Anders Brownworth

Technology and Disruption

The Other Side of PodJacking

Folks, on Monday I posted a description of the threat of podjacking and how it is potentially exploited. There was some ambiguity around wither or not malicious podjacking was taking place in the wild, but I had run across a story covering Erik Marcus? podcast on Vegan.com which he claimed was podjacked by PodKey.com, a service provided by George Lambert. (See the eWeek article covering the issue.) Mr. Lambert contacted me to present his side of the story, claiming that the situation was just a misunderstanding. With a new technology like podcasting, which is exploding, it is perhaps not surprising that there are differences of opinion on what constitutes ethical behavior. After reading through Mr. Lambert?s email, I can see his point.

We are essentially coining the new term ?podjack? with this story. Clearly the term refers to the republishing of podcast RSS feeds with malicious intent. The question in this story is ?was there malicious intent?. If not, then the story is one of misunderstanding rather than extortion. If there was, then there is a case.

Mr. Marcus created an account with Mr. Lambert?s service. Mr. Lambert?s service publishes RSS feeds and also enters them in an OPML directory, which was later parsed and listed by the iTunes Podcast and Yahoo Podcast services. Some time went by and Mr. Marcus noticed his feed was incorrectly listed on Yahoo Podcast and iTunes Podcast service, so he requested Mr. Lambert remove his feed, which he did. Traffic fell off some 75% prompting Mr. Marcus to request reinstatement but added a few stipulations, which would require Mr. Lambert to recode his site. Mr. Lambert requested compensation for the work and Mr. Marcus interpreted that as podjacking for a ransom.

In my mind, the ethical questions surround ?should someone include republications of other?s RSS feeds in their OPML directories because sites like Yahoo and iTunes use these directories to create listings blindly assuming the OPML directory owner owns all the RSS feeds listed?. That?s the only grey area I can see in this case. If Mr. Marcus contributed his RSS feed to a service and forgot about it or didn?t read about how PodKey.com was going to repackage the feed, then that would be Mr. Marcus? issue. If Mr. Lambert repackaged the feed without properly mentioning what he was doing or with the intent to extort, than that would be Mr. Lambert?s issue. My read on the issue is that neither party had the intent to dissuade but the OPML listing had unintended long term consequences that have created the looks of an extortion attempt and Mr. Lambert has taken an unfair beating in the press.

At this point, how is Mr. Lambert to ?give? the feed back to Mr. Marcus without the involvement of Apple and Yahoo? And if Mr. Lambert continues to distribute Mr. Marcus? feed as Mr. Markus requested, is he supposed to make these potentially difficult changes without being compensated? Maybe at this point the cost of the changes are going to be cheaper than the cost of being unfairly labeled as the first podjacker. Either way, it seems to me that Mr. Lambert has gotten the raw end of this deal.

The case points out how there is a fundamental security risk in RSS technology that needs to be understood. If podjacking becomes a common problem, the industry might have to start looking at alternative ways of securing RSS technology. It is not an easy technology problem to solve because RSS allows content such as text and MP3s to be easily copied.

Perhaps in time there will be a way to publish RSS feeds that is immune to hijacking, but it would seem that any attempt to do so will impinge on exactly what makes RSS so good. At this point, the best protection one can get in a podcast is to say the valid URL and tell your listeners to make sure they are getting your feed from the source.

Comments (0)

Leave a Comment

Name:
Location: (city / state / country)
Email: (not published / no spam)
Comment:

No HTML is allowed. Cookies must be enabled to post. Your comment will appear on this page after a moderator OKs it. Offensive content will not be published.

Click the firetruck to submit your comment.

To create links in comments:
[link:https://andersbrownworth.com/] becomes https://andersbrownworth.com/
[link:https://andersbrownworth.com/|AndersBrownworth.com] becomes AndersBrownworth.com
Notice there is no rel="nofollow" in these hrefs. Links in comments will carry page rank from this site so only link to things worthy of people's attention.