Megaphone Is Now On Multiple Blocklists For Tracking Podcast Listeners
Megaphone is a podcast hosting provider. All podcast hosting providers collect listener stats, but that's only seen by the hosting provider and the podcaster themselves. Stats are fine, but Megaphone collects listener data in order to serve targeted ads to listeners. Not only that, they are sharing this data with big ad tech like Neilsen Media Research. Which is bad for privacy and creepy. So bad that some anti-tracking tools are blocking all podcasts hosted on Megaphone.
Full discloser: I use Megaphone as the hosting provider for my podcast.
What is going on?
Here's a video made by Megaphone explaining what they are doing and what MTM is.
In short they have a service called Megaphone Targeted Marketplace (MTM) which tracks listener behavior and pairs it with Nielsen segments to present listeners with ads that are targeted for them. It's actually some amazing tech because if you think about it, all that has to be done on demand in real time and new ads are stitched into the mp3 as it streams over to the listener.
A more longer version is that when you request an mp3 from Megaphone to listen to, you first request it from traffic.megaphone.fm. Then it redirects to adserver.va3.megaphone.cloud, which grabs all kinds of listener data such as geo location and type of device and sends that to Neilsen Media Research to find a an ad for the listener. It then redirects the listener to the actual mp3 which is hosted on dcs.megaphone.fm. The problem is, listener data is now being collected by an advertising agency. Which means podcast listeners may be tracked across multiple shows even.
Megaphone has a website which explains their ad choices and even gives you a link to Neislen to opt out of targeted ads. However it's not clear that if you opt-out in the browser if it also opts-out for the podcast players too.
Also from Megaphone's privacy policy it explicitly says they are collecting listener data:
And later in the privacy policy it says this:
So Megaphone makes it clear they are collecting listener data and sharing it with ad tech companies (such as Neilsen) to insert targeted ads into podcasts.
And of course when people listen to podcasts they have no idea where it's hosted, and aren't going to look through this privacy policy to even know their data is collected and shared with advertisers.
Why is this a problem?
Well as it turns out people don't like being tracked. And there's a whole suite of anti-tracking privacy tools out there. There are DNS sinkhole services like pi-hole and NextDNS which block domains that track you, there are browser plugins to block this like AdBlockPlus, uBlock Origin, and PrivacyBadger, and there are browsers that block this too like Brave. These tools work tirelessly to figure out what website are tracking us and it blocks them so they can't do it anymore. Megaphone tracks listeners.
Megaphone is now blocked
For the first time this has become an issue. At no point in the history of podcasting has this ever been an issue before, but now it is (thanks to Megaphone). In the last few months certain blocklists have began adding Megaphone to them. This means that people who use some of the tools above may not be able to play some of their favorite podcasts.
For instance when you go to my podcast website and try to play my podcast with an up to date version of Brave, you cannot play the audio. When you hit the play button you get a big red exclamation point.
Then when you investigate what's going on you see that Megaphone was blocked.
And there's the real problem, Brave blocked traffic.megaphone.fm because it considers it a tracker. This means podcast listeners cannot play podcasts if they use certain privacy tools and tracker blockers. It's not like Brave can block just the tracking part of Megaphone and let through the audio. No it blocks the audio which fundamentally breaks the podcast listening experience.
What blocklists is Megaphone showing up on?
Once again, when someone goes to listen to a podcast (mp3) hosted on Megaphone it first goes to traffic.megaphone.fm which is just a CNAME for adserver.va3.megaphone.cloud. And this does show up on some blocklists.
(The ones with the green check marks means it appears in the blocklist. The red ones mean it was on the list previously.)
That's 6 blocklists that lists Megaphone!
Brave is blocking Megaphone. This is a privacy focused browser which has a feature called shields which blocks ads and trackers by default. Specifically it blocks traffic.megaphone.fm because that has a CNAME resolution to adserver.va3.megaphone.cloud, which does appear on one of their blocklists. Brave blocks CNAMES which resolve to domains on the blocklist.
uBlock Origin is blocking Megaphone. This is a browser plugin to block ad content. It sees that when you go to download an mp3 it sends you to adserver.va3.megaphone.cloud and blocks it.
Now the reason Brave and uBlock are blocking Megaphone is because they use the standard EasyList blocklist. But if you search EasyList you won't see Megaphone. Instead it's hitting the rules that look like this: