Feedburner Need to Stop Hijackings

This morning, like a few others I would imagine, I was duped into unsubscribing from Guy Kawasaki’s blog. It wasn’t untill I got to my friend Graywolfs post that I even realized I’d been had. This is a problem Feedburner need to sort out immediately.

I’ll refrain from saying “it’s an easy fix”, as running a couple of large tools/services has taught me that things are rarely as simple as most users imagine, but the idea of just not letting someone resuse a feed url is fairly simple, so hopefully they’ll be able to sort it out sooner rather than later.

powered by performancing firefox

4 thoughts on “Feedburner Need to Stop Hijackings

  1. @jazer: The answer is pragmatic and absolutely understandable but ‘don’t delete’ doesn’t point into the right formal direction.

    It would be great if such an important big service like FeedBurner would establish a workforce with the web consortium to get some RFC draft out which will solve that problem in a more authorative way (see my other comment above).

    After Day 30, your feed is deleted and that URL is up for grabs. If you would like to extend this time period beyond 30 days, however, just drop us a note to feedback [at] feedburner.com and we’d be happy to extend this redirect period indefinitely. We’ve done that for lots of publishers.

    Mike’s point is valid: as a publisher, you should be aware that if you delete your FeedBurner feed you are also releasing your claim to that particular URL, just like what happens if you give up a domain name or a delete a blog on a hosted service. We have provided the tools (through redirection, MyBrand, and the 30-day Delete process) to ensure that publishers maintain complete control over their feed, but we always welcome feedback and suggestions for improvement!

    Well, the solution should come from FB. The way it sounds now is at least a little weak.

    Workaround – Maybe an easy solution?

    Another pragmatic technical solution could be invented. What about a random number or a publisher ID in the feed URL? This way feed names could be copied but not the whole string. That way hijacking a feed would not be possible!

  2. Howdy Nick. This is John from FeedBurner.

    Don’t worry, we never “expire” your feed unless you decide to delete it. And if you do delete it, you can use our free 30-day redirect service to transparently shuttle all your subscribers along to a new feed (so they won’t sit dormant, subscribed to an old, unusused feed).

    Our CTO Eric has a post about this today: http://www.burningdoor.com/eric/archives/001892.html

    – John

  3. Another good reason not to let domains die … in this case it’s a case of RSS feed spoofing. Feed registration will become an issue like domain registration did before. Right now there is no problem to use brand names like New York Times, Der Spiegel (The Mirror – big German weekly magazine) for a feed!

    Some authorization process is necessary for the future like it was developed for the domain handling.

    PS: I’d like to see an in-depth article what can be done against RSS scraping (automatic RSS re-publishing). I am seeing plenty of sites which are re-using i.e. Flickr feeds.

Comments are closed.