A Podcast App Is Exposing Subscribers-Only Shows

Scott Wetzel is only allowed to provide exclusive podcast content to listeners by paying $5 per month to his Patreon. The show has also been made available for free on a smaller podcasting platform. Castbox is a smaller podcasting app that can be used on both iOS and Android.

Castbox has been contacted by two people working in the podcast industry. They have removed shows and had them pop up again. This is a frustrating cycle for anyone trying to charge for their content. One source said that it was a bit like playing whack a mole with them. This is due to their ongoing work in this space.

App exposing subscribers-only shows

Although podcast subscriptions have been around for years, they gained more attention in the past month. This button allows users to subscribe directly from the app. Spotify also announced a subscription product. However, there are some caveats. The main one is that there is no in-app button.

Before these two proprietary solutions, subscriptions to podcasting were based on private RSS feeds. These links are usually assigned to listeners and allow them to access the shows. These links can be copied into any podcast app like Apple Podcasts or Overcast and the system works for most of the time. Podcasting is still a free and open industry. Even though the content is paid for, shows still get seamless RSS distribution. Podcasters don’t need to manage multiple backends and can publish all of their subscribers’ content simultaneously.

Private feeds have one major problem: they can be shared easily and anyone can access private content. As the industry shifts to subscription and other exclusive models, piracy could become a bigger concern. Already, we have seen piratised shows on Anchor and re-uploads from the Spotify-exclusive Joe Rogan Experience. Castbox is small enough to not be a concern for most podcasters, but the leaks still show the difficulties that one weak link can cause in the distribution chain.

Exposing Subscribersonly

Justin Jackson, cofounder of podcast hosting service, says, “This is both the beauty and the mess that the open system allows us to publish material everywhere. But restricting access is always going to prove tricky.”

He also said that people will always find ways to undermine the system. This could be recording audio and sharing it themselves or sharing private feed links with friends.


Software has been suggested as a solution to situations like these. Slate’s Supporting Cast, which powers several membership-oriented shows including Slate Plus, monitors private RSS feeds looking for suspicious activity. This includes thousands of downloads from what is supposed to be a single-person feed. To see if there are any unusualities, the software monitors IP addresses and the podcast apps they use.

The issue has not yet become a major problem. David Stern, Supporting Cast CEO, says that the team has had to act less than 100 times during the year and half that automated monitoring has been active.

You could share your username and password to Hulu and Netflix. That’s kind of fine. Stern states that the companies allow you to do this. You have to find a balance. This is not about national security secrets.

Software-side solutions can work, especially since RSS, which is the backbone of the podcast industry, doesn’t allow much technical improvement. It’s an expensive investment, however, and not everyone wants to make it. The simpler solution to locking down private feeds is tags. These are literal snippets or text that are part of the metadata of a podcast feed.

Podcast app subscribersonly shows

Multiple distribution companies and hosting services now verify RSS feed owners via tags. These tags include an owner’s email address which platforms use to verify that the feed is being uploaded by the owner. This prevents people from trying to claim an established show as their own. A separate tag called “lock” can be added to feeds that prevents platforms from importing it. The third and final tag is relevant to private RSS feeds. It instructs podcast apps to not index a specific show. Google Podcasts, for example, scans the web to find shows and includes them in the app. This is similar to the way its search engine populates results. The app will not index this tag if it is placed in an RSS feed (as it would likely be for a private one).

Jackson states that most platforms make it difficult for people to pirate podcasts. People can submit podcast feeds directly to directories, but Jackson also says it is trying to make it easier for listeners.

There’s a catch to tags: they are only as good or as reliable as the platforms allow. A platform might not index a program if you tell it. However, it doesn’t have the obligation to comply with your request.

Jackson suggests that Castbox is experiencing this. Castbox doesn’t respond to metadata requests for RSS feeds that request that they not be indexed. These RSS feeds are likely not being verified at the time they are submitted.

Castbox does not appear to have uploaded these feeds maliciously. Most have very few plays, so the damage to Castbox is minimal. I reached out to the owner to confirm that he meant to listen to Wetzel’s podcast alone and not make it public. When Castbox added the RSS feed, he “didn’t think” that the show would be made public. 

The Joe Rogan Experience copycat has over 400,000 plays and more than 14,000 subscribers.

Castbox COO Gene Wuu commented to The Verge after this article was published. He said that he had never seen the issue before and that the team would update their instructional page for private RSS feed uploads because it is “very confusing”. It would also block known, leaked shows “immediately.”

After investigating, he said that the podcast leak issue affected only one company’s shows. It was therefore possible to find the root cause and fix the problem. Although podcasters have in the past reached out to him about private shows being made public, that was a much smaller issue.

He says, “Obviously this was not intended.” “We take this matter very seriously and have done quite some cleanup.”

Podcasters and developers of apps see paid memberships as part the future of the industry. However, the risks associated with private RSS feeds could limit the industry’s progress. Spotify and Apple might be able to take advantage of competitors who have built whole businesses around protecting open technology. However, a proprietary solution cannot stop piracy completely. Podcasters will likely need to take some risks and rely on their fellow podcasters to prevent their shows from being taken over by pirates.

One reply on “A Podcast App Is Exposing Subscribers-Only Shows”

Leave a Reply

Your email address will not be published. Required fields are marked *

Number of published posts: 56
Estimated time to read all posts: 231.28 minutes