Podcast submission notes

Getting started

Web stuff & RSS

Podcasts are distributed via RSS feeds that people can subscribe to. You need to generate podcast-specific RSS: start by reading Apple's requirements and looking at the RSS feeds of other podcasts.

Some specific RSS fields

<itunes:type>: You need to decide if your podcast is serial, which means it needs to be listened to in order, or episodic, where episodes can more or less stand alone. Episodic podcasts often still have mini-series of a few episodes which might want to be listened to in order, but fundamentally, you don't need to start at the beginning.

Categories: You can have multiple iTunes categories, but your primary category is the most nested one in the category that shows up first in your RSS. For example, the following is primarily in the Performing Arts category, but also shows up in Arts generally and Comedy:

<itunes:category text="Arts">
    <itunes:category text="Performing Arts"/>
</itunes:category>
<itunes:category text="Comedy" />

Sometimes, there's a natural fit for your podcast in iTunes's categories, but other times, things might not be so clear. (Notably, there's no audio drama category - often audio dramas put themselves under Performing Arts.) Check out which categories similar podcasts picked.

Non-iTunes/non-Apple podcast clients don't necessarily use the same categories as iTunes, but only iTunes categories are configured in the podcast's RSS feed. If a podcast client offers different categories than iTunes, it asks for them when you submit your podcast, and I'll talk about this more later in this post when I discuss places to how to get on popular podcast clients.

<itunes:explicit>: If will you have any explicit language, you need to set <itunes:explicit>yes</itunes:explicit>; otherwise, set <itunes:explicit>no</itunes:explicit>.

Dates and publication

When you publish your podcast RSS, whatever is there is live immediately. Definitely don't add draft podcasts to your feed if you don't want your listeners to hear them, and know that whatever date and time you put in the <pubDate> field is what shows up in podcast clients. If you date your episode a week in the future, it will stay at the top of clients that list most recent episodes first, but that's rude.

Podcast feed validators

Once you've made your podcast RSS, you can validate it at https://podba.se/validate/ and https://castfeedvalidator.com/.

After validating, you can also subscribe to your podcast directly in iTunes via its RSS feed (as opposed to searching iTunes's podcast library), and it's worth doing that to make sure everything looks ok and shows up they way you expect.

Hosting

There are a lot of different options for where to host a podcast. For Loose Leaf Security, we generate the website and podcast RSS directly with custom Pelican templates and host on Amazon Web Services because it was significantly cheaper than other podcast hosts summer of last year and because we can customize our setup infinitely. It's worth noting both my co-host Geoffrey and I have substantial experience creating and hosting websites; it you don't, you might not want to have as much control over it. Fun aside: Apple has left Amazon's CloudFront SSL off their list of acceptable SSL certificates, but I've never had a problem using them.

Wherever you end up hosting, you'll want to host your feed and audio on separate subdomains for maximum portability. We use feed.looseleafsecurity.com and audio.looseleafsecurity.com for this. If you change hosts for either of these components, you'll be able to seamlessly repoint where that subdomain goes - you won't have to write lots of redirects for just your audio or feed.

If you ever do have to switch where your feed is with an HTTP redirect, make sure the old location uses a permanent 301 redirect, not a temporary 302 redirect. Another podcaster's old feed host used a temporary 302 redirect, and once the old feed host stopped hosting the temporary redirect, podcast clients that subscribed to the old feed just stopped seeing new episodes.

Cover/album art stuff

Podcast cover/album art is shown at a wide variety of resolutions, so you'll want to make sure it's crisp large and clear enough when it's very small. You can find more information about cover art image requirements at Apple's requirements and Apple's "Podcast best practices", and people have written lots of things about how to make a good, clear image for this. Since I'm only a hobbyist graphic designer, I'll leave having opinions about this to others.

Audio stuff

There's not a particular standard for what bitrate to release your podcast mp3s at. Talk-focused podcasts seem to not mind being as low as 96 Kbps mono and are frequently at that level. (I've even seen lower bit rates.) On the other hand, some music and effect heavy audio dramas will often release at 320 Kbps stereo. Loose Leaf Security is a talk-focused podcast, and I encode it at 96 Kbps mono because it is still clear and easy to understand without weird odd artifacts on good headphones. Some podcasting people seem to believe that using iTunes's mp3 encoder is better than LAME (though honestly I don't really hear obvious differences in my talk podcast either way), so I export my cut as a mono .wav and convert to the 96 Kbps mono mp3 in iTunes.

Make sure you don't have to have your volume turned up to max when you listen to your podcast - it's always easier to turn your volume down than to make something louder. If your podcast is too quiet, it could be hard for people to listen to. If you need to increase the volume of your podcast, look for compressors not amplifiers.

There's not a standard naming convention for how to name your podcast's mp3 files - you technically can do whatever you want. However, there are some general best practices, and Blubrry's thoughts on file naming are in line with what I've read about this elsewhere. Loose Leaf Security is an episodic podcast so we settled on loose-leaf-security_yyyy-mm-dd_title-of-the-episode-here.mp3, but if we were a serial podcast instead, we'd probably still do the same thing because episode numbering is error-prone.

Make sure to credit all musical clips you use in your podcast.

Why you probably want to make a trailer

After you submit your podcast to various podcast clients, your podcast won't show up immediately. Some clients have pretty automatic processes and only take a couple hours, but others require manual approval and take a few days to a week. Even if you don't think you need a trailer, making a trailer is a good idea because you can submit it to the various podcast clients and get everything set up before you release your first full episode. If you just submit your first episode, you won't be able to immediately tell everyone it's everywhere when it's live, and when it finally is live in the podcast clients that require slower manual approval, it won't show up at the top of people's "recent podcasts" feed because it's <pubDate> will be a few days stale.

I suppose you can delete your trailer from your feed when you publish your first episode, but it might take a while to get out of podcast clients' caching. Since I've never done this, I don't know if anything else unexpected will happen. Also, anyone who has directly downloaded it directly from your website or in their podcast clients will still have it.

How to get on popular podcast clients

Generally, you submit your podcast's RSS feed to get it in a podcast client, though some podcast clients also request additional information.

You should probably read all the fine print on all of the terms of submission yourself - I am not a lawyer and generally don't touch on any of that here.

Apple Podcasts/iTunes

The last time I submitted to Apple Podcasts was in August 2018.

Submit at https://podcastsconnect.apple.com; you can see more information about submitting podcasts in Apple's help pages.

You probably want a separate AppleID for your podcast, especially if you ever want to share access with someone else because there isn't a way to share access with another account. Apple mentions you need an iTunes Store account which "is an Apple ID that was previously used to sign in and make purchases in the iTunes Store, App Store, iBooks Store, or Apple Music", so you should log into iTunes before trying to submit. In my experience, I've needed to add an address to my account, but I have not needed to add credit card information. Of course, that might have changed since August.

Blubrry says, "The Apple Podcasts process can take up to 10 days, though most submissions are approved within 3 days and on occasion only a few hours." In my experience, this took a couple days.

Google Play

The last time I submitted to Google Play was in August 2018.

Submit at https://play.google.com/music/podcasts/portal/.

You have to verify that you own the email in your podcast RSS feed (though you don't have to submit from this email), so make sure your <itunes:email> is one you've set up before you submit to Google Play.

Submitting under a Gmail account you use isn't weird and messy like submitting under your personal AppleID might be - you can add more Gmail accounts to share access to your podcast with other people who work on it later.

In my experience, it takes about a day for Google Play to accept your podcast and another day for it to propagate.

Stitcher

The last time I submitted to Stitcher was in August 2018.

Create a content provider profile and submit at https://www.stitcher.com/content-providers.php#signup.

You cannot share access to a podcast after submission, so you probably want to make an account that isn't tied to your personal email if you ever want to share access.

Stitcher allows you 140 characters of comma separated keywords in addition to a category you pick, though it is unclear how much listeners find podcasts from these keywords.

My Stitcher confirmation emails said, "You will hear from us within 5 business days confirming whether or not you have been accepted." My podcast was accepted in under 24 hours.

Once your show is listed on Stitcher, you can join Stitcher's Facebook community for podcasters. It's pretty active and people generally seem pretty helpful in answering all levels of questions, though I haven't personally asked anything there.

Spotify

The last time I submitted to Spotify was in October 2018.

It used to be really hard to get on Spotify, especially if you hosted somewhere outside of the big podcast host providers, but now submission is much easier for everyone. I believe their old less-indie-friendly submission via a podcast aggregator/host (e.g. Libsyn, Blubrry) is still around; however, submitting that way could make changing your hosting later hard, so you might want to submit directly at their new portal instead. (Reminder that I have never used one of the big podcast hosts, so I have no direct experience with this.)

The new portal for submission is at https://podcasters.spotify.com/ and is tied to a Spotify account. Note that this website has not always made it clear that it's using a Spotify account, so make sure you aren't logged into your personal Spotify account before you submit. If you do submit while logged into your personal Spotify account by accident, you can share your podcast with someone else (at least as of October 2018) by contacting support. Note that this was not a straightforward process, so I'd strongly recommend making a new Spotify account just for your podcast that anyone working on your podcast can use.

You agree to a "Podcast License Agreement" and might want to think about whose names should go on this. (Reminder: I am still not a lawyer.)

Spotify has you pick categories that don't necessarily overlap with iTunes categories.

I forgot to note how long this took, but I believe it was a couple days.

TuneIn

The last time I submitted to TuneIn was in August 2018.

Submit at https://help.tunein.com/contact/add-podcast-S19TR3Sdf.

When I submitted Loose Leaf Security, TuneIn offered the option to have a cover image, too, but lots of podcasts, including very popular pods with big budgets and teams, don't have them. It looks like this has since been removed from the form.

When I submitted Loose Leaf Security, TuneIn did not use the iTunes categories and allowed you to pick up to three, free form genres. Now, it looks like you pick a single genre from a drop down menu in the form.

TuneIn asks for a Twitter account, which it will put on your podcast's TuneIn page if provided.

In my experience, getting accepted to TuneIn took a few hours, and they mentioned my podcast would be live within another 24 hours.

Pocket Casts

The last time I submitted to Pocket Casts was in August 2018.

Submit at http://www.pocketcasts.com/submit; Pocket Casts also picks up from iTunes automagically.

When I submitted directly to Pocket Casts, my podcast was listed on Pocket Casts in about 24 hours.

Acast

The last time I submitted to Acast was in August 2018.

Submit at https://www.acast.com/podcasters.

If you have your RSS feed up already and are not hosting on Acast, you're likely looking to "Get started" with a "Non-hosted show."

I forgot to note how long this took, but I believe it was under a day.

Blubrry

The last time I submitted to Blubrry was in August 2018.

Submit at https://www.blubrry.com/addpodcast.php. You don't have to host your podcast on Blubrry to be in their aggregator.

You need to make a Blubrry account, and you likely want to use an email/account you're happy to share with others who work on your pod.

You will have to pick a "community category."

I forgot to note how long this took, but I believe it was about a day.

Overcast

The last time I looked at how Overcast picks up podcasts was in January 2019.

Overcast picks up from iTunes automagically, so you don't submit directly. Overcast mentions that your podcast "will typically show up in Overcast’s search within 1–2 days", which I assume means after Apple accepts it.

When someone is playing one of your episodes on Overcast, Overcast will show "$" button that will link to where listeners can support your show if you use the rel="payment" attribute on a standard HTML <a> link in the episode’s show notes.

Pandora

The last time I considered submitting to Pandora was in January 2019.

Pandora just got started in podcasts, but they seem to 1. be very focused on only starting off with big name/big listener base podcasts and 2. have some pretty bad terms for submission.

You can learn more about podcasts at Pandora on their blog, but I don't have more to say as I haven't submitted there yet.

Seeing every BAM Next Wave Festival show

From October to December of last year, I saw a lot of shows at the Brooklyn Academy of Music - specifically, I saw all 26 of the Next Wave Festival productions.

26 tickets to BAM Next Wave production in 2018

I've been coming to BAM regularly since I moved to New York in 2011, and Next Wave is always an exciting time of year because there are so many different types of productions that highlight a wide range of forms and perspectives. A few of my favorite performances this past Next Wave were Circa's intimate and lyrical Humans, Folkoperan & Cirkus Cirkör's meditative production of Philip Glass's Satyagraha, Jesper Just's immersive Interpassivities, and Dorrance Dance's marvellously playful Elemental, though I honestly can say I took away something different and meaningful from every production.

I documented my pre-show and post-show impressions and talked more about why I chose to see every 2018 Next Wave production on BAM's blog.

New Loose Leaf Security episode: more security stories!

The latest Loose Leaf Security is out, a handful of Geoffrey and my own security adventures and some juicier news stories:

A holiday teacup with green tea in it with star and heart frosted sugar cookies resting on the saucer

Security stories: surveillance databases, unlocking apps, unexpected photo booths, and evolving data

In a special holiday episode, Liz and Geoffrey take a look at some recent security stories in more detail, from surveillance databases facilitating identity theft to unexpected facial recognition at concerts to changes in the meaning of social network activity. They also discuss how to properly secure high-value apps on your phone and some of their own plans to improve their security over winter break.

For the full audio, the transcript, and our detailed show notes, head over to Loose Leaf Security or click the link above. As always, you can subscribe to Loose Leaf Security in your favorite podcatcher or follow the project on Twitter, Instagram, and Facebook.

New Loose Leaf Security series: securing your laptop and desktop computers

Four more episodes of Loose Leaf Security are out, a series about securing your laptop and desktop computers:

A laptop, a screwdriver, and a teacup

Physical attacks to your computers and disk encryption

Liz and Geoffrey are back with a look at physical computer security - just how much trouble could someone cause if they got access to your laptop for a few minutes? - and what sorts of problems disk encryption can and cannot solve. Also, security issues at popular social media services cause trouble for 90 million Facebook users and every Google+ user.

A teacup full of tea near stacks of identical teacups

Backups

Backups are an important part of keeping your devices secure - as mentioned last episode, backups not only help with lost devices but also let you easily and confidently wipe a compromised computer and get back to work quickly. Liz and Geoffrey take a look at different types of backups, including cloud versus local backups.

French press coffee being poured into a teacup

Malware, antivirus, and safe downloads

Malware, viruses, worms, adware - whatever you call them, you don't want them on your computer. But how do you keep them away? We take a look at the surprisingly involved process of downloading software from a trustworthy source, as well as the history of why desktop OSes are so vulnerable. Also, Liz talks Geoffrey out of running for office in Japan.

A teacup, a USB cable, and a Thunderbolt cable

Built-in dangers: physical ports, OS defaults, and remote access

From the fancy new USB-C or Thunderbolt ports on your laptop to the software and settings that came with your operating system, there are a lot of potential security concerns with recent computers. Liz and Geoffrey finish up their series on desktop and laptop security by looking at some of the latest threats - and why computers with old-style USB ports aren't much safer. Plus, some new scams to avoid and the scoop on some juicy internal Facebook documents.

Head over to Loose Leaf Security or click the links above for the full audio and our detailed show notes. We also added a new archives page, so you can find all our various content - podcast episodes, zines, reference pages, etc. - quickly.

As always, you can subscribe to Loose Leaf Security in your favorite podcatcher or follow the project on Twitter, Instagram, and Facebook.

Unintuitive default: who can edit access in Google Docs

When you create a new Google Doc, you have the option to share it with others to view or edit. Viewing permission is straightforward, just view access, but by default, editors have the ability not just to edit the content of the document but also to edit sharing permissions. If you grant edit access for a private document to a collaborator and don't check the box for "Prevent editors from changing access and adding new people" in Advanced > Owner settings, they can share the document, edit history and all, with someone else.

A picture of the Google Docs sharing settings dialog after you've enabled access for anyone with the link; the Advanced settings in the bottom right corner is highlighted with a red arrow and box
This is what the Google Docs sharing settings look like after you grant edit access to anyone with the link. The button to expand the Advanced settings is pointed out in the bottom right corner.
A picture of the Google Docs sharing settings dialog after you've clicked to see the Advanced settings; the unchecked by default option to "Prevent editors from changing access and adding new people" is highlighted with a red arrow and box
Once you click to see the Advanced settings, make sure to consider whether or not you want to check the "Prevent editors from changing access and adding new people" box. If you've granted edit access to anyone with the link, leaving this box unchecked allows anyone to limit who can view your document.

Linking document editing to editing sharing permissions by default is particularly unintuitive to me in the context of documents where anyone with the link to the document can edit it: even in that case, anyone with edit permission - anyone who gets the link either from you or from someone else who had it sharing it, so potentially anyone on the internet - can change who has access to the document. Anyone with the link can limit access to the document, and that might subtly cause confusion when people who you'd expect to be able to view it suddenly can't.

Fortunately, no one can revoke access from the owner of the document, so once you're aware someone is locked out who shouldn't be, the owner can fix the sharing settings and decide whether or not to tick the "Prevent editors from changing access and adding new people" box.

Since discovering this accidentally, I always tick the "Prevent editors from changing access and adding new people" box when creating a new Google Doc, but that would probably have been more intuitive to have checked by default.