Deezer Wants GitHub Pirates to Stop Sharing Its Encryption Keys

Last updated September 24, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer
Image Courtesy of Medium

Deezer, the popular music streaming platform that offers 56 million tracks and over 30,000 radio channels to about 14 million monthly users, deals with a piracy problem right now. According to recent reports, hackers are somehow obtaining private encryption keys belonging to Deezer and then publish them on GitHub.

People are then using these keys to download high-quality tracks from the platform without paying anything, damaging the platform, and engaging in copyright infringement acts.

Obviously, Deezer is bombarding GitHub with DMCA takedown notices, asking for the removal of automated music pirating tools such as ‘Deezerloader,’ ‘Deezerloader Remix,’ ‘DeezerDownload,’ ‘Deeze,’ ‘Deezerio,’ ‘Deezit,’ ‘Deedown,’ ‘Deezloader Reborn’ and many more. The list is endless because the code is open and users are simply copying or forking it and just re-upload it onto GitHub. Many of them use “fresh” accounts for this, so the code hosting platform doesn’t have any way to stop this preemptively.

GitHub complies with all takedown requests as they are all valid, of course, and there’s no doubt about what their main purpose is. These tools are not generic media downloaders, but instead, highly-targeted and specialized piracy-enablers. So, this is not in any way similar to the recent RIAA vs. Youtube-dl case that found GitHub playing an awkward role, failing to consider fair use, and eventually taking the right side. Even with GitHub responding almost immediately to Deezer’s notices, the problem isn’t going away.

The weird part of this whole story is that Deezer appears incapable of properly securing its private encryption keys. Apparently, the hackers exploit API flaws in the platform, so all that Deezer needs to do is fix these and move on.

Deezer may find it simpler, easier, or even cheaper to just go after these pirates based on the illegality of bypassing technological measures. Still, this approach is not a definitive solution to their problems.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: