Last updated February 22, 2023
The Open Podcast Prefix Project (OP3) is a free and open-source podcast prefix analytics service committed to open data and listener privacy.
The production system is made up of three distinct services from a privacy point-of-view, and covered separately below for clarity. Every claim can be audited by looking at the public codebase.
All three services are automatically deployed as a unit to Cloudflare (Privacy Policy), which serves as the sole hosting provider and data store.
The OP3 redirect service ("the service") saves basic, non-identifying request data every time a podcast listener downloads an episode using the service.
Like other prefix services, it uses this information to compute standarized metrics such as downloads per show.
Unlike other prefix services, it makes the data available over a public Data API (below) at a granular level for the benefit of the wider open podcast ecosystem.
In order to meet both goals of open data and listener privacy, the service saves only basic request attributes, securely hashes and encrypts all listener IP addresses before storing, and does not join data with any third-party services.
The request attributes currently captured for each request are:
No cookies are used.
IP addresses are network-specific identifiers associated with each podcast listener request, allocated by the listener's internet service provider (ISP). These addresses are an important part of the industry-standard way of computing podcast Downloads, but also considered personal data (under "online identifiers") in many jurisdictions.
As such, OP3 handles IP addresses with special care, and takes extra precautions to avoid republishing them back out to Data API users, who only ever see a secure hash, computed by the service using a monthly-rotating secret key.
Internally, the service also stores a separate symmetrically-encrypted version with another set of monthly-rotating secret keys. This version is never returned in the Data API, and only used internally to apply IP range filters in back-calculations and to combat abuse of the service.
IP addresses are never joined with outside third-party data or services.
The OP3 Data API service ("the Data API") makes podcast and episode download data available to anyone with a valid authorization token.
Users of the Data API are not tracked in any way, other than to implement mechanisms like rate-limiting to prevent abuse of the system.
The data returned by the Data API cannot be used to obtain listener IP addresses, only a secure hash (computed with an internal key rotated monthly). Even if a listener's IP address is known, there is no way to find it in any Data API response.
The op3.dev Website ("the Website") consists of a handful of public web pages hosted by the service.
The source code for every page of the Website is available in the public GitHub repo, part of the same deployment that includes the Prefix Redirect Service and the Data API service.
The Website uses Cloudflare Web Analytics (Privacy Policy) to monitor summary metrics like top-performing pages, number of views, top referrers, and to monitor for abuse.
2022-09-17: Published initial version.
2022-10-20: Documented new list of captured request attributes, consensus derived from a project discussion.
2023-02-17: Added X-Playback-Session-Id to captured request headers.
2023-02-22: Updated the wording around why we treat IP addresses with special care.