I am especially bothered by the part about "contact phone numbers" - I am OK with people giving up their privacy but I want to be protected against someone who has my phone number giving it to them. If Spotify or anyone else want my phone number, they should have my consent, not just consent of someone who happens to have my phone number.
The terms and conditions also state that it is up to the user to ensure that people listed in the contacts list on their handset are happy for their phone number to be shared with the music platform.
"Local law may require that you seek the consent of your contacts to provide their personal information to Spotify, which may use that information for the purposes specified in this privacy policy," reads the update.
I think this is the worst part. Sounds like "hey, we're collecting private information, please make sure we're allowed to do so. If we ilegally collect private information, that's the users fault - we alerted them to get permission from their contacts!".
Notch could not have overreacted more. Sure their ToS may allow for privacy creep, but that thread of messages between him and Daniel Ek was so cringe for Notch. He basically doesn't want Spotify to be able to access anybody's photos because how he utilizes music and playlists doesn't use photos. Sounds pretty selfish and naive to me.
"With your permission, we may collect information stored on your mobile device, such as contacts, photos, or media files. Local law may require that you seek the consent of your contacts to provide their personal information to Spotify, which may use that information for the purposes specified in this Privacy Policy."
Sharing all your friends' contact details with Spotify despite them possibly having never even seen the ToS just so you can listen to some tunes seems more "selfish and naive" if you ask me. Potentially in violation of EU data protection laws too.
I wasn't talking about that part. I was talking about Notch basically not understanding why people would want to use pictures to make playlists and to identify themselves to friends on a social music platform. He basically said it was totally unnecessary and arrogantly inferred that the way he uses music is the only way people should use music.
He's voting with his wallet because he disagrees with the direction that a company seems to be taking. Everyone is free to choose for themselves based on their personal comfort level. How is this selfish and naive?
I'm a paid subscriber. I'm paying for the product, and therefore I shouldn't have to be the product.
The Wired article suggests that Spotify are only offering a binary choice: allow the little Spotify creep to squat on my phone taking notes on me, or stop using the service altogether. Are those really my only options?
I just uninstalled it and am going to cancel my account in a few minutes. I pay money for it too so that I don't have to sell my personal info and that of my friends.
I just did the same and so did a couple of my friends. Sometimes a zero tolerance, knee-jerk reaction is the best reaction to this sort of thing.
I just want to stream music that I want to listen to. That's it. I don't want any social features, I don't want my play list being generated automatically by my heart rate, etc.
I'm currently in the process of downloading the music I saved in my Spotify playlist (through a laptop). The mobile app is already uninstalled. Now all I need to do is to download those songs and delete my account.
On my Android, ToS still date as of July 8, 2014 so I guess this is still being discussed. I'll wait to see how it pans out but I'll seriously consider cancelling my subscription on principle if this goes through.
Apparently. I guess we'll learn soon enough whether a large enough percentage of their customers care or are educated enough to care. Sadly, the answer nothing will probably come of this.
> "Throughout, the privacy and security of our customers' data is - and will remain - Spotify's highest priority.
Okay, this sort of line is really starting to piss me off - especially when companies do the exact opposite of what that line says, yet they still use it to somehow trick users into thinking everything is fine.
Can we push companies to have a "Privacy policy" where they talk all about how they protect your data, and then a "Privacy intrusion policy" or let's say a tamer "Data usage policy" where they tell you exactly how much access they have to your data and how they are using it for their own purposes?
Again this is about choice. With things like Soundcloud, you don't even have to register to download music, and I've downloaded my fair share of 1-2 hour long DJ sets from there. Basically enough music to last my entire lifetime and I will never be bored. DJ sets are great because there's no skipping through tracks, and you can have them playing in the background when doing coding, and you can discover music accidentally that way. Also there seems to be no limits on Soundcloud with regards to how much you can download. It's all you can eat, which is refreshing. I'm curious how they can achieve this though. I know they have a paid / pro plan there, but still it screams of too much upfront value and I do worry about their viability into the future. But for now Soundcloud is exponentially better than any other service out there.
Actually, uploading a DJ set on Soundcloud is against their ToS because those mixes contain songs that are copyrighted. Soundcloud is not a good place to upload mixes and that's why there's currently a huge rage between DJs and Soundcloud's team. Basically, the product became big enough to care about copyrights. If you're a DJ, you don't have a right to distribute your mix as a free download if it contains a song copyrighted by a third party.
I suggest you to check out Mixcloud. It's a service made specially for uploading mixes, but it doesn't allow you to download them for the reasons I said earlier. It's also free and does not require you to sign up for an account.
I'm not sure I understand what's happening here. If the apps (desktop and mobile) ever asked for access to other data (I don't recall that they have), I've told them no. I just checked all my settings and if my OS isn't lying to me, Spotify doesn't have access to my location, my photos, nor my contacts.
Now, I'm not happy that they'd even ask. But the service doesn't stop working when I deny access. Since the change in TOS, the apps didn't ask again.
I do, however, think any companies wanting access to data outside what I feel is the app's purview should really stop couching their use in Marketing Speak ("We use this data to improve our service, let you discover content also consumed by your acquaintances...") and be more informative about where the data goes.
I think the problem is that they request the permissions for specific features, but once you've given access they can use it for whatever they want. e.g. you provide GPS for the running feature and now they can also track you when you aren't running.
I use Android, I can't just deny permission and not use a feature. I would have to stop using Spotify alltogether.
It's not the same as giving permission to Google Maps to use my location because I know exactly why it wants that. With Spotify, "improving our services" is just not a good enough reason.
I don't know how their new features would work without these permission changes. Just because they need the permissions doesn't mean they're doing anything evil with them.
So where can I find a list of these changes from Spotify? I'm not particularly to be sharing the data they're asking for, considering I'm paying 9.99 a month for the service.
I was never a big fan of spotify since it required a Facebook account to use it. A regular email sign up process would have been enough. So I went with rhapsody.
It used to require a facebook account initially (at least here in Germany, right after the launch). I had to create a one in order to open a Spotify account. The option to register using an e-mail address was added later and I migrated my account when this was done.
Are you sure it required one? It may have made it very easy to sign up with FB and very hard to sign up with email, but email has always been an option (in the U.S.)
Email sign up has been possible in New Zealand for a long time, years I think - billing is though Australia so I suspect we hang off them somehow. I haven't got a Facebook account.
It did when they first launched here. I dropped them an email and asked if they had plans to allow non-facebook users to use their service, and was politely told that they had no plans to do so because the social connections were central to their business.
I never gave them a second look to see if that requirement changed.
I've been using Apple music since and have yet to encounter it's terrible-ness. Can you describe what you're referring to?
edit: oh wait, yeah - the "For You" tab that has all those little circles to "tell us what you like". ITunes has almost 10 years of listening data, can't they figure that out for me?
One thing is that it's very irritating to browse my non-Apple Music music now. I used to have a tab for artists, a tab for albums, and a tab for songs. Now I have one tab for my entire music collection.
With the multiple tab experience, you could browse into something on one tab, switch to another tab, and switch back, to see what you had previously browsed to (this is inherently how UITabBarController works). You can't anymore, you have to go back to the root to switch to browsing artists from albums, etc.
Another thing at all of the services completely fail at is disabling online music (iTunes Match, things not "available offline" on Spotify) when you have no cell service (i.e. on the train, when you're likely to be listening to music on your cell phone!). It's impossible to listen to streaming music at that time, so why even show it?
Chiming in on your little rant, I really wish Spotify would make it easer to just listen to some albums.
I'm old, I grew up with tapes and vinyl, I don't want to shuffle, I don't want to share my listening to facebook (I'll message my buddy when I've found a gem), I don't want to know what my friends are listenting to (my backlog is big enough already), I don't want crappy playlists (I have radio already, thank you), I'm too lazy to create my own playlists, and the last thing I want to do when running is listen to music.
All I would like to do is save a couple dozen artists I like so I can slowly dig through their oevre and it would be great to have a way to manage that (one endlessly scrolling list is not enough). I still haven't figured out how the play queue gets populated.
Finishing off with something positive, the wifi sync is pretty awesome, first time I got some music stored on my iphone (I use a linux laptop).
Ditto for me. I love Apple Music. I canceled my Spotify subscription prior to this news after using Apple Music and finding it more then satisfied my needs.
Quite interesting to see how different experiences people can have with Apple Music. Mine is that it's a disaster - even with the latest updates I have "synced" songs which simply won't play, synced songs which have been somehow misidentified and the track that plays is wrong, random songs greyed out in albums, band pages listing the wrong songs - I could go on and on. It's literally unusable.
I'd love to be able to use one service that "solves" music for me but Apple Music isn't even close and I'm astounded at how botched the release has been.
So yeah. Your mileage may vary... quite wildly, apparently!
I haven't read the Privacy Policy, but I pulled up the Spotify settings on my iPhone, and the only permission it has is Background App Refresh, (although I'm not sure if movement sensors would appear in the Settings app).
Is this some still-unreleased version of the app the article is about, or has the privacy policy changed with no changes to the data that Spotify actually accesses?
Speaking of Android and its derivatives prior to the upcoming Marshmallow release (version 6), the permission model was based on all-or-nothing approach ("all" accept all permissions and STFU; "nothing" meaning not installing an app). There's a huge difference between informing user at install-time about all permissions an application requires and (not) knowing when they're used in run-time. In the Android world of cca hundred permissions and this all-or-nothing permission model, overall UX has suffered and caused tension between users and developers. As the latter keep adding features to their apps, sometimes requiring new permissions, some (aware and tech-savvier?) users will not feel comfortable about and even decide to uninstall the app just like some Spotify Android users already have.
In this regard I've had a good experience with Privacy Guard feature on CyanogenMod 11 (based of Android 4.4 KitKat) and later. It allows you to control each app's access to a permission - allowed, ignored (disallowed), or "always ask". The last one triggers a popup whenever an app X wants to user permission Y (e.g. "Skype wants to modify your contacts" - wait what?!) where you can allow or ignorile it, and also set it as a future default to prevent being nagged with the popup. Although I personally very much like the option to opt-in or opt-out, I understand that even Privacy Guard UX is not for everyone. Luckily, you can choose if you need Privacy Guard and activate it per app, or have it automatically activated for every newly installed app with the "always ask" option for each permission.
That's a huge difference in how invasive it feels. But in practice, I'd feel watched if I allowed my music player to see my GPS location up front, but I'm completely happy to let it do so when I activate the run function.
In practice, the app could ask for permission to use the GPS the first time you use the "running" function, and then spy on your location ever after. The difference is in the perceived privacy.
On Android, it's impossible to install the app without granting all the permissions. So if there's a feature to upload your own cover art, then you have to grant it permission to look at all your photos forever or you don't get to use the app. It's terrible.
So basically they made a design decision that was thought to be good for the users privacy and it turned out to be a horrible decision. I can understand the reasoning behind their ìnitial design, but I can't understand why this hasn't just been thrown out and replaced already after it turned out so obviously flawed?
At least they could have deprecated that system and allowed it to work with old apps, while encouraging new apps to use an iOS-like we'll-ask-when-we-need-it kind of system?
You're exactly right. The context is missing. When I install an app and it asks for permission A, B, C, and D, I probably have no idea why, and it's scary.
If I'm using the app and discover a new feature that asks me for permission A, I understand why, and can make a reasonable decision.
The problem is that the granting of permission isn't strictly tried to that particular feature. So if the app asks you for permission A for "reasonable feature 1" it can then use that permission in the background for "unreasonable creepy feature 2" since you've now granted it unilateral permission.
Sure, like I said there is no way for me to know that after they asked for permission to use GPS when I engaged the "Run" function the first time, they won't spy on my location every time I just use the app (apart from the little GPS activity icon perhaps).
But the context of me switching to the "running" feature and then I'm asked if I want to allow the GPS function is enough for me to not feel watched. It's all about context.
Same if the app asked for permission to see your photos (forever) when you use the custom cover art feature.
For a malicious app this makes no difference, but for those apps we (sort of) trust, the context makes all the difference.
I don't have a solution for location, but for photos, it seems like it would be best to require no permission to present a standard control (i.e. UIImagePickerController), but with the API only actually providing any information when the control completes (photo is selected, or control is cancelled). The user selecting the photo is implicit permission.
Permission would be necessary to actually query for media programmatically, which is the real issue. Currently, they are conflated.
For location, I suppose that the "Google Maps is using your location" bar at the top could be expanded and always present when the location permission is enabled. Tapping it would revoke the permission until it is enabled again. This could get annoying though, some apps legitimately do depend on location all the time.
I'm not a fan of these changes and it sucks because I was a fan of Spotify. I wonder if they ever considered changing the feature list for their tiers (paid vs. free) like essentially give everyone the mobile app but the paid subscriptions have the ability to choose what they share (GPS, photos, etc) whereas the free users don't have a choice.
So what's the big deal here? Spotify are(have) introducing(ed) features that require new permissions to work and everyone has gone mad? Is there any specific reason people are up in arms over this or is it just the usual "Facebook Messenger wants access to my microphone therefore they're always listening to me!!!" overreaction?
First I thought "Good thing I don't have an account", then it turned out I had one for one reason or another. Closed that straight away. Now to find out if they'll drag their heels.
As long as I can opt out of providing access to those features (photos, contacts, sensors) and still use the app, then I will do that, even if that means I get "reduced functionality" or however they spin it. I just want to listen to my music, I don't care about social features or anything like that.
But if I can only use the app by giving access to those features, even as a paid subscriber, then I will absolutely cancel my paid account and look to other services.
- Company wants to be more explicit about what data they are collecting (their view) or wants to collect more data (others' view)
- Company announces that it's changing it's user agreement to permit collection of that data.
- Users are free to continue using the service, or to stop and use another service instead.
What other way would you have this process take place? I assume it's not the entire change in terms that you're objecting too, as some of them would obviously be involved in development of useful features.
