Spotify now officially even worse than the NSA

It wants to know who you know, where you are and what you like


New terms and conditions popping up on Spotify users screens give the music-streaming company sweeping new rights.

The “What we collect” section of the new terms seems scary enough:

By using or interacting with the Service, you are consenting to: the collection, use, sharing, and processing of information about your location, including any related interactions with the Spotify service and other Spotify users (as described in The information we collect); the use of cookies and other technologies; the transfer of your information outside of the country where you live; the collection, use, sharing, and other processing of your information, including for advertising-related purposes (as described in the rest of this Privacy Policy, so please keep on reading!); and the public availability of your information and the controls over such information as described in Sharing information.

But dig down and that additional information turns out to be pretty comprehensive:

If you connect to the Service using credentials from a Third Party Application (as defined in the Terms and Conditions of Use) (e.g., Facebook), you authorise us to collect your authentication information, such as your username and encrypted access credentials. We may also collect other information available on or through your Third Party Application account, including, for example, your name, profile picture, country, hometown, email address, date of birth, gender, friends’ names and profile pictures, and networks.

If you want to keep the intrusion down you really, really should not connect your Spotify account to your Facebook one:

You may integrate your Spotify account with Third Party Applications. If you do, we may receive similar information related to your interactions with the Service on the Third Party Application, as well as information about your publicly available activity on the Third Party Application. This includes, for example, your “Like”s and posts on Facebook. We may use cookies and other technologies to collect this information; you can learn more about such use in the section Information about cookies, other technologies, and third-party data collection of this Privacy Policy.

But it’s not just stuff in your Facebook account. The app will hunt around in your phone for more information about you:

Depending on the type of device that you use to interact with the Service and your settings, we may also collect information about your location based on, for example, your phone’s GPS location or other forms of locating mobile devices (e.g., Bluetooth). We may also collect sensor data (e.g., data about the speed of your movements, such as whether you are running, walking, or in transit).

And it’s well broadcast:

Certain information may always be publicly available to others and other information is made publicly available to others by default. And if you share information to a Third Party Application, that information is viewable on Spotify, regardless of how you set your privacy settings.

If you are a premium user and choose to defer the decision to accept Spotify will give you thirty days to acquiesce. Decide against trading your data for access to the service you'll no longer be able to use it but will still get charged unless you separately cancel your subscription.

The Swedish biz told The Register:

"Spotify is constantly innovating and evolving its service to deliver the best possible experience for our users. This means delivering the perfect recommendations for every moment, and helping you to enjoy, discover and share more music than ever before. The data accessed simply helps us to tailor improved experiences to our users, and build new and personalised products for the future. Recent new features include Spotify Running, which matches the BPM of your music to the pace of your run, or the new Discover Weekly feature, which curates a weekly playlist based on your tastes.

"Throughout, the privacy and security of our customers' data is – and will remain – Spotify's highest priority. We will always ask for individual permission or clearly inform you of the ability to opt out from sharing location, photos, voice and contacts."

The company says it wants access to your photos because it is testing the ability for users to change their profile pictures or add a picture to personalise their playlists. Trawling your address book comes from "looking for ways to more easily find your friends on Spotify to discover music through your social circles".

Some users on the Spotify forum have already said they will decamp to Deezer as result of the new rules. ®

Similar topics


Other stories you might like

  • DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers
    Meanwhile, Tails 5.0 users told to stop what they're doing over Firefox flaw

    DuckDuckGo promises privacy to users of its Android, iOS browsers, and macOS browsers – yet it allows certain data to flow from third-party websites to Microsoft-owned services.

    Security researcher Zach Edwards recently conducted an audit of DuckDuckGo's mobile browsers and found that, contrary to expectations, they do not block Meta's Workplace domain, for example, from sending information to Microsoft's Bing and LinkedIn domains.

    Specifically, DuckDuckGo's software didn't stop Microsoft's trackers on the Workplace page from blabbing information about the user to Bing and LinkedIn for tailored advertising purposes. Other trackers, such as Google's, are blocked.

    Continue reading
  • Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work
    Someone got Zuck'd

    Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.

    The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.

    Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

    Continue reading
  • Atos pushes out HPC cloud services based on Nimbix tech
    Moore's Law got you down? Throw everything at the problem! Quantum, AI, cloud...

    IT services biz Atos has introduced a suite of cloud-based high-performance computing (HPC) services, based around technology gained from its purchase of cloud provider Nimbix last year.

    The Nimbix Supercomputing Suite is described by Atos as a set of flexible and secure HPC solutions available as a service. It includes access to HPC, AI, and quantum computing resources, according to the services company.

    In addition to the existing Nimbix HPC products, the updated portfolio includes a new federated supercomputing-as-a-service platform and a dedicated bare-metal service based on Atos BullSequana supercomputer hardware.

    Continue reading

Biting the hand that feeds IT © 1998–2022