A Chrome browser extension that lets anyone rip music from Spotify at the click of a mouse has exposed a flaw in the security of Spotify’s library.
Spotted by Dutch site Tweakers, Downloadify takes advantage of an apparent oversight in Spotify’s music library. When using Spotify’s web player, Downloadify lets users with a paid subscription click on any song and rip it as a DRM-free MP3 to their computer.
The normal Spotify application encrypts the music that it streams, so it looks like this comes down to an oversight of some kind on Spotify’s part. When contacted for comment, Spotify told Wired.co.uk: “We are aware of the issue and are currently working on a fix.” (The exploit was patched after this article was published on Wired UK.)
Meanwhile, Google has taken the plugin down from the Chrome Web Store only a day after its May 7 launch, but, as The Verge has noted, it’s still readily available to download from Github as of the time of writing.
Several sites do exist purely to point out that you can “rip” music from Spotify quite easily by just recording from the audio out jack (or a tape deck held up to the speakers, if you want to do it old school), but any user that does anything to make “copying, reproducing, ‘ripping,’ recording” is explicitly forbidden by Spotify’s Terms and Conditions.
Via: Ars Technica