Privacy in Blogger

Blogger, owned by Google, provides a free platform for hosting articles for various purposes. You can buy a domain in Blogger, or you can have a free domain  (Blogspot). You can also use Blogspot to develop your blog and then transfer it to a commercial domain later.

Some Blogspot blogs are built for commercial purposes; others are simply to share and exchange information, and/or to link to other websites. Some can even use Blogspot to store their own information (for free) and then share it with users of their choice.

Draft

If you want to keep your post or page for yourself, you can simply put it into Draft. If some day, you change your mind; you can make it public via Publish. On your Blogger dashboard, you can click on the wing icon to change Draft to Publish, and vice versa. You can choose to exclude your drafts from the Table of Contents.

Private Blog

By default, your blog is public. Blogger allows you to control your blog privacy, via Settings > Permissions > Reader access:

·       Private to authors: All authors of your blog can access and read it, if your blog has invited authors (via “Invite more authors”). 

·       Custom readers: Only the readers you invite can access and read your blog (via “Invite more readers”)

All invites are by means of email as shown below

Note that this setting applies to the entire blog.

Also, if you don’t want your blog to be seen by search engines, you can simply select Settings > Privacy > Visible to search engines (OFF).

Semi-private Blog

There are instances where certain portions of your blog contain sensitive information, and you want viewer’s restriction. Below are various kinds of sensitive information:

Personally Identifiable Information (PII)

Data that can uniquely identify someone:

• Full name (when linked to other private info)
• Home address or mailing address
• Date of birth
• Social Insurance Number (Canada), Social Security Number (U.S.), or similar ID numbers
• Passport or driver’s license number
• Personal phone numbers or private email addresses
• Bank account or credit card numbers

Sensitive Personal Attributes

Information about personal characteristics or status:

• Health conditions, medical history, or disabilities
• Mental health status or therapy records
• Sexual orientation or sexual history
• Religious beliefs or practices
• Political opinions or affiliations
• Ethnic or racial identity (if linked to personal identity)
• Genetic or biometric data (fingerprints, facial scans, DNA)

Confidential Business or Institutional Information

Information that could harm an organization or others if disclosed:

• Trade secrets or proprietary formulas
• Non-public financial data
• Internal company strategies, plans, or negotiations
• Employee or client data without consent
• Passwords, API (Application Programming Interface) keys, or system access credentials

Legal and Security-Related Data

Information that could compromise safety or privacy:

• Private legal documents (wills, contracts, court records not yet public)
• Law enforcement investigations in progress
• Security system details, alarm codes, or encryption keys
• Private communications (emails, DMs (Direct Message), recordings) shared without consent

 Information About Vulnerable Groups

Especially protected under privacy laws:

• Children’s names, photos, or school information
• Locations of shelters, foster homes, or safe houses
• Refugee or asylum seeker identities

You can use password to protect such information; and your password should not show up in “View page source”. You must provide your desired readers with your password, and the password must be difficult to be decoded. Furthermore, it would be safer not to use the same password for every portion of your blog (or for all your blogs).

The above can be achieved in 3 steps:

1)    Using HTML view, define the text to be password-protected in your post;

2)    Generate password offline;

3)    Write HTML/CSS/JavaScript code to allow viewers to input password, check it against your own password generated in 2), and decide whether your password-protected text should be revealed.

 Password Generation

 The password must be encrypted and difficult to decrypt, for which you would need a password generator. The number of your input data and the sophistication of the algorithm used by the generator will determine the level of security. The final password can be:

·       Maximum Security Password (20 ASCII printable characters)

·       Long Password (14 ASCII printable characters)

·       Medium Password (8 ASCII printable characters)

·       Short Password (4 ASCII printable characters)

·       Basic Password (8 alphanumeric characters)

·       PIN (4 digits)

“Master Password” is the well-known algorithm to generate secure passwords. The passwords are not stored on disk or in the cloud; but are regenerated every time from information entered by the user. An example of Master Password is illustrated below, using master_password_generator.html:

With the following input:

Master password = hello world

Username = kody

Site name = abc@gmail.com              (this is required)

Template / length =16

the above generator produces the password "Dh7#ZE$-T)u<?DUv".

The above password is highly secure. However, for the viewers to be able to generate the same password as yours, you must provide all 4 input boxes and inform them about the data to enter. This complexity might discourage your viewers from viewing your secret text.

If you simply want obfuscation, not true protection, you can use a simpler encrypted password generator which requires only 1 input from the viewers. The following illustration is from Simple Password generator.html:

where the boxes Secret Content (Don’t show my secret to your friends) and Password (Oct2045) have been filled with viewer’s inputs.

If you click the “Generate” button, the following code will be generated:

<!-- Load CryptoJS library -->

<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>

 <p><b>This post is protected. Enter password:</b></p>

<input type="password" id="pass">

<button onclick="decryptContent()">Unlock</button>

 <div id="protected" style="display:none; margin-top:10px; padding:10px; border:1px solid #ccc; background:#f9f9f9;"></div>

 <script>

function decryptContent() {

  var pass = document.getElementById("pass").value;

  var encrypted = "U2FsdGVkX1+vaSOkktVJR8Q943O9+JxuSCdKE3HAIM/FgjsqKKTObjS+w9Nd9Jm8eeDERzr70FRjRDwEjafloQ==";

  try {

    var bytes  = CryptoJS.AES.decrypt(encrypted, pass);

    var originalText = bytes.toString(CryptoJS.enc.Utf8);

    if (originalText) {

      document.getElementById("protected").innerHTML = originalText;

      document.getElementById("protected").style.display = "block";

    } else {

      alert("Wrong password!");

    }

  } catch (e) {

    alert("Error decrypting.");

  }

}

</script>

 

Your encrypted password is

 “U2FsdGVkX1+vaSOkktVJR8Q943O9+JxuSCdKE3HAIM/FgjsqKKTObjS+w9Nd9Jm8eeDERzr70FRjRDwEjafloQ==”

If you run this code, you’ll see the following

If you type the password “Oct2045” and click “Unlock”, you’ll see the secret content.

Unless your viewers had the password generator in Simple Password generator.html, they would not know how the password “Oct2045” was encrypted.

Finally, in the following paragraph, an encrypted password based on the above one-input password generation is used to hide a “secret information”. Would you like to see it?

Most, if not all, auto translators have difficulty to translate a commonly used phrase in South Vietnamese “nhiêu, nhiều”; for example, “much” in Google Translate, “many, a lot” in Microsoft Bing, “multiple, many” in iTranslate, “many, many” in Translate.com, etc. To see the true meaning of the above phrase and its English translation, enter password in the box below.

Enter password to see the hidden text: