The Podjacker Threat

Schlemphfer writes "As everyone knows by now, podcasting has taken off in a big way. But over the past week, several tech journals and The Daily Source Code have reported on the threat of 'podjacking,' the creation of an alternate RSS feed without the consent of the podcast's owner. I'm the host of a podcast, which has the dubious distinction of being the first widely-publicized victim of a podjacking. To teach others from my experiences I have posted an article entitled Preventing and Surviving a Podjacking (also available in PDF). So far this story has attracted widespread but generally inept media and blogger coverage. This article sets the record straight on what really happened, and shows the simple steps every podcaster should take to protect their shows from podjacking."

PLEASE, enough with the words!

[RPoet (20693)]

Do we HAVE to invent new contorted words for every variation of everything these days? Podjacking? Webinar? Blogosphere, podosphere? Vlog? Moblogging? I'm in pain here!

uh, uh, uh, uh,

[everphilski (877346)]

uh, uh, uh, uh, ooooh baby....

er.... sorry, you caught me at a bad time, I was podjacking...

-everphilski-

Re:uh, uh, uh, uh,

[jcr (53032)]

Don't you know podjacking can make you go blind, boy? Now, say 10 "Hail Marys", and ego te absolvo.

-jcr

Re:uh, uh, uh, uh,

[Poltras (680608)]

podjacked at the moment. Please come again later.

Re:I'm Lutheran

[sunwukong (412560)]

Ha ha -- you've been clodjacked!

Re:I'm Lutheran

[jcr (53032)]

Well, never mind then. Podjack all you want, you're going to hell anyway!

-jcr

Re:PLEASE, enough with the words!

[gid13 (620803)]

You will like this page:

http://www.thebestpageintheuniverse.net/c.cgi?u=ba nish [thebestpag...iverse.net]

Re:PLEASE, enough with the words!

[dr_dank (472072)]

Do we HAVE to invent new contorted words for every variation of everything these days? Podjacking? Webinar? Blogosphere, podosphere? Vlog? Moblogging? I'm in pain here!

Those are perfectly cromulent words.

Re:PLEASE, enough with the words!

[geekwithsoul (860466)]

How do you think English stays a living language? Is "podjacking" any worse than "coldcocked" or "fortnight?" Terms are developed and the good ones stick around and the bad ones disappear (as happened with "fortnight"). No one says you have to use "podjacking," if you don't like it come up with something else and if it is good, other people will use it.

Or would you rather be like the French and have some group decide what words can be allowed (not that actual French speakers listen to them much)?

Re:PLEASE, enough with the words!

[Data Link Layer (743774)]

I don't know about the rest of you guys, but I use the word fortnight as much as possible.

Re:PLEASE, enough with the words!

[Shimmer (3036)]

Except it's not really broadcasting and you don't have to use an iPod. In reality, "podcasting" is nothing more than listening to MP3s from an RSS feed.

I think it's rather amusing to observe these people thinking that they've invented a new medium when it's really just a minor variation on plain old web browsing.

Re:PLEASE, enough with the words!

[.com b4 .storm (581701)]

I think it's rather amusing to observe these people thinking that they've invented a new medium when it's really just a minor variation on plain old web browsing.

Yeah, just like the web was just a minor variation on plain old FTP. Gee, yeah, all they've done is make an existing form of information phenomenally accessible.

*Gnashes Teeth*

[Shadow Wrought (586631)]

Podcasting was bad enough, maybe not as bad as blog, blogger, and blogging, but annoying nonetheless. Podjacking now? Gah.

Re:*Gnashes Teeth*

[xnderxnder (626189)]

Hey, it could be worse.. he could have called it podsquatting.

Eew!

WHAAAAAAAAT

[by Anonymous Coward]

Cant this PODJACKING make sense? how about like CAR JACKING, when someone jacks your car...how about when someone jacks your POD it is called podjacking....and when someone jacks your podcast its PODCASTJACKING

Re:*Gnashes Teeth*

[Kelson (129150)]

Carjacking. Skyjacking. Podjacking.

It's official. English is officially jacked up.

Re:*Scratches Head*

[Kelson (129150)]

Or what a blog is in comparison to a personal daily-updated website.

Shorter. Fewer letters to type, fewer syllables to say.

Do you always refer to the "television set," or do you turn on the "TV" or "telly?" Do you drive a "horseless carriage" or "automobile"... or you you drive a "car?" Do people call your "cellular phone" or do they call your "cell?"

Same thing.

As for podcasting, it really is different from streaming audio. It's downloadable audio (or video) that is announced via a subscription system

Easy

[Hey Pope Felcher . . (921019)]

Why not just let the podcast be distributed, and announce the name of your website at various intervals?

Not only will this allow the wider distribution of your ramblings, but also help save on bandwidth.

Slashdot overrun by old fogies

[saskboy (600063)]

Slashdot has been overrun by old people. They know nothing about podcasting, and are so against learning about it, they rile against the word even being considered for a dictionary. Slashdot is now officially overrun by 80 year olds.

I'm almost part of this group of old people since I'm in my mid-20s, and have never downloaded a podcast via an RSS feed. I don't think I even have an RSS feed reader on my computer, unless Firefox counts some how. I thought it was like live bookmarks for a long time, but I

Re:Slashdot overrun by old fogies

[Simon Brooke (45012)]

I don't think many people understand what a podjacking is. Does it mean someone else distributes an identical podcast file as their own, or does it mean they make their own podcast and pretend is comes from another source?

What has happened here (if I understand it correctly, and someone will correct me if I don't) is that the guy puts up his mp3s at http://myrealserver.dm/podcast/content0001.mp3 and then he creates an RSS file which points to his mp3s at http://myrealsystem.dm/podcast/feed.rss. The RSS file is essentially a signpost: it isn't the content in itself, it just points to the content. Then, when he posts new mp3 content, he updates his RSS. What is supposed to happen is that people point their podcast client at http://myrealsystem.dm/podcast/feed.rss, and every time he posts new content and updates the RSS it's automatically downloaded.

But what he's complaining is that the 'podjacker', evilpirate, has done is created a new feed, http://evil.pirate/devious/feed.rss which also points to myrealsite's content. The file at http://evil.pirate/devious/feed.rss is automatically updated using something like wget so that whenever myrealsite adds more content, http://evil.pirate/devious/feed.rss gets updated too.

evilpirate now registers http://evil.pirate/devious/feed.rss with podcast search engines as the authoritative signpost for myrealsite. Users search for content on the search engine, and if they like myrealsite's content, they point their clients at http://evil.pirate/devious/feed.rss.

So now some - or even most - of myrealsite's users are finding new myrealsite content through evilpirate's signpost. This gives evilpirate the power to alter where the signpost points to, so that instead of getting myrealsite's content they now get rivalsite's content.

Re:Slashdot overrun by old fogies

[mzwaterski (802371)]

You need to re-read.

1st dude told 2nd dude to stop directing traffic through their URL to 1st dude's site. (Pretty sure it was more of a redirect than a mirror of an RSS file).

2nd dude complied.

1st dude realized that iTunes had used 2nd dude's URL for 1st dude's listing.

1st dude is sad because all iTunes people who signed up with 2nd dude's URL are lost.

1st dude tells 2nd dude to put URL directing traffic to 1st dude's podcast backup. 2nd dude decides to capitalize and ask for money.

1st dude not happy.

Re:Easy

[bitspotter (455598)]

You know, how hard is it to promote your domain name in the stream? Every streaming station I've ever heard may have lost the commercials, but they still plug the website every chance they get. "Podjackers" can jack the feed, sure - but the audio and video content are considerably more difficult to "jack".

If users have it drilled into their head merciless that the feed can be had from a big bold link on the front page of that domain that guy's incessantly blathering, then when they lose the stream, they'll

Apple?

[RPoet (20693)]

Apple has nothing to do with this story, so I don't see why it's filed in the Apple category. Apple did not invent podcasting; they were even late adopters of it.

Re:Apple?

[1u3hr (530656)]

Apple has nothing to do with this story,

Did you RTFA? The submitter's big problem is that iTunes (what company owns this?) listed his podcast via the pirate feed. So when that stopped, he lost all his iTunes subscribers, the pirate asked for money to reinstate. iTunes could not change the listing, only delete the old and put up a new one.

Re:Apple?

[Suburbanpride (755823)]

Its not just about fetish for apple brands. Apple holds the majority of market share, so its likely that the majority of people listening are listening on ipods. Sure there is a fair amount of marketing involved, but without the iPod (and Itunes easy of use), most people wouldn't be listening to *pod*casts.

Xerox invented the GUI, apple just brought it to the people.

My precious data.

[croddy (659025)]

It's MINE.

MY. OWN.

MY data. My precioussssss....

He lost control of his statistics

[wild_berry (448019)]

His RSS feed was no longer the unique source of downloaders, that's all. The guy had and has many listeners who found access to his podcast through non-sanctioned mirrors of his RSS feed. He thought he controlled the access to his podcast via his RSS feed, but the Internet has lots of redundancy -- without his realising so. Someone else found his material via other means, for which he isn't able to track site visitors, and this upset him. I'm not really sympathetic.

Perhaps there is mileage in protecting one aggregator of news on the web, but you hardly see Taco complaining that ArsTechnica and Digg find ways to present the same news resources to their readers.

Re:He lost control of his statistics

[Surt (22457)]

If you read the article, I think you'll find he has a pretty legitimate concern. Imagine if google kept url listings. Which they do:

http://www.google.com/search?q=site%3Awww.yahoo.co m&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=o rg.mozilla:en-US:official [google.com]

Now imagine that they allowed anyone to register a site mapping. For example, maybe I should register www.yahoo.com, and have it forwarded through my domain. Then one day, maybe, I decide that instead of forwarding to the real yahoo site, i'll just redirect all the visitors to my own site. What's to stop me?

That's the problem with podjacking.

Re:He lost control of his statistics

[Surt (22457)]

I doubt that the method of indexing was explained in the fine print. When I sign up with an indexing service, such as google, I have an expectation that they are listing my site. The advantage for them is advertising: listeners looking for shows come to their site, and they have a lot of shows if I and others participate in the bargain.

What I specifically do not expect, is for them to forward listeners to my site through a frame, keeping the bookmarks of my users for my site pointed at google. I expect t

Re:RTFA

[Surt (22457)]

He asked for a listing, not for a forwarding. There's a rather important difference.

Close, but read the full article.

[bigtallmofo (695287)]

Someone else found his material via other means, for which he isn't able to track site visitors, and this upset him.

You're right on here, but read a little further in the article and you realize he asked for the listings directly from the "Podjacker"! After he admits this, he says that they didn't do it how he assumed they would have done it. Then he goes on to still label them a "Podjacker".

I responded to an email somebody sent me about podkeyword.com, and I gave the site a visit and submitted my URL for a few listings. When I launched my show in October of 2004 I went everywhere I could to post its URL, and I quickly forgot all about my five minute visit to podkeyword.

I guess the only remaining comment I have on this topic is that I'd like the 5 minutes I spent reading the article back. Total waste of time - there literally is nothing to see here.

MOD PARENT UP, this guy is a tool

[brunes69 (86786)]

What a waste of my time.

No one "jacked" anything, this guy submitted the site to this URl forwarder himself The site that "podjacked" him is no different than cjb.net or tinyurl.com or any other redriector service.

It is anyone's fault this guy is a complete tool and does not realize what he is doing.

Re:MOD PARENT UP, this guy is a tool

[Surt (22457)]

The problem is, they made themselves out to be a directory service, not a forwarding service. A directory service maintains pointers to content, rather than forwarding content. That way delisting doesn't impace existing users of the content. TinyURL is in the forwarding business, and they make that clear.

Furthermore, the 'service' registered his show on legitimate directory services as coming from them. I can't see any way to make that look legitimate. It would be like finding out that tiny url went an

Same as hotlinking

[by Anonymous Coward]

Please, for the love of God, stop making up these stupid blog/pod mashup words for insignificant events. Someone made a metadata file that points to your content. This is the same as hotlinking (where someone makes an HTML file that points to your content). Who cares?

This is funny

[by Anonymous Coward]

"I could see at a glance the danger posed by this incorrect listing"

Yes, imagine the danger of people listening to the wrong inconsequential ramblings of somebody with no life.

The consequences are beyond words!

Lesson

[okjeff (937565)]

Let this be a lesson to the podcastees: Meat is the greatest thing ever.

Re:Lesson

[TubeSteak (669689)]

All I wanna know is: If we're not supposed to eat animals, why are they made of meat?

Never used that method to sign up for the feed

[eltoyoboyo (750015)]

From TFA the problem was similar to search engine content hijacking, which I have experienced. I have never directly subscribed to a feed in this way. I have always navigated to the home page first and then clicked on the RSS/ATOM/XML link to add to my feed.

Which is my way of saying that search engines are good, but
<dons jounalism professor hat>
you have to check your sources.
<doffs jounalism professor hat>

Vegan.com podcast?

[saskboy (600063)]

Sorry, but it has to be said:

Save a cow...Eat a Vegan!

-/Karma burning calories

Jipahddis, establishing bases in Podjackistan

[ScentCone (795499)]

Enough.

``Podjacking'' summarized

[TrumpetPower! (190615)]

1) Register evilpodjackingdomain.com.
2) Find somebody else's podcast.
3) Mirror that podcast's XML file at evilpodjackingdomain.dom/pwn3d.xml
4) Get evilpodjackingdomain.dom/pwn3d.xml listed in as many podcast directories as possible.
5) Wait.
6) Blackmail original podcaster with threats of modifying / removing your local mirror; all subscribers through evilpodjackingdomain.dom/pwn3d.xml would get whatever you want them to get regardless of what the podcaster wants.
7) Profit.

Cheers,

b&

Recent Father/Slashdotter Conversation

[Ranger (1783)]

Father:*knock* *knock* Son, I need to use the RSStroom. [djspyhunter.com]

Slashdotter: **long pause** Go away. I'm busy!

Father: Open this door right now! You better not be podjacking in there!

I don't get it

[wampus (1932)]

So, as I understand this, more people were listening to the podcast, because some aggregator site picked up his feed. Whats the problem here? Read your damn URI at the start and end of the show and be glad you are getting heard.

If you want absolute control over the content you are creating, start a regular radio station and pay the FCC for a monopoly on your slice of the air. Better hire some IP lawyers and invest heavily in DRM, too.

Been There

[somethinghollow (530478)]

I noticed several sites were ripping off my content from my RSS feeds. Some of them are ad sites that, no doubt, gather like-minded blog posts, publish them on their site, and shit ads all over them. Others seem to be attempting to do some sort of service. What with Google punishing duplicate content posts, I don't want my content redistributed without my permission. So, I implemented a system with mod_rewrite and PHP on my site that checks the user agent before allowing access to any page. If the user agent is unknown, it shows a page saying that I don't know who they are but I'll see about allowing them access to my site. I then enter their user agent in a database, after doing some research, and decide whether to allow them or not. Eventually, I'm going to tie this into my robots.txt file so that it denies robots there (if they bother to look) in addition to showing the robot a access denied page.
 
It isn't the easiest solution (takes a lot of time to manage) and won't always work (e.g. they set their UA to one that looks like a valid browser or some other UA that I allow), but it clears most of the riffraff, i think.

Just verify referring URL?

[hafree (307412)]

Why not just verify the referring URL before sending out the Podcast archive? This is how most sites avoid people deep-linking into theirs, or loading high-bandwidth content such as videos or even images from their web servers. This can be done by making your RSS feed dynamically generated by a CGI script, or even just using a htaccess file for the directory containing your podcast.

Production vs. Marketing

[Shimmer (3036)]

This story seems to inadvertently prove that production and marketing are two different skills. The author was good at creating content, but so miserably poor at marketing that he didn't even realize where his audience was coming from. The "podjacker", on the other hand, created nothing, but apparently did an excellent job of marketing the author's content.

You might argue that the world would be better off without middle men such as marketers, publishers, etc. (I think the catchy phrase for this is "disintermediation".) But this story provides evidence that these people actually do add value in some cases.

YAY HYPOCRISY

[mdxi (3387)]

"Web 2.0!" say the bloggers. "Podcast!" say the bloggers. "RSS/ATOM!" say
the bloggers. "Down with oppressive media! Democratize publishing!" say the
bloggers. And now that things are finally becoming standardized, and
XML-based, and easilly parsable and reusable, it turns out they don't LIKE
it when someone reuses *their* stuff in a way they didn't envision.

WHERE IS YOUR PRECIOUS "REMIX CULTURE" NOW?

Assholes.

Re:YAY HYPOCRISY

[argent (18001)]

I remixed culture and ended up with a sushi burrito!

Mod_rewrite?

[tcdk (173945)]

Wouldn't it be fairly easy to make a mod_rewrite rule, that would block the redirects or forward them to a sod-off.html page?

I've made a few rewrite rules to avoid hotlinking of my images, and this seems possible to me.

Podcasting != Apple

[kuzb (724081)]

Why is any mention of podcasting immediatly associated with Apple? Editors, learn the language. Podcasting does not imply an Apple subject [wikipedia.org] - quit categorizing it as such.