Deezer Wants GitHub Pirates to Stop Sharing Its Encryption Keys
2 min read- Deezer is having trouble with hackers stealing its private encryption keys and creating downloader tools.
- The hackers are posting these tools on GitHub, and then Deezer sends DMCA takedown notices.
- The vicious circle continues, as Deezer refuses to fix the API flaws that the hackers exploit.
Deezer, the popular music streaming platform that offers 56 million tracks and over 30,000 radio channels to about 14 million monthly users, deals with a piracy problem right now. According to recent reports, hackers are somehow obtaining private encryption keys belonging to Deezer and then publish them on GitHub.
People are then using these keys to download high-quality tracks from the platform without paying anything, damaging the platform, and engaging in copyright infringement acts.
Obviously, Deezer is bombarding GitHub with DMCA takedown notices, asking for the removal of automated music pirating tools such as ‘Deezerloader,’ ‘Deezerloader Remix,’ ‘DeezerDownload,’ ‘Deeze,’ ‘Deezerio,’ ‘Deezit,’ ‘Deedown,’ ‘Deezloader Reborn’ and many more. The list is endless because the code is open and users are simply copying or forking it and just re-upload it onto GitHub. Many of them use “fresh” accounts for this, so the code hosting platform doesn’t have any way to stop this preemptively.
GitHub complies with all takedown requests as they are all valid, of course, and there’s no doubt about what their main purpose is. These tools are not generic media downloaders, but instead, highly-targeted and specialized piracy-enablers. So, this is not in any way similar to the recent RIAA vs. Youtube-dl case that found GitHub playing an awkward role, failing to consider fair use, and eventually taking the right side. Even with GitHub responding almost immediately to Deezer’s notices, the problem isn’t going away.
The weird part of this whole story is that Deezer appears incapable of properly securing its private encryption keys. Apparently, the hackers exploit API flaws in the platform, so all that Deezer needs to do is fix these and move on.
Deezer may find it simpler, easier, or even cheaper to just go after these pirates based on the illegality of bypassing technological measures. Still, this approach is not a definitive solution to their problems.
