Follow us

Spotify is a new champion for privacy

Spotify is not as private as you think, nothing is safe in this electronic era.

Updated: October 1, 2021 By Hamna Imran

Spotify

Have you ever opened Facebook or Instagram and saw an ad for something you were just talking about?

Even though you never looked for the goods on such applications, they appear to know exactly what you want. If that's the case, you're not alone.

Many individuals feel that major tech companies are monitoring their customers' activities to develop smarter algorithms that offer tailored advertisements.

In this article, we will have a look at how Spotify operates. Information gathered by Spotify and what steps you can take to stop Spotify from tracking your data.

Spotify

Spotify was established in 2006 in Sweden as a music streaming service. The platform can be accessed from different devices and enables users to explore a collection of music that is licensed via several labels and to create and share albums with others.

In addition, listeners may enjoy free music with advertisements or can buy a membership to allow limitless ad-free music

Spotify privacy policy

Streaming App Spotify has just introduced its updated privacy policy, which leads to some of its most intrusive tactics. Now Spotify may gather information, such as contacts, photographs, or media files, that is saved on your mobile device.

Perhaps you question what Spotify wants to do with your pics? It's pointless to provide Spotify with more information than is required for your listening experience.

It's not about what Spotify might do with this data that's concerning, but rather where it might end up if the app gets hacked.

Worldwide Spotify users

Spotify has 165,000,000 paid customers globally in the second quarter of 2021, up from 138,000 in the equivalent quarter of 2020.

Over recent years, the membership base of Spotify has grown considerably and has more than doubled since the beginning of 2017.

Graph showing the number of Spotify premium subscribers worldwide from 2015 to 2021

Image source- statista.com

Our lives are increasingly intertwined with the Web – thus it is more important than ever to stay up with safety vulnerability news.

What information does Spotify have about you?

For each of its users, Spotify collects a variety of information. This information varies from that which is required for account access to that which is intended to improve listening experiences. For subscription-related operations, Spotify, requires your email address, home address, payment information.

Apart from that personal information the company tracks everything you do on the Spotify online player, mobile apps, and desktop.

While certain information is required to utilize Spotify, there is another set of data that appears to be unneeded for paying customers.

  • Spotify has all that information about what you purchase online?
  • With which device do you connect your Spotify account to listen to the music?
  • Which type of music do you listen to, or do you like most?
  • What do you order online?

Thus, Spotify spies you on all your activities.

Spotify also accesses your location. If the system thinks you're in Los Angeles, for example, it'll suggest music and artists that people who visit the West Coast usually love.

However, if Spotify introduces its listening features, you can bet that some consumers will be disappointed. People will want to know if the app is listening and if they can opt out of sharing their lives with a digital firm.

Inferences

Inferences are how Spotify classifies you as a person based on two factors: usage of Spotify and data acquired from advertisers. By permitting data collection processes that validate inferences, you're effectively letting Spotify and marketers collect data for free.

Spotify's most recent invention listens to your voice and specifies your emotional state... and recommends soundtracks based on it. The latest Spotify patent is stoking the fires of spyware theories, and it's easy to understand why.

According to Music Business Worldwide, the company submitted a patent describing how it might utilize microphones to detect people's “gender, emotional state, accent or age."

The suggested technology offers listening suggestions based on its assumptions about users. If it detects that you are furious, it may recommend a heavy metal playlist. If you've recently been dumped, some Juice WRLD could help to mend your heart.

Spotify suggests your song according to your mood and taste

Image source - twitter.com

As Spotify keeps eye on all the activities you perform on your device, mobile phone, or laptop, it can infer about your likes and interests very easily. However, it cannot be accurate all the time.

Credential stuffing attack on Spotify

You will be amazed to know that the world’s largest streaming service faced three credential stuffing attacks in 2020.

Over 380 million Spotify user details were exposed on an unsecured Elasticsearch database in November 2020. The database was created by unknown attackers using the credential stuffing method.

Credential stuffing is a hacking technique in which hackers attack and target websites using weak passwords.

How credential stuffing method works

Image source - cloudfare.com

Threat actors bet on individuals repeating passwords in this sort of attack; they try stolen passwords and IDs on several sites to get access to a variety of accounts.

According to the firm

The exposed database belonged to a third party who was utilizing it to store Spotify login information. These credentials were most likely obtained illegally or leaked from other sources.

Spotify began rolling password resets at the time of the hack, rendering the database unusable.

Exposed credentials

Image source-toolbox.com

How Can You Stay Safe?

If you feel you may have been affected by this, you should change your passwords immediately and avoid reusing them on other sites in the future.

Also, users should allow Multifactor Authentication (MFA) on their accounts to protect themselves against credential stuffing attacks.

Security awareness advocate at Knowbe4, Jawad Malik told that

It's critical that users understand the necessity of using unique and strong passwords across all of their accounts. Those credentials cannot be used by attackers to break other accounts, even if an account is hacked.

How to stop Spotify from tracking your data?

Unfortunately, there are not so many measures to limit how Spotify uses and gathers your data, however certain measures can be taken to do much better.

Listen to the music in a private session

Friend Activity allows anybody who follows you on Spotify to see what you're listening to by default.

While the option to share music with others is one of Spotify's greatest perks, there may come a moment when you want to listen to an album alone

You can start a Private Session if you don't want people to know what you're listening to. Thankfully, enabling — and then disabling — a private session on Spotify is simple.

Follow the instructions below to turn on and off the private session.

On desktop:

Over your profile, a photo lock sign will appear which means the private session is on. To end the session, click it once again.

How to turn on private session on desktop

On mobile and tablets:

If you are using android, iPhone or tablet follow the given steps

To send a Private Session, go through the same procedure again and turn it off.

how to turn on private session on mobile and tablet

Remember that when you restart Spotify or after a prolonged period of inactivity, the Private Session will end automatically.

Limit the use of your personal data by Spotify for advertising purposes

Most of the data that Spotify gathers looks to be harmless on its own. However, when millions of detailed and aggregated user profiles are left unsecured, they become highly valuable.

When you are already a paying member, you should secure your data and prevent access to it as much as possible. Subscription costs should be sufficient for Spotify Premium customers to have access to the service. There is little need for you to provide more information than is essential to have a good user experience.

Let’s see how you can limit Spotify to use your personal data. Follow the steps below

How to limit Spotify to use your personal data

You'll still see the same amount of advertising, and Spotify will continue to monitor you, but your personal information will no longer be utilized to bring you tailored advertisements.

Stop sharing your data with Spotify via Facebook

You are urged to check in using your Facebook login so that your account may be associated with your profile when you sign up for Spotify from a web browser.

Recent significant revelations that Facebook is violating the privacy of account holders, several Spotify Users have spoken and concerned about their streaming data security accounts linked to a special network.

According to reports from 2018, Facebook allowed over 150 corporations access to the personal information of over a billion users, including Spotify. Spotify got invasive access to, friends list, contact information, posts, and even private messages as a result of this type of purposeful data sharing.

This approach, in the wrong hands, poses a significant threat to individual user security and privacy. Users are more likely to have their data hacked if numerous firms have access to it.

Here's how to prevent Facebook from sharing your Facebook data with third-party marketers and Spotify.

How to stop sharing your Facebook data with Spotify

This will prevent Spotify from utilizing information from your Facebook account to improve the advertising you hear.

Don't grant access to a third-party app

Spotify didn't have an easy mechanism to manage third-party access for a long time. But now, it’s not the case. Keeping third-party access to your accounts under control is a crucial aspect of being safe online.

Here’s how you can prevent Spotify to access third-party apps.

How to prevent Spotify to access third-party apps

How to withdraw Spotify's permission to use third-party apps

However, there is one thing to bear in mind. Restricting a third-party app's access to your Spotify account simply prevents it from collecting new data in the future.

It doesn't imply that the app will remove the information it's already gathered. If feasible, delete your account with that third-party app for additional security.

Remove devices from Spotify account

Spotify receives all your data from the devices which you have connected with your Spotify account. While Spotify members do not have a device restriction, it is a good idea to log out of any devices you are no longer using.

You can sign out of all devices at once from your account settings page if you no longer have access to a device to which you're signed in.

This is your information. Why would it leave your phone in the first place? Why should it be gathered by someone if you have no idea what they'll do with it?

says Disconnect's chief technical officer, Patrick Jackson, who is a former National Security Agency researcher.

Remove devices from your Spotify account that you are no longer using to prevent Spotify from spying on you via different devices. Here’s how you can do it.

How to remove devices from Spotify account

How to remove devices from Spotify account

Stop Spotify from monitoring you via third-party cookies

Turning on the privacy options above can help you restrict how much data Spotify monitors and uses for advertising, as well as keep part of your Spotify listening history concealed from other users, but you should also limit how other websites and applications track your Spotify activity.

To make the changes take effect, restart the app after completing these instructions.

How to stop Spotify from monitoring you via third-party cookies

Spotify users are the most vulnerable to hacking. Here's what you should do.

As every cybersecurity expert knows, it's no more a question of if, but when you'll be attacked. According to a new survey, you're more likely to be hacked if you use specific services— namely Sony entertainment, Netflix, and Spotify.

Dynarisk, a cybersecurity firm, conducted a survey, which included data collected from the dark web and hacker groups.

In a press release, DynaRisk stated, "Unfortunately, the unpleasant fact is that the more popular a brand is, the more appealing it is to cyber thieves. Hackers will target larger companies not merely to steal important information, but also to show off their abilities to their criminal colleagues. There are also financial advantages; Netflix and Spotify are ideal targets for hackers who can resell stolen credentials to eager clients looking for an account at a fraction of the retail price.

Following is DynaRisk's list of the most often attacked brands.


1.
Riotgames.com
2.
Netflix
3.
Spotify.com
4.
Origin.com
5.
Ea.com
6.
Sonyentertainmentnetwork.com
7.
Live.com
8.
Crackingcore.com
9.
Realitykings.com
10.
Xbox.com

 

Conclusion

It's crucial to remember that most of us already disclose more data than we know with digital behemoths like Spotify. Our phones know where we are, what we're looking for, who we're talking to, what we're listening to, what movies we want to see, and what we want to buy.

As we've seen time and time again, all it takes is one badly protected server or an exceptionally talented hacker to compromise the sensitive information that businesses like Spotify store.

Unless you go out of your way to modify your settings, nearly all your Spotify profile information is public by default, which means that anybody with a Spotify account can simply search you up. That’s why it’s always necessary to take precautionary measures to make your data secure.

Author
Hamna Imran
Cyber Security student and keen learner, writing articles for several other websites.

Leave a comment

click to select