Aussie Security Research Hacks Music Charts, Puts His Own 'Songs' Up Top
from the nothing-to-it dept
It's been known for quite some time that the music charts are subject to being easily gamed. In fact, one of the reasons why the major labels are "the major labels" was they figured out quite early on how to best game the system. Still, it appears that one security researcher down under took a somewhat different route to "topping the charts" down in Australia. As sent in by G Thompson, a guy by the name Peter Fillmore made himself into quite a musician in a very short period of time. Forget "practice, practice, practice." Fillmore went a different route towards learning music and composing and recording his "songs."Rather than spend years practising an instrument and writing songs, he compiled music from clunky electronic MIDI files and later by applying algorithms that squashed together public domain audio.He then posted the tracks to a variety of different platforms via CDBaby, apparently including Spotify, Rdio, MOG (from Telstra), Pandora, iTunes and some others -- and then the fun part:
He then purchased three Amazon compute instances and wrote a simple bash script to simulate three listeners playing his songs 24 hours a day for a month.This move apparently pushed the music up the charts on various systems -- hitting the very top of the Rdio chart for Australia. In response, he released a second album, and saw it jump to the second spot (behind his first album) within a matter of weeks. Any human listeners, not surprisingly, were not particularly happy, and he got flooded with bad reviews, but it didn't much matter. His favorite comment: "I call it troll music." There was also one that said: "it might sound good on cocaine like when it was made, but this isn't music." He did get a single iTunes purchase, though.
MOG and Spotify actually appeared to suspect something was up and cancelled certain accounts. Spotify killed the accounts he had set up to listen (but not the actual music accounts) though he's not entirely sure why -- though he suspects a few things that made it obvious they weren't legit (he didn't try that hard to cover his tracks). With MOG, he suspects it was because almost no one uses the service, so someone probably noticed the anomaly situation pretty quick. Rdio, however, kept the albums up at the top, and even sent out promotional emails to people pushing his albums.
At this point, he created a third album, called A Kim Jong Christmas, which was all just actual public domain music, so that if anyone listened to it, they wouldn't immediately realize it as "noise." As that one shot up the charts as well, users were confused, with one commenting: "There ain't no party like the Korean Worker's Party. But seriously -- what the hell is this doing on High Rotation?"
In the end, he apparently spent a grand total of about $30, but brought in decent royalties. Of course, once the story came out, his music's been pulled from most of these services, though he's started posting it to his own website, though even he admits that he can't listen to it the whole way through.
Of course, this was all done for the purpose of research. He was interested in a variety of things, including the fraud-checking on various music services, how royalties on these services work (he's got some data there as well) and various other things about how to make this kind of setup work. He also noted that when his accounts were suspended, almost no info was given, and he points out that this could also lead to a way for someone to attack a rival musician to get their works taken off of these services without warning or explanation.
The other question that I have is if Fillmore has opened himself up to any legal risk. It looks like he made about $1,000 in royalties, so I could potentially see some companies arguing it was a type of fraud. If he were in the US, I could even see some crazy CFAA charges thrown at him, because that's the sort of crap that happens in the US under the CFAA. Hopefully calmer minds prevail and this is viewed in the spirit it was done: as a research project which popped out some rather interesting results (and some really bad music).
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: australia, fraud, music industry, peter fillmore, security
Companies: cdbaby, mog, rdio, spotify
Reader Comments
Subscribe: RSS
View by: Time | Thread
Really bad? Now let us talk about Justin Bieber (or One Direction, what's the current hype?). No seriously, cats mating are more pleasant to listen to.
Here's me hoping he donates the royalties to his favorite artists ;)
[ link to this | view in chronology ]
Proving that promotion is the biggest part.
I've several times advised Mike to focus on how his artistic readers can promote themselves and get noticed, but that too is ignored, not least because Mike never has practical advice (see his Step 2: ??????); he never really states anything positive, just puts stuff out to try and gin up comments. -- So here's mine, and now the fanboy-trolls can do their little bits of ad hom.
If you support pure capitalism, you must somehow justify Miley Cyrus getting millions while productive laborers live in poverty.
01:48:56[b-305-2]
[ link to this | view in chronology ]
Re: Proving that promotion is the biggest part.
Nope, just reporting and getting on with life.
[ link to this | view in chronology ]
Re: Proving that promotion is the biggest part.
DMCAed, you masturbatory fuckwad.
[ link to this | view in chronology ]
Re: Proving that promotion is the biggest part.
You want a ‘catch-all’ Step 2, though? Fine, here you go.
Step 2: Do the Fucking Work.
There’s your golden bullet. It doesn’t matter what form the work takes — you have to do it. You won’t make money by sitting on your ass and doing nothing.
You can write beautiful music, craft the best novel ever, or paint a masterpiece that would put the masters of art to shame — but if you don’t do the fucking work and find ways to promote that music/novel/painting and your skill in making it, you’ll never make a goddamn dime.
It doesn’t matter what you do or how you do it (so long as you don’t break the law), but you gotta do the fucking work. 99% of artists won’t have major media conglomerates backing them with thousands of dollars in promotional materials; they have to do the fucking work themselves. And if they don’t do the fucking work, they’ll resign themselves to a lifetime of obscurity and (likely) poverty.
If you want an actual, practical, catch-all solution to promotional issues or whatever…do the fucking work and figure it out for yourself.
[ link to this | view in chronology ]
Re: Re: Proving that promotion is the biggest part.
...and actually never has. The major label system has never worked for everybody, and often doesn't work for either consumer or artist. The history of music is strewn with classic albums that were never heard and careers ruined on a marketer's whim.
It just happened to be the most efficient and successful way of doing things for a couple of decades. But, the market realities that system was based on have changed. There's more than one "step 2", a great many of which are detailed on this very site for those not as obsessed with trolling it as a certain "I've admitted to not bothering to read past the headlines" up there.
[ link to this | view in chronology ]
Re: Re: Re: Proving that promotion is the biggest part.
And it never really has when you think about it — after all, how many dirt-poor musicians put in just as many hours of practice and playing in front of live audiences as the guys who made billions by lucking into a record label deal?
[ link to this | view in chronology ]
Re: Proving that promotion is the biggest part.
Only in your fantasy world are distribution and promotion not linked. Do you also want to claim that the fact that other chart systems have been gamed means that all music distribution systems are hooey? Because that's the only way you make sense.
"If you can get noticed any way at all -- and have a listenable product, deliberately NOT the case here -- then you've found the secret to Lady Gaga and Miley Cyrus (and latter was born rich, too)."
There's so many examples detailed on this very site that prove you wrong, that you would merely have to read it to know why. If only you would do so before typing.
But your constant obsession with the idea that becoming a millionaire in the mainstream pop market is the only valid form of success is duly noted. Like your obsession with the $100 million movie, it's a bunch of bullshit but it helps prove how dishonest you are without expending much thought.
"I've several times advised Mike to focus on how his artistic readers can promote themselves and get noticed"
Such as, by utilising different business models and services that focus on interaction with fans? Like innovative marketing and distribution techniques? Like the ones you obsessively attack without so much as reading the articles?
"If you support pure capitalism, you must somehow justify Miley Cyrus getting millions while productive laborers live in poverty."
...and who is this person who supports such a thing? Not the people you argue with here, I'll bet.
[ link to this | view in chronology ]
Re: Proving that promotion is the biggest part.
> somehow justify Miley Cyrus getting millions
> while productive laborers live in poverty
Easy. She's figured out a way to get lots of people to buy what she's selling. The laborers haven't. Simple as that.
"But... but... that's not fair!"
Life ain't fair. About time you realized that and quit whining about it.
[ link to this | view in chronology ]
Re: Re: Proving that promotion is the biggest part.
I really think its better than Miley Cyrus, or Beiber.
Thats not saying much of course...
[ link to this | view in chronology ]
Pretty much. I've always looked with interest specifically at the differences between charts in the UK (where only purchases are considered, albeit often only those from pre-approved outlets) and the US (where things like radio airplay are taken into account). The UK charts always seemed to cover a wider range of styles and genres, especially during times when certain genres of music were considered niche or non-commercial.
It's complicated, but I dare say that this is an indication that control of the listening and advertising outlets lead to a more homogenised market, which is easier to control, hence the majors' dominance pre-internet.
"In the end, he apparently spent a grand total of about $30, but brought in decent royalties."
I've love to get an actual figure here. The article's a little vague, both on the actual number of plays vs. royalties and where each payment originated (service, location, etc.), and on how these compare to normal payouts especially in the cases of half-played tracks.
"The other question that I have is if Fillmore has opened himself up to any legal risk."
Probably, unless he can fit under the classification of an exempt security researcher, etc. Unless the article is implying something that's not factual, he defrauded a system, resulting not only in financial gain to him but (as I understand the way these systems work) probably less royalties paid to actual musicians.
It's great as an exercise and a warning that these things can be defrauded but it's no different to clickfraud or any other scams out there in execution. But if he received actual payment as a direct result of his actions, he may well be on shaky ground in the current climate. As we've seen many times, the fact that he's not located in the US may not shield him from prosecution under their laws.
[ link to this | view in chronology ]
Re:
Oops. I had the actual figure, $1,000, in my final article, but I accidentally published an earlier version. I've now updated it with the amount...
[ link to this | view in chronology ]
Re: Re:
For example, it seems that this was $1,000 between all the services - is this US$ or AUS$ or a mixture of both (I'm assuming US as Pandora's a US only service, but who knows)? How was the "nearly a million hits" split between services like Spotify who cancelled early and others who didn't? How did the royalty rates differ between services? Did he actually receive all the royalties, or is there more withheld that have been further income if this h'd not been caught (not the scope of the experiment, I know)?
I'm not seeing this kind of detail, but hopefully it will be forthcoming. I'd love it if this kind of story had the full figures to help counteract the usual FUD that accompanies accusations in other stories. I'm sure there's a lot of interesting info on the backend that non-industry folk like myself would find useful to respond to the "Spotify are thieves because they don't pay the same as CDs" kind of rubbish.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
If the USG is stupid enough to try to bring criminal charges against him then that is there problem since he would NEVER be extradited under current system. Though it would be advisable that he doesn't travel to the US or it's territories in the foreseeable future.
[ link to this | view in chronology ]
That reminds me of a funny SMBC comic ages ago with the logic that algorithm must use. It was about a super computer designed to maximize happiness of the human race. The super computer decided the way to make the human race the most happy was to find one guy who was really easy to impress and make happy, Carl, and make the rest of the human race do all sorts of crazy things to make him happy, including having everyone give Carl their entire life savings.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Well, first of all there's a question that nobody on the side whining about these services has actually been able to answer to any degree of satisfaction - in terms of royalties, what difference does it make if a DJ plays a track to thousand people one time or a single person listens a thousand times?
The same applies here. If the charts only track individual listens and no other metric, then these tracks may actually have been the most popular. The fact that security wasn't applied to the incoming data is an issue, but GIGO and that's not necessarily an algorithm at issue. If this guy's song was actually "listened" to more times than any other on a particular day, then the algorithm is fine even if the data it's working on is suspect.
The second is that the article's light on technical issues. Other sources I've heard have stated that the Amazon instances could have been used to utilise various accounts, IP addresses, etc. (which would in fact have been necessary for region-restricted services like Pandora). I'm thinking there may be more in the story than what's detailed in these couple of blog posts.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Like masturbate.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Y'know, just the usual douchebaggery you find on Techdirt.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Fraud
[ link to this | view in chronology ]
Re: Fraud
MUWAHAHAHAHAHAHAAHAHAHAHAHA!!!!!
Read the freakin article and understand WHERE the activity occured first before you start making unfounded assumptions that show you are an arse.
Oh and NOTHING was stolen.
[ link to this | view in chronology ]
Re: Re: Fraud
[ link to this | view in chronology ]
[ link to this | view in chronology ]
A thought
[ link to this | view in chronology ]
Nice attempt
[ link to this | view in chronology ]