
Spotify's new privacy policy angers users - martin-adams
http://www.bbc.co.uk/news/technology-34016658
======
honzzz
I am especially bothered by the part about "contact phone numbers" \- I am OK
with people giving up their privacy but I want to be protected against someone
who has my phone number giving it to them. If Spotify or anyone else want my
phone number, they should have my consent, not just consent of someone who
happens to have my phone number.

~~~
pnt12
_The terms and conditions also state that it is up to the user to ensure that
people listed in the contacts list on their handset are happy for their phone
number to be shared with the music platform.

"Local law may require that you seek the consent of your contacts to provide
their personal information to Spotify, which may use that information for the
purposes specified in this privacy policy," reads the update._

I think this is the worst part. Sounds like "hey, we're collecting private
information, please make sure we're allowed to do so. If we ilegally collect
private information, that's the users fault - we alerted them to get
permission from their contacts!".

------
huhtenberg
Notch nailed it I think -

    
    
      @eldsjal The bigger problem is that you're in bed with
      facebook (that I also don't have installed), and thus 
      have zero inherent trust.
    

whereby @eldsjal is Daniel Ek, the Spotify founder.

[1]
[https://twitter.com/notch/status/634666970378563585](https://twitter.com/notch/status/634666970378563585)

~~~
bennyg
Notch could not have overreacted more. Sure their ToS may allow for privacy
creep, but that thread of messages between him and Daniel Ek was so cringe for
Notch. He basically doesn't want Spotify to be able to access anybody's photos
because how he utilizes music and playlists doesn't use photos. Sounds pretty
selfish and naive to me.

~~~
SmellyGeekBoy
"With your permission, we may collect information stored on your mobile
device, such as contacts, photos, or media files. Local law may require that
you seek the consent of your contacts to provide their personal information to
Spotify, which may use that information for the purposes specified in this
Privacy Policy."

Sharing all your friends' contact details with Spotify despite them possibly
having never even seen the ToS just so you can listen to some tunes seems more
"selfish and naive" if you ask me. Potentially in violation of EU data
protection laws too.

~~~
bennyg
I wasn't talking about that part. I was talking about Notch basically not
understanding why people would want to use pictures to make playlists and to
identify themselves to friends on a social music platform. He basically said
it was totally unnecessary and arrogantly inferred that the way he uses music
is the only way people should use music.

------
piquadrat
From
[https://twitter.com/eldsjal/status/634664239702102016](https://twitter.com/eldsjal/status/634664239702102016)

> @notch And again it's _if_ you use those features that we'll ask permissions
> for it.

How will they ask me for permission to my contact data shared with them via
someone else's address book?

------
rectang
I'm a paid subscriber. I'm paying for the product, and therefore I shouldn't
have to be the product.

The Wired article suggests that Spotify are only offering a binary choice:
allow the little Spotify creep to squat on my phone taking notes on me, or
stop using the service altogether. Are those really my only options?

I'm an email-only user (no Facebook for me).

~~~
jschwartzi
I just uninstalled it and am going to cancel my account in a few minutes. I
pay money for it too so that I don't have to sell my personal info and that of
my friends.

~~~
pearle
I just did the same and so did a couple of my friends. Sometimes a zero
tolerance, knee-jerk reaction is the best reaction to this sort of thing.

I just want to stream music that I want to listen to. That's it. I don't want
any social features, I don't want my play list being generated automatically
by my heart rate, etc.

~~~
r3bl
I'm currently in the process of downloading the music I saved in my Spotify
playlist (through a laptop). The mobile app is already uninstalled. Now all I
need to do is to download those songs and delete my account.

------
werid
CEO just posted an update

[https://news.spotify.com/us/2015/08/21/sorry-2/](https://news.spotify.com/us/2015/08/21/sorry-2/)

~~~
pearle
An apology posted on a blog is not a EULA. I've cancelled my account and I
will to see if the terms in the EULA remain vague and general.

------
mtgx
> "Throughout, the privacy and security of our customers' data is - and will
> remain - Spotify's highest priority.

Okay, this sort of line is really starting to piss me off - especially when
companies do the _exact opposite_ of what that line says, yet they still use
it to somehow trick users into thinking everything is fine.

Can we push companies to have a "Privacy policy" where they talk all about how
they _protect_ your data, and then a "Privacy intrusion policy" or let's say a
tamer "Data usage policy" where they tell you exactly how much access they
have to your data and how they are using it for their own purposes?

------
getdavidhiggins
Again this is about choice. With things like Soundcloud, you don't even have
to register to download music, and I've downloaded my fair share of 1-2 hour
long DJ sets from there. Basically enough music to last my entire lifetime and
I will never be bored. DJ sets are great because there's no skipping through
tracks, and you can have them playing in the background when doing coding, and
you can discover music accidentally that way. Also there seems to be no limits
on Soundcloud with regards to how much you can download. It's all you can eat,
which is refreshing. I'm curious how they can achieve this though. I know they
have a paid / pro plan there, but still it screams of too much upfront value
and I do worry about their viability into the future. But for now Soundcloud
is exponentially better than any other service out there.

~~~
r3bl
Actually, uploading a DJ set on Soundcloud is against their ToS because those
mixes contain songs that are copyrighted. Soundcloud is not a good place to
upload mixes and that's why there's currently a huge rage between DJs and
Soundcloud's team. Basically, the product became big enough to care about
copyrights. If you're a DJ, you don't have a right to distribute your mix as a
free download if it contains a song copyrighted by a third party.

I suggest you to check out Mixcloud. It's a service made specially for
uploading mixes, but it doesn't allow you to download them for the reasons I
said earlier. It's also free and does not require you to sign up for an
account.

------
delinka
I'm not sure I understand what's happening here. If the apps (desktop and
mobile) ever asked for access to other data (I don't recall that they have),
I've told them no. I just checked all my settings and if my OS isn't lying to
me, Spotify doesn't have access to my location, my photos, nor my contacts.

Now, I'm not happy that they'd even ask. But the service doesn't stop working
when I deny access. Since the change in TOS, the apps didn't ask again.

I do, however, think any companies wanting access to data outside what I feel
is the app's purview should really stop couching their use in Marketing Speak
("We use this data to improve our service, let you discover content also
consumed by your acquaintances...") and be more informative about where the
data goes.

~~~
k-mcgrady
I think the problem is that they request the permissions for specific
features, but once you've given access they can use it for whatever they want.
e.g. you provide GPS for the running feature and now they can also track you
when you aren't running.

~~~
bennyg
So every single app that uses location services, ever?

~~~
vilmosi
Yes. Except I want Google Maps to know where I am, but why on Earth does
Spotify care?!

~~~
wvenable
This is pretty circular as the comment 2 levels up is "you provide GPS for the
running feature"

If you don't want to give them permission to something, don't give it. Of
course, that will also mean you can't use features that depend on it.

~~~
vilmosi
I use Android, I can't just deny permission and not use a feature. I would
have to stop using Spotify alltogether.

It's not the same as giving permission to Google Maps to use my location
because I know exactly why it wants that. With Spotify, "improving our
services" is just not a good enough reason.

------
JumpCrisscross
> _In a blogpost, Spotify said its new terms were updated in the interests of
> transparency._

Screwing people over is okay if you're transparent about it?

------
maccard
So where can I find a list of these changes from Spotify? I'm not particularly
to be sharing the data they're asking for, considering I'm paying 9.99 a month
for the service.

------
rem7
I was never a big fan of spotify since it required a Facebook account to use
it. A regular email sign up process would have been enough. So I went with
rhapsody.

~~~
strickjb9
It doesn't require a Facebook account. I use Spotify and I never sign in with
my Facebook account for anything.

edit: I live in the U.S.

~~~
more_original
It used to require a facebook account initially (at least here in Germany,
right after the launch). I had to create a one in order to open a Spotify
account. The option to register using an e-mail address was added later and I
migrated my account when this was done.

~~~
codezero
Are you sure it required one? It may have made it very easy to sign up with FB
and very hard to sign up with email, but email has always been an option (in
the U.S.)

edit: thanks for the replies clearing this up.

~~~
more_original
Yes, because I really didn't want an FB account (closed it since). There were
even doubts about the legality of Spotify requiring an FB account in Germany:
[http://www.noz.de/artikel/61551360/datenschuetzer-
kritisiere...](http://www.noz.de/artikel/61551360/datenschuetzer-kritisieren-
musikdienst-spotify)

------
neildahlke
This seems like very poor timing given the most recent gorilla entering their
room.

~~~
joshstrange
Apple music is terrible and I won't be leaving Spotify anytime soon even
though I was fully ready to make the switch.

~~~
k-mcgrady
Apple Music has been great for me and I've fully made the switch.

~~~
TIM2014
Ditto for me. I love Apple Music. I canceled my Spotify subscription prior to
this news after using Apple Music and finding it more then satisfied my needs.

~~~
josai
Quite interesting to see how different experiences people can have with Apple
Music. Mine is that it's a disaster - even with the latest updates I have
"synced" songs which simply won't play, synced songs which have been somehow
misidentified and the track that plays is wrong, random songs greyed out in
albums, band pages listing the wrong songs - I could go on and on. It's
literally unusable.

I'd love to be able to use one service that "solves" music for me but Apple
Music isn't even close and I'm astounded at how botched the release has been.

So yeah. Your mileage may vary... quite wildly, apparently!

------
robbrulinski
Canceled my subscription! No, you can't access my photos.

------
jbeales
I haven't read the Privacy Policy, but I pulled up the Spotify settings on my
iPhone, and the only permission it has is Background App Refresh, (although
I'm not sure if movement sensors would appear in the Settings app).

Is this some still-unreleased version of the app the article is about, or has
the privacy policy changed with no changes to the data that Spotify actually
accesses?

~~~
sp332
IIRC, iPhone apps can ask for permissions when they need them, but Android
apps have to ask for every possible permission up front.

There's a better permissions system coming in Android Marshmallow, but that
doesn't help anyone right now.

~~~
alkonaut
That's a huge difference in how invasive it _feels_. But in practice, I'd feel
watched if I allowed my music player to see my GPS location up front, but I'm
completely happy to let it do so when I activate the run function.

In practice, the app _could_ ask for permission to use the GPS the first time
you use the "running" function, and then spy on your location ever after. The
difference is in the perceived privacy.

~~~
sp332
On Android, it's impossible to install the app without granting all the
permissions. So if there's a feature to upload your own cover art, then you
have to grant it permission to look at all your photos forever or you don't
get to use the app. It's terrible.

~~~
alkonaut
So basically they made a design decision that was thought to be good for the
users privacy and it turned out to be a horrible decision. I can understand
the reasoning behind their ìnitial design, but I can't understand why this
hasn't just been thrown out and replaced already after it turned out so
obviously flawed?

At least they could have deprecated that system and allowed it to work with
old apps, while encouraging new apps to use an iOS-like we'll-ask-when-we-
need-it kind of system?

~~~
sp332
I'm pretty sure it will be available for all apps. It's going to be in the
next version of Android. (edited)

------
ballpointpen
I'm not a fan of these changes and it sucks because I was a fan of Spotify. I
wonder if they ever considered changing the feature list for their tiers (paid
vs. free) like essentially give everyone the mobile app but the paid
subscriptions have the ability to choose what they share (GPS, photos, etc)
whereas the free users don't have a choice.

------
pc2g4d
One approach other than cancelling accounts is to use Cyanogenmod's privacy
manager to deny particular permissions to the app.

------
SlashmanX
So what's the big deal here? Spotify are(have) introducing(ed) features that
require new permissions to work and everyone has gone mad? Is there any
specific reason people are up in arms over this or is it just the usual
"Facebook Messenger wants access to my microphone therefore they're always
listening to me!!!" overreaction?

~~~
pnt12
I think you underestimate the data collecting and mining done by Facebook and
most modern companies.

It's ok if you want it, but some of us would rather have basic functionalities
only and deny extra permissions.

------
f00644
Can't believe they can actually get away with this, regardless of it being in
their Terms. It's absolutely ridiculous!

------
daviross
First I thought "Good thing I don't have an account", then it turned out I had
one for one reason or another. Closed that straight away. Now to find out if
they'll drag their heels.

------
r721
Previously:
[https://news.ycombinator.com/item?id=10091031](https://news.ycombinator.com/item?id=10091031)

------
sbarre
As long as I can opt out of providing access to those features (photos,
contacts, sensors) and still use the app, then I will do that, even if that
means I get "reduced functionality" or however they spin it. I just want to
listen to my music, I don't care about social features or anything like that.
But if I can only use the app by giving access to those features, even as a
paid subscriber, then I will absolutely cancel my paid account and look to
other services.

------
r721
Why wouldn't they make two apps: simple (with minimal permissions) and
advanced (current one)?

~~~
opayen
Maybe to keep it simple for everyone? It's hard to explain to people why they
need to have 2 separate apps to do almost the same thing.

