Hijacking Podcasts

by Chris Josephes

Related link: http://www.newsfactor.com/news/Podcaster-Falls-Prey-to-RSS-Hijacking/story.xhtml…

Erik Marcus' podcast of Vegan.com was hijacked. External hits to his mp3 files went from thousands of hits to almost none. It is believed that once a tidy sum of extortion money is paid to a podcast directory site, the problem will be fixed, and Erik's traffic will return.

From reading the article it's not 100% clear if the false feed was registered on podcast search directories, or if the RSS URL was always the same and suddenly redirected to a different location. Either way, doing searches for the podcast through different podcast directories may yield incorrect results. If you go staight to the Vegan.com site, you should get the proper RSS file.

While the web is still unorganized and unstructured, podcasts are very organized. That's because there is a small number of initial vectors to find podcasts. Most users are going to go through iTunes, PodShow, Odeo, or whatever directory is configured through their podcasting software.

Unfortunately, that puts the podcast directories in a unique power situation. They have dedicated traffic from the clients and full control of what content is sent back to the user. Once podcasting grows, and more podcast directories become available, the ability to hijack podcast traffic could decrease.

I spent a few minutes trying to think about solutions to get around this kind of problem. Signed RSS files? Cross indexed podcast directories? I started to get hungry, and my throughts drifted towards pancakes and bacon cooked on my double-burner cast iron griddle. I realised that this isn't a problem with technology, this is a problem with people and policies.

If you run a podcast directory, you need to make an honest effort to make sure it has reliable information. Don't just accept anonymous submissions to feeds without checking the URLs submitted. If a little bit of due dilligence was made, problems like this could be avoided. Pointing to incorrect feeds harms your own reputation as a reliable source of information.

If you write podcast playing software, don't rely on one source of information. Make it easier for users to import RSS feeds from multiple directories, or from the main site associated with a podcast.

And if you run a podcast, keep the feed URLs under your control. Be more protective of your property, and don't rely on a limited number of sites as your sole source of traffic.