

Spotify Just Got Real Creepy with the Data It Collects on You - Phoenix26
http://www.forbes.com/sites/thomasbrewster/2015/08/20/spotify-creepy-privacy-policy/

======
jagermo
I just wanted to note that forbes uses at least 16 trackers in this article
(and does not tell you about it).

I have no problem with journalists pointing out flaws, but especially forbes
likes to know a lot about its readers.

~~~
merijnv
FYI, I opened up the privacy policy from my Spotify install (I updated
yesterday, I think?) and none of this is mentioned in it.

------
joopxiv
"Upon opening the Spotify app up this morning..."

"FORBES contacted Spotify for a response and is awaiting comment."

This tells you exactly how much time they waited for Spotify to respond. This
is 'iterative journalism' at its worst: publish first, investigate later!
Completely disgusting.

~~~
dingaling
Why should Forbes wait for comment, when Spotify didn't wait for their users?

It's not as if this is something that took Spotify by surprise, like a data
hack, that would require time to formulate a legally-sound response.

They will have been planning and implementing this change for months. They
could have issued a press release two weeks ago advising their customers of
the upcoming changes, but didn't.

Spotify seem to like surprises, so Forbes played one on them.

~~~
joopxiv
Spotify does wait for the user's consent. That's the whole point of agreeing
to the privacy policy. Apart from that, Spotify doesn't have anything to do
with basic principles of journalism, because they are not journalists.

~~~
dingaling
Any other substantive change to the terms and conditions require prior written
notice. For example, slipstreaming in an app update that said 'from right now
your monthly fee will be €20' would not be considered sufficient notice.

So why should privacy be Any different? In fact in this Cloud Era, privacy
terms are probably of more concern to users than another dollar on their
subscription.

The only reason Spotify didn't give prior notice was to put users in a bind on
the spot.

Even Google manages to do it properly!

------
jalfresi
Is this for real? I pay £10 a month to avoid this crap and now I'm lumped in
as well?

Screw this, I'm off to Apple Music.

~~~
gcr
Why? Apple built your _telephone_ ; they already know about your "contacts,
photos, or media files." They know your GPS location, too.

This reminds me of the quip about conservative folks threatening to move to
Canada because they're unhappy about all the corrupting liberal values
creeping into American politics.

~~~
jalfresi
I am under no illusions that Apple keeps this information. I've opted out of
iAds so I know that my data is not being used against me, and Apple do not
sell my data to third-parties.

To be clear, Spotify using my habits and data to improve their service I have
no problem with; it makes a better service for me! Same with Apple.

Maybe I should have explained clearer in my original comment (though I thought
it was obvious) but I have no problem dealing with companies that I deal with;
it's companies I DONT have an arrangement with who I have trouble trusting
they wont use my data against me.

And now it appears that Spotify is one of those companies. And all I want to
do is stream my playlists on the way to work. Now I have to consider that they
may be selling my contacts lists, movements, etc;

It's a plain cash grab at my expense. And I wont do business with businesses
that don't respect me or my data.

~~~
charlesray
"It's a plain cash grab at my expense."

It is absolutely not.

~~~
mosselman
Explain please how it is ABSOLUTELY not. It must be at least a bit, because
you can tick off a few from the list of the definitions:

Noun

cash grab ‎(plural cash grabs)

    
    
        1. (derogatory) product designed without love or care, with the sole intent of generating profits 
        2. (politics) Legislation that serves primarily the purpose of generating revenue. 
        3. An activity engaged in with the intention of making money quickly.
        4. The money generated by a cash grab. 
        5. A game in which players attempt to grab as much money as possible. 
    

Source:
[https://en.wiktionary.org/wiki/cash_grab](https://en.wiktionary.org/wiki/cash_grab)

~~~
charlesray
You're doing exactly what Forbes wants you to do: fear mongering. Privacy
policies are legal liability waivers. They are not statements of intent. There
is absolutely no indication whatsoever that Spotify is harvesting your data
and selling it to third parties to make some money on the side. That is a
ridiculous assumption, and you need to provide damn good evidence if you
expect me to even begin to consider that.

What any REASONABLE person would assume is that Spotify is simply doing what
everyone else does, which is track your usage of their product in order to
better target ads.

~~~
LunaSea
And we all know that if everyone else is doing it it's alright!

The next "reasonable" thing to do is to let them use your phone's camera 24/7
to film your life so that they can get an actually good grasp of your
consuming habits.

I'm hyperbolising here of course but this trend of using niche features like
syncing your playlist's BPM to your pace as an excuse to track even more data
and destroy your user's privacy must stop.

------
JustSomeNobody
I don't use spotify and I usually don't like social anything (except HN, of
course). However...

Surely there are reasonable explanations. Let's break this down.

GPS and motion sensors. Why could they want this? Maybe they will switch up
your play list when you go for that run. Seems plausible.

Contacts. Ok, everything is social, so maybe they want to send your current
track to other spotify users in your contacts. Seems plausible.

Photos. Not sure about this one.

Sharing your information with partners. Does spotify play ads? wouldn't this
be a standard part of sharing data with Apple and Google's ad network?

I'm not defending them, but this is the social world we live in. You either
find alternatives or deal with apps that pack social features in.

~~~
caractacus
> GPS and motion sensors. Why could they want this? Maybe they will switch up
> your play list when you go for that run. Seems plausible.

They introduced a running feature a few months ago that does, indeed, attempt
to match the bpm of a playlist to your running cadence.

> Contacts. Ok, everything is social, so maybe they want to send your current
> track to other spotify users in your contacts. Seems plausible.

Share a playlist with a contact. Share a track with a contact. Etc etc. I'm
surprised this wasn't already in there if it's really a new addition.

> Photos. Not sure about this one.

Might be related to running. Strava, fr'instance, lets you add photos taken on
your run. Or might just be to let you adorn a playlist with your chosen photo.

> Sharing your information with partners.

Doesn't everyone? Isn't this standard boilerplate? Spotify are attempting
brand tie-ups in many areas so I can't see this as something out of the
ordinary.

~~~
cholantesh
The photo one stumped me as well, but I figured it was something innocuous. I
remember similarly misguided outrage over the Facebook app's 'new' permissions
just a few months (I think) ago.

Side note: these features make me think I should probably switch from Rdio,
though I guess some of those use cases are satisfied by Songza...

------
Guyag
Companies need to take a new approach to the permissions they request -
especially on Android where these are explicitly shown to the user. Often
there are innocuous purposes behind them, but it's rarely immediately clear
and results in people jumping to conclusions. Companies should be more
explicit as to the reasons they request permissions.

~~~
ProblemFactory
The good news is that from Android 6.0, permissions will be more dynamic:
[https://developer.android.com/preview/features/runtime-
permi...](https://developer.android.com/preview/features/runtime-
permissions.html)

Apps can ask for permissions only if/when they are actually needed for a niche
feature, and the user can reject or revoke each permission individually.

------
tripzilch
> Local law may require that you seek the consent of your contacts to provide
> their personal information to Spotify

Uhm so how does that work?

I'm not a Spotify user, but quite a few people who have me in their contact
list definitely are.

Let's say I don't consent. Which I don't.

Will they have to cancel their Spotify subscription?

Doesn't that responsibility fall with Spotify just as much?

Because in that case, I'll gladly provide _my_ contact list, for Spotify's one
time exclusive usage with which they can cancel all the subscriptions of
everybody on it.

------
ruuki
in general, i really don't like still being a product although i'm paying for
subscription.

------
tempestn
Sensor data could make sense to pick appropriate music based on activity.
Perhaps the idea with the GPS is the same, although personally I'd still
prefer not to share that.

~~~
Guyag
I believe this is the case - they have a mode (so I'm told) that will choose
music based on your current running pace.

------
axx
I'm wondering how this would work with Apples _privacy features_?

Before any App can access your location, contacts, picture and so on, you need
to give it permission.

~~~
ibbb
Exactly, it specifically states: With your permission, we may...

Much about nothing...

------
danielsamuels
I would guess that the new sensor usage and GPS data is for the Spotify
Running feature which was announced a while back. From what I remember, it
changes your songs based on your running speed. Makes sense to require this
additional data.

------
Oletros
When he talks about mobile app, does he talks about the iOS one?

i have opened the app on Android, gone to the privacy policies and I don't see
any of those things he talks about. I have privacy policy in Spanish

~~~
danielsamuels
I had the new privacy policy appear when I opened the app this morning and had
to accept it to continue. Probably just rolling out over time.

------
tmaly
ok lets say this is true. If I want to continue using Spotify, how do I block
them from looking at my pictures and contacts on a stock nexus 5 running a
stock android 4.4.3 ?

------
jamesblonde
Apple are just getting dirty in the music business now. They're telling their
favorite journalists about Spotify's new privacy policy - like a journalist
would ever investigate such a thing!

~~~
Someone
_" Upon opening the Spotify app up this morning, your reporter was greeted
with a request to agree to the new conditions."_

So Apple hacked the Spotify app to pop up a message announcing the new privacy
policy? On iOS, Android, or both? Either way, that's quite an extraordinary
claim.

I find the idea that Spotify made the change itself and that tech journalists
routinely check for changes in privacy policies searching for something to
write about much more plausible.

So, please give some evidence that this is what happened.

~~~
richmarr
> So Apple hacked...

Think you misunderstood that aspect of jamesblonde's comment. He's suggesting
the journalist is pushing Apple's PR for them. It does happen, journalists
often use content PR firms send them. I have no idea if it happened in this
case.

