Is Last.fm Sharing User Data With The RIAA?

TechCrunch has published a damning rumor accusing the social music site Last.fm of helping the RIAA find users who downloaded leaked copies of U2′s new album. Relying on a tip, TechCrunch claims that the Last.fm, a subsidiary of CBS, handed over a “giant dump of user data to track down people who are scrobbling unreleased tracks.”

Last.fm was designed to watch over your music collection. Every time you play a song, the site is notified and the song is added to your profile, or scrobbled. Over time, the site uses your listening patterns to generate recommendations.

According to the Last.fm, over 7,000 users have listened to U2′s unreleased album. TechCrunch’s tipster says that that part of that data was handed over to the RIAA.

I heard from an irate friend who works at CBS that last.fm recently provided the RIAA with a giant dump of user data to track down people who are scrobbling unreleased tracks. As word spread numerous employees at last.fm were up in arms because the data collected (a) can be used to identify individuals and (b) will likely be shared with 3rd parties that have relationships with the RIAA.

The RIAA released a sentence-long response declaring: “To our knowledge, no data has been made available to RIAA.” Last.fm’s system architect also denied that any data had been shared.

We release no data linking users and plays to any third parties.

The only data we provide to labels (in addition to the data publicly available on their artist pages) are historical graphs of listeners and plays. There’s no way to link these to individual users.

Basic user data is already on Last.fm for anyone, including the RIAA to see, but without personally identifiable data like IP addresses, it’s tough to see how the RIAA could do anything other than rustle up some scaremongering publicity.

Did Last.fm Just Hand Over User Listening Data To the RIAA? [TechCrunch]

UPDATE: Last.fm gave the following clarification to TechCrunch about user data sharing:

The data we make available to labels is aggregate data about their artists – it’s a slightly more detailed version of what you see on the site. We release no data linking users and plays to any third parties.

The only data we provide to labels (in addition to the data publicly available on their artist pages) are historical graphs of listeners and plays. There’s no way to link these to individual users.

If a label was trying to work out who’s been listening to their leaked track, the closest they can get would be to look at the publicly-available listeners on the music pages. I would doubt that would be enough evidence to convict someone, and users can opt out of being displayed there in their settings.

Comments

Edit Your Comment

  1. JN2 says:

    Electrons just wanna be freeeeeee!!!!!

  2. kidnextdoor says:

    I don’t think any consumerist readers who don’t use last.fm are going to have any idea what scrobbling is…

    • dialing_wand says:

      @kidnextdoor: And once they do, a commenter on that Tech Crunch article pointed out that scrobbling relies on the meta data attached to an audiofile. Just because the metadata say the song is U2, doesn’t mean it is.

      Seems to me, even though the story is false, if it were true it would quickly be regarded as an impossible alley for further investigation.

      • dialing_wand says:

        @dialing_wand: After re-reading the comment and wondering what the grammar nazis would say, I think “metadata say” is actually correct since data is plural.

        Either way, I should have added that as a last.fm user myself – I made the choice to share the information. Privacy policy or not, the onus was on me when I made that decision.

        • silver-bolt says:

          @dialing_wand: No, because song is singular, and metadata refers to all the data on that singular song, so the “metadata says”. You wouldn’t say “The group say”. Just because data can be plural, it is not in this case.

  3. CMU_Bueller says:

    I wonder if Apple could do this with the Genius function in iTunes?

    • CmdX says:

      @CMU_Bueller: They could… but during the genius process no userdata is submitted/received. Apple has full copies of all the Genius users playlists, but they have no way of knowing who owns what playlist.

      They could release numbers in a macro sense but that wouldn’t really help the RIAA track anybody down

      • CmdX says:

        @CmdX: basically what I am saying is that Apple would need to substantially change the entire Genius system AND modify their Terms of Service to allow them to give out the data… if they started tracking you, you would probably be able to figure that out

        • dialing_wand says:

          @CmdX: And, like I said in a previous comment, the data’s integrity would revolve around the accuracy of the meta data in each audio file – none of which could be confirmed easily without physical access to the files.

  4. ngwoo says:

    A staff member of last.fm posted a comment on that very TechCrunch article, using the words “bullshit” and “disappointed”.

  5. Anonymous says:

    Last.fm isn’t sharing user data. Why are you spreading this rumor that only appeared on the notoriously sketchy TechCrunch? Maybe Consumerist should do a report on them?

    Your article reads as if Last.fm might have done something sketchy. They didn’t. It’s been pointed out by representatives of both the RIAA and Last.fm that this is a completely baseless rumor. TechCrunch’s tipster is the only person anywhere saying this.

    And, really, do you believe anything you read on TechCrunch?

    • Tallanvor says:

      @ArchibaldNipperkin: While I don’t think this rumor should have been posted on TechCrunch, I wouldn’t say that they’re “notoriously sketchy”. They generally have good information.

    • silver-bolt says:

      @ArchibaldNipperkin: Right, because trusting the people who would benefit the most from this is the best thing to do. Of course RIAA and Last.FM PR will say that they arn’t doing something against public acceptance and possibly illegal, just like lawyers will say their client are innocent even if they are not.

      Besides, maybe the PR department have no idea what deals the CEO or underlings might have on the side.

  6. Ninja Tree says:

    All the RIAA would do is look for the songs on last.fm and they’d see how many people listened to the leak… and The fact the RIAA and Last.fm says no puts this rumor to the grave i think.

  7. twid says:

    It’s really sad that Consumerist posted this story with a title and lead that makes it seem credible. I expect TechCrunch to publish anonymous rumors and pump them for clicks. I don’t expect Consumerist to post something that is the lamest of rumors, denied by both parties, with a title and starting paragraphs that make it seem possible.

    Next up: Is bigfoot operating the grocery shrink ray from space?

  8. Michael Grandfield says:

    This story, as TC’s Sarah Lacy would say, is completely cooked up.

  9. Jack Doyle says:

    Shouldn’t the RIAA focus more on finding out who leaked the album? Rather than do their own INTERNAL investigation at the label, they’d rather sue fans of the music that was leaked.

    That makes a lot of sense… but, is definitely typical, too.

  10. Dennis Fitt says:

    People actually downloaded the new U2 album? That crap?! The #1 band that has gone downhill?!

    They used to be so good. Joshua Tree was the last U2 album.

  11. Telekinesis123 says:

    The data would be useless and never hold up in court anyways because all you have to do is change the tags to whatever you want and it says your listening to such and such song even though it could be something completely different, the site relies on you tagging your songs correctly.

  12. TechnoDestructo says:

    Good. We must eradicate everyone who still listens to U2.

  13. Anonymous says:

    One element of the story that’s missing in your report is the fact that the album was accidentally leaked by U2′s label. The album was made available on Universal Australia’s web site to purchase AS A LEGAL DOWNLOAD earlier than it was supposed to. The people who downloaded it early PAID to download it.

    It would be difficult for the RIAA to separate who legally bought and downloaded the album early when it was accidentally available for sale and those who downloaded it illegally.

    • supercereal says:

      @ShashiSea horse: I dunno… Given that it was available for purchase from only one web site over a very short period of time, wouldn’t that make it incredibly easy to determine who legitimately purchased it?

      • CMU_Bueller says:

        @supercereal: Wouldn’t Universal Australia be locked like iTunes is as well? Then they could look for IP addresses that aren’t in Australia.

        • Andrew Farris says:

          @CMU_Bueller: This is not correct, as with iTunes you can purchase music through another country’s portal if you create an account for that store. Accounts are good only in one store, but you could have additional accounts, such as buying through the Ireland store if you live in the US. Your IP being outside that country is not a valid way to tell if it was legal.

  14. the_gank says:

    I guess everyone who uses Last.fm will be bailing out now. Off goes the user traffic.

    Who in their right mind wants to pick a court fight with Mr. RIAA? even if this was falsely crooked, I bet paranoid will kick in the mind of current users.

    Web 2.0 is really nice. So glad I don’t use pandora or last.fm or first.fm whichever comes first.

    Ahh CBS, Last.fm, Hulu, content providers, you’ll all lose this year —at least that’s my utmost prayer

  15. YohannSaffron says:

    Eric Schonfeld is a Pedophile

    • Phydeaux says:

      @YohannSaffron: Okay, so I just did a quick Google search to see if anyone else came to this conclusion aaaaand… no dice.

      Double-tee-eff are you on about, man? Or are you just being libelous?

  16. Russ Savage says:

    NNNNNNOOOOOOOOOOOOOOOOOOOOOO

    say it ain’t so!

    u2 is still trying to make music!??!

    but seriously.. i hope this isn’t true last.fm.. i love you.. i’ve always loved you. F the riaa

  17. FuryOfFirestorm says:

    Since U2 is legally releasing the whole album for free on their MySpace page, isn’t going after the ‘leakers’ a futile gesture?

  18. lizzybee says:

    Staff, including one of the founders of last.fm, have this to say:

    [www.last.fm]

  19. Rider says:

    U@ has leaked their last 3-4 albums themselves in an attempt to get publicity. The edges laptop got stolen,someone was standing outside Bonos house with a tape recorder while he was playing demos…..

    “We are so hot people are stealing our album” is a very lame PR tactic that lots of bands are using.

  20. Ihaveasmartpuppy says:

    So, now it’s illegal to listen to a song on the internet that wasn’t supposed to be released yet? What if you have no idea it’s an unreleased song? What about my local radio station – they’ve been playing the new stuff all weekend? Am I just not getting something? I used to use Last.fm but lately it’s just been Pandora for me.

    • SirCrumpet says:

      Via: [blog.last.fm]

      On Friday night a technology blog called Techcrunch posted a vicious and completely false rumour about us: that Last.fm handed data to the RIAA so they could track who’s been listening to the “leaked” U2 album.

      I denied it vehemently on the Techcrunch article, as did several other Last.fm staffers. We denied it in the Last.fm forums, on twitter, via email – basically we denied it to anyone that would listen, and now we’re denying it on our blog.

      According to Ars Technica, even the RIAA don’t know where the rumour came from. The Ars Technica article is worth a read by the way, as it explains how the album was leaked in the first place by U2′s record label.

      All the data and technical side of Last.fm is hosted in London and run by the team here. We keep a close eye on what data mining jobs we run, not because we’re paranoid the RIAA is trying to infiltrate us, but because time on our Hadoop Cluster (where the data lives) is so precious and we have lots of important jobs that run every day. It’s simply impossible for anyone to run a job without the team here noticing.

      When you signup to Last.fm and scrobble what you listen to, you are trusting us with your listening data. We take this very seriously. The old-timers on Last.fm who’ve been with us since the early days can attest to this – we’ve always been very open and transparent about how your data is used. This hasn’t changed. We never share personally identifiable data such as email and IP addresses. The only type of data we make available to labels and artists, other than what you see on the site, is aggregate data of listeners and number of plays.

      Artists and labels can login to our MusicManager site to upload new content and update their catalogue. The MusicManager is also where artists and labels can see statistics on how popular their content is with Last.fm users.

      If you were U2′s record label and logged in to the MusicManager today, you would see this:

      …and you could pat yourself on the back for a successful album launch. All the controversy and press coverage surrounding the leaked release caused an obvious spike in the number of people listening to U2 recently.

      So do us a favour – if you see people spreading the rumour, refer them to this blog post and mention you heard from a friend that “Techcrunch are full of shit.”

  21. Michael Hyland says:

    This is disconcerting, even if it’s just a rumor. I did not download the U2, but I still don’t like the rumor.

  22. b612markt says:

    I absolutely love it that the Consumerist posted this. Tech Crunch (Sarah Lacy) posted an awful article at techcrunch about how Consumerist was wrong to bring up the Facebook ToU issue. Of course Sarah was idiotic in her reasoning.

    Now, Consumerist is highlighting an article in which techcrunch is completely wrong and will highlight how idiotic techcrunch can be/is.

  23. JGKojak says:

    Anyone that has a large collection of bootleg or unreleased tracks that allows play-data to be sent to a corporate owned entity deserves to be sued as an idiot tax.

  24. grapedog says:

    yeah, because I always believe what the RIAA says…they are a paragon of truth and justice.

  25. StreamOfConsciousness says:

    Wow….crazy. As a musician I almost created an account to upload my music to this site. But I had second thoughts upon seeing the layout of their site. Not I’m glad I didn’t.