I’m hereby hijacking this thread to make it the official RSS documentation work-in-progress thread.
RSS readers have become a one-stop shop not just for downloading feeds and displaying web pages, but also for being able to process audio and video content contained in both feeds and pages. Generally speaking, this approach conflicts with our best practices of isolating data types to the respective tools best suited to protect privacy. To that end, RSS use should be limited to being a simple notification mechanism - that new content has been published at a specified link.
After some preliminary tinkering, my best solution is to use Thunderbird’s built-in “Feeds” account.
Thunderbird is included in Whonix and TorBirdy is preconfigured to socksify Thunderbird traffic.
While the feeds’ XML still needs to be parsed, Thunderbird can be configured to display only “Plain text”:
Menu -> View -> Feed Message Body As -> Summary, Plain Text
The following setting should also be changed so that opening (double-clicking) a message does not invoke the internal browser:
Menu -> Message -> When Opening Feed Messages -> Open as Summary
I was unable to override the internal browser with an option to launch an external browser when opening messages. (https://bugzilla.mozilla.org/show_bug.cgi?id=675510)
These settings are clearly a workaround - it would have been preferable to disable the internal browser completely.
To open an item of interest, simply click the link. Thunderbird is preconfigured to open links in Tor Browser. (Qubes users can configure their machines to open Tor Browser in another VM.)
What exploits are possible while parsing the XML? Ideally, Thunderbird would ignore everything that doesn’t display as text.
What identifiers are provided by Thunderbird to the RSS host? What trackers are accepted by Thunderbird from the RSS host?
Confirm stream isolation is working as expected. TorBirdy (port 9102) has
IsolateDestPort so we would expect one circuit per feed (assuming each feed has a unique host).
Liferea does not support socks5 proxies (only http).
Quiterss successfully socksifies DNS and IP requests but I was unable (within 10 minutes) to prevent all non-text items from being downloaded / displayed.