It turns out Spotify uses P2P technology so that it can reduce the load on its servers. Pretty smart, but the problem is that uses quite a lot of the user’s bandwidth, and sometimes that’s not OK!

The client always falls back on their central servers so that we could block P2P. The problem is that we’re given no manual option to disable, (or even limit) P2P sharing. Worse still, the client spawns connections to other users within a massive range of ports making them tricky to block.

I just spent the last few hours looking into this, since it destroyed my bandwidth quota. I’ve got a few ideas, and some of them have worked.

Desktop Firewall

I know, I know, I hate these Desktop firewalls as well. I never thought I’d see the day when I wanted to use one. On the other hand, it does make dealing with programs like Spotify much easier. On my MacBook, I was able to install The Little Snitch and set it up to block the Spotify process from connecting to anything except .spotify.com.

Little snitch settings to block Spotify's P2P connections

It turned out to work pretty well, and it was the easiest/quickest solution. It’s not helpful if you’re using more than one computer though and I still don’t like the idea of relying on programs like these.

Edit: On the Windows 2000 box Tiny Personal Firewall was the best firewall I could find, it’s lacking compared to The Little Snitch for Mac though.

Socks Proxy

Spotify gives the option to send connections through a proxy server. This gave me an idea, what if we set up a proxy server that only allowed connections to .spotify.com and then forced Spotify to use it. (Of course, the proxy server would be useless for web-browsing or any other purpose.)

This took me a while to get working, in the end, I set up the Dante proxy server on one of my Debian servers. Here’s my /etc/danted.conf, it’s probably wrong and insecure so don’t count on it. (10.10.10.0/24 is my internal subnet and eth1 happens to be the box’s primary ethernet adapter. You will probably have to change those settings.)

Spotify socks proxy settings.

After the proxy is set up, you need to tell Spotify to use it (I had to restart Spotify before it kicked in). But now we’re set, we’ve thrown all the bathwater out, but the baby’s fine. This method has a lot of benefits too. It’s a centralised solution and doesn’t require any other software for the clients.

Edit: Spotify ignored my proxy settings for P2P traffic! It sends all the good stuff through the proxy though, I then had to block any other traffic with a desktop firewall myself :(

Hidden option

If I made Spotify, I would have probably added a secret option somewhere to disable P2P connections. It would be tricky to test the app without it, and surely Spotify’s office would be brought to a standstill otherwise?! I’ve got two ideas where they might have hidden the option:

Spotify command line switches

Spotify seems to support command line switches, although they are undocumented there might be some interesting functionality hidden away and who knows maybe we can turn off sharing?

{
  "autologin_username" : "daveinadub",
  "listen_port" : 12517,
  "cache_size" : 1024,
  "proxy" : "10.10.10.99:8080@socks4",
  "proxy_mode" : 2,
  "proxy_pass" : "REDACTED",
  "g_sett_high_bitrate" : 1,
  "flash_version" : 9,
  "realtime_clock_delta" : 0
}

My final thought is editing the settings manually. Spotify has a settings file, it seems to be a simple JSON format so if we knew the names of hidden options we could change the settings there. Who knows maybe 'p2p': 0 is all that’s standing in the way?!

Either way, I have no idea where this elusive option is. Get searching and report back!

Mess up the cache

Well, Spotify has a cache of files, presumably for use with the P2P sharing. If we could clear that cache or somehow disable it perhaps this could break P2P sharing? The Spotify client only lets you reduce the cache size to a minimum of 1 Gigabyte but interestingly I’ve noticed the setting is stored in the settings file. (Look at that sample above, ‘“cache_size”: 1024’). Perhaps this could be set to 0 manually? I don’t have time to test that idea but let me know if it works for you.

Edit: I’ve just given it a try, I found that setting cache_size to 1 was lowest it would accept. It reduced my cache down to 90megs initially, and since then it’s been dropping slowly. I’m not sure if it will ever get as low as 1meg though. This idea might be counterproductive if it means we need to download more often, I’m also not sure if it’s reduced the P2P traffic or not. Another downside with this train of thought is it would be straightforward for the Spotify team to make the minimum number 1024 in a future update.

Alternative Client

I just had another thought, instead of forcing the official Spotify client to conform we could use an alternative client. There seems to be a range of alternative clients available. I haven’t tried any of them yet, but it looks like a promising approach.

Cheers Dave.