despotify

FAQ

What is despotify?

Despotify is an open source client and library for Spotify’s streamed music platform. It’s the result of a few hackers spending a ridiculous amount of time reverse engineering Spotify’s official application, hunting for security issues.

On February 23rd, 2008, despotify was released to the public as an ncurses text-mode client for Linux and Mac OS X. A video illustrating the source code and the client was posted on YouTube. Full source code was provided under a two-clause BSD-license.

Why did you release an open source Spotify client?

While Spotify is totally awesome, it currently only runs on Windows and Mac OS X (and Linux, if you can live with WINE).

We wanted to be able to use Spotify in more operating systems and in more products. Let’s just agree on the fact that it would be awesome if your random open source media center solution could do Spotify too!

How long will it take before Spotify blocks your code?

(updated: Spotify decided to not block access for despotify)

We hope this does not trigger panic reactions at Spotify and that they can find a way to support our cause.
For a number of reasons, it will probably take us (or anyone else up for the challenge) less time to workaround whatever fix they attempt, than for them to roll out a new release.

We strongly believe Spotify need to support people like us. People that have the time and energy to experiment with new ideas and to develop new tools and services. We don’t want to be held back by a company whose key priority is to make money.

Unless they haven’t already, they will realize it’s pointless to try to prevent hundreds of talented researchers, coders, hackers and curious users from tinkering with their product. The gaming industry, as well as both software and hardware manufacturers, have been trying to do exactly that for the last 20 years, and most have failed. To this date, the Sony PS3 is the only gaming console out there that has not been cracked. Why?
Likely because Sony decided to open up the platform right from the start, enabling console owners to do anything - from gaming to networking them to break SSL.

Obviously the only solution for Spotify is to open up their platform and still make money from it. One such possibility would be to officially open up their platform for third party products, but only allow premium subscribers to make use of the open API. But that’s not for us to decide.

This is going to destroy Spotify!

That’s the kind of groundless panic reaction we were talking about earlier.

Spotify won’t go away over night and, if anything, our project is nothing but a minor speedbump.

Relax and consider why Spotify rocks for a while. Done?
If you’re still seeing problems - or solutions to these imaginary problems, repeat the above procedure.

This code will ultimately allow people to download music from Spotify!

First of all, people download music anyway. That’s just the way it works, be it legal or not.
Live with it.

Secondly, there are far better places to download music from (with better quality!) than Spotify. Downloding/Ripping music from Spotify is just as illegal as anywhere else, the main difference is that the bitrate/soundquality is lower in the music ripped from Spotify.

That being said, please don’t use our software to cause problems for Spotify!
A lot of people love this excellent service, and are willing to pay for it, us included.

Why not make the music decryption routine binary only?

We thought about doing just that, to prevent people from using this code to download music from Spotify, but decided against it.

By definition, that would mean we couldn’t call our code free or open source. It would also require us to compile the code for all the platforms people would like to use , which defeats the whole purpose of this project.

In the end it would leave us in the same position as Spotify, i.e. it would only be a matter of time before someone figured things out anyway.

Can I use Despotify with my ‘Free’ account?

(updated: Spotify decided to block access for non-premium subscribers. We’re OK with it and won’t attempt to circumvent it)

We see a number of problems with providing an open source client for non-paying users and hence this implementation does not support it out of the box. Sorry!

Consider upgrading to a premium account to support not only Spotify, but also despotify’s cause of opening up their service to their paying (i.e, loyal) user base.

Can I use your code to skip the ads?

We have not implemented support for ads since its pointless in an open source client. Patching away the ad-routine is just too simple. We strongly believe that you should pay for the premium service if you want to use the open source client.

Does your software impose the country restrictions?

No. So called Geographic Rights Management is just stupid and client side restrictions in open source software is silly. The movie industry already proved how insane and futile this is by region coding DVDs. If you want (optional) GRM support, feel free to submit a patch.

How much bandwidth does the client need?

This question has so far gone unanswered in Spotify’s corner at GetSatisfaction.com.

You’ll need somewhere around 250-300kbit/s (~25-30 kbyte/s) downstream to be able to play music without interruption. The upstream requirements are neglible since we do not support P2P.

Why is there no support for P2P?

Even though supporting P2P would be good for Spotify and most users (except in some mobile environments), it isn’t essential for playing music from their service.

We do have some demo code that does P2P authentication, peer exchange and basic file transfers but so far none of us have had time or interest in implementing it properly in the main client.
For now we’ve decided to focus on delivering an open source alternative that does the basic stuff you’ll need, and P2P was not one of them. Maybe in v2.0
(everything needs a 2.0 version with new features, eyecandy and all bugs and annoyances gone!)

What license is Despotify under?

We’ve choosen a two-clause BSD license. We’re serious about making Despotify available to everyone, including those who don’t believe in open source.
If the two-clause BSD license doesn’t cut it for you, let us know and we’ll work something out.

Supported operating systems

Most of the code will compile without complaints on any POSIX and ANSI C compatible platform.
As of now the audio routines supports CoreAudio for Mac OS X and PulseAudio that in turn supports:

Linux
Solaris
FreeBSD
NetBSD
Windows

What about iPhone, WindowsMobile, XBMC or my dishwasher?

The beauty of open source is that it’s now possible to integrate Spotify support into anything capable of decoding ogg and playing sound. Feel free to port our code to whatever media platform fits your lifestyle!

This software relies on OpenSSL for encryption, something that might not be available or suitable for your platform of choice. As an alternative you might consider another free, open source building block like libtommath to do the crypto.

Is there any documentation on Spotify’s protocol?

We gave a law firm a few hours (see, we’re already back a few thousand SEK :/) to investigate the legal aspects of this project before going public.
They recommended against releasing any documentation on Spotify’s internals.

Hence we won’t provide you with any ordinary documentation on whatever we may know. For now, provided that you’ve got some basic understanding of code, you may want to checkout the source code of despotify to see how things work.

I’ve found a bug or have a patch!

What’s with the name?

We don’t believe that anyone should control music in the way despots control their countries.
We love both music and free software!

How can I get in touch with you?

Use electronic mail. Try despotify at gmail.com.
Assume no privacy.

You can also try #despotify on EFNet if you prefer IRC.

Who are you?

We are a group of loosely related Swedish computer science researchers, security professionals and geeks that believe strongly in the right to tinker with technology. Because there is money involved and because Spotify has connections to the music industry we won’t announce our identities at this time.

Subscribe: Entries | Comments
Premium subscription REQUIRED

Despotify requires a premium subscription for Spotify. Get a premium subscription now!
IRC and Twitter

Feel free to join us in #despotify on the EFNet IRC network. Or tweet despotify-related things using the #despotify hash tag.
If you're developing for Spotify's official client library libspotify you may want to checkout #spotify on irc.freenode.net. Please do not ask despotify related question in there.
Recent Posts
Spotify developer blog
- libspotify 0.0.4 adds support for Mac OS X and Windows April 24, 2010
  We are happy to announce the latest and greatest version of libspotify (0.0.4), now supporting Mac OS X and Windows in addition to good ol’ Linux. But that’s not all - we’ve added some new features as well, most notably: Functionality to star tracks (as seen in our latest iPhone client, not yet released for the desktop [...]
- We’re going to Amsterdam April 13, 2010
  For those of you fellow developers that do not follow our regular blog; we’re going to Amsterdam to participate at the next Music Hack Day. Hope to see of some of you there!
- libspotify now available for CP/M April 1, 2010
  We’re very happy to announce that libspotify is now available for CP/M. During the three decades since the initial release of CP/M, its status has severely diminished in the face of competitors, like the upstart DOS. However, a hard core group of dedicated consumers has remained despite hardships. We now believe this commitment to the glorious [...]
Recent Comments
- pablog on Open source Spotify clients and development frameworks
- John on Open source Spotify clients and development frameworks
- Gijs van Dam on Open source Spotify clients and development frameworks
- code on Open source Spotify clients and development frameworks
- Max Sjögren on Open source Spotify clients and development frameworks

FAQ