A TechCrunch RSS feed was hijacked in 2021. Nobody noticed.

RSS feeds power the internet - The parts of it worth reading anyway. With a decent RSS reader, you can skim headlines or excepts, you can get the most important news on your favourite topics without ever having to visit the sites themselves.

Feedburner is a web feed management service founded in 2004, and offered custom RSS feeds and management tools to bloggers. There are were some huge advantages for websites using Feedsburner to power their feeds. Statistics and analytics, for example; browser-friendly versions instead of ugly XML files; email sign-up options.

But relying on external services to provide feeds leaves readers vulnerable if the feed is taken over by a a squatter. Who wants their feeds full of affiliate spam, cruft, crap, and scams? No-one, that's who.

But that's what happened to TechCrunch in 2021.

TechCrunch had a rocky relationship with FeedBurner

Way back in June 2005, TechCrunch, not yet a tech media powerhouse, was a "weblog dedicated to obsessively profiling and reviewing every newly launched web 2.0 business and service".

Hosted on WordPress 1.5.1, Techcrunch was the place to go if you wanted to read about the launch of Google reviews, the proliferation of new search engines, or an explanation of what web2.0 actually was.

They also had good things to say about the FeedBurner service:

One reason a blog or website owner would want to use this is because it simplifies the RSS feed. The Feed URL for Techcrunch, for instance, is “http://feeds.feedburner.com/Techcrunch”, which is a much simpler format that standard RSS feeds.... And if a site can get most of its readers to use the single Feedburner feed, they can take advantage of the great statistics and tools to see where readers are coming from and what they are clicking on.

We'd disagree that the TechCrunch FeedBurner URL is a simpler format, and a quick look on archive.org shows that the TechCrunch had two native feeds at the time: http://www.techcrunch.com/?feed=rss and http://www.techcrunch.com/?feed=atom.

Sure, the URLs contain a "?", but the overall length was shorter, and besides, links are for clicking, not for copying out by hand - but we digress. TechCrunch clearly preferred the FeedBurner service, most likely because, "it can automatically add Google Adsense adds to your feeds, allowing you to easily generate revenue if you have a large enough audience". 

TechCrunch switched to FeedBurner the following month. 

Google acquired FeedBurner in 2007, and by 2012, TechCrunch had the service on deathwatch after Google shuttered its adsense integration.

Many publishers (including TechCrunch) rely on the service to publish their RSS feeds. It’s time to reconsider this as the writing is clearly on the wall.

They didn't reconsider it though, and the TechCrunch Feedburner feed was regularly updated with every story and article until late 2021.

Failing to heed their own warning

We started subscribing to TechCrunch via RSS at some point in 2018 - somewhere around the time that TechCrunch was loudly proclaiming the death of RSS as a useful technology.

We can't remember where we found the URL - the official feed on the main site was https://techcrunch.com/feed/ at the time (and still is). It was probably through search results or an aggregated list of cool feeds to follow. Either way, the official FeedBurner feed was ticking along nicely. Doubtless forgotten by the TechCrunch admins, but, like a dying postman in a post-apocalyptic world, dutifully updating RSS clients around the world with the latest on Silicon Valley startups, interesting innovations, and the imminent arrival of Web 3.0 (yawn).

In April 2021, TechCrunch reported that Google would soon move Feedburner to a new infrastructure, and once again plugged its own FeedBurner URL - at the same time noting that the upcoming changes had the potential to create a bit of a mess:

And despite everything, shutting it down would probably break enough tools for publishers to create quite an uproar. The TechCrunch RSS feed, to which you are surely subscribed in your desktop RSS reader, is http://feeds.feedburner.com/TechCrunch/, after all.

Yes. That was a live link, BTW.

The confusion

We're not sure how exactly the FeedBurner infrastructure shift went down, but we're certain that as TechCrunch predicted, it was a shitshow, and yes, it did break publisher tools, despite assurances from Google that, "All existing feeds will continue to serve uninterrupted".

Pruning the feeds on our fabulous self-hosted FreshRSS instance last week, we noticed that we hadn't favourited any TechCrunch articles for a while. Our instance is set to purge content over a certain age unless it's been favourited.

Historically we had liked, on average, one TechCrunch article per month enough to keep it permanently on our servers.

Highlights include headlines such as "We must end the era of adjunct surveillance" from August 2021 at which we were outraged and disgusted, and "Panic sells 20,000+ Playdate handhelds in under 20 minutes" from a month earlier, about which we were delighted.

Our last favourited TechCrunch article received over RSS was titled "Amazon will pay you $10 in credit for your palm print biometrics", at which we literally facepalmed (Boom!).

After that there's nothing - at least nothing we've found engaging enough to mark.

Under new management

An article from the TechCrunch feed posted in October 2021 - a mere six months after TechCrunch's article on the upcoming Infrastructure changes was titled, "China Could Be Exploiting Internet Security Process to Steal Data, Cyber Experts Warn". It doesn't scan as being particularly Crunch-y, and although informative, it doesn't read quite right either. The article isn't engaging (but hey, who has a 100% hit rate?), and the byline is "noreply@blogger.com".

The page it links to is on the now-defunct https://techncruncher.blogspot.com blog. Running the content through a free plagiarism detector, reveals that the exact same content is on dozens of sites, including the Freedom First Network - an alt-right leaning outlet that (on a random sampling of its other pages) views Democrats as facists, and has headlines such as "Planned Parenthood is Selling the Bodies of Dead Babies to the CCP to Develop Bioweapons to Use Against Americans", and "Do Black people owe White people reparations for slavery". We suspect this is where the story originated.

Move forwards through the TechCrunch feed, and you'll see more plausible headlines. Some are tech-related such as, "Most Frequently Asked Questions About NFTs(Non-Fungible Tokens)"; some are typical of the kind of low-quality SEO fodder you'd find on other, tech-adjacent sites, such as "Ginger VS Grammarly: Which Grammar Checker is Better in (2022) ?" 

There's a tonne of pop culture and movie lists.

In February 2022, the linked domain moved to crunchhype.com, and the pop culture disappeared in favour of affiliate marketing and SEO based articles. Buried in there someone is, we would assume, an exhortation to take control of neglected RSS feeds to shill your stuff.

There are wider implications for abandoned accounts

Websites live and die all the time, and their RSS feeds are taken over by squatters and legitimate new owners.

The difference is that if a website of TechCrunch's size had died, we'd have heard about it and become suspicious that their feed was still coming through.

TechCrunch is obviously still alive, and we had little reason to think that one of their official RSS channels had been taken over.

Had the squatter's headline writers been better, we might have actually opened one of their spammy articles, and believed what was written therein.

We don't know if you've heard the news, but Twitter will soon start selling disused handles in an effort to shore up the finances of Elon Musk's rapidly depopulating media empire.

These are, presumably, accounts with a lot of followers, and the opportunity for plausible disinformation from people you'd forgotten you follow will be huge.

Yes, the costs will be high, but consider that buying followers through promoted accounts costs around $2 per follower, we can see an incoming tsunami of shit.