Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Spotify. Show all posts
Youtube
Age Verification Artificial Intelligence Biometric data Personal Information Privacy Spotify Youtube

Big Tech’s New Rule: AI Age Checks Are Rolling Out Everywhere

 



Large online platforms are rapidly shifting to biometric age assurance systems, creating a scenario where users may lose access to their accounts or risk exposing sensitive personal information if automated systems make mistakes.

Online platforms have struggled for decades with how to screen underage users from adult-oriented content. Everything from graphic music tracks on Spotify to violent clips circulating on TikTok has long been available with minimal restrictions.

Recent regulatory pressure has changed this landscape. Laws such as the United Kingdom’s Online Safety Act and new state-level legislation in the United States have pushed companies including Reddit, Spotify, YouTube, and several adult-content distributors to deploy AI-driven age estimation and identity verification technologies. Pornhub’s parent company, Aylo, is also reevaluating whether it can comply with these laws after being blocked in more than a dozen US states.

These new systems require users to hand over highly sensitive personal data. Age estimation relies on analyzing one or more facial photos to infer a user’s age. Verification is more exact, but demands that the user upload a government-issued ID, which is among the most sensitive forms of personal documentation a person can share online.

Both methods depend heavily on automated facial recognition algorithms. The absence of human oversight or robust appeals mechanisms magnifies the consequences when these tools misclassify users. Incorrect age estimation can cut off access to entire categories of content or trigger more severe actions. Similar facial analysis systems have been used for years in law enforcement and in consumer applications such as Google Photos, with well-documented risks and misidentification incidents.

Refusing these checks often comes with penalties. Many services will simply block adult content until verification is completed. Others impose harsher measures. Spotify, for example, warns that accounts may be deactivated or removed altogether if age cannot be confirmed in regions where the platform enforces a minimum age requirement. According to the company, users are given ninety days to complete an ID check before their accounts face deletion.

This shift raises pressing questions about the long-term direction of these age enforcement systems. Companies frequently frame them as child-safety measures, but users are left wondering how long these platforms will protect or delete the biometric data they collect. Corporate promises can be short-lived. Numerous abandoned websites still leak personal data years after shutting down. The 23andMe bankruptcy renewed fears among genetic testing customers about what happens to their information if a company collapses. And even well-intentioned apps can create hazards. A safety-focused dating application called Tea ended up exposing seventy-two thousand users’ selfies and ID photos after a data breach.

Even when companies publicly state that they do not retain facial images or ID scans, risks remain. Discord recently revealed that age verification materials, including seventy thousand IDs, were compromised after a third-party contractor called 5CA was breached.

Platforms assert that user privacy is protected by strong safeguards, but the details often remain vague. When asked how YouTube secures age assurance data, Google offered only a general statement claiming that it employs advanced protections and allows users to adjust their privacy settings or delete data. It did not specify the precise security controls in place.

Spotify has outsourced its age assurance system to Yoti, a digital identity provider. The company states that it does not store facial images or ID scans submitted during verification. Yoti receives the data directly and deletes it immediately after the evaluation, according to Spotify. The platform retains only minimal information about the outcome: the user’s age in years, the method used, and the date the check occurred. Spotify adds that it uses measures such as pseudonymization, encryption, and limited retention policies to prevent unauthorized access. Yoti publicly discloses some technical safeguards, including use of TLS 1.2 by default and TLS 1.3 where supported.

Privacy specialists argue that these assurances are insufficient. Adam Schwartz, privacy litigation director at the Electronic Frontier Foundation, told PCMag that facial scanning systems represent an inherent threat, regardless of whether they are being used to predict age, identity, or demographic traits. He reiterated the organization’s stance supporting a ban on government deployment of facial recognition and strict regulation for private-sector use.

Schwartz raises several issues. Facial age estimation is imprecise by design, meaning it will inevitably classify some adults as minors and deny them access. Errors in facial analysis also tend to fall disproportionately on specific groups. Misidentification incidents involving people of color and women are well documented. Google Photos once mislabeled a Black software engineer and his friend as animals, underlining systemic flaws in training data and model accuracy. These biases translate directly into unequal treatment when facial scans determine whether someone is allowed to enter a website.

He also warns that widespread facial scanning increases privacy and security risks because faces function as permanent biometric identifiers. Unlike passwords, a person cannot replace their face if it becomes part of a leaked dataset. Schwartz notes that at least one age verification vendor has already suffered a breach, underscoring material vulnerabilities in the system.

Another major problem is the absence of meaningful recourse when AI misjudges a user’s age. Spotify’s approach illustrates the dilemma. If the algorithm flags a user as too young, the company may lock the account, enforce viewing restrictions, or require a government ID upload to correct the error. This places users in a difficult position, forcing them to choose between potentially losing access or surrendering more sensitive data.

Do not upload identity documents unless required, check a platform’s published privacy and retention statements before you comply, and use account recovery channels if you believe an automated decision is wrong. Companies and regulators must do better at reducing vendor exposure, increasing transparency, and ensuring appeals are effective. 

Despite these growing concerns, users continue to find ways around verification tools. Discord users have discovered that uploading photos of fictional characters can bypass facial age checks. Virtual private networks remain a viable method for accessing age-restricted platforms such as YouTube, just as they help users access content that is regionally restricted. Alternative applications like NewPipe offer similar functionality to YouTube without requiring formal age validation, though these tools often lack the refinement and features of mainstream platforms.


Read more »
Technology
AI music Artificial Intelligence artists copyright protection ethical AI Music Industry Spotify Spotify record label deal Technology

Spotify Partners with Major Labels to Develop “Responsible” AI Tools that Prioritize Artists’ Rights

 

Spotify, the world’s largest music streaming platform, has revealed that it is collaborating with major record labels to develop artificial intelligence (AI) tools in what it calls a “responsible” manner.

According to the company, the initiative aims to create AI technologies that “put artists and songwriters first” while ensuring full respect for their copyrights. As part of the effort, Spotify will license music from the industry’s leading record labels — Sony Music, Universal Music Group, and Warner Music Group — which together represent the majority of global music content.

Also joining the partnership are rights management company Merlin and digital music firm Believe.

While the specifics of the new AI tools remain under wraps, Spotify confirmed that development is already underway on its first set of products. The company acknowledged that there are “a wide range of views on use of generative music tools within the artistic community” and stated that artists would have the option to decide whether to participate.

The announcement comes amid growing concern from prominent musicians, including Dua Lipa, Sir Elton John, and Sir Paul McCartney, who have criticized AI companies for training generative models on their music without authorization or compensation.

Spotify emphasized that creators and rights holders will be “properly compensated for uses of their work and transparently credited for their contributions.” The firm said this would be done through “upfront agreements” rather than “asking for forgiveness later.”

“Technology should always serve artists, not the other way around,” said Alex Norstrom, Spotify’s co-president.

Not everyone, however, is optimistic. New Orleans-based MidCitizen Entertainment, a music management company, argued that AI has “polluted the creative ecosystem.” Its Managing Partner, Max Bonanno, said that AI-generated tracks have “diluted the already limited share of revenue that artists receive from streaming royalties.”

Conversely, the move was praised by Ed Newton-Rex, founder of Fairly Trained, an organization that advocates for AI companies to respect creators’ rights. “Lots of the AI industry is exploitative — AI built on people's work without permission, served up to users who get no say in the matter,” he told BBC News. “This is different — AI features built fairly, with artists’ permission, presented to fans as a voluntary add-on rather than an inescapable funnel of AI slop. The devil will be in the detail, but it looks like a move towards a more ethical AI industry, which is sorely needed.”

Spotify reiterated that it does not produce any music itself, AI-generated or otherwise. However, it employs AI in personalized features such as “daylist” and its AI DJ, and it hosts AI-generated tracks that comply with its policies. Earlier, the company had removed a viral AI-generated song that used cloned voices of Drake and The Weeknd, citing impersonation concerns.

Spotify also pointed out that AI has already become a fixture in music production — from autotune and mixing to mastering. A notable example was The Beatles’ 2023 Grammy-winning single Now and Then, which used AI to enhance John Lennon’s vocals from an old recording.

Warner Music Group CEO Robert Kyncl expressed support for the collaboration, saying, “We’ve been consistently focused on making sure AI works for artists and songwriters, not against them. That means collaborating with partners who understand the necessity for new AI licensing deals that protect and compensate rightsholders and the creative community.”
Read more »
Technology
Music App Privacy and Security Spotify Technology

Spotify Launches In-App Messaging for Private Music, Podcast, and Audiobook Sharing

 

Spotify has introduced an in-app messaging feature called "Messages," allowing users to share music, podcasts, and audiobooks directly within the app. This new feature aims to make music sharing easier and more social by keeping conversations about content within Spotify's ecosystem. 

Messages enable one-on-one chats where users can send Spotify content along with text and emojis. The feature is available to users aged 16 and older and currently rolled out in select Latin and South American markets, with plans to expand to the US, Canada, Brazil, the EU, the UK, Australia, and New Zealand soon. Both free and premium users can access the messaging service.

To start a chat, users tap their profile photo in the app and select the Messages section. They can message only people they've interacted with previously via collaborative playlists, Jams, Blends, or shared Family and Duo plans. Sharing content is simple—users can tap the share icon in the Now Playing screen, choose a friend, and send tracks, podcasts, or audiobooks directly. 

Messaging works on a request-and-approval basis; recipients must accept requests before conversations begin. Users can block contacts and decline requests, ensuring control over their message experience. Once connected, participants can exchange messages, emojis, and content effortlessly. 

Spotify stresses that Messages complements, rather than replaces, sharing via external platforms like Instagram, WhatsApp, Facebook, TikTok, and Snapchat, preserving the option to share content widely while encouraging more focused conversations within Spotify. 

Privacy and safety are priorities, with industry-standard encryption protecting data. Spotify employs detection technologies and human moderators to monitor messages for harmful or illegal content. Users can report inappropriate behavior, with all messaging governed by Spotify’s existing terms and community rules. 

This launch marks a key step in Spotify’s effort to become a more social platform by integrating interactive features directly into the app. The company aims to increase engagement by enabling users to share and discuss music discoveries more seamlessly and privately. As Spotify expands the availability of Messages, it anticipates strengthening community connections and boosting content sharing among friends and families inside the app. 

In summary, Spotify’s Messages feature offers a new, secure way for users to chat and share their favorite music and podcasts without leaving the app, making Spotify a more connected listening experience.
Read more »
WhatsApp
Google malware Minecraft Necro Trojan Play Store Spotify WhatsApp

Necro Malware Attacks Google Play Store, Again. Infects 11 Million Devices

Necro Malware Attacks Google Play Store, Again. Infects 11 Million Devices

A new variant of Necro malware loader was found on 11 million Android devices through Google Play in infected SDK supply chain attacks. The re-appearance of Necro malware is a sign of persistent flaws in popular app stores like Google. 

A recent report by Kaspersky suggests the latest version of Necro Trojan was deployed via infected advertising software development kits (SDK) used by Android game mods, authentic apps, and mod variants of famous software, such as Minecraft, Spotify, and WhatsApp. The blog covers key findings from the Kaspersky report, the techniques used by threat actors, and the impact on cybersecurity. 

What is Necro Trojan 

Aka Necro Python, the Necro Trojan is an advanced malware strain active since it first appeared. Malware can perform various malicious activities such as cryptocurrency mining, data theft, and installation of additional payloads. The recent version is more advanced, making it difficult to track and eliminate. 

Distribution of Necro Trojan

Users sometimes want premium or customized options that official versions don't have. But these unofficial mods, such as GB WhatsApp, Spotify+, and Insta Pro can contain malware. Traditionally, threat actors used these mods because they are distributed on unofficial sites that lack moderation. 

However, in the recent trend, experts discovered actors targeting official app stores via infected apps

In the latest case, Trojan authors abused both distribution vectors, a new variant of multi-stage Necro loader compromised modified versions of Spotify, Minecraft, and other famous apps in unofficial sources, and apps in Google Play. "The modular architecture gives the Trojan’s creators a wide range of options for both mass and targeted delivery of loader updates or new malicious modules depending on the infected application,” said the report.

Key Findings

  • The downloaded payloads can display ads in invisible windows, and interact with them. They can also execute arbitrary DEX files, install download apps, open arbitrary links in invisible WebView windows and run JavaScript, run a tunnel via the victim's device, and subscribe to paid services. 
  • The new variant of the Necro loader uses obfuscation to escape detection. 
  • The loader deployed in the app uses steganography tactics to hide payloads 

Read more »
UK Government
Apple Cybersecurity iOS Music Industry Music Streaming Royalty Spotify Technology UK Government

Music Streaming Royalties To Be Examined by The UK Government

 


Since the early days of the music industry, musicians, writers, and other creatives have spoken out about the unfairness of royalty share payments. This is when their works are played on Spotify and Apple Music. There will be a discussion of these issues within the government after an investigation was conducted in 2019. 

To investigate suggestions that the music streaming industry is not remunerated fairly for artists, the government is investigating the streaming industry. Musicians and artists are worried that they are not receiving as much money as record labels when their tracks are played on streaming services like Spotify, as there are concerns that their tracks may be stolen. 

It is essential to provide high-quality metadata for a track in the era of digital music to ensure that the people who contributed to the creation of a track are accurately credited and compensated. This is the most effective way to ensure music makers are properly credited. The metadata for songwriters and their works, however, lacks precision and completeness. It is often out of date or incomplete, especially regarding specifics. In some cases, insufficient or incorrect metadata can cause a significant delay in creators' payment for the use of their work. In some cases, no payment to the creators at all. 

There have recently been meetings brought together by experts from across the UK music industry. These meetings were to develop positive steps for improving music metadata for everyone involved. 

Despite many aspects of metadata provision working well, and positive steps taken by several industry participants to improve it, there are still significant challenges to be overcome in several areas. To achieve this, it is essential that data is collected from creators promptly and that industry-standard identifiers are adopted and made accessible, particularly regarding metadata associated with work and songwriters. This is especially true of the links between sound recordings and musical works. 

The report has also stated that there have been reports that session musicians have not been paid for streams. This issue will be investigated by a working group of industry representatives tasked with looking into these concerns. There has been an investigation by the government into streaming music since 2019, and an imbalance in royalties was discussed in 2021 as the cause of the investigation. 

A member of the Digital, Culture, Media, and Sport (DCMS) Select Committee, who is investigating the music industry on behalf of the government, has said that she considers this a "welcome step towards understanding the frustrations of musicians and songwriters whose pay often falls below a fair level." 

Despite this, she added, the talk shop should produce concrete change and not just an opportunity for "talking heads to talk". Nile Rodgers, a guitarist, producer, and songwriter who helped create the music for the film Goodfellas, will be addressing the government in 2020. Among the royalties record labels receive as a result of streaming services, he said that they should keep up to 82% of the proceeds.

Earlier this year, Sir John Whittingdale, the minister for creative industries, described the project as a way of offering the UK an "enriching career opportunity".

As he went on to say, "This exceptional agreement on streaming metadata is an important step forward in making sure the contributions and creativity of UK musicians in the digital age are considered and fairly compensated for their contributions and creativity." 

Former chief economist at Spotify, Will Page, said music business officials are at the moment debating the way the money is being allocated in the industry. According to Page, if artists get to receive even 1% of what is generated in the United Kingdom through streams, they are also entitled to receive any cash generated there. 

A certain amount is not paid to the artist every time a song is heard on Spotify, because the artist is not paid a certain amount per instance that the song is played. 

Depending on the way the music is streamed and the rights that are held by labels or distributors, royalties that artists receive may differ depending on the agreement they have with the label or distributor or the way their music is distributed. 

To conclude, the UK government's decision to investigate streaming royalties for music is a great step forward in the direction of resolving long-standing issues regarding the streaming of music. 

As a result of digital streaming platforms, how music is consumed has changed greatly in recent years. However, it has also brought forth several challenges, especially when it comes to fair compensation for songwriters and artists who work on those platforms. 

With the government's initiative to examine streaming royalties, the government recognizes that right now, in this rapidly evolving landscape, it is critical to ensure that revenues are distributed more equitably. Record labels and streaming platforms have been criticized for disproportionately benefitting from the current royalty model, which is described as a rip-off. A songwriter or artist who is creating a song may receive minimal compensation for their work, while the artists receive no compensation at all. 

Taking this action by the UK government is a strong statement that the government is listening to the concerns of artists, songwriters, and musicians. It also states that their concerns are addressed. Throughout the document, all parties involved in the music industry are urged to create an ecosystem that supports sustainable and fair business. This is where everyone can survive and thrive. 

As part of the investigation, existing legislation on music streaming royalties will likely be examined in detail. In addition, license agreements and the dynamics of power between stakeholders and the industry.

Furthermore, the company might also explore alternative models, such as user-centric payment systems. These systems aim to ensure that royalties are distributed directly based on an individual user's listening habits, rather than pooling their revenues and distributing them randomly to each user.

It is anticipated that the outcome of this investigation will ultimately lead to reshaping the music industry in a way that is more transparent and equitable for artists and songwriters while also creating a more competitive environment for them. If there were reforms to reflect the value of creative work and to provide artists with more sustainable income streams resulting from that, that would be of great benefit to all. 

No doubt finding a solution to this complex issue will not be easy, however, and that will prolong the issue. There will also be a need for careful deliberation and collaboration between the interests of artists, songwriters, streaming platforms, and consumers in balancing these interests. Although, it is a positive development to see the UK government take action to address these concerns, which may have a lasting impact on the global music industry in the long run. 

Having made this decision, the UK government has achieved a significant milestone in its ongoing efforts to transform the music ecosystem into a more sustainable and fairer one exemplified by its decision to examine music streaming royalties. In essence, it is a step towards ensuring that artists and songwriters receive their fair share of revenues in the digital age, and to foster and sustain an industry that is thriving both for creators and for consumers, benefiting both of them.
Read more »
User Data
Credential stealing malware Microsoft Spotify User Data

Fake Microsoft Store, Spotify Distribute Malware to Steal User Data

 

Attackers are promoting sites that imitate the Microsoft Store, Spotify, and an online document converter to spread malware that steals credit cards and passwords stored in web browsers. ESET, a cybersecurity company, detected the attack and posted an alert on Twitter to be on the lookout for the malicious campaign. 

On both desktops and mobile devices, Windows remains vulnerable to a significant number of malware threats, at least more than its peers and competitors. Despite having an official app store, it is almost too easy to infect a Windows PC by merely installing an app. Microsoft advises users to only download applications from the company's official networks, however, some hackers are taking advantage of this by posing as legitimate companies. Microsoft Store is an online store that sells Microsoft products. 

According to Jiri Kropac, ESET's Head of Threat Detection Labs learned that the attack is carried out by deceptive ads that promote what appear to be legitimate applications. One of the commercials used in this attack, for example, promotes an online Chess game. Users are taken to a fake Microsoft Store page for a fake 'xChess 3' online chess application, which is automatically downloaded from an Amazon AWS server when they click on the ad. 

According to this Any.Run report created by BleepingComputer, the downloaded zip file is called 'xChess v.709.zip' [VirusTotal], which is actually the 'Ficker', or 'FickerStealer,' information-stealing malware in disguise. Other ads from this malware campaign imitate Spotify or an online document converter. Their landing pages can also download a zip file containing the Ficker malware when you visit them. Instead of being greeted by a new online Chess program or the Spotify software when a user unzips the file and runs the executable, the Ficker malware would run and begin stealing the data stored on their device. 

Ficker is a data-stealing Trojan that was first posted on Russian-language hacker forums in January before the developer started renting it out to other threat actors. Threat actors will use this malware to steal passwords from web browsers, desktop messaging clients (Pidgin, Steam, Discord), and FTP clients. The malware can also steal over fifteen cryptocurrency wallets, steal documents, and take screenshots of active applications running on victims' computers, according to the developer.
Read more »
Spotify
Credential-Stuffing cyber attack Music Stre Spotify

Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months

 

Spotify, which has become a very popular online streaming music platform, is suffering from a second cyber credential attack after just three months of its previous one. The platform has reset the passwords of its affected customers. 

Threat actors have gained access to more than 100,000 subscribers of music streaming services and are taking advantage of those who use the same security password on multiple online service platforms. They simply build automated scripts that will systematically steal IDs and security passwords of many online accounts. 

Hackers have successfully managed to get access to various popular companies’ customers’ credentials, including big names like 'Donuts (it has been attacked twice in three months), The North Face, Dunkin, the popular chicken-dinner chain Nando And FC Barcelona's official Twitter account which was hacked last year. 

It was back in November 2020, when malicious actors hacked the information of thousands of Spotify subscribers, prompting the streaming music service to issue a password-reset notice. 

Researcher Bob Diachenko tweeted about the new Spotify attack on Thursday, “I have uncovered a malicious #Spotify logger database, with 100K+ account details (leaked elsewhere online) being misused and compromised as part of a credential stuffing attack.” 

Additionally, he has also uploaded a Spotify statement on the attack confirming the incident. 

“We recently protected some of our users against [a credential-stuffing attack], once we became aware of the situation, we issued password resets to all impacted users, which rendered the public credentials invalid,” the notice read. 

The organization has also stated that the hacks were carried out using an ill-gotten set of data: “We worked to have the fraudulent database taken down by the ISP hosting it,” the company added. 

This attack is very similar to the previous one, wherein the logged-in data also appeared in a public elasticsearch example. 

“There are similarities but this one looks different, like coming from a rival group. I suppose that login pairs came from previously reported breaches or collections of data, so they just re-use them against Spotify accounts to become part of this automated process,” Diachenko tweeted. 

“Originally this data was exposed inside a misconfigured (thus publicly reachable) Elasticsearch cluster – most likely operated by the malicious actors themselves,” he added. “It contained entire logs of their operations, plus email/password pairs they used [for the attack].”
Read more »
UK
Europe Spotify system UK

Spotify app: Crashed down for users around the world







Spotify users around the world are having trouble logging in the app as well as while streaming the music.

Initially, the users in the UK and Europe reported about the app's crashing down, but after some time the users around the world reported the same problem.

The first report of app crashing came out at 11am GMT (7am ET).

However, Spotify tweeted a response to the influx of reports from its customers: 'Something's not quite right, and we're looking into it. Thanks for your reports!'

 According to the outrage monitoring site DownDetector, users are facing a problem as the website is not working properly. Around 63 percent of users reported that they are facing trouble in playing music.

Users have started making memes about the crashing of the popular music streaming website. 
Read more »
Spotify
Spotify

Spotify to block account of users using ad blockers





The online music streaming platform, Spotify to terminate the accounts of users who use ad blockers - the company has updated its terms of service which will come into effect from March 1st.

According to the updated terms of service, “Circumventing or blocking advertisements in the Spotify Service, or creating or distributing tools designed to block advertisements in the Spotify Service,” is prohibited, the user guidelines read. Spotify also notes that breaking that rule or any other guideline “may result in immediate termination or suspension of your Spotify account.”

The company decided to change its terms of service after millions of its users were blocking advertisements by using ad blockers or were downloading modded versions of the app. They have sent a detailed email to notify every user about the new update.

Spotify has two versions- free and premium.

The user has to pay $9.99 per month for premium service, in which they have unlimited access to music without any ads, while in a free version, a user can listen on-demand to 15 popular playlists that are curated using an algorithm to match the user's taste.

Read more »
Subscribe to: Comments (Atom)