Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Have you considered the possibility that someone could get fired for helping you with this? If they didn't want to help you when you went through official channels, it would look really bad if some random engineer gave you inside information about how their proprietary software works behind his management chain's back. (And it's telling that you want to talk directly to an engineer, rather than someone who would actually have the authority to grant your request).

Looks like you might have to just use good ol' reverse engineering...

(As an aside, I'm amazed Spotify doesn't provide an API for this.)



Have you considered the possibility that someone could get fired for helping you with this?

In which case, the Spotify engineer would simply not respond. The Spotify engineer is going to be far more aware of corporate culture than the outsider who can't get any info out of them.

Let's not shame people for openly asking questions when they've already tried to solve the problems themselves and also failed when using the 'official' channels.


First, I wasn't trying to shame him at all. I thought it was an ill-advised thing to try to do, and was explaining why I thought that. That's nowhere near the same thing as "shaming".

Second, it's naive to think Spotify engineers are, as a class, immune to the sort of social engineering that would lead people to commit serious policy breaches. If people can be tricked into giving away their social security numbers over the phone, it's not unreasonable to imagine somebody not realizing something was serious that actually (for whatever reason) was.


If people can be tricked into giving away their social security numbers over the phone isn't quite the same as a question asked openly on Hacker News, hence why I said "openly" - open to community scrutiny.

I understand that you don't intend to be shaming, however that's what you're doing: "how can you ask this question, when it might cost someone their job?". We can't all walk on eggshells in order to protect those people who are close enough to the technical core to give technical answers, yet naive enough to not be aware of phishing and/or draconian corporate culture.

In short, ask away. If there is a draconian response as a result of your questions, that onus is not on you. And it's not like other phishers will leave that naive person alone simply because you did; they're still going to be a weak link in the chain, and they'll get compromised by someone malicious, and they'll still lose their job next time around while at the same time exposing their company to a malicious actor.

Similarly, if we're talking theoretical situations, then how about Spotify management not being jack-booted thugs[1], and when the data breach is found, instead of firing the naif, they use the event to update their corporate policies and retrain all employees with access to privileged information about phishing threats, thereby strengthening the company against future malicious attacks? The naive employee then gains some valuable information on the nature of the world and the company ends up stronger after this benign 'scare'. Win-win all around.

[1] I don't actually know what kind of footwear they use


I am new to this site, and by far not the programming and code wizards that many of the people here are. However, I think this is a fair question!? I understand both sides to this "debate", but we are talking about a MAJOR player in the music streaming world,for now, and i would think they should be bending over backwards to not only do what the people want, but also the fact and language that everyone understands=MONEY!!! which means make people want your programs/apps more than the next guy, so I think if enough people bring this up to them, it should be handled, or we will all move on, tech moves fast and someone is ready to take their place, any businessman should know this, so I think it would be in their best interest to LISTEN BETTER to feedback, and definitely for the people who are PAYING for PREMIUM service. just my opinion on it, like i said I'm no programmer.


If Spotify fires one of their engineers for helping a third party dev on the weekend, that'd be pretty disgusting... there's plenty ways someone could help OP without revealing IP.

If an hypothetical engineer gets fired for revealing IP, then the onus is on the engineer to not reveal IP. Not on OP for asking help.

This whole idea of not asking someone a question in case they would answer and be put in some Kafkaesque corporate politics nightmare sounds insane to me. How is this scenario what comes first to your mind?


It came to my mind first because I'm at a huge company (read: a high value target for corporate espionage) and it's drilled into our heads from day 1 that answering questions about our business (let alone the architecture of our code!) from outsiders is a very serious breach of policy... the mandated behavior is to reroute them to customer service.

You are welcome to think my company is just dysfunctional but I think it's a reasonable enough concern to at least be worth bearing in mind -- and the OP responded to my post agreeing with that sentiment.

It's a bit naive to simply say "the onus is on the engineer", as if no engineer could be tricked by social engineering into seriously breaching policy.


But he's not trying to trick anyone, he's asking an honest question. I understand the concern, but going through life holding ones tongue before every question on the possibility that a bad actor might ask similar questions is like living life in a TSA queue, no thank you.


If your ability to defend from corporate espionage depends on the Bad Guys not asking you questions, then you're not defending yourself from corporate espionage.

The onus is certainly on the engineer to distinguish between information they can divulge and that which they would need clearance for. You can't ask the good guy to not ask questions by stating that questions are what bad guys use to trick by social engineering.

Your argument is inverting the burden of responsibility. It's not OPs job to protect your IP, it's yours. You can't ask them to not ask any questions in case that a questionee was in possession of IP and susceptible to social engineering.


What do you possibly gain by being rude? The parent presented some highly reasonably food for thought based on experience within large companies. If the OP has communicated this directly with support, why not consider that maybe something else is going on? Heck, the OP even considered that possibility...


The official channel doesn't want to connect frontend users with developers almost certainly because that's a bad use of their time, in general. How is some front-line support person supposed to be able to filter incoming calls in such a case? Jumping to the conclusion that Spotify doesn't want people _on their own computer_ to know what they're playing seems like a rather big stretch.


No, as a matter of fact, I did not consider that, I'm glad you're pointing that out.


It does on Macs using NSDistributedNotificationCenter. Not sure if there's an equivalent for that on Windows though.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: