- GitHub has removed 130 repositories containing XSpotify – including clones, forks, and similar tools.
- The action was the result of Spotify sending a DMCA takedown notice to the hosting platform.
- XSpotify will live on elsewhere, possibly through other teams and other names, until Spotify ramps up its encryption.
XSpotify is a tool that enables users to download audio from Spotify, remove the DRM (Digital Rights Management) copyright protection from the files, and also skip any ads that are injected between the tracks. Spotify is a highly popular music streaming service, with 271 million users in 79 countries, of which 124 million are paying subscribers. The free plan implies non-skippable advertisements, and downloading tracks locally for offline access is not an option if you’re using this music-streaming service for free.
To ensure that “lock-in,” Spotify is encrypting the audio, and only their official apps hold the decryption keys to let users enjoy their music. XSpotify is one of these tools that are somehow able to unencrypt Spotify’s audio files, thus enabling non-paying users to download their favorite songs locally and play the files without any limitations. The tool supports “160 kb/s, 32-bit, 44100 Hz Ogg” downloads from free accounts, and “320 kb/s, 32-bit, 44100 Hz Ogg” if the user holds a premium membership. These downloads also feature auto-skipping ads and include the metadata of the files (album cover, title, artist, etc.). These features have helped the tool’s popularity skyrocket, so Spotify had to do something about it.
What they did was send a DMCA takedown notice to GitHub, where the installation binary of XSpotify is hosted. The notice sent through the Perkins Coie LLP law firm includes the following:
“XSpotify states that it is a ‘DRM bypass’ that allows users to ‘Download all songs directly from Spotify servers.’ XSpotify’s technology circumvents Spotify’s encryption by stealing the Spotify key and using it in a way Spotify prohibits, namely, enabling users to access encrypted copyrighted content without authorization. By providing technology that circumvents Spotify’s access controls, XSpotify violates 17 U.S.C. §§ 1201(a)(2)”.
GitHub complied with the order and removed not only the XSpotify repository but also 130 additional repositories that were distributing forks or clones of the software. Of course, the development team behind XSpotify simply took the files elsewhere, but we don’t know if they’ll continue to develop the tool with the same fervency. Since this is an open-source project released under the MIT license, more forks of the software are bound to appear soon, covering the user demand. That said, Spotify may have to do something more radical to deal with the problem, like, for example, to incorporate stronger encryption that can’t be cracked or circumvented.