Your Podcast can be hijacked

17 Comments

Vital Security reports that your Podcast can be hijacked by nefarious people. Okay I don’t get how this whole thing works (someone please let me know if you can figure it out) but I am already worried about Om & Niall PodSessions, my nascent attempt at tip toeing into the world of podcasting. (Please subscribe to the show if you have not done so far…. its only 20 minutes a week!)

Nasty man sets up website. Nasty man targets nice Podcaster person. Nasty man points his URL to the RSS feed of the target podcast, and builds up tons of links in search engines, meaning visitors hit the podcast from nasty man’s site, rather than nice Podcaster person’s site….Wave goodbye to your audience….except….maybe I’m missing something here. Yes, lots of links in Podcast search engines or whatever will get hosed.

17 Comments

Peter Forret

A suggestion for action: http://blog.forret.com/blog/2005/12/lets-get-rid-of-podkeywordcom.html
“Here is what has to be done:
A) by every podcaster
check if you are affected: search for your podcast to see if it has been hijacked:
* on iTunes: subscribe to your own feed because you won’t be able to see the actual feed URL unless you’re subcribed. If it’s a podkeyword URL, click the “Report a concern” button and tell Apple this is a wrong feed URL, give them the right one.
* on Yahoo: search for it and if both your real feed and the podkeyword feed are present (I found 2 podkeyword feeds for my own podcast), give the hijacked ones a bad review (give it 1 star and write a review about the hijack)
(…)”

Anders

Right, but you’re on a sinking ship if you hijack and include ads because people will eventually go to the source because it doesn’t have ads. Of course if you have ads in your RSS, which I don’t think is a good idea aside from maybe a sponsored by logo, then it’s even worse because the hijacker would have to strip out your ads as well. Basically, they can rip off my RSS feed, but I don’t really care because all my URLs are fully qualified and point back to me. I really don’t think it’s worth it to hijack at this point. I could be wrong, but that’s what I see given the technological cost.

Now there is a danger if someone were to go ad free and garner enough links so that Google points to the hijacker as the authoritative source, but this takes a long time and there are many warning signs such as foreign referrer tags in your webserver logs before this becomes a problem. I’m not loosing sleep over it.

Wes Felter

Why strip any identification? Just add on your own ads to the hijacked content and watch the money roll in. I don’t know if this would work for podcasts, though.

Anders

Actually I think RSS hijacking of blog content is more of a danger than podcast hijacking. While a malicious site can masquerade your legitimate podcast, it’s much harder to automate stripping your identification from an MP3 podcast than it is from blog content, which is essentially just text. Aside from the rare case where a masqueraded RSS feed (podcast or blog) gets a higher search ranking than the legit content, I don’t think there is much risk here. Dropping your name or URL inside content is always a good countermeasure.

Wes Felter

This is actually a form of search engine hijacking, and could be used to hijack anything (Web sites, regular RSS feeds, podcasts, whatever).

Occasionally I’ve noticed other sites republishing content from my RSS feed, and the republished version gets into Google and Technorati instead of the original (because the search engines filter out “duplicates”).

Alex

I think the idea is that while initially the alacious sites will be streaming your content, what can happen after awhile is that users listening to your podcast through the malicious sites may be diverted to other content, because the malicious site can easily change it’s link.

What allows blackmail is the malicious site becoming universally known as the “proper” source for your podcast, leading podcast search engines, aggregators, and other services to attribute your podcast’s content to the malicious site rather than you.

I, for one, think this risk is rather overblowm. It has apparently happened to erik’s diner (http://cyberlaw.stanford.edu/blogs/vogele/archives/003636.shtml ) but all you really need to do is to check that the popular podcast aggregators are obtaining your content from the your source. If you do that – any possible problem vanishes.

Chris

We actually talk about the issue of people stealing content in our two part podcast with Jason Calacanis at http://www.web20show.com. There is a very real problem out there with people stealing content. The blackmailing aspect is a new one to me though. I’ve mostly seen it used to game Adsense.

John Furrier

This is a big deal that is why PodTech has “Podcasting Trust Services” for corporations. If any corporation is interested in podcasting they need to have a stategy for this trust issue. Feel free to contact me at john at podtech dot net

This is something that corporations need to understand.

John Furrier
Founder PodTech Network

ravneet

Wouldnt it be your podcast that actually gets streamed, only via someone else’s link/referral?

Maybe I am missing out something too…

Comments are closed.