Amazon access key
No idea what gda is.
Also their signature.
This is security 101 right? Or is this normal for a service of this kind? Also are they officially using the Soundcloud API? if yes, is this one of the responses of the API?
Only way to really hide the info would be to really stream all content through their box. Then they just could host it themselves in the first place...
This would avoid the fact that users could see the GET request to the SoundCloud API.
We are working on securing/masking the url, but at the end of the day, Console.fm is not a true stream, so we cannot securely give the user the song with out the soundcloud .mp3
Please voice any advice you have on this issue or help out, open to suggestions as to we are looking into a proper fix right now.
As long as there is DRM, there will be ways to trivially break DRM.
By the way, if you can stream it, you can download it, on any service. One-time use streaming keys are no defense against right clicking. It's just a matter of how much patience you have to expose the underlying URL.
looks to me like grooveshark is giving a stream.