Intervention: How We Tracked Streams

In June 2016, a major consumer outburst erupted on several online forums concerned with Spotify. Users were beginning to notice that their Spotify client was running amok and had suddenly started to record large amounts of junk data on their solid-state drives (SSDs), which could potentially slow down—if not destroy—their storage capacities.¹ As the news spread, reports of ever-larger examples of trash generation began to roll in. Journalists at the tech website Ars Technica ran a test and found that their Spotify clients were unwittingly writing five to ten gigabytes of data per hour on their computers—even when the clients were put in idle mode.² In cases where the program had been running for months, users reported having terabytes of junk dumped on their hard drives.³ Blog outlets were calling the debacle an “assault on user’s storage devices,”⁴ a case of excessive “data gobbling,”⁵ and an issue which was “quietly killing” the lifespan of hard drives.⁶ It quickly became clear that Spotify had unwantedly turned the computers of thousands of users into garbage dumps. Instead of momentarily diffusing music, the program was spitting out digital trash.⁷

What happens when someone clicks play on Spotify? It is a simple question, yet it is tricky to answer from a technical viewpoint. As we stated in our introduction, one guiding metaphor for this research has been to “follow” streamed music files as they are shuffled across the web. But such an effort is negated by the basic logics according to which streaming operates. First, data is not technically transported—as in being moved from one location to the next—when information is streamed. Instead, data is copied and multiplied. Thus, the question of how streamed files “move” is not only a matter of tracing changed data locations but an issue of tracking how data proliferates. Second, streamed music does not simply concern the replication of audio data. Hundreds, if not thousands, of other types of data transmission occur every time content is streamed. And while it is possible to single out and isolate specific audio content in such floods of data traffic, it makes little sense to do so, since streaming is inevitably bound up in much larger computational processes. The streaming of music, then, is not simply a matter of transportation; it is an intricate data traffic solution that involves connecting multiple actors, networks, and infrastructures that span the globe.

As the example of Spotify’s unwanted generation of trash data illustrates, these data transmissions can sometimes have hidden or unintended consequences. In order to explore the nature of such streamed data processes, we set up an experiment that allowed us to monitor the data transmissions that are triggered by a “click” (or play) on Spotify. The experimental setup was simple: By using an open-source program called Wireshark, we were able to eavesdrop on data traffic that occurred between one of our personal computers and the internet when Spotify was used. This allowed us to map what streamed data traffic looks like close up, zooming in on its contents and characteristics.

One of the world’s most popular network protocol analyzers, Wireshark is used by programmers to troubleshoot problems in network traffic. The program was first created in 1998 and has since been developed by an impressive 1,316 open-source contributors (and counting). According to its founders, Wireshark “lets you see what’s happening on your network at a microscopic level.”⁸ The program does this by logging and intercepting the transmission of packets—that is, the small units of data that are sent within a network when a computer is hooked up to the internet. This enables a study of the origin, destination, and characteristics of the data that passes to and from selected computers. For this reason, network protocol analysis tools (or “packet sniffers,” as they are also called) are frequently used for diagnosing network problems, detecting network intrusion attempts, gathering network statistics, and evaluating the effectiveness of security systems, such as firewalls or spam filters. These tools thus play an important role within the day-to-day business of maintaining and upholding the functions of the internet.

Software programs like Wireshark are also popular with malicious hackers, since they enable sniffing out and eavesdropping on every computer that is hooked up to the same Wi-Fi network. Because these programs translate and present the details of all transmissions occurring between two or more nodes on a computer network, they can be used to spy on unprotected Wi-Fi cohabitants. This is usually done when the program is set to “promiscuous mode,” a feature that is available on many network protocol analyzers. Promiscuous mode can be used to gather sensitive information—such as passwords, private email details, credit card numbers, browser histories, and cookies with saved login credentials—from unsuspecting targets, provided that the information is not encrypted.

In our experiment, we did not collect such private communication details concerning other people’s internet use. Rather, we repurposed Wireshark as a digital research tool for “listening in” on our personal streamed data traffic.⁹ In other words, the intercepted traffic only concerned our own Spotify streams and no one else’s. “Eavesdropping,” biolinguist John L. Locke suggests, “is a deeply biological trait with ancient roots. Few if any species do not eavesdrop—even plants do it.”¹⁰ By drawing on this deeply rooted practice of willfully overhearing conversations between others (in our case, computers), our interventionist exercise thus consisted of trying to capture the conversations taking place when music is streamed on Spotify. This gives insight into a sphere of digital communication that is rarely observed by humanist scholars. As Wendy Chun has described it, packet sniffers reveal how “your computer constantly wanders without you.”¹¹ By this, Chun refers to the ways in which computers constantly do stuff without our direct knowledge and how data moves in ways that are not seen at the interface level. Packet sniffers thus challenge the idea that computers are under our control and only act at our request; they reveal the hidden—and sprawling—transmissions that occur within internet networks. In order to understand Spotify as an (organizer of) infrastructure, one has to take such network connections and actors into account.

Consider the scale of data that passes through a service such as Spotify. In 2016, Spotify product manager Ali Sarrafi reported that the company handled more than thirty-eight terabytes of incoming data per day, while permanently storing more than “70 petabytes of … data about songs, playlists, etc.”¹² To give a sense of how much data this is, consider that seventy petabytes is roughly equivalent to 930 years—nearly one millennium—of high-quality video. In 2016, Spotify’s backend system was said to be capable of singlehandedly pushing “more than 700,000 events per second halfway across the world,” where an “event” (as we described in chapter 2) refers to any action being performed by a user on the Spotify client, such as adding a song to a playlist.¹³ In order to cope with such data traffic, Spotify has long hosted a fleet of over twelve thousand servers, distributed in four data centers in Stockholm; London; Ashburn, Virginia; and San Jose, California.¹⁴ Since 2015, however, the company has increasingly shipped its data through Google Cloud Platform, which involves using not only Google’s global cloud/storage data centers but also other Google services, such as virtual machines and database management systems.¹⁵ In addition, Spotify is hooked up to at least five internet exchange points (IXPs) located in Frankfurt (DEC-IX), Stockholm (Netnod), Amsterdam (AMSIX), London (LINX), and Ashburn (EQIX-ASH). The service is also attached to several content delivery networks (CDNs) and subscriber networks—that is, broadband or mobile providers—which speed up and shorten the distance to their users.¹⁶ Each time Spotify is used, traffic is dynamically pushed through these data channels within a split second, depending on where the connection is best.¹⁷

What knowledge could we gain about these complex arrangements between cloud providers, internet hubs, and CDNs from using Wireshark? On the evening of May 15, 2017, we intercepted Spotify’s network traffic first by using one recently registered Spotify Free account and then by using one old Spotify Premium account. The premium account belonged to one of us researchers and had been in use for many years, while the new account was registered that evening with a personal email address. During the data capture—which lasted for only twenty minutes on each account—we listened to a series of songs, much as one normally does when using Spotify. All plays were triggered manually, and five songs were played in total.¹⁸ While the network traffic was being intercepted, we used the Mac’s Activity Monitor to make sure that no programs other than Spotify were active. The traffic was also filtered so that we only monitored ports that Spotify was using: 80, 443, and 4070.¹⁹ The data was first stored in the pcapng format, which enables a dynamic reading of the data in Wireshark, and was later exported to Excel and Google spreadsheets for analysis.

In total, 1,618 Spotify-related packets were captured during the session with the Spotify Premium account, and 11,653 packets were captured during the session with the Spotify Free account. The most likely reason why so many more packets were sent to and from the free account was that this data was collected first, which implies that the music had already been cached (i.e., temporarily stored) on the computer’s hard drive by the time we intercepted the data transmitted via the premium account. In addition, two advertisements (one still image and one video ad) appeared during the free session, which caused more data to be sent and received. In many cases, the captured packets turned out to be simple “Can you read me?” requests, that is, short “hello” messages that allow computers to acknowledge one another’s existence in case information should be transferred between them in the future. We also found that a long list of erroneous packets had been captured on both of the accounts. In fact, 38 percent of the premium data traffic and 4 percent of the free traffic consisted of failed transmission control protocol (TCP) packet transmissions. These failures were never noticed at the interface level during the data collection; the client never froze, and the music played without lag or interruption. Yet the fact that so many erroneous packets appeared reveals how states of breakdown continuously underlie the seemingly well-functioning interfaces of software programs.

Even if Spotify appeared to be running smoothly, hundreds of minor malfunctions were taking place in its network transmissions. For instance, during the premium session, the Spotify client made 213 attempts to establish contact with an IP address located in San Francisco, without any success. Similarly, during the free session, 215 failed attempts to communicate with an internet protocol (IP) address in New York City occurred when the Spotify account was intercepted. For the purposes of this intervention, we will not get into the details of why these packet transmissions failed. Nor do we claim that failed packet transmissions are exclusive to Spotify. The reality is the opposite: they represent a highly common element in general network traffic. The point is that network protocol analysis tools enable considerations of how “technology cannot exist without failure.”²⁰ Even in cases when Spotify appears to be functioning seamlessly, what Federica Frabetti calls “quasi-failures” might still lurk below the surface.²¹ Tools such as Wireshark, we argue, can thus be used as entryways for studying the sometimes-troubled communication attempts that take place between computers, as well as the moments when software breaks down and misbehaves.

Figure 2.7

Screenshot of Wireshark in action. Black rows indicate failed TCP packet transmissions.

As Nicole Starosielski notes, a simple “click” on a computer commonly activates vast infrastructures whereby information is pushed through routers, local internet networks, IXPs, long-haul backbone systems, coastal cable stations, undersea cables, and data warehouses at the speed of light.²² The characteristics of such infrastructural connections could also be gleaned from our eavesdropping session. In detail, the data traffic that was intercepted during the experiment could be isolated to twelve different actors located in Europe and the United States, of which only one belonged directly to Spotify:

Figure 2.8

List of actors that were found when we eavesdropped on Spotify’s network traffic in May 2017.

AOL and Level 3 are two of the world’s largest Tier 1 backbone network providers, supplying nodes through which a large portion of the world’s internet traffic is connected. The US-based—and sometimes controversial—Level 3 was acquired by CenturyLink in 2017 and is active in more than sixty countries and controls over ten million miles of fiber-optic cables.²³ This is equivalent to about four hundred trips around the world.²⁴ Several of these fiber-optic cables are subaquatic and link Africa, Asia, Europe, and North America. The company also runs 350 data centers with fifteen thousand CDN servers across the world.²⁵ Through these cables and data centers, Level 3 has provided network access to several large content providers, such as Pandora, Netflix, and Grooveshark, as well as more delicate customers such as the US Department of Defense.²⁶ During our eavesdropping session, however, it did not appear as though the primary role of Level 3 was to enable Spotify’s transmission of music. Rather, Level 3’s IP addresses appeared to be hosted by the Rubicon Project, an online advertising firm that has managed Spotify’s programmatic ad sales since 2016, in competition with other actors such as Turn, Appnexus, Audience Science, and MediaMath (to which we will return in chapter 4).²⁷

The actual music that was streamed to our computer during the experiment instead appeared to have origins in Google Cloud Platform’s data centers in Ashburn, Stockholm, and Mountain View, California. As mentioned in the previous chapter, Spotify’s music transmissions are based on the Ogg Vorbis codec, a free open-source solution for lossy audio compression that stands in direct competition with the proprietary—and much more commonly used—MP3 codec.²⁸ Most of the packets that were sent between Google’s data centers and our computer contained Ogg Vorbis–labeled data. These packets were also encrypted with the help of a free, open-source software protocol called TrIPE (or Trivial IP Encryption).²⁹ (Interestingly, we were able to listen to these distorted versions of music by playing the encrypted files in the program Audacity.) By using TrIPE and Ogg Vorbis, Spotify gains access to encryption and compression technologies without having to pay costly proprietary fees to build its software on top of them. This cost-saving practice is a common thread in the company’s software and infrastructure management. “At Spotify we love open source,” Noa Resare, one of Spotify’s “free software mediators,” proclaimed in 2014.³⁰ The Spotify client, for example, has benefitted significantly from the labor put into more than three hundred different open-source projects.³¹ Spotify thus resembles a hybrid of proprietary and open-source software solutions. When looking at the codecs and software on which the service runs, it becomes obvious that Spotify is neither self-built nor self-maintained and instead relies on a vast network of actors for its service to function—another indication that the notion of an enclosed platform is inapt. By hunting among the collected data packets, our eavesdropping session allowed us to study the traces of such actors and to consider their economic and political effects.

From the collected data, we also learned that our Spotify client had been interacting with two different CDNs: Akamai and Amazon CloudFront. As Stephen Graham and Simon Marvin noted in 2001, CDNs are constructions that bypass congested internet infrastructures and instead establish parallel network traffic routes that—against a fee—allow information to reach its destination at a higher speed.³² Such parallel networks have clear political dimensions. They often run between high-priority cities around the globe (such as capitals) and frequently target areas with a high density of corporate activity. In fact, Akamai has been singled out as providing a private network infrastructure that serves to enhance the unequal distribution of global network connectivity.³³ Because of their practice of selling high-quality internet access to selected customers, CDNs are also known for sidestepping net neutrality orders and regulations, thus counteracting the basic and open end-to-end principles of the internet.³⁴ Given that we recorded our session in the heart of Stockholm—the most populous city in the Nordic countries—it should come as no surprise that Spotify’s data traffic was routed through such CDNs. Yet our experiment exemplifies how a task as mundane as listening to music on Spotify may trigger complex entanglements with internet infrastructures that are tightly linked to controversial debates around digital policy making, network neutrality and the freedom of the web.

“Unlike telegraphy and telephony,” Tiziana Terranova once wrote, “the communication of information in computer networks does not start with a sender, a receiver and a line, but with an overall information space, constituted by a tangle of possible directions and routes, where information propagates by autonomously finding the lines of least resistance.”³⁵ “This,” she further argues, “produces a space that is not just a ‘space of passage’ for information, but an informational machine itself—an active and turbulent space.”³⁶ The inconstant, improvisational, and mutable qualities of online information transmissions imply that network traffic is constantly in flux. Therefore, it is not certain that a play on Spotify will activate the same data centers, backbone providers, CDNs, and advertisement brokers mentioned in this intervention. Rather, any snapshot of Spotify’s infrastructuring unavoidably links to a position from which the snapshot was taken. Instead of being read as a general depiction of the kinds of data transmissions that a Spotify click triggers, the results of our eavesdropping session must therefore be read as highly situated and context dependent.

The scholarly significance of this intervention is thus not to make general claims regarding how Spotify organizes its data infrastructure but rather to provide an example of its complexities. As Brian Larkin notes, infrastructures play a dual role: they are things that “enable the movement of other matter” while simultaneously also constituting “the relationship between things.”³⁷ As both things and relations, then, Spotify’s data infrastructures connect, prompt, and link together various distributed elements across large geographic distances. While this experiment has far from exhausted the kinds of infrastructures that a service such as Spotify relies on, it has provided some insight into the lively, complex, and sometimes downright-failing network transmissions that a simple click can generate. When pushing play on Spotify, music is heard—amid a cacophony of other data.

Notes

1. The memory cells on an SSD can be written and rewritten a limited number of times. Junk data was being stored on regular hard drives too, but since they don’t operate on a finite lifespan as SSDs do, the issue wasn’t as pertinent.

2. Dan Goodin, “Spotify Is Writing Massive Amounts of Junk Data to Storage Drives,” Ars Technica, November 11, 2016, https://arstechnica.com/information-technology/2016/11/for-five-months-spotify-has-badly-abused-users-storage-drives/.

3. Chris Hampton, “Spotify Is Killing Your Computer’s Storage with Junk Data,” Chart Attack, November 17, 2016, http://www.chartattack.com/news/2016/11/17/spotify-killing-computers-storage-junk-data/.

4. See Goodin, “Spotify Is Writing.”

5. “Spotify Patches ‘Data Gobbling’ Glitch,” BBC News, November 11, 2016, http://www.bbc.com/news/technology-37950627.

6. Aaron Brown, “Spotify Could Be Damaging Your Computer behind Your Back, and This Is Why,” Express, November 15, 2016, https://www.express.co.uk/life-style/science-technology/732176/Spotify-Bug-App-SSD-Lifespan.

7. For worried readers: Spotify later released a software update that cured the bug that had caused the trash issue. By then, however, the software malfunction had already been running for months.

8. “About Wireshark,” Wireshark, accessed January 16, 2018, https://www.wireshark.org/#aboutWS.

9. Richard Rogers, Digital Methods (Cambridge, MA: MIT Press, 2013).

10. John L. Locke, Eavesdropping: An Intimate History (Oxford: Oxford University Press, 2010), 16.

11. Wendy Hui Kyong Chun, Control and Freedom: Power and Paranoia in the Age of Fiber Optics (Cambridge, MA: MIT Press, 2006), 3.

12. Ali Sarrafi, “How ‘Data’ Drives Spotify” (PowerPoint presentation, Stockholm School of Entrepreneurship, Stockholm, Sweden, August 10, 2016), https://www.slideshare.net/alisarrafi3/how-data-drives-spotify.

13. Igor Maravić, “Spotify’s Event Delivery—The Road to the Cloud,” pt. 1, Spotify Labs (blog), February 25, 2016, https://labs.spotify.com/2016/02/25/spotifys-event-delivery-the-road-to-the-cloud-part-i/.

14. See Rerngvit Yanggratoke et al., “On the Performance of the Spotify Backend,” Journal of Network and Systems Management 23, no. 1 (2015): 210–37, doi:10.1007/s10922-013-9292-2; and Nick Cope, “Managing Machines at Spotify,” Spotify Labs (blog), March 25, 2016, https://labs.spotify.com/2016/03/25/managing-machines-at-spotify/.

15. See Cope, “Managing Machines”; and Guillaume Leygues, “Spotify Chooses Google Cloud Platform to Power Data Infrastructure,” Google Cloud Platform blog, February 23, 2016, https://cloudplatform.googleblog.com/2016/02/Spotify-chooses-Google-Cloud-Platform-to-power-data-infrastructure.html.

16. Dbarrosop, “SDN Internet Router,” pt. 2, Spotify Labs (blog), January 27, 2016, https://labs.spotify.com/2016/01/27/sdn-internet-router-part-2/.

17. In order to facilitate this, Spotify also relies on over 175 different services at the back end, which manage things such as user analytics and marketing. For an overview, see “Spotify,” Siftery, accessed January 16, 2018, https://siftery.com/company/spotify.

18. The songs were part of a playlist that already existed on the older premium account. We shared the playlist with the newly registered account via email. In detail, the songs that were played were: “Esse Olhar Que Era Só Teu” by Dead Combo (5:54), “Planet Caravan” by Black Sabbath (4:27), “Demon Host” by Timber Timbre (3:39), “The Healer” by Erykah Badu (3:59), and “SAT” by Boban i Marko Marković Orkestar (4:23). The music was played as it appeared in the playlist, with the exception of a few songs that were manually skipped between Timber Timbre’s “Demon Host” and Erykah Badu’s “The Healer”.

19. When a computer sends and receives information (or packets) across a network, different actors use different ports. If you think of your computer as a destination to which many doors lead, then ports would make up the different doors through which data traffic can be routed. We found out that Spotify uses ports 80, 443 and 4070 by observing network traffic in Wireshark. We cannot rule out that Spotify might have sent data through other ports as well, but as far as we could tell, these three seemed to be the main ones.

20. Federica Frabetti, “‘Does It Work?’: The Unforeseeable Consequences of Quasi-failing Technology,” Culture Machine 11 (2010): 108, http://www.culturemachine.net/index.php/cm/article/view/388/409.

21. Frabetti, “‘Does It Work?’”

22. Nicole Starosielski, “Fixed Flow: Undersea Cables as Media Infrastructures,” in Signal Traffic: Critical Studies of Media Infrastructures, ed. Lisa Parks and Nicole Starosielski (Springfield: University of Illinois Press, 2015), 54.

23. Following the Snowden revelations regarding PRISM, a National Security Agency (NSA) surveillance program, Level 3 was singled out as one of the major actors that might have enabled the NSA to wiretap Google’s and Yahoo’s communications. See Nicole Perlroth and John Markoff, “N.S.A. May Have Hit Internet Companies at a Weak Spot,” New York Times, November 25, 2013, http://www.nytimes.com/2013/11/26/technology/a-peephole-for-the-nsa.html.

24. Level 3, “Corporate Fact Sheet,” March 2016, http://news.level3.com/download/2016_Level+3+Communications_FastFactsupdate_5-19-16_vF.pdf.

25. Level 3, “Corporate Fact Sheet.”

26. See Level 3, “Netflix Signs Multi-year Deal with Level 3 for Streaming Services,” press release, November 11, 2010, http://news.level3.com/index.php?s=23600&item=65041; Level 3, “Level 3 Powers Pandora,” press release, November 1, 2006, http://news.level3.com/news-archive?item=65154; Level 3, “Level 3 Enhances Grooveshark’s Music Streaming Capabilities,” press release, October 14, 2010, http://news.level3.com/news-archive?item=65035; and Level 3, “U.S. Department of Defense Finalizes Selection of Level 3 for 10-Year, Multimillion Dollar Task Order,” press release, May 7, 2012, http://news.level3.com/news-archive?item=128074.

27. See AppNexus, “AppNexus Announces Technology Partnership with Spotify,” press release, July 20, 2016, https://www.appnexus.com/en/company/news-and-events/press-releases/news-2016-0720; Rubicon Project, “Spotify Taps Rubicon Project to Automate Audio Inventory,” press release, July 20, 2016, http://rubiconproject.com/press-releases/spotify-taps-rubicon-project-to-automate-audio-inventory/; and “Partner Info: Spotify,” MediaMatch, accessed January 16, 2018, https://open.mediamath.com/partners/spotify.

28. For more information about Ogg Vorbis, see “Vorbis,” Xiph.Org Foundation, accessed January 16, 2018, https://www.xiph.org/vorbis/.

29. For more information about the TrIPE protocol, see “Service Name and Transport Protocol Port Number Registry,” Internet Assigned Numbers Authority, accessed January 16, 2018, https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?amp=&page=78; and Mark Wooding, “TrIPE: Trivial IP Encryption,” personal website, updated April 19, 2010, https://git.distorted.org.uk/~mdw/tripe/blob/refs/heads/master:/README.

30. Noa Resare, “Making Open Source a Priority at Spotify,” presentation abstract, LinuxCon North America, Chicago, Illinois, August 20–22, 2014, https://lccona14.sched.com/event/1ouHhHB/making-open-source-a-priority-at-spotify-noa-resare-spotify.

31. The most up-to-date list of these open-source projects can be found by clicking “Help > Third-party Software” in the top menu of any Spotify client. Spotify has also given back to the open source community by publishing a number of different repositories on Github.

32. Stephen Graham and Simon Marvin, Splintering Urbanism: Networked Infrastructures, Technological Mobilities and the Urban Condition (London: Routledge, 2001).

33. Emy Tseng and Kyle Eischen, “The Geography of Cyberspace,” M/C Journal 6, no. 4 (2003), http://www.journal.media-culture.org.au/0308/03-geography.php.

34. For an extended discussion, see Jennifer Holt, “Regulating Connected Viewing: Media Pipelines and Cloud Policy,” in Connected Viewing: Selling, Streaming & Sharing Media in the Digital Era, ed. Jennifer Holt & Kevin Sanson (London: Routledge, 2014), 19–39.

35. Tiziana Terranova, Network Culture: Politics for the Information Age (Ann Arbor, MI: Pluto Press, 2004), 65.

36. Terranova, Network Culture, 68.

37. Brian Larkin, “The Politics and Poetics of Infrastructure,” Annual Review of Anthropology 42 (2013): 329, doi:10.1146/annurev-anthro-092412-155522.