
Spotify apologizes for new terms and conditions roll-out - iamben
https://news.spotify.com/us/2015/08/21/sorry-2/
======
pilif
«Of course now with all that backlash [and probably a significant number of
account cancellations], I can assure you that we never intended to actually do
the stuff our new policy has reserved the rights for»

«Please accept this humble apology and look forward to an updated policy we
will publish very soon (I promise). In the mean time, the updated policy stays
in effect because, as you can see here, we never intended to do the things we
were saying we're going to be doing, so it really doesn't matter for you»

(sorry for the sarcasm bordering cynicism, but I really didn't like the
posting. If it was sincere, they would have immediately rolled back the policy
until they have something better)

------
vvanders
"Voice: We will never access your microphone without your permission. Many
people like to use Spotify in a hands-free way, and we may build voice
controls into future versions of the product that will allow you to skip
tracks, or pause, or otherwise navigate the app. You will always have the
ability to disable voice controls."

Why even put it in if you're not using it? Honestly I just want something that
plays music and 95% of that other stuff(which poses a large security risk on a
managed corporate device) just isn't interesting.

~~~
dublinben
>I just want something that plays music

If you're concerned about privacy or security, I recommend not using any
streaming service. You should just load the music you want to listen to onto
your device, and use your local music player. You could also listen to an
internet radio service like DI.fm which provides raw .pls files for use in any
app.

~~~
nmrm2
This advice operates from a mindset that both privacy and security risks are
binary. They are not+.

A third-party app that gives access to X,Y, and Z permissions is a larger
security risk than an equivalent app that only has permissions for X. So if an
app only needs X in its current version but requests Y and Z, then it is
introducing unnecessary risk.

\+ See e.g. [https://systemoverlord.com/blog/2014/09/05/security-not-a-
bi...](https://systemoverlord.com/blog/2014/09/05/security-not-a-binary-
state/)

------
mike-cardwell
"We're sorry you're so confused"

~~~
imauld
"Sorry, not sorry"

------
hrvbr
Too late, I've just unsubscribed. This issue was a last-drop motivator, the
primary reason being that I don't like paying artists I don't listen while the
lesser known artists I do listen only get a few cents if anything of my
monthly fee.

------
pearle
Yeah, an apology isn't a substitute for an updated EULA.

I will wait for the updated EULA before I re-evaluate my cancellation.

------
jhgg
Being a Spotify user on iOS, I didn't expect much change from the new privacy
policy they had released. The OS doesn't permit apps to access the camera
roll, microphone, location services or contacts without explicit permission.
Which is essentially what Daniel is re-stating here, for those who are
freaking out/forgot. But I guess it's good to state this, because the desktop
apps are a bit less sandboxed (aside from the one that runs in the browser).
Also, the revised privacy policy could have been written/worded better. I feel
like there was just a significant disconnect between the legal and PR teams.

~~~
detaro
Most stock android users also only can give "explicit permission" by
installing the app, there are no finegrained control mechanisms (because
reasons).

~~~
sancha_
Not yet, Android M comes with a similar permission model as iOS has.

------
chinathrow
"We also share some data with our partners who help us with marketing and
advertising efforts, but this information is de-identified – your personal
information is not shared with them."

We know that proper data anonymization is hard. Could they prove this or held
liable if it's not working as intented?

------
subdane
We went through a TOS kerfuffle recently with our startup. As a team we fall
pretty far on the side of users' rights and privacy. I can't speak for
Spotify, but I can say we found it to be a bit of a challenge to balance
users' rights with future feature ideas, privacy controls within a mobile OS,
corner cases, and legal fees. We wanted to keep options open around business
models and features without having to go back to our lawyer (and our users)
with every new release. It was instructive to be on the other end of crafting
a TOS and realizing just how complicated and expensive it can get to try to do
the right thing.

~~~
detaro
Funnily enough, I've never seen much of developers pushing for better privacy
controls in the OS.

------
brador
This hit the front page of Reddit (and
[http://skimfeed.com](http://skimfeed.com) !) overnight. Other similar
examples of "bad decision, reddit, ceo statement" are the Netflix price
increase. It helps if the service is easy to stop using/cancel because then
they see the juicy inverse hockeystick right in their analytics over their
morning coffee.

------
rectang
I read this as "Click OK once while updating and we'll be gettin' all up in yo
phone".

"We will never access your photos without explicit permission"

"We will never gather or use the location of your mobile device without your
explicit permission."

"We will never access your microphone without your permission."

"We will never scan or import your contacts without your permission."

Crikey, you're not screening me for a mortgage or a job with a three-letter
agency. Can't you write an app that doesn't need every last piece of info on
my phone?

------
christop
More companies should have this information up front. For example, Lookout has
an open source framework for generating more visual privacy policies:

[https://github.com/lookout/private-parts](https://github.com/lookout/private-
parts)

[https://www.lookout.com/legal/privacy](https://www.lookout.com/legal/privacy)

(though I'd note that page still lacks the _why_ of what's being collected)

------
duiker101
We will only use permissions with your permission!

------
thebiglebrewski
Wow. Well I think that settles that!

On a similar note, I've always thought Daniel Ek was a pretty upstanding guy.

~~~
mosselman
It only settles it when they formulate a new TOS that does not give them the
freedom to completely ignore what they say are the reasons for accessing
things like photos. If you have only features abc in mind, why formulate a TOS
where you have access to the whole a-z?

~~~
thebiglebrewski
Is it possible to just take Daniel Ek's word on this one? If you're so upset,
couldn't you just disallow access?

~~~
detaro
If you are a user on most stock android devices, then no, you can't, outside
of not installing the app. (Which IMHO is a major defect in android and
annoying to solve for app makers, but that's the environment they have to keep
in mind)

~~~
oneeyedpigeon
Yeah, the android permissions model is absolutely terrible; not sure if iOS is
any better (actually, I think it might be worse). Not only is it incredibly
non-granular, but it also seems to be an all-or-nothing, and there's no way to
control global permissions either.

~~~
christop
Permissions are now granular in Android 6.0, and even for apps which weren't
built against the newer SDK, you can turn off permissions individually.

------
qznc
If they explicitly ask for permission on each access anyways, then it is
unnecessary to talk about it in T&C.

~~~
detaro
No, it is not, because they still need to explain what exactly they are doing
with it, unless they want to show the legalese each time the feature is
activated.

