Music streaming service Spotify patched up a security flaw that allowed a Google Chrome extension to make a copy of songs to users’ computers- for free. They had failed to encrypt the MP3s for their recently released HTML5-based web browser player, unlike the desktop software.
Spotify, which has been called a cross between Pandora and iTunes, allows users to access millions of songs and many full albums for immediate listening for free. Premium service users are provided with an ad-free experience, mobile access, and to save music files on their device in addition to the already rich experience. Unlike Pandora, Spotify gives the user the ability to search, organize, and play music from their library.
A Dutch programmer took advantage of the unencrypted service by releasing an extension called Downloadify in the Chrome Web store. It enabled users to save DRM-free MP3 files of the songs while they streamed each track. As soon as the extension was publicized, Google swiftly removed it from their store. It’s still available on GitHub, but the patch from Spotify now prevents it from grabbing the songs.
It was a short-lived dream come true for music fans, as studies have shown that the biggest fans download the most- and spend more on music as well.
However, as The Verge put it, the Downloadify debacle has been a nightmare realized for Spotify. The slip-up was a harsh mistake for Spotify amidst their current negotiations with record labels for more freedom with the music they make available to users. They spend a whopping 70 percent of their revenue on licensing fees, but were looking to reduce that in order to expand their benefits. Like iTunes, Spotify has had to work around artists that refuse to allow their music to be available on the Internet service. The Internet has a long history of bad blood with musicians and labels, who blame it for destroying a previously lucrative industry through file-sharing practices.