Slashdot Mirror
The Podjacker Threat
Schlemphfer writes "As everyone knows by now, podcasting has taken off in a big way. But over the past week, several tech journals and The Daily Source Code have reported on the threat of 'podjacking,' the creation of an alternate RSS feed without the consent of the podcast's owner. I'm the host of a podcast, which has the dubious distinction of being the first widely-publicized victim of a podjacking. To teach others from my experiences I have posted an article entitled Preventing and Surviving a Podjacking (also available in PDF). So far this story has attracted widespread but generally
inept media and blogger
coverage. This article sets the record straight on what really happened, and shows the simple steps every podcaster should take to protect their shows from podjacking."
Do we HAVE to invent new contorted words for every variation of everything these days? Podjacking? Webinar? Blogosphere, podosphere? Vlog? Moblogging? I'm in pain here!
"Oppression and harassment is a small price to pay to live in the land of the free." -- Montgomery Burns.
Why not just let the podcast be distributed, and announce the name of your website at various intervals?
Not only will this allow the wider distribution of your ramblings, but also help save on bandwidth.
uh, uh, uh, uh, ooooh baby....
er.... sorry, you caught me at a bad time, I was podjacking...
-everphilski-
MY. OWN.
MY data. My precioussssss....
His RSS feed was no longer the unique source of downloaders, that's all. The guy had and has many listeners who found access to his podcast through non-sanctioned mirrors of his RSS feed. He thought he controlled the access to his podcast via his RSS feed, but the Internet has lots of redundancy -- without his realising so. Someone else found his material via other means, for which he isn't able to track site visitors, and this upset him. I'm not really sympathetic.
Perhaps there is mileage in protecting one aggregator of news on the web, but you hardly see Taco complaining that ArsTechnica and Digg find ways to present the same news resources to their readers.
Please, for the love of God, stop making up these stupid blog/pod mashup words for insignificant events. Someone made a metadata file that points to your content. This is the same as hotlinking (where someone makes an HTML file that points to your content). Who cares?
"I could see at a glance the danger posed by this incorrect listing"
Yes, imagine the danger of people listening to the wrong inconsequential ramblings of somebody with no life.
The consequences are beyond words!
Hey, it could be worse.. he could have called it podsquatting.
Eew!
hooked up funny
Let this be a lesson to the podcastees: Meat is the greatest thing ever.
Sorry, but it has to be said:
Save a cow...Eat a Vegan!
-/Karma burning calories
Saskboy's blog is good. 9 out of 10 dentists agree.
Enough.
Don't disappoint your bird dog. Go to the range.
Cant this PODJACKING make sense? how about like CAR JACKING, when someone jacks your car...how about when someone jacks your POD it is called podjacking....and when someone jacks your podcast its PODCASTJACKING
1) Register evilpodjackingdomain.com.
2) Find somebody else's podcast.
3) Mirror that podcast's XML file at evilpodjackingdomain.dom/pwn3d.xml
4) Get evilpodjackingdomain.dom/pwn3d.xml listed in as many podcast directories as possible.
5) Wait.
6) Blackmail original podcaster with threats of modifying / removing your local mirror; all subscribers through evilpodjackingdomain.dom/pwn3d.xml would get whatever you want them to get regardless of what the podcaster wants.
7) Profit.
Cheers,
b&
All but God can prove this sentence true.
Carjacking. Skyjacking. Podjacking.
It's official. English is officially jacked up.
So, as I understand this, more people were listening to the podcast, because some aggregator site picked up his feed. Whats the problem here? Read your damn URI at the start and end of the show and be glad you are getting heard.
If you want absolute control over the content you are creating, start a regular radio station and pay the FCC for a monopoly on your slice of the air. Better hire some IP lawyers and invest heavily in DRM, too.
Someone else found his material via other means, for which he isn't able to track site visitors, and this upset him.
You're right on here, but read a little further in the article and you realize he asked for the listings directly from the "Podjacker"! After he admits this, he says that they didn't do it how he assumed they would have done it. Then he goes on to still label them a "Podjacker".
I responded to an email somebody sent me about podkeyword.com, and I gave the site a visit and submitted my URL for a few listings. When I launched my show in October of 2004 I went everywhere I could to post its URL, and I quickly forgot all about my five minute visit to podkeyword.
I guess the only remaining comment I have on this topic is that I'd like the 5 minutes I spent reading the article back. Total waste of time - there literally is nothing to see here.
I'm a big tall mofo.
I noticed several sites were ripping off my content from my RSS feeds. Some of them are ad sites that, no doubt, gather like-minded blog posts, publish them on their site, and shit ads all over them. Others seem to be attempting to do some sort of service. What with Google punishing duplicate content posts, I don't want my content redistributed without my permission. So, I implemented a system with mod_rewrite and PHP on my site that checks the user agent before allowing access to any page. If the user agent is unknown, it shows a page saying that I don't know who they are but I'll see about allowing them access to my site. I then enter their user agent in a database, after doing some research, and decide whether to allow them or not. Eventually, I'm going to tie this into my robots.txt file so that it denies robots there (if they bother to look) in addition to showing the robot a access denied page.
It isn't the easiest solution (takes a lot of time to manage) and won't always work (e.g. they set their UA to one that looks like a valid browser or some other UA that I allow), but it clears most of the riffraff, i think.
Why not just verify the referring URL before sending out the Podcast archive? This is how most sites avoid people deep-linking into theirs, or loading high-bandwidth content such as videos or even images from their web servers. This can be done by making your RSS feed dynamically generated by a CGI script, or even just using a htaccess file for the directory containing your podcast.
What a waste of my time.
No one "jacked" anything, this guy submitted the site to this URl forwarder himself The site that "podjacked" him is no different than cjb.net or tinyurl.com or any other redriector service.
It is anyone's fault this guy is a complete tool and does not realize what he is doing.
What has happened here (if I understand it correctly, and someone will correct me if I don't) is that the guy puts up his mp3s at http://myrealserver.dm/podcast/content0001.mp3 and then he creates an RSS file which points to his mp3s at http://myrealsystem.dm/podcast/feed.rss. The RSS file is essentially a signpost: it isn't the content in itself, it just points to the content. Then, when he posts new mp3 content, he updates his RSS. What is supposed to happen is that people point their podcast client at http://myrealsystem.dm/podcast/feed.rss, and every time he posts new content and updates the RSS it's automatically downloaded.
But what he's complaining is that the 'podjacker', evilpirate, has done is created a new feed, http://evil.pirate/devious/feed.rss which also points to myrealsite's content. The file at http://evil.pirate/devious/feed.rss is automatically updated using something like wget so that whenever myrealsite adds more content, http://evil.pirate/devious/feed.rss gets updated too.
evilpirate now registers http://evil.pirate/devious/feed.rss with podcast search engines as the authoritative signpost for myrealsite. Users search for content on the search engine, and if they like myrealsite's content, they point their clients at http://evil.pirate/devious/feed.rss.
So now some - or even most - of myrealsite's users are finding new myrealsite content through evilpirate's signpost. This gives evilpirate the power to alter where the signpost points to, so that instead of getting myrealsite's content they now get rivalsite's content.
I'm old enough to remember when discussions on Slashdot were well informed.
1st dude told 2nd dude to stop directing traffic through their URL to 1st dude's site. (Pretty sure it was more of a redirect than a mirror of an RSS file).
2nd dude complied.
1st dude realized that iTunes had used 2nd dude's URL for 1st dude's listing.
1st dude is sad because all iTunes people who signed up with 2nd dude's URL are lost.
1st dude tells 2nd dude to put URL directing traffic to 1st dude's podcast backup. 2nd dude decides to capitalize and ask for money.
1st dude not happy.
He asked for a listing, not for a forwarding. There's a rather important difference.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Ha ha -- you've been clodjacked!
"Web 2.0!" say the bloggers. "Podcast!" say the bloggers. "RSS/ATOM!" say
the bloggers. "Down with oppressive media! Democratize publishing!" say the
bloggers. And now that things are finally becoming standardized, and
XML-based, and easilly parsable and reusable, it turns out they don't LIKE
it when someone reuses *their* stuff in a way they didn't envision.
WHERE IS YOUR PRECIOUS "REMIX CULTURE" NOW?
Assholes.
Posted with Mozilla