a solution here is sorely needed. I see no reason why eventually an OAuth protected RSS feed from a university shouldn't be readable in a third party app, potentially alongside more social streams, particularly when OAuth 2.0 negates the requirement for data consumer apps to pre-register with data providers. If this were possible then, who knows, perhaps researchers and collaborators could share news securely much more easily; students could "subscribe" to assignment feedback from their VLEs, and keep up with these notices intermingled with their social streams. I'd like to think that many things might be possible in ways that we couldn't do before.
By then however, RSS itself itself may have been superceded with richer feed formats and protocols, such as OAuth protected Activity Streams, that allow apps to do funkier social things with updates in news feeds such as "like" them, or "reshare" them. Yes, the fact is that the social networking world is treading all over this space once again and RSS is becoming just another useful machine-to-machine data format, and one of many at that. For me, the myth that RSS could be a mechanism for freeing information, and ultimately freeing everyday users, by giving them full flexibility to interact with the naked data directly, feels likes it's receding into little more than a techy dream.