Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Podjacker Threat

Posted by Zonk on from the save-the-children dept.

Schlemphfer writes "As everyone knows by now, podcasting has taken off in a big way. But over the past week, several tech journals and The Daily Source Code have reported on the threat of 'podjacking,' the creation of an alternate RSS feed without the consent of the podcast's owner. I'm the host of a podcast, which has the dubious distinction of being the first widely-publicized victim of a podjacking. To teach others from my experiences I have posted an article entitled Preventing and Surviving a Podjacking (also available in PDF). So far this story has attracted widespread but generally inept media and blogger coverage. This article sets the record straight on what really happened, and shows the simple steps every podcaster should take to protect their shows from podjacking."

23 of 354 comments (clear)

  1. PLEASE, enough with the words! by RPoet · · Score: 5, Funny

    Do we HAVE to invent new contorted words for every variation of everything these days? Podjacking? Webinar? Blogosphere, podosphere? Vlog? Moblogging? I'm in pain here!

    --
    "Oppression and harassment is a small price to pay to live in the land of the free." -- Montgomery Burns.
    1. Re:PLEASE, enough with the words! by dr_dank · · Score: 4, Funny

      Do we HAVE to invent new contorted words for every variation of everything these days? Podjacking? Webinar? Blogosphere, podosphere? Vlog? Moblogging? I'm in pain here!

      Those are perfectly cromulent words.

      --
      Where does the school board find them and why do they keep sending them to ME?
  2. uh, uh, uh, uh, by everphilski · · Score: 5, Funny

    uh, uh, uh, uh, ooooh baby....

    er.... sorry, you caught me at a bad time, I was podjacking...

    -everphilski-

    1. Re:uh, uh, uh, uh, by jcr · · Score: 4, Funny

      Don't you know podjacking can make you go blind, boy? Now, say 10 "Hail Marys", and ego te absolvo.

      -jcr

      --
      The only title of honor that a tyrant can grant is "Enemy of the State."
  3. My precious data. by croddy · · Score: 4, Funny
    It's MINE.

    MY. OWN.

    MY data. My precioussssss....

  4. He lost control of his statistics by wild_berry · · Score: 4, Insightful

    His RSS feed was no longer the unique source of downloaders, that's all. The guy had and has many listeners who found access to his podcast through non-sanctioned mirrors of his RSS feed. He thought he controlled the access to his podcast via his RSS feed, but the Internet has lots of redundancy -- without his realising so. Someone else found his material via other means, for which he isn't able to track site visitors, and this upset him. I'm not really sympathetic.

    Perhaps there is mileage in protecting one aggregator of news on the web, but you hardly see Taco complaining that ArsTechnica and Digg find ways to present the same news resources to their readers.

    1. Re:He lost control of his statistics by Surt · · Score: 4, Insightful

      If you read the article, I think you'll find he has a pretty legitimate concern. Imagine if google kept url listings. Which they do:

      http://www.google.com/search?q=site%3Awww.yahoo.co m&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=o rg.mozilla:en-US:official

      Now imagine that they allowed anyone to register a site mapping. For example, maybe I should register www.yahoo.com, and have it forwarded through my domain. Then one day, maybe, I decide that instead of forwarding to the real yahoo site, i'll just redirect all the visitors to my own site. What's to stop me?

      That's the problem with podjacking.

      --
      "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
  5. Same as hotlinking by Anonymous Coward · · Score: 5, Insightful

    Please, for the love of God, stop making up these stupid blog/pod mashup words for insignificant events. Someone made a metadata file that points to your content. This is the same as hotlinking (where someone makes an HTML file that points to your content). Who cares?

  6. This is funny by Anonymous Coward · · Score: 5, Funny

    "I could see at a glance the danger posed by this incorrect listing"

    Yes, imagine the danger of people listening to the wrong inconsequential ramblings of somebody with no life.

    The consequences are beyond words!

  7. Re:*Gnashes Teeth* by xnderxnder · · Score: 5, Funny

    Hey, it could be worse.. he could have called it podsquatting.

    Eew!

    --
    hooked up funny
  8. Lesson by okjeff · · Score: 5, Funny

    Let this be a lesson to the podcastees: Meat is the greatest thing ever.

  9. Vegan.com podcast? by saskboy · · Score: 4, Funny

    Sorry, but it has to be said:

    Save a cow...Eat a Vegan!

    -/Karma burning calories

    --
    Saskboy's blog is good. 9 out of 10 dentists agree.
  10. Jipahddis, establishing bases in Podjackistan by ScentCone · · Score: 4, Funny

    Enough.

    --
    Don't disappoint your bird dog. Go to the range.
  11. WHAAAAAAAAT by Anonymous Coward · · Score: 4, Funny

    Cant this PODJACKING make sense? how about like CAR JACKING, when someone jacks your car...how about when someone jacks your POD it is called podjacking....and when someone jacks your podcast its PODCASTJACKING

  12. ``Podjacking'' summarized by TrumpetPower! · · Score: 4, Informative

    1) Register evilpodjackingdomain.com.
    2) Find somebody else's podcast.
    3) Mirror that podcast's XML file at evilpodjackingdomain.dom/pwn3d.xml
    4) Get evilpodjackingdomain.dom/pwn3d.xml listed in as many podcast directories as possible.
    5) Wait.
    6) Blackmail original podcaster with threats of modifying / removing your local mirror; all subscribers through evilpodjackingdomain.dom/pwn3d.xml would get whatever you want them to get regardless of what the podcaster wants.
    7) Profit.

    Cheers,

    b&

    --
    All but God can prove this sentence true.
  13. Re:*Gnashes Teeth* by Kelson · · Score: 4, Funny

    Carjacking. Skyjacking. Podjacking.

    It's official. English is officially jacked up.

  14. I don't get it by wampus · · Score: 4, Insightful

    So, as I understand this, more people were listening to the podcast, because some aggregator site picked up his feed. Whats the problem here? Read your damn URI at the start and end of the show and be glad you are getting heard.

    If you want absolute control over the content you are creating, start a regular radio station and pay the FCC for a monopoly on your slice of the air. Better hire some IP lawyers and invest heavily in DRM, too.

  15. Close, but read the full article. by bigtallmofo · · Score: 5, Insightful

    Someone else found his material via other means, for which he isn't able to track site visitors, and this upset him.

    You're right on here, but read a little further in the article and you realize he asked for the listings directly from the "Podjacker"! After he admits this, he says that they didn't do it how he assumed they would have done it. Then he goes on to still label them a "Podjacker".

    I responded to an email somebody sent me about podkeyword.com, and I gave the site a visit and submitted my URL for a few listings. When I launched my show in October of 2004 I went everywhere I could to post its URL, and I quickly forgot all about my five minute visit to podkeyword.

    I guess the only remaining comment I have on this topic is that I'd like the 5 minutes I spent reading the article back. Total waste of time - there literally is nothing to see here.

    --
    I'm a big tall mofo.
  16. Been There by somethinghollow · · Score: 4, Interesting

    I noticed several sites were ripping off my content from my RSS feeds. Some of them are ad sites that, no doubt, gather like-minded blog posts, publish them on their site, and shit ads all over them. Others seem to be attempting to do some sort of service. What with Google punishing duplicate content posts, I don't want my content redistributed without my permission. So, I implemented a system with mod_rewrite and PHP on my site that checks the user agent before allowing access to any page. If the user agent is unknown, it shows a page saying that I don't know who they are but I'll see about allowing them access to my site. I then enter their user agent in a database, after doing some research, and decide whether to allow them or not. Eventually, I'm going to tie this into my robots.txt file so that it denies robots there (if they bother to look) in addition to showing the robot a access denied page.
     
    It isn't the easiest solution (takes a lot of time to manage) and won't always work (e.g. they set their UA to one that looks like a valid browser or some other UA that I allow), but it clears most of the riffraff, i think.

  17. Re:Slashdot overrun by old fogies by Simon+Brooke · · Score: 4, Informative
    I don't think many people understand what a podjacking is. Does it mean someone else distributes an identical podcast file as their own, or does it mean they make their own podcast and pretend is comes from another source?

    What has happened here (if I understand it correctly, and someone will correct me if I don't) is that the guy puts up his mp3s at http://myrealserver.dm/podcast/content0001.mp3 and then he creates an RSS file which points to his mp3s at http://myrealsystem.dm/podcast/feed.rss. The RSS file is essentially a signpost: it isn't the content in itself, it just points to the content. Then, when he posts new mp3 content, he updates his RSS. What is supposed to happen is that people point their podcast client at http://myrealsystem.dm/podcast/feed.rss, and every time he posts new content and updates the RSS it's automatically downloaded.

    But what he's complaining is that the 'podjacker', evilpirate, has done is created a new feed, http://evil.pirate/devious/feed.rss which also points to myrealsite's content. The file at http://evil.pirate/devious/feed.rss is automatically updated using something like wget so that whenever myrealsite adds more content, http://evil.pirate/devious/feed.rss gets updated too.

    evilpirate now registers http://evil.pirate/devious/feed.rss with podcast search engines as the authoritative signpost for myrealsite. Users search for content on the search engine, and if they like myrealsite's content, they point their clients at http://evil.pirate/devious/feed.rss.

    So now some - or even most - of myrealsite's users are finding new myrealsite content through evilpirate's signpost. This gives evilpirate the power to alter where the signpost points to, so that instead of getting myrealsite's content they now get rivalsite's content.

    --
    I'm old enough to remember when discussions on Slashdot were well informed.
  18. Re:Slashdot overrun by old fogies by mzwaterski · · Score: 5, Informative
    You need to re-read.

    1st dude told 2nd dude to stop directing traffic through their URL to 1st dude's site. (Pretty sure it was more of a redirect than a mirror of an RSS file).

    2nd dude complied.

    1st dude realized that iTunes had used 2nd dude's URL for 1st dude's listing.

    1st dude is sad because all iTunes people who signed up with 2nd dude's URL are lost.

    1st dude tells 2nd dude to put URL directing traffic to 1st dude's podcast backup. 2nd dude decides to capitalize and ask for money.

    1st dude not happy.

  19. Re:I'm Lutheran by sunwukong · · Score: 4, Funny

    Ha ha -- you've been clodjacked!

  20. YAY HYPOCRISY by mdxi · · Score: 4, Funny

    "Web 2.0!" say the bloggers. "Podcast!" say the bloggers. "RSS/ATOM!" say
    the bloggers. "Down with oppressive media! Democratize publishing!" say the
    bloggers. And now that things are finally becoming standardized, and
    XML-based, and easilly parsable and reusable, it turns out they don't LIKE
    it when someone reuses *their* stuff in a way they didn't envision.

    WHERE IS YOUR PRECIOUS "REMIX CULTURE" NOW?

    Assholes.

    --
    Posted with Mozilla