Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spotify Says 2 Million Users Hacked Apps To Suppress Ads On Its Free Service (engadget.com)

Posted by BeauHD on from the caught-red-handed dept.

Earlier this month, Spotify revealed that it had begun cracking down on people using hacked versions of apps. These apps allowed users with free accounts to suppress advertising and take advantage of paid features. Now, Spotify has disclosed just how many people have been taking advantage of this hack: around 2 million users. Engadget reports: That's not an insignificant number, and it's understandable why Spotify is cracking down on them. As the company explains in an amended F1 filing with the SEC this week, these users forced the company to adjust its metrics and key performance indicators. The disclosure notes, "Unauthorized access to our Service may cause us to misstate key performance indicators, which once discovered, corrected, and disclosed, could undermine investor confidence in the integrity of our key performance indicators and could cause our stock price to drop significantly." As a result, Spotify has adjusted its monthly active users from 159 million at the end of 2017 to 157 million.

62 comments

  1. In other words by Anonymous Coward · · Score: 3, Insightful

    > These apps allowed users with free accounts to suppress advertising

    IOW, running software they chose to run on a device they owned?

    Blocking ads is not theft any more than going to the bathroom during a commercial is stealing from Toyota

    1. Re:In other words by ls671 · · Score: 3, Interesting

      We already have been through this a few days ago. Spotify servers are too dumb to enforce what the user has permissions to do. Instead, it lets the client app decide ;-)

      --
      Everything I write is lies, read between the lines.
    2. Re:In other words by omnichad · · Score: 1

      Precisely. I wouldn't be surprised if they were open to SQL injection attacks with that level of security-mindedness.

    3. Re:In other words by Anonymous Coward · · Score: 0

      That's crazy!

    4. Re:In other words by Rewind · · Score: 2

      > These apps allowed users with free accounts to suppress advertising

      IOW, running software they chose to run on a device they owned?

      Blocking ads is not theft any more than going to the bathroom during a commercial is stealing from Toyota

      Except they are connecting to Spotify's servers that Spotify owns to listen to Spotify's music library. so no, it is nothing like your Toyota 'example'.

      --
      ?
    5. Re:In other words by Anonymous Coward · · Score: 0

      "IOW" you are suggesting that people should be free to say "fuck the artists who produced this, I should be able to listen to it without paying anybody".
      Good call. Wanker.

    6. Re:In other words by Anonymous Coward · · Score: 0

      Spotify's servers are voluntarily returning the data requested. f they don't want to, no one is making them do so. If someone asks you for some info and you give it to them at their request, you can't complain that they have it.
      ]

    7. Re: In other words by Anonymous Coward · · Score: 0

      *unless they ask with a gun.... And the info is money.

    8. Re: In other words by Anonymous Coward · · Score: 0

      Bobby tables

    9. Re:In other words by Anonymous Coward · · Score: 0

      Actually, the artists would have still gotten paid, as their songs were still played. It's spotify which would lose out on ad revenue.

    10. Re:In other words by Rewind · · Score: 1

      No they didn't put it up there, they used a modified, not by Spotify, application to access it. Should Spotify be able to access all of your data? I mean, if they get in and take it you can't complain that they have it. You gave it to them.

      --
      ?
    11. Re:In other words by Anonymous Coward · · Score: 0

      Of coure, by artists you mean the RIAA, publishers and other IP holders.

    12. Re:In other words by Anonymous Coward · · Score: 0

      So you are walking on the street and some random guy says "I'm an old friend, don't you remember? Please, hand me a $100 bill." And you just give it to him, no further questions asked.

      Then you are a fool.

    13. Re:In other words by grep+-v+'.*'+* · · Score: 4, Interesting

      Blocking ads is not theft any more than going to the bathroom during a commercial is stealing from Toyota

      Except they are connecting to Spotify's servers that Spotify owns to listen to Spotify's music library.

      I have to comment on this one, sorry. I have a question, and you're probably not the one to ask:

      If I'm fetching from a "legal source" and I somehow ignore commercials, am I breaking / stealing / anything? What if you, the legal source, let me? What if you force me to watch? How will you enforce / check / penalize that? (I suspect that question itself is wrong, but let's run with it.)

      Let's take your argument. I'm got a device I bought that someone else built and someone else wrote the supporting OS and someone ELSE wrote the software application interface. But I bought it, so it's "my" hardware, running on "my" account on "my" internet connection and/or "my" paid-for 4G and/or an "open WiFi" point. That device then connects upstream to God-knows what, eventually to one of the backbone providers, eventually making it to Spotify's computers.

      Right? That's how the internet works, being just a series of tubes. *I've" got my access, Spotify's got THEIR access, and everyone in between's got their own access rights. Assume for a second that skipping commercials are illegal. WHERE does that occur? On my device? On Spotify's? Maybe somewhere in the middle?

      It's all active vs passive. Watching TV, the usual comparison, the commercials are interspersed within the shows, and there's nothing you can do to your TV to bypass them. So you walk away and use the bathroom / SUDO Make me a sandwich. You run the slight risk of missing the resumption of the show, but that's usually ignored.

      Now let's bring up Tivo / Plex / Kodi / Direct TV DVR. Suddenly that passive device assumption is no longer valid -- there's an intermediate processor between source and destination that's suddenly not under the originator's direct or indirect control. I pay Tivo for a service that provides an Electronic Program Guide that specifies the date / time / channel / duration a show is on. I can specify a show by name and it will search out and record it for me, allowing me to play it back at my leisure and time (aka Time Shifting). That's nice and all but suddenly I can shift the time that commercials take down to 0. I still have the "missing program" problem, but that's easy to skip back and fix. Plex can scan recorded shows and physically remove them from the stream, Tivo will mark them so they're easy to skip, Kodi will mark them and even autoskip them I understand. (Heck, Tivo even has a "speed-up" command for the actual shows themselves, so you can watch a 60 minute show in 45 minutes. Forget skipping commercials, I'm speeding up content.)

      All of these change the "intent" of the "original stream" in an "cost-adverse manner". However they're not free and the individual must actively implement them. So sorry, the world is not "Pure", no matter what kind of SJW you are. Just ask viruses that subvert larger systems and "bad bugs" that invade other bugs and plants.

      So is this "wrong"? Depends on whom you ask. Vendors, yes. Consumers, no. The only way to enforce someone to watch (or at least fetch) something is to give it to them first, and then receive a verified response that allows the next item to proceed. (But: see third party Captcha decode services.) TVs, providers, and intermediaries are NOT yet set up for that, so all they can do is force one show before another, or somehow intersperse them. (Product placement.)

      Spotify's the same way -- if you WANT me to listen to your extras, you've going to have to FORCE me to at least download it before playing the next piece. That a client can automatically fetch the next correct part bypassing the annoyance is Morally Bankrupt, Bad Programming,

      --
      If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
    14. Re: In other words by mapkinase · · Score: 1

      Are you... me? It became spooky when you mentioned playthroughs.

      --
      I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
    15. Re:In other words by Anonymous Coward · · Score: 0

      Should Spotify be able to access all of your data?

      If they make a well formed request to my computer to give it to them, and my computer gives it to them, then yes. Of course! That,s um.. how the whole internet works.

      If i don't want that then it is up to me to configure my computer to not give them the data.
       

    16. Re: In other words by Anonymous Coward · · Score: 0

      TL;DR.

  2. Do the same to slashdot by Anonymous Coward · · Score: 0

    We all do the same to slashdot as well

    1. Re:Do the same to slashdot by Anonymous Coward · · Score: 0

      What, call out the nazi faggots of no value? Not enough of us do that. Kendall will get a burning cross shoved up his ass someday, I hope to get video.

  3. Headline error by glitch! · · Score: 1

    Huh?
    "Spotify says" (subject verb) intro
    "2 million users" (subject)
    "hacked apps" (verb direct object)
    So 2 million people hacked the Spotify app?
    Really? Or some other app?
    Please give more info on those two million hackers or admit to lying.

    --
    A dingo ate my sig...
    1. Re:Headline error by Actually,+I+do+RTFA · · Score: 1

      Yes, the assertion is 2 million people use a hacked spotify app. You have to be intentionally illiterate to be unable to read "Spotify Says[:] 2 Million Users Hacked Apps To Suppress Ads On Its Free Service "

      And that number makes sense, in that only 1 person has to write the ad-skipping app for 2 million to install it.

      --
      Your ad here. Ask me how!
  4. Only LUDDITES hack apps! by Anonymous Coward · · Score: 0

    Filthy LUDDITES hack appy app apps like Appify to make them less appy because they're too stupid to know how to app apps!

    Apps!

    1. Re:Only LUDDITES hack apps! by Anonymous Coward · · Score: 0

      In Soviet Ludditistan, you are the app!

    2. Re:Only LUDDITES hack apps! by Anonymous Coward · · Score: 0

      Mind your memes, you insensitive clod!

  5. Decent descent by Anonymous Coward · · Score: 0

    Spotify could block those accounts silently (and if had balls turn to the legal system). Instead they shout out "bad users" blocking our revenue. So for who is this message? Not for the "bad user" who (the 2 million of them) are identified. But not blocked...

    So where is the real loss occurring?

    1. Re:Decent descent by Anonymous Coward · · Score: 0

      And the "two million of them users" is an assumption. Who is going to verify this? Spotify?

      In the special spotify justice system. Users are represented by two equal and separate groups.
      These are there stories.. *pum* pum*

    2. Re:Decent descent by Anonymous Coward · · Score: 0

      Well it is just over 1% of there users... almost 2 billion revenue. That is... yeah a measly loss of at most 25 million. Could disappear in the books easily...

      If you infrastructure is that bad that over 1.2%+ (2 million users over almost 160 million users according to google) of your user base over a long period of time is able to install a wart. Do not shout around that you are "hacked" with genital warts. Take your loss and remove them silently.

      www.spottyfus.net

      investors weak spot...

  6. Nice! by Anonymous Coward · · Score: 0

    Well done, ladies and gents! Well done!

    1. Re:Nice! by Anonymous Coward · · Score: 0

      They are missing the message:
      The public has spoken... Ads suck!

  7. More clever Ad hacking needed by Anonymous Coward · · Score: 0

    How about an ad redirect to a 2nd virtual window.
    To the supplier everything looks normal, the ads appear to be served, but the user never looks at any - but has the option.
    Everyone happy. Yeah, I know a redirect to a bit bucket, or a loopback in the firewall directing anything with ad.server to the loopback.
    Some internet security products also suppress nasty and repetitive calls. That is why the 2 Mil is still probably too low.
    AntiVirus packages are probably killing heaps of popups.More if you include 'Do not show this ad again' .

    1. Re:More clever Ad hacking needed by Anonymous Coward · · Score: 0

      Adblock Plus currently tells me it has blocked 4595 requests in a browser session running as a second user account (via ssh -X) that has only ever visited gmail, and Ublock Origin says it blocked 3 more requests in the same tab.

      Am I stealing free email from Google?

  8. Trusting the client? What decade is this? by fuzzyfuzzyfungus · · Score: 3, Interesting

    I know that smartphones and the App Economy(tm) change everything and stuff; but hasn't it been a ubiquitous article of common sense that trusting the client is for suckers since the days when using your phone to access the internet involved dialup?

    Outside of some 'trusted computing' dystopian fantasy there isn't much they can do about people suppressing ads; but since they are the ones running the servers streaming the music one would think that they could quite easily do things like stopping the media stream during periods when ads are supposed to be playing; making periodic chunks of silence the best-possible modified client outcome.

    1. Re:Trusting the client? What decade is this? by AmiMoJo · · Score: 1

      It's not a security issue, it's a UX issue.

      Client tries to access an ad server. Server can't be contacted - DNS lookup failed, sever didn't respond, network is blocking it for some reason.

      Does the client refuse to play any more music, making the user think Spotify is unreliable, or does it just carry on without the ad?

      It's an unwinnable situation.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Trusting the client? What decade is this? by Anonymous Coward · · Score: 0

      It's not. Just inject the ads into the audio stream and you're good to go.

    3. Re:Trusting the client? What decade is this? by Anonymous Coward · · Score: 0

      But that uses up their own personal bandwidth, and the jew in charge won't let them incur that cost.

  9. It's a shame, killing Pandora too by DatbeDank · · Score: 2

    Pandora is already a public company. I'm willing to bet that they're suffering just as much if not more.

    I've been a subscriber to Pandora since 2008. I loved the service and when the ads started, I hated it so much I shoveled out a paltry amount for the yearly service. I don't remember what it was, but it was stupid affordable enough for a broke college stupid.

    The music industry really bends these guys over and abuses them. Their licensing costs are stupid high. This type of piracy depresses me because they're both struggling to make any sort of profit.

    1. Re:It's a shame, killing Pandora too by jeti · · Score: 2

      Pandora isn’t available where you are yet.
      Pandora is only available in the U.S. right now – but we are working on bringing our music service to other parts of the world.

      This message has been up for over ten years for anyone outside the US.

    2. Re:It's a shame, killing Pandora too by h4ck7h3p14n37 · · Score: 1

      This type of piracy depresses me because they're both struggling to make any sort of profit.

      That was my first thought. A premium subscription is less than $10 dollars per month and is worth much more than that IMHO.

  10. Pro Tip by WinstonWolfIT · · Score: 1

    Subscribe to Spotify for a couple of months and use Audacity to rip everything you want. After ~350 albums I cancelled.

    1. Re:Pro Tip by Anonymous Coward · · Score: 0

      Subscribe to Spotify for a couple of months and use Audacity to rip everything you want. After ~350 albums I cancelled.

      I mean, if your time is worth nothing, why not?

    2. Re:Pro Tip by Anonymous Coward · · Score: 1

      If you're going to do this, it will be easier, quicker, and give you better sound quality to just torrent those '350 albums'.

  11. Spotify by Thundercat007 · · Score: 1

    Spotify claims to have stopped hacked users. Users recieved message about account. Users upgrade their hacked app with latest hacked app. Continue streaming using hacked app.

  12. Didn't read the summary? by raymorris · · Score: 2

    > So for who is this message? Not for the "bad user" who (the 2 million of them) are identified.

    Didn't bother to read even two sentences into the summary before posting your insightful knowledge about the topic? The message (an SEC filing) is for potential investors.

    > So where is the real loss occurring?

    The loss would be investors losing their investment. You, in your 401k, for example. If they invest in the company based on the claim that they have 159 million users generating revenue, but in fact there are only 100 million legitimate users, the company has a lower chance of success, a lower likely future value, and investors will likely lose money.

    Public companies are required to do two things - state business facts such as the number of customers they have as accurately as they can, and report any foreseen risks. In its most recent filing, the company has amended their statements for both reasons. They reduced their customer count by 2 million, and acknowledged the risk that many more active accounts may not actually be able to bring revenue, because those users could be using hacked apps.

    On a side note -
    I've been in computer security for twenty years, so I've seen a few things in that time. One thing I've noticed may seem obvious once I say it, but it's not obvious to a LOT of people:

    Hacked apps are hacked, by hackers.

    When you install a "cracked warez", you're installing something you've downloaded from a known disreputable site, that you KNOW was coded or modified by disreputable people who don't mind screwing somebody else over, and of course breaking the law. It has malware folks; most of the time "cracked" includes malware. These organizations and individuals don't crack and distribute the cracked software, risking legal trouble for themselves, out of the goodness of their hearts. They want you to install their hacked version because it includes a payload they want to sneak on to your system.

  13. Maybe this business model fails by no-body · · Score: 1

    Forcing someone against his/her will to watch something they don't need or ever want may not working so well.

    I get pestered by some websites to disable my non-existing ad-blocker and it takes all the fun out of it.
    If it happens always, I don't go there anymore and look somewhere else.

    Next thing, if there is a counter running for ad length and I really want to watch it what's behind, sound is turned down and the browser window moved down, do just the counter is visible and I start looking/listening again.

    Who likes ads? For me it is just yuck without end. Something I don't need, not want at all because ist's just stuffed down my throat against my will.

    The original spirit of the Internet at it's creation seems completely gone..

    1. Re:Maybe this business model fails by Anonymous Coward · · Score: 0

      it's not against their will, they agreed on that, when signed for service.

    2. Re:Maybe this business model fails by KozmoStevnNaut · · Score: 1

      Maybe, just maybe consider paying the subscription fee if you want to use their service?

      --
      Eat the rich.
  14. "hack" by Anonymous Coward · · Score: 1

    127.0.0.1 shittyspotifyadserver.com

  15. dogfood by Anonymous Coward · · Score: 0

    for those not in the 2 million along with myself, lookup spotify dogfood.

  16. Understandable? by nospam007 · · Score: 1

    "That's not an insignificant number, and it's understandable why Spotify is cracking down on them"

    Why? Those people will never click on an ad or buy anything they offer by principle.

    1. Re: Understandable? by Dixie_Flatline · · Score: 1

      Because like most enforcement, it sends a signal to everyone else that the rules are going to be enforced. The 2 million may be a lost cause, but they want to prevent the other tens of millions from jumping to an ad free stream, which WOULD materially affect the bottom line of the advertisers and Spotify by extension.

  17. I have a Roland by AndyKron · · Score: 1

    Good for them. WTF is Spotify?

  18. Pro+ Tip by Anonymous Coward · · Score: 0

    Why pay for a couple months? Use Streamtuner/Streamripper and save *all* the subscription fees.

  19. Here's what companies complaining about ad blockin by Anonymous Coward · · Score: 0

    It's simple. Ads are a cost of a product. Whether it's on TV, on the radio, or on the web. The cost of your product is higher than what I'm willing to pay. There are too many ads! Cut the ads back to a reasonable "cost" and people won't block your ads.

  20. Offensive Ads by Anonymous Coward · · Score: 0

    > These apps allowed users with free accounts to suppress advertising

    IOW, running software they chose to run on a device they owned?

    Blocking ads is not theft any more than going to the bathroom during a commercial is stealing from Toyota

    Blocking ads is sort of theft because you know that's how they're paying for the music. You can still go to the bathroom.

    No, the only argument here is that their advertisements are so bad that they seem to be making them deliberately offensive to encourage people to switch to the paid service. So long as their regular ads are that bad, they deserve what they get.

  21. Why bother??? by Fencepost · · Score: 1

    I don't use it all that often, but Spotify's ads are not all that obtrusive, obnoxious or frequent. It's not like they're popping in a 30 second ad after every second song.

    --
    fencepost
    just a little off
    1. Re:Why bother??? by KozmoStevnNaut · · Score: 1

      Because people want everything for free, even when the alternative is a measly $10/month for access to the biggest library of music in the world.

      --
      Eat the rich.
    2. Re:Why bother??? by The6thDimension · · Score: 1

      I do find spotify ads very obnoxious. Mainly because I can easily listen to dozen of hours of musics per weeks, which results in me hearing the same ads over and over. This was a big reason why I got rid of TV years ago, got sick and tired of having to micromanage it with my PVR, or listen to the same stupid ad dozens or literately hundreds of times.

    3. Re:Why bother??? by KozmoStevnNaut · · Score: 1

      Maybe consider paying for a subscription then, if you're that annoyed by ads and you listen to that much music?

      --
      Eat the rich.
  22. Notice to advertisers by nehumanuscrede · · Score: 1

    The bottom line is, two million of your users decided your services are only tolerable if they didn't have to deal with the bullshit ( ads ) that come with it.

    Perhaps you should use that as a learning experience and rework your service into something that folks won't feel the need to take such measures.

    Just a thought.

    1. Re:Notice to advertisers by KozmoStevnNaut · · Score: 1

      Or maybe they should just pay the $10/month, which is hilariously inexpensive for what you get in return?

      --
      Eat the rich.
  23. Poor Design by Anonymous Coward · · Score: 0

    If this is controlled by the *client* they deserve to lose revenue.