Spotify is Defective by Design

The music streaming service Spotify uses Digital Restrictions Management (DRM); push back by saying NO to Spotify's invitations.

After being available in Europe for some time, Spotify has launched in the United States with a publicity campaign inviting people to use the service.

Our conclusion: Spotify is using DRM to prevent things legally permitted even by overly strict US copyright law, making Spotify defective by design.

Spotify works by having users register, choose a plan ranging from $0 to $10 a month and installing a piece of proprietary software used to enforce DRM

Spotify's software does all the things DRM usually does. Music is streamed to its users -- and cached on the user's drive -- in an encrypted format, which is then decrypted by the proprietary client. Spotify uses this control to enforce arbitrary rules on its users. For example: you can't save music to listen to it later or elsewhere, you can't take a snippet of a song and use it for something else like a presentation or review. And while Spotify makes a fanfare of the fact that users can opt out of the otherwise-required advertising by subscribing for a monthly fee, there is no way for users to opt out of DRM.

Technically, Spotify's use of the Ogg Vorbis codec under the surface leads us to the conclusion that Spotify could easily be a website using HTML5, removing the need for any kind of program to be installed.

A group of Swedish developers have figured out how the Spotify software works, and have created a limited alternative to Spotify's client. While this client is free software, its limited nature will lead many people to seek out the proprietary client, and Spotify could block this program at any time.

Take action!

  • Spotify asks you to send them a little message to get an invite to the service. We've created a template for a real paper letter you can use to respond to them by mail.
  • In the USA, send your letter to: Daniel Ek, Spotify, 76 9th Avenue, Suite 1110, 11th Floor, New York, NY 10011
  • And for everyone else, send your letter to: Alison Bonny, Spotify, Golden House, 30 Great Pulteney Street, London, W1F 9NN, UK

Edit your own copy of the letter using LibreOffice.

You can see the letters we've sent here: USA and UK.

And follow it up

  • @eldsjal is the Twitter account of the CEO of Spotify, Daniel Ek, and @alisonbonny is the Head of Spotify's Press Division. Tell them we want Spotify without DRM! You could say: "@eldsjal, @alisonbonny I'm politely declining the invitation from @Spotify because of DRM, @SpotifyUSA" -- remember, you don't need to use the Twitter website directly when you do this; you can instead connect your Twitter account to your account and send it that way. Or use a local free software client, such as Gwibber or HeyBuddy (this way you avoid Twitter's proprietary JavaScript).
  • Send an email -- seems to work, but CC just in case, and remember to- BCC us on all those emails too at
  • Share this action with others! When you read news stories about Spotify, make sure to leave a comment warning people about DRM.

Related articles