A law firm acting for Spotify has taken down a piece of Windows software that allows users to download and remove DRM from music tracks while skipping ads. XSpotify, which also carries an ad-blocking feature, is described as a tool that "steals" Spotify encryption keys in contravention of the anti-circumvention provisions of the DMCA.

With more than 271 million users across 79 markets, Spotify is the most popular music streaming service in the world.

Its 50 million song library is accessed by 124 million paying subscribers, who gain additional features such as an ad-free experience and the ability to download tracks to their own devices for offline listening. These tracks are encrypted so can’t be used outside the Spotify software, at least by conventional means.

One tool that turns this business model on its head is Windows-based application XSpotify. The tool has gained popularity for a number of reasons, not least its ability to remove DRM from the tracks stored in Spotify’s extensive library and permanently download them for keeping on users’ machines.

XSpotify has been quietly growing its userbase, offering track downloads from both free Spotify accounts (in 160 kb/s, 32-bit, 44100 Hz .ogg) and premium accounts (in 320 kb/s, 32-bit, 44100 Hz .ogg) while pulling down metadata such as artist, title, and album covers. Considering the above and its ability to block ads, it’s no surprise that Spotify eventually took legal action to tackle the spread of the tool.

This week, Washington-based law firm Perkins Coie LLP sent a broad takedown notice to Github, where XSpotify was available for download, citing breaches of the DMCA by the app and its developer.

“Copyrighted files on Spotify’s services are protected by encryption. Spotify uses a key to decrypt the copyrighted files so legitimate users can listen to the copyrighted files through the Spotify services. Spotify’s encryption system prevents users from listening to copyrighted works without Spotify’s decryption key,” the notice reads.

“XSpotify states that it is a ‘DRM bypass’ that allows users to ‘Download all songs directly from Spotify servers.’ XSpotify’s technology circumvents Spotify’s encryption by stealing the Spotify key and using it in a way Spotify prohibits, namely, enabling users to access encrypted copyrighted content without authorization.

“By providing technology that circumvents Spotify’s access controls, XSpotify violates 17 U.S.C. §§ 1201(a)(2),” the law firm writes.

The section of US law cited by Spotify’s attorneys is clear. Among other things, it states that no person shall offer any technology to the public that is “primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title.”

In addition to removing the main XSpotify repository, Github was also ordered to delete almost 130 others that carried forks of the popular tool. At the time of writing, every repository reported by Spotify as infringing has been removed. Of course, XSpotify is still available for download from other locations but whether its developer will continue his work after this warning shot is yet to be seen.