Last.FM Now Offers Full Media Streaming, and Unauthorised, Convenient Downloads

Last.FM (née AudioScrobbler), an early leader of social music consumption, was bought out a while back by CBS Broadcasting Inc, a huge US media conglomerate. One would expect this to be a Very Bad Thing, but in Last’s case this seemed to have provided it with access to funding and servers that didn’t crash out or hang up every few hours, so I was pleased. Last is basically collaborative filtering and I prefer it to services such as Pandora, which uses a top-down approach driven by “experts” (and whose website and inerface also sucks arse anyway). This hierarchical approach may work for mainstream or popular music, but for low-demand and obscure splinters of emusic these aren’t even on Pandora’s radar and so get missed. Also because of its European roots, Last.FM has always had particularly strong emusic clades (I was pointed to it in 2002 by people on SoulSeek).

Previously, Last offer 30-second “previews” of tracks on its pages. Within the last few days Last unveiled a new streaming deal where a significant portion of the tracks are now available as “full track” streaming plays. Unlike similar services in the past, Last says it has negotiated artist compensation deals for plays, the negotiations of which were doubtless facilitated by its parent CBS’s corporate guanxi and general heaviness. It’s probably also related to the unfolding attempt by the big media companies to reduce Apple’s dominance over the delivery of their product by enabling DRM-free sales through channels such as Amazon. Anyway, Last.FM now ironically replicates much of the functionality of the old AudioGalaxy in its illegal prime. So years after the media conglomerates destroyed the initial amazing burst of peer-to-peer music sharing, they have managed to lose most of their audience, cede control over their sales channels to Apple and claw their way back to the state of the art in 2001.

Anyway, people who make those streaming audio recorders are now salivating at this development driving sales of their products. At least some of them are afraid that should “home taping” of audio streams increase, this will force more media companies to lean on the OS makers such as Microsoft and Apple to enforce “secure path” technologies within their products, using Intel and AMD hardware to enforce a “no copying” hard limit in the OS so that, when set, their easy hooks into the OS to enable recording of the audio streaming will be blocked (basically, just hit “record” while the track is playing). If and when that happens, their only way to grab the audio feeds will be to decrypt the streamed and use weird hooks into the code that verge on unauthorised, contra-DMCA provisions that are illegal within the US.

One advantage of hooking directly into the packet stream, of course, is that you get better fidelity than simply recording the output of your sound card, which is basically just resampling the track and can lead to artifacts and blips where the stream is interrupted. This kind of software has a long history of appearing, then being eliminated, either through legal means or through the simple expedient of buying the offending software company. This samizdat software rarely dies, of course, but goes off into a kind of nebulous undead existence on dodgy websites in China and Russia.

Anyway, the amusing thing is that Last.FM has made its AudioGalaxy experience well-nigh perfect by delivering their “full tracks” as high-fidelity mp3s streamed through n Adobe Flash player. Google’s YouTube uses the same approach, and many, many services exist to “download” and save streamed Flash media to a directory of your choice for later, offline viewing. All these “services” are doing is going to your cache directory, which is an area of memory and hard disk that Internet browsers use to collect, store, and playback/display media and images. Basically, it’s a temporary holding site that gets emptied periodically, either when it’s reached some user-defined limit, or when you close your browser (if you are anxious about privacy).

The cache is trivial to explore. You can usually find it squirrelled away in some obscure directory on your machine (where exactly depends on your preferences). Or you can type about:cache into the address bar of anyway halfway decent browser such as Firefox or Opera. Firefox even provides a handy add-on, CacheViewer, that does exactly what it says, providing a simple UI enabling you to cut down on the clutter.

So on a hunch, after listening to one of the LastFM tracks, I checked my cache. Sure enough, there was the song I had just listened to, saved as the alarmingly URLd:
http://s7.last.fm/user/2252770/
4183d8c3db00b36d70ec1ca2d915b49f/
70/0003602492/
6fccddebe2ee4c59d83aadcf690ce58c/
1201373819/10.0.0.25/13442106.mp3

So much for security through URL obscurity (which has never worked well, really). With CacheViewer, it’s trivial to save this file as a name that isn’t so tedious and within a directory structure that isn’t insane. Upon analysis, the file proved to be a bog-standard MP3 44KHz 128Kbps, which is kind of lowest common denominator, but acceptable. Last’s server embeds some cache control commands (no-cache and no-store) into the HTTP headers, but it’s pretty easy to ignore these, or use a program that doesn’t obey them.

So that’s it. CBS has unwittingly opened a Pandora’s Box, and without using Pandora. Of course, Last will probably upgrade to a more secure version of Flash streaming that doesn’t just dump the entire mp3 onto your hard disk for later perusal. NBC’s Hulu uses this approach, for example, so its the chunk of its streamed TV shows seem to deleted from the cache right after they have been viewed. However, even in that case, because the media has to be downloaded and exist for a short but finite length of time in order to be presented to the viewer throgh the playback software, enterprising companies will emerge to offer software and services that will hook into the streams and divert them into some kind of collecting or recording bucket. It just won’t be as easy as rummaging through the messiness of your own, local, unencrypted computer cache.