[deeth_starr]

I'm not sure if Spotify does this, my experience is mostly in video, but if some or all content is going to be encrypted, you start with a small http/unencrypted section and then get the license to play the encrypted part. This is because you can put the unencrypted section on a edge CDN but getting a license is going to have to go through a server that could have some significant time (say up to a couple of seconds depending). This makes it so you start right away (better UX).

I do have some experience in music, and this is likely for uncompressed or hidef playback. Some labels force encryption for hidef (but in general most of the music services stream straight progressive unencrypted even though their contracts require encryption in all cases).

Edit: but doing this is really tough. You're going to need to stitch together those two stream without a gap. This takes a lot of engineering. I've done this in flash and pure js. So this is not an arbitrary decision.

[jessedhillon]

Couldn't the preview always end after N seconds, and the licensed stream always begin at the very next frame? Then it's just a matter of appending the licensed stream to the playback buffer after exhausting the preview stream.

[deeth_starr]

Exactly. This is how you do it. But you'd be surprised how complicated this is.

[michaelmior]

They could still serve the first few seconds from a CDN at the edge via TLS.

[deeth_starr]

My guess because it will save them a few $$$. Millions at stake here. Why would someone do a MITM attack against 5 secs of intro audio?

Obviously the NSA would.

Edit: exclusives. https://qz.com/949942/spotifys-new-deal-with-universal-gives...

[michaelmior]

Forget MITM, it also leaks information about your listening history which some may be uncomfortable with.