Your Podcast can be hijacked

17 thoughts on “Your Podcast can be hijacked”

  1. This is a big deal that is why PodTech has “Podcasting Trust Services” for corporations. If any corporation is interested in podcasting they need to have a stategy for this trust issue. Feel free to contact me at john at podtech dot net

    This is something that corporations need to understand.

    John Furrier
    Founder PodTech Network

  2. I think the idea is that while initially the alacious sites will be streaming your content, what can happen after awhile is that users listening to your podcast through the malicious sites may be diverted to other content, because the malicious site can easily change it’s link.

    What allows blackmail is the malicious site becoming universally known as the “proper” source for your podcast, leading podcast search engines, aggregators, and other services to attribute your podcast’s content to the malicious site rather than you.

    I, for one, think this risk is rather overblowm. It has apparently happened to erik’s diner (http://cyberlaw.stanford.edu/blogs/vogele/archives/003636.shtml ) but all you really need to do is to check that the popular podcast aggregators are obtaining your content from the your source. If you do that – any possible problem vanishes.

  3. This is actually a form of search engine hijacking, and could be used to hijack anything (Web sites, regular RSS feeds, podcasts, whatever).

    Occasionally I’ve noticed other sites republishing content from my RSS feed, and the republished version gets into Google and Technorati instead of the original (because the search engines filter out “duplicates”).

  4. Actually I think RSS hijacking of blog content is more of a danger than podcast hijacking. While a malicious site can masquerade your legitimate podcast, it’s much harder to automate stripping your identification from an MP3 podcast than it is from blog content, which is essentially just text. Aside from the rare case where a masqueraded RSS feed (podcast or blog) gets a higher search ranking than the legit content, I don’t think there is much risk here. Dropping your name or URL inside content is always a good countermeasure.

  5. Why strip any identification? Just add on your own ads to the hijacked content and watch the money roll in. I don’t know if this would work for podcasts, though.

  6. Right, but you’re on a sinking ship if you hijack and include ads because people will eventually go to the source because it doesn’t have ads. Of course if you have ads in your RSS, which I don’t think is a good idea aside from maybe a sponsored by logo, then it’s even worse because the hijacker would have to strip out your ads as well. Basically, they can rip off my RSS feed, but I don’t really care because all my URLs are fully qualified and point back to me. I really don’t think it’s worth it to hijack at this point. I could be wrong, but that’s what I see given the technological cost.

    Now there is a danger if someone were to go ad free and garner enough links so that Google points to the hijacker as the authoritative source, but this takes a long time and there are many warning signs such as foreign referrer tags in your webserver logs before this becomes a problem. I’m not loosing sleep over it.

  7. A suggestion for action: http://blog.forret.com/blog/2005/12/lets-get-rid-of-podkeywordcom.html
    “Here is what has to be done:
    A) by every podcaster
    check if you are affected: search for your podcast to see if it has been hijacked:
    * on iTunes: subscribe to your own feed because you won’t be able to see the actual feed URL unless you’re subcribed. If it’s a podkeyword URL, click the “Report a concern” button and tell Apple this is a wrong feed URL, give them the right one.
    * on Yahoo: search for it and if both your real feed and the podkeyword feed are present (I found 2 podkeyword feeds for my own podcast), give the hijacked ones a bad review (give it 1 star and write a review about the hijack)
    (…)”

This site uses Akismet to reduce spam. Learn how your comment data is processed.