Sunday, October 23, 2011

SPOTIFY and OPTING OUT of the SPOTIFY PEER TO PEER NETWORK (P2P)

Spotify is a GREAT program for listening to music with over 15 million songs available for FREE (with occasional ads). I have a premium subscription and it's well worth the $10 to do away with the ads, get Spotify on my iPhone, and listen to songs offline. What most people do not realize is that Spotify (even Premium subscribers) are unwittingly made a part of the Spotify P2P Network which functions somewhat like BitTorrent to help take the load off of the Spotify Main Server Network. I found my computer opening 50-60 peer client connections everytime I had Spotify open, which was undesirable. After an hour of tinkering aruond, I was able to BLOCK any Peer-to-Peer connections.

All ports can be be blocked, the only Requirement for Spotify is allow Outbound Connections to "Remote Port" 4070 (Spotify port) or 443 (HTTPS) or 80 (HTTP) to *.ash.spotify.com (currently 193.182.8.3 - 193.182.8.90). (443 and 80 are failsafes)

(click to enlarge in New Window)
Spotify Listing of Ports
A crash course on how this works is explained in (and reposted by me) from http://pansentient.com/2011/04/spotify-technology-some-stats-and-how-spotify-works/

General Stats
  • Spotify is the only on-demand music streaming service that’s not web-based. Instead, it uses a peer-to-peer network (p2p) that can scale up to meet the demands of millions of users.
  • Only 8.8% of music playback comes from Spotify’s servers. The rest comes from the peer-to-peer network (35.8%) or your local cache (55.4%). The exception here is Spotify on smartphones, which gets all the music directly from the Spotify servers
The Peer to Peer Network (P2P)
  • Spotify’s p2p network works like a BitTorrent network to locate peers (other users who have the song you want to listen to). It uses a proprietary protocol designed especially for streaming music.
  • There’s no “preferred” peers or supernodes, but a future improvement might be to use peer-to-peer overlays to exploit the overlap in interests between users.
  • The maximum number of peers in the network is 60, with a soft-limit of 50 peers.
  • The client uploads to at most 4 peers at a time.
  • Server-side trackers and network queries are used to locate other users who have the music you’re listening to.
  • Spotify uses TCP as the transport protocol instead of UDP, since it can take advantage of TCP’s congestion controls and ability to re-send lost packets.
What I Found Out:

Spotify wants to listen on ports locally so it can automatically make you a part of its peer-to-peer network. Despite these facts, YOU CAN OPT OUT of the P2P Network! Being a part of the P2P network is not a requirement.

Everytime you click a remote track and listen to it, tiny pieces of the file are downloaded from Spotify's MAIN Server Network (and stored in a cryptic and encrypted file/format which I personally have yet to determine the method to this madness)

Spotify Local Storage Directory
  • on Windows 7 = C:\Users\ [you] \AppData\Local\Spotify\Storage
Everytime you click the toggle button "AVAILABLE OFFLINE" Spotify downloads the entire playlist of files to your local storage directory and if your internet connection goes offline, you can still listen to the songs. THIS BUTTON ALSO ESTABLISHES YOU AS AN UPLOADER ON THE P2P NETWORK. For a single song, your computer WILL immediately initiate 4 UPLOAD connections to 4 "peers" on the P2P network. If you don't know how to block ports, you can simply never use "offline files" and you will never upload!

Spotify Listening Port List:


0.0.0.0 =(all available interfaces)
127.0.0.1 =(localhost)
192.168.0.x =(external facing NAT private IP, or would be public IP from Cable modem/DSL)
  • TCP Port 4370 (bound to 127.0.0.1) - initially active when not even logged in .
  • TCP Port 4380 (bound to 127.0.0.1) - initially active when not even logged in .
  • TCP Port 19906 (bound to 0.0.0.0) - once you connect.
  • TCP Port 57621 (bound to 0.0.0.0) - once you connect.
  • UDP Port 1900 - SSDP - (bound to 192.168.0.x) - Publishes to Gateway (192.168.0.1) & Multicast (239.255.255.250) - makes discoverable on your network for any capable devices
  • UDP Port 21328 - (bound to 192.168.0.x) - "tracker of sorts" for the P2P client network
  • UDP Port 57621 - (bound to 0.0.0.0) Broadcasts to (192.168.0.255)
  • temporary & dynamic UDP +/-56000 to 63325+/- (may be incomplete) - unsure on this one.

If your router or firewall BLOCKS these or all ports, Spotify will revert to downloading all content from the Spotify Main Server Network as long as it can connect to Remote Port 4070. Failing to login/connect on port 4070, Spotify will try "failsafes" of port 443 and port 80 in the order: 4070, 443, 80. I assume this is to preserve connectivity for business/corporate firewalled networks. The servers are named such as afton.ash.spotify.com, aretha.ash.spotify.com, cameo.ash.spotify.com, etc... The current range of IP's used for these main servers are 193.182.8.3 to 193.182.8.90.

Before I figured any of this out, I used to whitelist Spotify.exe through Windows firewall and found that my NAT router (tomato) was still allowing the opening of 50+ connections and uploading to peer clients. I have since removed the whitelisted Spotify.exe and have created a rule for destination port 4070. Optionally you can narrow it down to destination IPs 193.182.8.3 - 193.182.8.90. (IP 193.182.8.1/Subnet 255.255.255.128 would be another choice)

CONCLUSION:

The only Requirement for Spotify is ALLOW Outbound Connections to "Remote Port" 4070 to *.ash.spotify.com (currently 193.182.8.3 - 193.182.8.90 or IP 193.182.8.1/Subnet 255.255.255.128)
Failure to login/connect on port 4070, Spotify will try "failsafes" of port 443 and port 80 in the order: 4070, 443 & 80. This preserves connectivity for business/corporate strict firewalled networks.


IP Address Host Name MAC Address Response Time TCP Ports
========== ========= =========== ============= =========
193.182.8.1 rt-vrrp-pub.ash.spotify.com 17 ms
193.182.8.2 fw-vrrp-pub.ash.spotify.com 17 ms
193.182.8.3 althea.ash.spotify.com 19 ms
193.182.8.4 cameron.ash.spotify.com 17 ms
193.182.8.5 camille.ash.spotify.com 18 ms
193.182.8.6 candice.ash.spotify.com 16 ms
193.182.8.7 cadace.ash.spotify.com 17 ms
193.182.8.8 aria.ash.spotify.com 17 ms
193.182.8.9 afton.ash.spotify.com 16 ms 4070, 443, 80
193.182.8.10 agnes.ash.spotify.com 16 ms 4070, 443, 80
193.182.8.11 alma.ash.spotify.com 24 ms 4070, 443, 80
193.182.8.12 anissa.ash.spotify.com 24 ms 4070, 443, 80
193.182.8.13 ann.ash.spotify.com 23 ms 4070, 443, 80
193.182.8.14 aretha.ash.spotify.com 25 ms 4070, 443, 80
193.182.8.15 aurora.ash.spotify.com 24 ms 4070, 443, 80
193.182.8.16 avery.ash.spotify.com 24 ms 4070, 443, 80
193.182.8.17 daryl.ash.spotify.com 23 ms 4070, 443, 80
193.182.8.18 bernadine.ash.spotify.com 23 ms 4070, 443, 80
193.182.8.19 ashton.ash.spotify.com 27 ms
193.182.8.20 beth.ash.spotify.com 24 ms
193.182.8.22 deborah.ash.spotify.com 18 ms 4070, 443, 80
193.182.8.23 debbie.ash.spotify.com 24 ms 4070, 443, 80
193.182.8.24 dayana.ash.spotify.com 25 ms 4070, 443, 80
193.182.8.25 david.ash.spotify.com 25 ms 4070, 443, 80
193.182.8.26 claudine.ash.spotify.com 25 ms 4070, 443, 80
193.182.8.27 clementine.ash.spotify.com 17 ms 4070, 443, 80
193.182.8.28 clemmie.ash.spotify.com 27 ms 4070, 443, 80
193.182.8.29 cordelia.ash.spotify.com 25 ms 4070, 443, 80
193.182.8.30 consuelo.ash.spotify.com 25 ms 4070, 443, 80
193.182.8.31 alondra.ash.spotify.com 25 ms
193.182.8.32 autumn.ash.spotify.com 18 ms
193.182.8.33 cindy.ash.spotify.com 20 ms
193.182.8.34 chihiro.ash.spotify.com 24 ms
193.182.8.35 accalia.ash.spotify.com 25 ms 4070, 443, 80
193.182.8.36 ahava.ash.spotify.com 25 ms 4070, 443, 80
193.182.8.37 ainara.ash.spotify.com 24 ms 4070, 443, 80
193.182.8.38 alesti.ash.spotify.com 24 ms 4070, 443, 80
193.182.8.39 ambika.ash.spotify.com 28 ms 4070, 443, 80
193.182.8.40 andromache.ash.spotify.com 27 ms 4070, 443, 80
193.182.8.41 anemone.ash.spotify.com 27 ms 4070, 443, 80
193.182.8.42 araluen.ash.spotify.com 27 ms 4070, 443, 80
193.182.8.43 araminta.ash.spotify.com 28 ms 4070, 443, 80
193.182.8.44 arantxa.ash.spotify.com 28 ms 4070, 443, 80
193.182.8.45 bansari.ash.spotify.com 27 ms 4070, 443, 80
193.182.8.46 berdine.ash.spotify.com 27 ms 4070, 443, 80
193.182.8.47 bhavya.ash.spotify.com 26 ms 4070, 443, 80
193.182.8.48 bracha.ash.spotify.com 26 ms 4070, 443, 80
193.182.8.49 bronnen.ash.spotify.com 25 ms 4070, 443, 80
193.182.8.50 cameo.ash.spotify.com 26 ms 4070, 443, 80
193.182.8.51 casondra.ash.spotify.com 28 ms 4070, 443, 80
193.182.8.52 cauvery.ash.spotify.com 28 ms 4070, 443, 80
193.182.8.53 cleva.ash.spotify.com 28 ms 4070, 443, 80
193.182.8.54 corinne.ash.spotify.com 27 ms 4070, 443, 80
193.182.8.55 cyrena.ash.spotify.com 23 ms 4070, 443, 80
193.182.8.56 dietlinde.ash.spotify.com 23 ms 4070, 443, 80
193.182.8.57 drisana.ash.spotify.com 25 ms 4070, 443, 80
193.182.8.58 fallon.ash.spotify.com 26 ms 4070, 443, 80
193.182.8.59 frankie.ash.spotify.com 22 ms 4070, 443, 80
193.182.8.60 gladys.ash.spotify.com 24 ms 4070, 443, 80
193.182.8.61 gypsy.ash.spotify.com 23 ms 4070, 443, 80
193.182.8.62 haifa.ash.spotify.com 25 ms 4070, 443, 80
193.182.8.63 193.182.8.63 25 ms
193.182.8.64 hanane.ash.spotify.com 23 ms 4070, 443, 80
193.182.8.65 herlinda.ash.spotify.com 22 ms 4070, 443, 80
193.182.8.66 ilisapesi.ash.spotify.com 22 ms 4070, 443, 80
193.182.8.67 iria.ash.spotify.com 22 ms 4070, 443, 80
193.182.8.70 kajal.ash.spotify.com 22 ms 4070, 443, 80
193.182.8.71 kenyatta.ash.spotify.com 26 ms 4070, 443, 80
193.182.8.72 kismet.ash.spotify.com 27 ms 4070, 443, 80
193.182.8.73 laurinda.ash.spotify.com 24 ms 4070, 443, 80
193.182.8.74 lotta.ash.spotify.com 22 ms 4070, 443, 80
193.182.8.75 lysandra.ash.spotify.com 23 ms 4070, 443, 80
193.182.8.76 nediva.ash.spotify.com 26 ms 4070, 443, 80
193.182.8.78 193.182.8.78 23 ms
193.182.8.79 rosevear.ash.spotify.com 25 ms 4070, 443, 80
193.182.8.80 samatha.ash.spotify.com 21 ms 4070, 443, 80
193.182.8.81 samicah.ash.spotify.com 27 ms 4070, 443, 80
193.182.8.82 193.182.8.82 27 ms
193.182.8.83 stacia.ash.spotify.com 22 ms 4070, 443, 80
193.182.8.85 tathra.ash.spotify.com 25 ms 4070, 443, 80
193.182.8.86 felice.ash.spotify.com 21 ms 4070, 443, 80
193.182.8.87 nieves.ash.spotify.com 25 ms 4070, 443, 80
193.182.8.88 shulamit.ash.spotify.com 24 ms 4070, 443, 80
193.182.8.89 neeharika.ash.spotify.com 21 ms 4070, 443, 80
193.182.8.90 shradhdha.ash.spotify.com 24 ms 4070, 443, 80
193.182.8.253 core-ash-001.ash.spotify.com 25 ms
193.182.8.254 core-ash-002.ash.spotify.com 24 ms

10 comments:

Hausner said...
This comment has been removed by the author.
Hausner said...

Nice finding. Hereby blocked!

Dick Svensson said...

Well written post. Thanks for all the spotify connection-details.

Gascue said...

Thank you very much! I'm tired about denying all connections Spotify and their associated companies wants to connect to my computer.. and the resources it waists..

Sietse said...

Thanks for this information. I blocked the ports you mentioned and Spotify does not connect to any peers or vice versa. You're my hero!

Ryan Kelly said...

This info is not entirely correct, you are still an "UPLOADER" whether you use "Offline Mode" or not. I have tried many times to stop uploads from my spotify client, but the truth is that it uploads parts off CACHED songs also for P2P. The best you can do is limit your cache in preferences) so that the chance of uploading is slimmer due to having less content to share. Also blocking port you see is fine, but the port change overtime and with different leechers connecting. I have wide range of port blocked but more above and below my range were still in use. Spotify is just a greedy bitch I am in a love-hate relationship with. She sucks my bandwidth just when I am trying to enjoy it for gaming, then boom lag spike, thanks Spotify :S

Ryan Kelly said...

This info is not entirely correct, you are still an "UPLOADER" whether you use "Offline Mode" or not. I have tried many times to stop uploads from my spotify client, but the truth is that it uploads parts off CACHED songs also for P2P. The best you can do is limit your cache in preferences) so that the chance of uploading is slimmer due to having less content to share. Also blocking port you see is fine, but the port change overtime and with different leechers connecting. I have wide range of port blocked but more above and below my range were still in use. Spotify is just a greedy bitch I am in a love-hate relationship with. She sucks my bandwidth just when I am trying to enjoy it for gaming, then boom lag spike, thanks Spotify :S

Laura Harmon said...

Thanks for the info! Very useful.

Laura Harmon said...
This comment has been removed by the author.
Anand Aggarwal said...

Great post i read your article is superb . This is given good information , We are givening Free daily spotify premium codes generated from our unique spotify premium code generator we pay for your free spotify premium. If you want to know more Please Click Here
Spotify premium code generator