Friday, December 02, 2005

Podcast for Ransom, as Easy as 1 2 3

Update: Podcast 'Hijacker' Says Business as Usual

December 6, 2005
Things are a bit more complicated than they originally seemed.

In fact, ther may be no villain here.

“According to George Lambert, creator of the Podkey redirection service that allegedly hijacked a Podcast and held it for ransom, the alleged victim registered with his service to begin with and the "ransom" simply represents fees that would be required to do the custom coding the Podcaster has demanded.

The alleged victim, Podcaster Erik Marcus, recently found that Apple Computer Inc.'s iTunes and Yahoo Inc. were using a URL and RSS feed that were not his in order to direct traffic to Marcus' Podcast: Vegan.com's "Erik's Diner" show.

Yahoo's Podcast page gives an RSS feed belonging, not to Vegan.com, but to Lambert's Podkeyword.com.

Marcus contacted Lambert to ask that his listing be removed. Lambert did so. This, however, caused Marcus' listenership to crash by some 75 percent, he claimed. Marcus then asked that his listing temporarily be reinstated on Podkeyword while he worked to fix things with Apple Computer Inc.'s iTunes.

Lambert responded that it would be reinstated only if Marcus provided an unspecified payment or agreed permanently to his terms—a description that sounds like hijacking and extortion and that has resulted in Lambert's being harassed around the clock by profane e-mail and phone calls.

However, as Lambert told Ziff Davis Internet News and also explained on a Podcast by David Lawrence, the request for reimbursement was simply to compensate him for the custom coding that Marcus reportedly demanded.

Specifically, Marcus reportedly requested that Lambert allow individuals to find his feed via keyword but not to allow OPML directories to have the feed any longer.

"He wanted me to make sure no other directory services got the information from me, but I can't tell who are directory services, because we're not submitting anything," Lambert said. "People are coming to look at our list. I have a choice: I remove it from anywhere or I [don't] remove it. You can't restrict who comes to look at your Podcast. So his request wasn't technically practical.

"If you want me to come up with a solution, I can try, but that's consulting," he told Ziff Davis Internet News. "That doesn't fall within the bounds of a free service—one that's there to make people's lives better. Is that extortion?"

"I met his [original] request immediately and without reservation," Lambert said. "I said I'd reinstate it for free if he met my terms. If you're asking me to do something custom, you have to pay me to do [it]. That's not unreasonable, and that's not extortion."

While Marcus is seeking legal redress for what he refers to as a new form of Internet extortion, Podcasters happy with the redirection service provided by Podkey aren't hesitating to come to its defense.

One such comment demonstrates the possibility of a user having registered with Podkey and then forgotten about it: "From my own experience, I have to say, my dealings with George have always been on the up and up," Podcaster Kevin Devin wrote on Lambert's blog.

"I too had created a Podkeyword for my Podcast WAY back in late 2004. Interestingly, I had actually forgotten about Podkey until iTunes hit with their Podcast directory, which ended up including two different listings for my feed. The Podkey one, and my actual."

As it is, Lambert runs the service free of charge, on funds that flow out of his own pocket. "I went and did something, I was volunteering," he said. "They took my free service and now they called it extortion, hijacking. And to be threatened to be sued, and harassed … why would I ever want to do something for people on the Internet again?"

Beyond the profane response to Lambert's alleged wrongs, calmer minds are pointing out that the heart of the problem is this: Once the wrong RSS feed gets into a directory, it's extremely difficult to find out and to fix it.

"I have that problem with one Podcast where some of the listings point to a staging server and not the real server," wrote Dan Bricklin, well-known blogger and the developer of VisiCalc.

"I think in the early days someone subscribed to the staging server while I tested out the Podcast series and some list picked that up and other lists copy from each other.

"This is a big problem. It's not like Google where things are somewhat self-correcting as people point to the one the owner points to," Bricklin wrote. "Once this points wrong it just perpetuates itself and you can't fix it. In this case, the RSS feed owner [Podcaster] got into a bad situation."

http://www.eweek.com/article2/0,1895,1896434,00.asp

“The manner in which the purported hijacking occurred exemplifies the fact that RSS feeds are far more vulnerable to squatters than Web site domains. The method doesn't require stolen passwords or other overtly illegal methods.

Rather, it merely involves finding a target Podcast and creating a unique URL for it on a Web site that the hijacker can control. The hijacker then points his URL to the RSS feed of the target Podcast.

Next, the hijacker does whatever it takes to ensure that, as new Podcast engines come to market, the page each engine creates for the target Podcast points to the hijacker's URL instead of to the Podcast creator's official URL. ”

Podcast Hijacked, Held for Ransom from eWEEK
By Lisa Vaas

“In an assault reminiscent of the early days of the Internet, Podcaster Erik Marcus recently found that his RSS feed had been inexplicably redirected.

According to Marcus, rather than fully cooperate to address the situation, the cyber-squatter is demanding payment or permanent agreement to terms, and Marcus is seeking legal redress for this new form of Internet extortion.

Marcus publishes Vegan.com and the "Erik's Diner" Podcasts.

Over the course of the past year, Marcus has built his listenership from 100 people per show up to some 1,500. Over the past few weeks, he noticed that Yahoo Inc. had created an entry for his show on its beta site, Podcasts.yahoo.com.

The page had an RSS feed belonging not to Vegan.com, however, but to a site named Podkeyword.com.…

Marcus e-mailed Podkeyword directly in order to "nip this problem in the bud rather than let it grow," he said in his letter to his lawyer, Colette Vogele.

Podkeyword honored his request, Marcus said, after which his listener numbers abruptly collapsed. Marcus came to find that Apple Computer Inc.'s iTunes service, which shields RSS information from its users, had also picked up the Podkeyword URL.

"This has cost me more than 1,000 listeners per show," Marcus wrote in the letter.…

The manner in which the purported hijacking occurred exemplifies the fact that RSS feeds are far more vulnerable to squatters than Web site domains. The method doesn't require stolen passwords or other overtly illegal methods.

Rather, it merely involves finding a target Podcast and creating a unique URL for it on a Web site that the hijacker can control. The hijacker then points his URL to the RSS feed of the target Podcast.

Next, the hijacker does whatever it takes to ensure that, as new Podcast engines come to market, the page each engine creates for the target Podcast points to the hijacker's URL instead of to the Podcast creator's official URL.

Vogele, a non-residential fellow at Stanford University's Center for Internet and Society and head of the firm Vogele & Associates, told Ziff Davis Internet News that she is mulling over a number of approaches to determine which laws might pertain in the case, including claims of unfair competition, trademark infringement/dilution, computer fraud and abuse, trespass, right of publicity and misappropriation.…

Marcus suggested that Podcasters can protect themselves from hijacking by checking to make sure that all Podcast directories and search engines list RSS feeds that point to their official URLs/RSS feeds.

Also, if Podcasters learn of a hijacking, they can write to the hijacker and demand that they cease and desist. Hijacked Podcasters should also write to the Podcast directories and search engines to point out the misconduct.

Those who posted responses to Vogele's Weblog entry on the matter suggested other defensive strategies. One is to rename Podcast audio files on occasion and point to the new names in the legitimate RSS feed, thus causing the malicious site's RSS feed to stop working and hence to cease gaining popularity.

Another tactic is to look at the referrer's tags for Podcast downloads in a Podcaster's Web server logs. Names of malicious sites that point to a Podcast will come up in the logs, and a large number of off-site listener referrals should raise flags.

Another tactic proposed on Vogele's blog is to mention the site and feed URL in each Podcast. Those who take the time to notice what URL they're using may notice that the URL is in fact not the official one. ”

http://www.eweek.com/article2/0,1895,1894827,00.asp

Tuesday, November 29, 2005

1 Million Digitized Images Now Available Online from The Library of Congress

“Long before The Library of Congress (LC) made the announcement last week about planning a World Digital Library (WDL), they've been digitizing material of all types for many years along with cataloging books (as you might expect) and offering MANY other services.


One searchable digitized collection from LC that you should know about is a catalog of imagery from the The Library of Congress Prints & Photographs Division. As of today, 1 million digitized images are now available via the catalog. Access to the catalog is free.

It's possible to search the entire collection or individual collections one at a time. It's also possible to browse some of the collections. Finally, most of the images have been given subject access using the Thesaurus for Graphic Materials that now includes hyperlinked subjects for many images. I've also blogged about this thesaurus in the past. For the latest on what's happening at the Prints & Photographs Division, check out this 'What's New' page.”

From the SearchEngineWatch blog Posted by Gary Price

http://blog.searchenginewatch.com/blog/051128-205524: