All Sections

The Spotify non-scandal: You can choose to violate your own privacy

Popular music streaming service Spotify is the latest brand to come under fire for apparently violating everyone’s privacy. But has it? 

Updates to Spotify’s ToS (Terms of Service) have provoked an avalanche of horror stories, claiming that customer’s profile pictures, GPS locations and contacts will be hoovered up by the new app, presumably for nefarious privacy-invading marketing purposes. 

The truth however appears to be far less ominous and a lot less exciting; Spotify is simply trying to make its service better for its customers by adding some new features. 

Some of them sound pretty good; a GPS-powered feature that gives you gig updates, Songkick-style, could be useful if you want a heads up the next time Pissed Jeans roll into town

Some of them less so, to me at least – why the hell would I want to share photos through Spotify? That’s what Instagram, Tumblr, Pinterest and a billion other services I couldn’t care less about are for. 

Anyway. The point is, none of this was really a story until people started tweeting about it and press releases started rolling out, all of which were seemingly oblivious to the first three words contained in paragraph 3.3 of Spotify’s new ToS (our italics):

With your permission, we may collect information stored on your mobile device, such as contacts, photos, or media files. Local law may require that you seek the consent of your contacts to provide their personal information to Spotify, which may use that information for the purposes specified in this Privacy Policy.”

You can read the full thing for yourself here

To me, ‘with your permission’ seems pretty clear; the new Spotify apps won’t use the GPS antenna, camera, gallery or any other feature of your phone unless you want them to, just as Google can’t track your movements on Maps if you turn off location settings. 

If that wasn’t clear enough, Spotify’s CEO Daniel Ek later provided a more detailed explanation of the plans. Currently there’s no reason to doubt Spotify’s intentions and there is no hard evidence that they’re planning to start stealing all of your pictures. 

There certainly is a conversation to be had about what Spotify, or any company for that matter, gets out of you sharing pictures, GPS location and the like, but in the absence of any hard facts, any such talk is speculation. 

So why the huge fallout? 

I think that part of the reason that people have reacted so badly to this news is down to two things. 

  1. We live in an age of mass surveillance, hacks and data dumps, from Ashley Madison to GCHQ’s Operation Tempora. People are understandably jumpy about privacy. 
  2. The language used by developers can be annoyingly opaque. 

Let me give you an example. Amazon’s Fire TV service can be controlled either via the supplied remote control or an app. Let’s take a look at the app permissions for the Android version as they appear in Google Play. 

 

 

You’ll note that it can access your photos and ‘record audio’ with your phone’s mic. 

If you’re not familiar with the lexicon used by Google on its Android app store, you might be forgiven for thinking that AMAZON CAN NOW RECORD EVERYTHING YOU SAY and STEAL YOUR PHOTOS. 

Calm down dear, that’s not the case. Amazon is asking for your permission to access these components of your phone because the Fire TV app features voice controls. You can tell it to search for TV shows on Prime, if you’d prefer to do that typing. For people with accessibility issues, it’s a godsend. 

For voice controls to work, mobile apps (brace yourselves) require access to the phone’s mic. Similarly, in order for the Fire TV app to cast pictures you’ve snapped on your phone to your TV, it needs to access those parts of your phone where photos are stored – this might either be the internal memory or the SD card. 

That’s all it does. But, you can totally understand why a casual user who doesn’t spend their time browsing tech forums (or write about consumer technology for a living) might get a bit freaked out by this. 

Which is why I’m surprised that somebody like Markus ‘Notch’ Persson, he of Minecraft uber-fame, tweeted the following. To describe somebody like him as ‘tech savvy’ is obviously an understatement, which is what makes his message all the more baffling. 

The same applies to last year’s non-scandal surrounding Facebook Messenger. It was alleged that the social media giant had the capability to remotely activate the settings of people’s phones and listening in on private conversations, a story that turns out was inspired by a misreading of the app permissions. In short, it was bullshit. 

If you’re still not convinced, consider this. If Facebook has turned the phones of its billion-plus user base into remote James Bond-style bugs, where are they storing all those recordings? What file format are they using? Is it FLAC? How long do they keep them for? How good is the audio quality going to be, when Facebook is trying to listen in on you when you’re in a noisy, overcrowded pub? 

If you think about it for more than five picoseconds, you’ll come to the conclusion that Facebook simply doesn’t have the time or the resources to conduct an international NSA-type surveillance program. Such a venture would not only be hugely expensive to set up and maintain (not to mention impractical) it would also be PR kryptonite. Look at how much outrage was generated from something that turned out to not be true. 

If there’s a lesson to be learned here, it’s that companies ought to spend a bit more time communicating their plans to customers, especially if those customers are paying a tenner a month. 

The American linguist Dwight Bolinger once said that language is a loaded weapon; it has the potential to do great harm if used improperly. 

If anything, Spotify is guilty here of not checking to see if the safety was on. The same, ironically, could be said of some of its critics. 

Comments