Spotify Community

In short there is no green lock symbol next to URL.

Longer version:

It's not secure and it's not private. Every album cover or song I play is idenifyable by those on the network. Images and music can be replaced with objectional content that's not suitable for some users or used to exploit the browser like CVE-2015-1220 was in the past and other likely in the future.

There is some information on the problems with this here:

https://developers.google.com/web/fundamentals/security/prevent-mixed-content/what-is-mixed-content

I had assumed this was temporary bug that would be solved soon, but it seems no one has even reported it as an issue.

Hello @rythie,

Images are served over https. The only thing that is served over HTTP is the audio because the player is still using flash, so nothing is identifiable 🙂

At least some of the images are still using HTTP e.g.

"Mixed Content: The page at 'https://play.spotify.com/radio/genre/soul' was loaded over HTTPS, but requested an insecure image 'http://o.scdn.co/[redacted]'. This content should also be served over HTTPS."

jquery.min.js:3 Mixed Content: The page at 'https://play.spotify.com/radio/genre/dance' was loaded over HTTPS, but requested an insecure image 'http://o.scdn.co/640/[redacted]'. This content should also be served over HTTPS.

Mixed Content: The page at 'https://play.spotify.com/radio/genre/dance' was loaded over HTTPS, but requested an insecure image 'http://o.scdn.co/300/[redacted]'. This content should also be served over HTTPS.

You hit these all the time from the radio page.