Podcast app

Podcast app exposes subscriber-only shows

There’s only one way to hear exclusive podcast content from sports host Scott Wetzel: by paying $ 5 a month to subscribe to his Patreon. But the show is also available for free on a small podcasting app. In fact, leaked podcast feeds from dozens of subscription-only shows, including Wetzel and The last podcast on the left, are available to stream through Castbox, a smaller app for iOS and Android, just by searching for them.

Two people in the podcast space tell me that they contacted Castbox multiple times, only to have the company remove a show and then make it reappear, an infuriating cycle for someone trying to charge for their content. “It’s a bit like playing mole with them,” said a source, who requested to remain anonymous due to their ongoing work in space.

Podcast subscriptions have been around for years, but they gained more attention in the last month. Apple, which is the dominant podcasting app, introduced in-app subscriptions with a button that allows people to subscribe to a show directly from the app. Spotify also announced its own subscription product, but with caveats – the main one being that there is no actual button in the app.

Prior to these two proprietary solutions, subscription products in the podcasting world were primarily focused on private RSS feeds, or links typically assigned to individual listeners that allow them to access shows. The links can be pasted into any supported podcast app, like Apple Podcasts, Overcast, and Pocket Casts, and for the most part the system worked. Podcasting remains a mostly open ecosystem, and while this content is paid for, shows still benefit from seamless RSS distribution. Notably, podcasters don’t have to manage multiple backends between services and can post content to all of their subscribers at once.

But private feeds always have one glaring drawback: these links can be easily shared, and anyone with the link can access the private content. Hacking could also become a growing concern as the industry turns to subscription and proprietary models. We’ve already seen pirated shows on Anchor and re-downloads of the Spotify exclusive The Joe Rogan Experience on Castbox too. While Castbox is small enough that the leaks probably aren’t on the radar of most podcasters, they still illustrate the problems that a weak link in the distribution chain can create.

“That’s the beauty and mess of the open system – the web is amazing and allows us to post content anywhere, but restricting access to content will always be tricky,” says Justin Jackson, co-founder of the hosting service. of Transistor podcasts. .fm.

He adds that inevitably people will find ways to subvert the system, whether it’s recording audio and distributing it on their own, or sharing their private stream links with friends.

To avoid such situations, software has been presented as a possible solution. Slate’s supportive cast – which powers several member-focused shows, including Slate’s own Slate Plus network – monitors private RSS feeds for suspicious activity, like thousands of downloads on what is supposed to be the flow of one person. The software also monitors the IP addresses that someone is listening to and the podcast app they are using to see if anything looks abnormal.

So far, the problem has not become a huge problem. Cast CEO David Stern says the team has only had to take action less than 100 times in the year and a half that automated monitoring has been active.

“You can still share a username and password with Hulu or Netflix, and that’s pretty good. Businesses let you get away with it, ”Stern says. “You have to find a balance. We are not talking about national security secrets here.

Software-side workarounds can be effective, especially considering that RSS, the backbone on which the podcast industry was built, does not allow many technical improvements. However, this is an investment that not all businesses may want to make. So the broader solution to locking out private feeds is simpler: tags, or literal snippets of text, which are part of the metadata of a podcast feed.

Multiple distribution companies and hosting platforms now verify the owners of RSS feeds using tags. These tags list an owner’s email address, which the platforms then use to verify who is downloading the feed, preventing people from trying to pass an already established demo as theirs. Streams can also be ‘locked’, a separate tag that, if followed, prevents platforms from importing a show. A third and final tag, particularly relevant for private RSS feeds, tells podcast apps not to index a particular show. Google Podcasts, for example, scours the web to index shows and include them in the app, much like its search engine fills in results. If this tag is placed in an RSS feed, as it would likely be in a private feed, the app will not index it.

“What most platforms do is make it as difficult as possible for people to hack podcast feeds – for people to submit podcast feeds to directories – but still, at the same time, try to make it easier for people. [who listen]”Jackson says.

The problem with labels, however, is that they are only good to the extent that the platforms allow them to be. You can tell a platform not to index a program, but it doesn’t have to comply with this request.

Jackson postulates that this appears to be happening in the case of Castbox. These RSS feeds are likely not verified when submitted, and if a feed’s metadata requests that it not be indexed, Castbox ignores that request.

None of these streams appear to have been maliciously uploaded to Castbox and most have a small number of plays – the damage is minimal. I contacted the owner of Wetzel’s private podcast RSS feed, and he confirmed that he intended to listen to this podcast on his own, not make it public. He “didn’t think” that the show would go public when he added the RSS feed to listen to on Castbox. (The Joe Rogan Experience copycat, however, has over 400,000 parts and over 14,000 subscribers.)

In a comment to The edge After this article was published, Castbox COO Gene Wuu said he has never seen this issue before and the team will update their instructions page to download RSS feeds private, because it is “very confusing”. It would also block known and disclosed broadcasts “immediately”.

He says the team, upon investigation, found that the podcast leak issue primarily affected shows from a specific hosting company, so it would work to figure out what was wrong and fix the issue. He admitted that podcasters had, in the past, requested that private shows be published publicly, but that problem was much smaller.

“Obviously, it’s not intentional,” he says. “We always take this very seriously and have done quite a bit of cleaning up. “

Podcasters and app developers clearly see paid subscriptions as part of the future of the industry, but the risks of private RSS feeds could jeopardize the progress of the industry. It could even give Spotify and Apple a head start over their competitors who have built entire businesses around lockdown on open technology. But even a proprietary solution can’t entirely prevent piracy, and for podcasters, they will likely have to accept some risk and rely on the good faith of the podcast players themselves to keep their shows from spreading.

Updated May 13, 5:32 p.m. ET: Updated to include Castbox commentary.

Leave a Reply

Your email address will not be published.