“Free Music” from Spotify as DRM Hole Exploited by MP3-Ripping Chrome Extension


Spotify has one of the largest libraries of music at 20 million songs available to stream at any time. Free users have limited use of the library and have to hear ads, but subscribed users can listen ad-free as well as cache their playlists offline for playback when they aren’t connected to the internet as long as they pay the monthly fee.

A recent extension built for Google’s Chrome web browser called Downloadify, however, makes use of a gaping security hole in Spotify’s HTML5 setup and lets users essentially download any song from Spotify’s library for free as an MP3. That means anyone can pay for a single month’s subscription and keep all the music they would like.

Using Spotify’s service like this is obviously against the company’s terms and conditions, keeping the tracks is a breach of copyright, and the company are already “working on a fix”, but for the time being piracy has never been so easy.

Google did remove the extension from the Chrome Store for breaching its terms of service pretty quickly, but the code for the open source extension remains on Github for the time being.

Share This