• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4665
  • Last Modified:

Is Spotify safe

A couple of staff members are asking me if they can install Spotify.
Do any of you know the downsides of this?
Is it asking for trouble as I've never used it, or is it reasonably safe.
We have a 2003 domain, all users on XP
0
jasonbournecia
Asked:
jasonbournecia
  • 2
2 Solutions
 
David-HowardCommented:
Looks safe enough from these reviews and postings.
http://www.crunchbase.com/company/spotify
http://en.wikipedia.org/wiki/Spotify
http://blog.wired.com/business/2009/04/spotify-opens-a.html
I'm not a big fan of anything that is peer to peer (for various reasons).
Other than that, I can't locate anything negative about the application.
0
 
DaydreamsCommented:
Hi jasonbournecia,

Spotify, a proprietary peer-to-peer streaming music program may not be secure:

"On 4 March 2009, Spotify announced that personal data including email addresses and birth dates of members of Spotify prior to 19 December 2008 were "potentially exposed" by hackers exploiting a bug in the system. Spotify later announced that any affected users have been personally emailed by Spotify. The team creating "Despotify", an open source clone of Spotify, later announced that it was they who had discovered the security hole, and that only around 40 users' details had been revealed, mostly members of the Despotify or Spotify teams. While it is possible that other groups could have have used this approach to gain user information, it is unlikely given that Spotify fixed the issue within a few hours of the exploit being made public.

An announcement by Spotify also pointed out that any potential hackers would only be able to obtain salted encrypted passwords. Hackers would still have to have targeted specific accounts and used brute force attacks on these passwords."

Here's their own security notice:

http://www.spotify.com/blog/archives/2009/03/04/spotify-security-notice/

According to their team, they have apparently fixed the security issue. There is a competing open source project: http://despotify.se/

They discuss the security issues here: http://despotify.se/#criticism
0
 
jasonbourneciaAuthor Commented:
Thanks for the responses guys and gals.
I hope you don't work for them Daydreams!
I'll do a little more reading from the links
Thanks again.
0
 
DaydreamsCommented:
>Thanks for the responses guys and gals.
I hope you don't work for them Daydreams!
I'll do a little more reading from the links
Thanks again.


You're welcome Jason, and no, I don't work for them:-)
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now