2) Use the web player. (Seems to be invite-only beta - US Only)
3) Use offline mode. Unlimited members pay for the service and cannot download tracks so not much use to those. Somewhat kills music discovery. Means you cannot use the radio option. Do social options work in offline mode? Not much point if they do as you would need to go online to play any new tracks.
4) Set cache size really small. (someone reported this doesn't work) Wouldn't this mean a big spike in downloads as none of your songs are cached?
Its crappy. I remember when I used to play counter-strike and I would have to shut down Spotify as it would kill my ping and make the game lag terribly. Launching in game radio though would be fine...
Asking free members to suck it up is fine. They are using the service for free and get a few ad's. Another cost to service is fine.
For paid members though there needs to be an option to drastically tune down the upload rate and even disable it if you are not listening to music yourself.
Spotify have been inactive on this issue to date. My hopes are fairly low that they will resolve it any time soon.
I'm mostly shocked at how I simply was uninformed that spotify was using my connection so. I know over the past few months I've had occasional and even sometimes frequent spikes of latency while gaming.
I'm often left confuddled at these spikes as I won't have anything open I would consider requires much bandwith. Also, even though I would have high latency, opening a browser and navigating through sites would work as smoothly as ever.
Now I know to look at spotify specifically and I would not be very surprised if my spikes of bad internet activity are a result of spotify leeching my upload.
While I think it makes sense for spotify to use p2p in their system, I would have thought there would have been an indication of it in the options with an option to disable such services.
I agree. I've been promoting spotify in word of mouth to my Friends. My co-workers all use it, which means a good chunk of our upstream bandwidth is swallowed by spotify?
In any case they're being completely shady about it. I.e. not making any effort to define Spotify as a P2P service. Understandable in a marketing sense. Ethically questionable and actually upset since well. I pay a monthly fee and all..
I am purely annoyed that I didn't know that it did this, I can't say whether this is my fault for being ignorant or theirs for not informing me but it worries me that I may have been putting unneeded load on networks that aren't mine, like my universities network.
Yeah. And on top of connection quality issues, some companies with bandwidth caps count uploads as well. I haven't really seen what kind of bandwidth would be used but it's something I'm going to check out and possibly warn some people I've recommended it to in the past.
I switched from Spotify to Rdio recently. As someone that likes to hack on music projects, I'm really impressed with the Rdio API. I especially like their integration with Echonest, which gives you a deep "beat-by-beat" analysis of every track on Rdio.
I'll be honest, I tried Rdio and didn't get where the "music discovery" part comes in. In the month I used it I was only suggested completely unrelated, but obviously 'featured' albums (on their "frontpage" so it wasn't even on my face.)
All in all, I just didn't find the service that interesting unless you consider the technological angle.
Music discovery does suck on Rdio, granted. I find myself using other services for that. But for daily listening, the experience is much cleaner than Spotify's is, IMO.
Yep, that's true. I had a bunch of issues with their 'native' OS X app though. Every now and then the embedded browser (I think that's what they do anyway) would go nuts and eat my whole CPU. Also, the streaming quality didn't sound that great. I regularly use Grooveshark, and the quality of the songs over there was much better.
All in all, I guess it might work for some people. It just didn't make the cut for me. For that matter, neither did Spotify or Pandora. I guess I'm just not the target audience for that kind of service in general.
Indeed, the web player isn't U.S. only, just that the beta testing currently concentrates on new users from the U.S. It is however possible to gain access - there are many guides online on how to do so.
Admittedly, higher effort and probably not for the non-tech but...android emulator + mobile app would probably work too. Granted I have other qualms with their mobile app.
For the premium users, I do wonder if any of the open source spotify clients would alleviate this?
Aaron Swartz was charged with fraud and unathorized. Not breaking TOS. The idea that breaking TOS could constitute a crime has been shot down by the Ninth Circuit Court of Appeals.
http://thefire.org/article/14389.html
Kind of a joke, kind of serious. It's what's at issue in Aaron Schwartz' case. The prosecutions argument is that his actions were felonious on the grounds that his violation of the ToS implied Unauthorized Access, which is a felony.
I don't use Spotify anymore, but when I did I was completely aware that this was happening, and ultimately I'm not too bothered by it using my connection to support other clients, because that's partly how it starts playing so fast. I would be very upset if it was using my entire connection.
Spotify should cap the speed at like 128KB/s, because that should be plenty for what they are doing. If they were using my full connection, I would be furious, because I'm not a data center for them, and I know how much data centers charge for bandwidth, and they would be getting an insane deal (my home connection is 100/100Mb).
It should probably have a cap for how long they are using your connection also. Once you've shared as much as you've downloaded, your connection should either stop sharing or go to an even lower speed.
Not a typical limit but can often be a limitation in certain areas. My parents have ~220kb/s down, 70kb/s up due to poor quality wiring and being far from the exchange. Most UK cities are reasonable, but go out to the smaller areas with only ADSL and it goes to all hell.
Not really, I am running Virgin Media and get a 60mb/s line for £24.99 / month including a phone, I've clocked it at around 43mb/s download and 4mb/s upload, the upload is still fairly abysmal, but it's enough for home usage.
I take responsibility for making my software behave the way users expect.
I would expect other developers to do the same.
This "well you should have known about obscure UNIX command X" stuff is both why software still sucks, and why business people make mega bucks while technical people are capped at $120K salaries.
This. Under no impression from the Spotify website (although Im sure its buried in the T&C somewhere), or from what people say about it via word of mouth etc etc..what the application is MARKETED as; that it streams music to you for your listening expereince.
All "well p2p saves them server cost, reduces latency etc" bullshit aside. No-one EXPECTS that of the application. Its deception. Plain and simple. A vast amount of users don't expect this of the application and that could lead to plenty of consequences unbeknownst to them. Plenty of good reasons have popped up in this thread (data plans being eaten, people with limits imposed by their ISP, work environment concerns)
TL;DR
Its negligent of spotify to market for one thing, and then include something like this in such a hidden and unmodifiable sort of way in their program. You want it in there? Fine. Tell me about it up front and give me some control over the upload speed
May I just say, as someone who's often been critical of them in the past, thank you to the mods for setting a far more constructive title than the original submission.
I had to ban Spotify on our office network as the clients don't take into account how many users are on the local net and scale back accordingly. It only took a handful of users to soak up a noticeable amount of upload bandwidth.
That and there is an operational security issue with a program that uploads files from the local disk to untrusted peers and encrypts everything such that one cannot tell what it is uploading.
What sucks is that here at work (I work in corporate information security), we have developers who love to listen to music when they're programming. I support it. I like listening to music too. The problem is, some of them like Spotify. And since Spotify is peer-to-peer (and p2p applications are against the policy), it gets flagged in our security monitoring tool. And when it gets flagged, I have to make that action stop. And if it's flagged as a high priority, I have to report them to HR. Some people don't know it's p2p, some don't care. They've paid for it and they want to listen to it. But there's no way to turn off the p2p nature of the program.
We run into this issue with Skype constantly too. People want to use these programs, and have valid reasons to use them. But our business cannot accept the risk of peer to peer traffic on our protected network, so away they go. If there was even the slightest bit of obscure and dangerous and unsupported configuration options that left a backdoor to being able to turn off the p2p, I would love it. But there's not.
"Legitimate" p2p protocols depends completely on your risk appetite and how you define your security. For us, our risk appetite is quite low, and there is no such thing as a legitimate p2p protocol.
"Legitimate" depends a lot on the environment. Should Spotify be pushing bits out to the world from your doctors PC? Should it be accepting inbound connections from other random people around the world?
Now answer the same two questions after an exploit in the P2P library within Spotify is announced on HN.
Sure, you just write the tool that can audit encrypted traffic from Skype or Spotify in real time and check that it's legitimate as opposed to a malicious program impersonating their protocols.
I agree. If it had an option to be polite about using upload bandwidth (e.g., do a multicast advertisement to find the count of total Spotify clients and divide upload bandwidth usage by that number) and could easily be sandboxed such that you know it isn't scouring your whole filesystem for stuff to upload, I would be okay with it.
For example, it (at least last time I looked on OS X) goes poking through ~/Music/iTunes/ presumably to find music files it does not have to download. That's a little too far.
I just don't see Spotify as a business risk unless the bandwidth itself is a cost. It almost sounds like someone just wants to make a decision and is post-hoc justifying that decision with this "security concern!" fearmongering.
P2P applications have security risks associated with them, but they also have network constraints associated with them. It doesn't take many P2P users to choke legitimate users out of a network. When some of the network monitoring tools we use are licensed based on how much data is flowing through the network, P2P gets expensive real quick. Move that stuff to a network we're not monitoring as extensively.
I don't think P2P applications have a significant security risk.
Specifically, I don't think the security industry at large considers P2P to be inherently risky. If you trust Spotify like you trust say, Google Chrome, or Microsoft Outlook, or any of the other apps you run on your machine, the fact that one or more of them uses P2P in no way further raises your risk profile.
The only security risk it needs to be is to blind us from other security risks. That can be accomplished by its behavior in the network monitoring tool (many malware applications behave very similarly in a p2p fashion) or by putting us at risk of running over the amount of traffic we're licensed for in any of our tools. We're not in the business of buying licenses to support a program we explicitly disallow, so instead we're in the business of explicitly disallowing software that would put us over that license. P2P raises our risk level just by being noisy. iTunes does the same thing, and it's not P2P. It's just really, really chatty and it is also disallowed by policy. Chrome and Outlook don't put us in danger of being over our license or out of bandwidth.
Users don't understand. I get it. Information security is a young industry, and some decisions that are made might not be immediately clear. It's a negative job; if you're doing everything exactly right, users will be complaining that you're getting in their way and the bosses will be wondering why you even have a budget. If you're not doing everything exactly right, users will be complaining that they have odd charges on their credit cards and the bosses are wondering why they can't log into their email anymore.
You might not like my driving, but covering my eyes with your hands doesn't solve that problem. P2P blinds my network monitors just like your hands blind my eyes.
If bandwidth is the only issue, then it's not really a security risk, persay. China, for example, isn't going to own your network because you have a P2P client running somewhere.
I do get what you're saying about P2P filling up your network monitoring logs, though I would argue that the monitoring software might not be properly configured if such is the case. I don't know all that much about network monitoring tools though, so I don't know the specifics. I do know that it's possible to run a secure network and have P2P clients on that network, however.
No, thats just stupid. A good solution would be a guest WLAN that is, for example, on a separate VLAN. There is no reason to force people to use the slow and expensive cellular network -- both your employees and the people who actually need to use the cellular network will thank you.
Also, the GP companies no-peer-to-peer-at-all policy seems... not well thought out, even thought it might be a pretty common policy. That an application is p2p has nothing to do with wether or not it can be trusted. (If the application wanted to steal data, wouldn't it be easier to just go for some central dump server?)
We do indeed have a guest WLAN, going out a separate circuit with a different ISP and different IP block. The problem is, people want Skype and Spotify on the same laptops they're using for work, and we don't allow split tunneling with our VPN.
P2P applications have security risks associated with them, but they also have network constraints associated with them. It doesn't take many P2P users to choke legitimate users out of a network. When some of the network monitoring tools we use are licensed based on how much data is flowing through the network, P2P gets expensive real quick. Move that stuff to a network we're not monitoring as extensively.
The P2P app could make itself more trustworthy. On OS X, it could opt into the App Sandbox such that it could not read files unrelated to what it has downloaded.
If you run fs_usage against Spotify on OS X, you will see that it is reading files in other places than where it downloads to.
Native OS X apps either statically link everything, or shove all of their dynamic libs into a single .app package... that's why their binaries are so big. This avoids shared lib versioning nightmares and makes everything "just work" (including drag-and-drop installs), but it also means you have 30 bajillion copies of libXYZ on your disk.
I would not say this is the norm. If you look at Sandbox-enabled third party applications such as Google Chrome, it is well defined what libraries it dynamically links to outside of the directory it is installed in.
This kind of thing is key to getting mainstream acceptance for p2p. Eg some ISPs try to forbid use of p2p apps, it's important you can bring up Skype and Spotify and WoW as mainstream apps that use p2p and aren't reasonable to ban.
If their excuse is that their servers can't handle it then they are jokers. Plenty of services without paying customers handle more bandwidth than Spotify. Why don't they do what Netflix does and use AWS? Forcing paying customers to participate in a p2p network doesn't make any sort of sense.
I've seen this argument a couple of times in this thread. I used to use Spotify and now I use Rdio and I do not see a difference in speed at all. What kind of speed are we talking about? How quickly a song starts playing? I've noticed no difference, and obviously the songs can't play faster.
Maybe he is listening to music while gaming? Or uploading something completely else. It doesn't matter what he is doing, something like that shouldn't happen.
And it's not just decent/nice to ask user if your app is about to suddenly use 100% of upload speed in the background - it's common sense.
Well I like to use Spotify for music to listen to while I game..which you know, when I thought the application just streamed I figured wouldnt have much an impact on the game.
Im not saying using p2p in spotify is bad, I just want it to be more obvious and at least a way to control its max upload rate in the program itself. The fact that people need to download a 3rd party app to limit spotify from swamping their internet connection is stupid.
It does actually say in the T&Cs that it's going to use you as a p2p node if I remember rightly, it's been a while since I've seen the header but it was listed as 'Computational resources'.
It's really getting to the point where T&C should be standardized and any extra conditions they want to throw at you should be presented front and center.
Sadly IceFloor doesn't seem to have an option to quickly filter out in a per-program basis. And Little Snitch, well…maybe a bit overpriced if it's just to block Spotify (hell, they should be the ones providing a setting for that).
He's asking for something to "selectively limit upload (or download) speeds per-application?" not how to block an application from communicating at all. (Little Snitch)
It always was P2P, that is the way they (I see now, USED TO) describe their technology (I remember reading about this in their homepage some years ago, now it has turned into a strange content hub).
So, if it is not streaming, then you are streaming.
Didn't know Spotify ran a p2p rig. Just wish they would give me some extra free minutes for having the damn thing up and running all the time back home...
Anyway, quite entertaining to monitor its port traffic on my Mac:
perl -e'while(1){%x=map{$_=>$x{$_}+1}grep/spotify/i,`lsof -i -P`;print for grep{$x{$_}<2}keys%x;sleep 1}'
It seems to target peers geographically, which makes sense.
I think Spotify is an amazing product, and there are research papers on how their system is implemented to give the fastest playback possible. It's incredibly snappy compared to the other alternatives. I remember trying Pandora when it was available here and it wasn't as fast as Spotify was (and still is).
I didn't know this. Although as a tech reporter I should have, I would argue that typical people are unaware of these kinds of architectural implications and that without obvious disclosure this design decision sort of takes advantage of users.
Customers are paying twice, for the service and for other people's data, and it shouldn't take a Hacker News-level understanding of technology for them to be aware of this fact. It feels icky and reminds me of when I found out that Dropbox was "sharing" my files with other users: http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-u...
I run the little snitch firewall application on OS X and noticed this literally the first time Spotify ran (tip, EVERYONE running on mac should use this app, it's incredibly interesting to have a window into exactly what every application on your system is connecting to).
It's almost laughable the amount of connections it attempts to make to outside clients.
Anyways, the solution for me is simply to block all outgoing traffic to spotify that isn't directly to its streaming servers. Problem solved, no more outside peers eating up my upstream bandwidth.
My main problem with this is that Spotify utilizes the full upstream bandwidth, causing the latency to go up dramatically on connections where the upstream is limited. If they were just a little bit intelligent and limited the streaming to 90% of the available bandwidth I'd be okay with it since that wouldn't affect the latency.
Question: What is the best way to traffic shape all upstream connections on OS X? I've tried ipfw but I can't figure out a good way to e.g. limit the upload on all apps except for e.g. SSH.
If you have a recent (>=10.7) version, pf [0] is installed. pf is a more capable firewall than ipfw, and can shape upstream connections in a number of ways. As an example of what it can do, the Network Link Conditioner [1] is built using pf. The version in OS X is not the most recent version in OpenBSD, but that FAQ is a good start, and the man page [2] can fill in the details.
mobile clients have their own set of bandwidth issues. I play 1 playlist on my phone, it is available locally (all downloaded long ago), and yet spotify has used over 2gb of bandwidth in the last 20 days. There's a huge thread about it on the spotify forums somewhere.
The Android app is horrendous for this issue as well. I have a Nexus 4 with the latest Android OS and the latest version of Spotify. I have yet to use the app even once this month. (I use Google Music.)
The Spotify Android app has consumed almost 250 MB of data on WiFi and about another 100 MB on 3G/4G this month alone. Does anyone else have this issue?
(For anyone that doesn't know, Android provides the data usage of each app in the settings panel.)
At least one person (me) who doesn't! Sadly there isn't time to become knowledgable about everything, and I never found network administration very interesting anyway.
Is there anyway to block the traffic that anyone knows of? I hate having to use 'offline mode' because my songs aren't scrobbled. Also as a paying user it's a kick in the teeth to have the client taking my bandwidth AND cpu while I'm not even using it. As a side note, Spotify has some of the worst community relations I've ever seen.
I agree that rdio is the better service, but unfortunately since they dropped their free tier, I think most people will just grin and bear it with Spotify. Let's be honest - probably the majority of Spotify's users don't even know what upload bandwidth is, let alone why they should be concerned about it.
I didn't know about this either.
I just canceled my unlimited subscription because of it.
(another reason was them updating their TOS, and showing the whole thing instead of showing only what has been updated; thus encouraging people to agree without reading — Not ethical at all)
In terms of this being HackerNews: It is actually a pretty smart and economic idea to use P2P in music streaming clients. When I first heard about this, I was excited. Thumbs up, Spotify!
Apart form that, that's really no news, you could read about that for years.
I just use my operating systems firewall to block Spotify from connecting to any IP address that isn't theirs. It results in you streaming music from only Spotify's servers and it prevents any uploads from your computer.
I don't see any background process running when I shut it down on Linux, and my bandwidth monitor immediately shows any unusual uploading activity coming to an end.
Last i heard idle clients (i.e. not currently streaming) are supposed to drop out of the P2P overlay, so it shouldn't be uploading if you haven't listened to music for a while. I haven't tested if this is actually the case though.
I didn't see it uploading a lot over about 20 minutes. (1) I was listening to an obscure album, (2) I listen to small number of songs repeatedly, although I have a large number "starred" and in playlists from previous installs of the app.
That's a labor intensive solution to a problem which should not exist in the first place.
Speaking as a premium subscriber, I really value simple music discovery. I would be downloading or purchasing my own music if I felt strongly about micro managing my collection.
If I feel like coding to someone else's 2000 track psychedelic trance playlist which I just happened across - I would like to do so without mucking around with some monstrous download (or, even worse, having to spend time cherry picking tracks I want). Likewise, perhaps I want to use classify (classical music discovery) and select a playlist based on mood. Again, creating my own playlist is at this point a simple inconvenience.
This problem shouldn't exist, and Spotify certainly owes its users some form of solution.
So the solutions outlined by Spotify are...
1) Suck it up. Its how the system works.
2) Use the web player. (Seems to be invite-only beta - US Only)
3) Use offline mode. Unlimited members pay for the service and cannot download tracks so not much use to those. Somewhat kills music discovery. Means you cannot use the radio option. Do social options work in offline mode? Not much point if they do as you would need to go online to play any new tracks.
4) Set cache size really small. (someone reported this doesn't work) Wouldn't this mean a big spike in downloads as none of your songs are cached?
Its crappy. I remember when I used to play counter-strike and I would have to shut down Spotify as it would kill my ping and make the game lag terribly. Launching in game radio though would be fine...
Asking free members to suck it up is fine. They are using the service for free and get a few ad's. Another cost to service is fine.
For paid members though there needs to be an option to drastically tune down the upload rate and even disable it if you are not listening to music yourself.
Spotify have been inactive on this issue to date. My hopes are fairly low that they will resolve it any time soon.