SecureMac, Inc.

The Checklist Podcast

SecureMac presents The Checklist. Each week, Nicholas Raba, Nicholas Ptacek, and Ken Ray hit security topics for your Mac and iOS devices. From getting an old iPhone, iPad, iPod, Mac, and other Apple gear ready to sell to the first steps to take to secure new hardware, each show contains a set of easy to follow steps meant to keep you safe from identity thieves, hackers, malware, and other digital downfalls. Check in each Thursday for a new Checklist!

Checklist 198: Listener Tracking in Podcasts with Rob Walch

Posted on September 10, 2020

Did you know that some podcasts actually track their listeners? “Today in iOS” host Rob Walch might be okay with that – IF listeners could opt-in or opt-out. Rob joins us today to talk about how the tracking occurs and about a new tool on the way to fight it. 

On this week’s Checklist, we’re joined by a special guest who tells us how some podcasts (not this one!) track their listeners without consent. We’ll discuss:

Wait, my podcast is tracking me?

If you follow security news, you’re probably aware of all the tracking that goes on with apps, websites, and social media platforms. You also know that there has been pushback against this, both from lawmakers and from privacy-focused tech companies like Apple. Legislation like the GDPR and CCPA has significantly changed the privacy landscape, with sites and services now required by law to offer tracking disclosure notices and options for those who want to opt out. The soon-to-be-released iOS 14 and Safari 14 will make it easier than ever for users to see who’s trying to invade their privacy — and to take measures to stop them.

But what you may not know is that some podcasts (not The Checklist, of course) are actually tracking their listeners in much the same way — and often without offering any means to opt out. 


Rob Walch has researched the issue extensively, and joined us on The Checklist to discuss it. Walch is VP of Podcaster Relations at the podcast hosting platform Libsyn, and is himself a regular podcaster. He’s also passionate about privacy: just over a year ago, he authored an article intended to alert listeners to the privacy threat posed by some podcasts.

According to Walch, many podcasts profile their listeners with tracking pixels similar to the ones used by websites and social media platforms. A tracking pixel is a byte of data sent to the server in order to collect information about the person receiving it. This information may include the listener’s IP address, the manufacturer and model of their device, and the app used to access the podcast. This happens whether you’re downloading a full audio file or just streaming a podcast (streamed podcasts are considered “progressive” downloads, instead of complete downloads, but they’re still downloads). Perhaps most disturbing of all, these trackers may even be able to de-anonymize your information and associate it with you specifically.  

Your data is stored and then correlated with data collected on advertiser websites, which allows podcasts and their sponsors to figure out who is visiting their sites, and what people are doing on those sites. 

Captured data can also be used to create detailed profiles of podcast listeners. For example, if you listen to several podcasts that deal with addiction and recovery, you may be profiled as someone who is struggling with substance abuse. 

This means that lots of potentially sensitive information about you is being collected, and as Walch cautions, it isn’t likely to stay in the hands of the people doing the collecting:

“When you build up a big database of information, that database becomes valuable. And valuable databases have one of two things (or both) happen to them: they get sold, or they get hacked. Just ask Equifax. If you have a valuable database, you’re either going to sell it, or be hacked, or both.”

In the hands of a third party, your profile may simply be used to serve you targeted advertising, but it could also be put to more damaging uses — for example, if it was used by the increasingly popular AI background check industry to profile you in a way that could harm your employment prospects.

It’s also important to note that tracking pixels are delivered to a listener’s device directly from the site hosting the audio file, and not from the podcast aggregator app (e.g. Apple Podcasts or Stitcher). That means that podcast aggregation platforms have zero control over whether or not a tracker gets sent to you along with your audio, which is why listeners can’t just adjust their app’s privacy settings in order to block tracking. 

If all of this disturbs you, you’re not alone. Walch sums up the situation in no uncertain terms: “It’s unethical. It’s immoral. And sadly, it’s getting worse”.

How to stop podcast tracking

The idea that podcasts are tracking us — and that there’s not much we can do to stop it — may be pretty disheartening. But according to Rob Walch, there are some steps that you can take to fight back against this kind of sneaky tracking and profiling. Here’s what he recommends: 

  1. 1

    Be aware of the issue (and tell others about it)

    If you’ve listened to this show, step one is already out of the way: You now know about the phenomenon of podcast tracking and you understand how it works. If you know other podcast listeners, help spread the word by telling them about what you’ve learned here, or by sharing this episode or Walch’s article with them.

  2. 2

    Review podcast privacy practices

    The upcoming version of Overcast (a popular podcast app) will contain a feature that lets you know if a podcast is tracking you. In the Overcast podcast directory, each show’s page will include a “privacy and tracking” button that users can click to learn more about the podcast’s privacy practices. If you already use Overcast, then you’re covered, but even if you prefer to listen on another podcast app, you can still use the new Overcast feature to learn what your favorite podcasts are doing.

  3. 3

    Talk to your podcaster

    Podcast hosts may not even be aware that their listeners are being profiled so invasively. When ad companies talk with podcasters, they will often use euphemisms like “listener attribution” to describe their activities, which admittedly sounds a whole lot better than “we’re stalking your listeners”! But here’s the thing: podcast advertising has always been grounded in a relationship of trust between podcaster and listener, and for this reason alone, many hosts would be deeply uncomfortable with such violations of their listeners’ privacy. If you see that a podcast is tracking you, reach out to the host and ask them about it — they may not know that it’s happening, and your feedback may encourage them to take action.

  4. 4

    Find alternatives to podcasts that track

    If you listen to a podcast that tracks its listeners, and you’ve already reached out to them without getting a good response, it may be time to find a new podcast! There are many excellent podcasts out there, but not a single one of them is entitled to its listeners. If your favorite podcast is violating your privacy, and they don’t seem to care about the concerns you raise, shop around for a podcast that does: one that will offer you the content you need and respect your privacy too.

The Checklist would like to thank Rob Walch for taking the time to speak with us. If you’d like to catch up with Rob on social media, follow him on Twitter. To hear Rob’s own podcasts, check out The Feed (a podcast about podcasting) and Today in iOS (a podcast dedicated to all things iPhone, iPad, and Apple Watch).

That brings us to the end of another Checklist, but be sure to check out our archives to catch up on shows you may have missed (we have complete audio and full show notes for every episode we’ve ever done). And as always, if you have a security question, or if you’d like to suggest a topic or a guest for a future show, please write to us and let us know!

Join our mailing list for the latest security news and deals