Jump to content

Is the Spotify Mini Player Safe?


Recommended Posts

I was wondering if the Spotify Mini Player by Vincent de Saboulin is safe to import and run? What kind of access to your spotify account does it gain and is there any malicious code in it?

 

I mainly code in Python and can't analyze the code myself as I don't know PHP very well so I was hoping someone with more expertise could help. Also the github of the workflow is: https://github.com/vdesabou/alfred-spotify-mini-player

 

In addition, when loading the workflow, my Mac let me know it was trying to install a program called fzf. Should this be a concern?

Edited by hgoeldner
Updates
Link to comment

Please don't create new threads to ask questions about workflows that already have a thread. Ask there instead:

 

 

On 12/25/2020 at 12:28 AM, hgoeldner said:

I was wondering if the Spotify Mini Player by Vincent de Saboulin is safe to import and run? What kind of access to your spotify account does it gain and is there any malicious code in it?

 

That's a bit of an odd question to ask about software you're planning to run on your local machine where it has access to all your stuff. Is there a reason you're concerned about your Spotify account but not your email or documents?

 

Link to comment
On 12/25/2020 at 11:53 PM, Chris Messina said:

You could probably just ask @vdesabou if you have any specific concerns.

(…)

You can review the terms. Seems legit to me.

 

Terms are meaningless if you’re being malicious, as is asking the person you have concerns about. They could simply lie in both cases and there’d be nothing you could do.

 

@hgoeldner The code for this Workflow is open@vdesabou has been on these forums for years; the Workflow’s thread has 20 pages; and the GitHub repository has some popularity and outside contributions (though small) which indicates that at least a few outside people have looked at what it does. I haven’t looked at it myself, but all of the above are strong indications that you’re probably safe to trust it, just as much as you can trust my assessment—which you don’t know if you should.

 

Which brings us to the problem of asking if you can trust a piece of software. If you can’t inspect it yourself (and even if you could!), at some point you’ll have to trust someone’s answer. We’re also strangers, so there’s no reason you should trust us apart from believing we’re well meaning, and that given enough eyeballs a set of those would be honest and report the bad behaviour. That hasn’t happened yet, so you’re probably safe to trust the Workflow. I’d certainly trust it more than Spotify itself and whatever it does with your data.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...