Songs are skipping on Spotify

[NyaomiDEV]

Describe the bug Songs are skipping on Spotify. Advertisements play just fine. Sometimes a song seems to play fine but stops at the ninth second of playback.

To Reproduce Steps to reproduce the behavior:

1. Install Widevine as per the FAQ
2. Go to 'open.spotify.com'
3. Log in
4. Try to play a song
5. "Hear" the bug

Expected behavior The song should play just fine.

Environment (please complete the following information):

• OS/Platform and version: Windows 10 20H2
• ungoogled-chromium version: 86.0.4240.183

[mmshivesh]

Have the same issue on 87.0.4280.88

[jgarciadcruz]

+1 on this issue. Windows 10, running 87.0.4280.67 (installer version).

[ghost]

Same. Tested on 87.0.4280.88. It will skip 3-4 songs and stop reproducing music. Looks like, after 10 seconds, audio will even stop working.

[5P5]

can confirm on _ungoogled-chromium_87.0.4280.141-1.1windows-x64

also tried multiple WidevineCdm versions: 4.10.1582.2 (current dl.google.com/widevine-cdm) ❌ 4.10.1679.0 (bundled in chromium-dev#90.0.4399.0-r846566) ❌

[5P5]

88.0 same issue. any further insight?

[vairag22]

Using Chromium 89.0.4389.90 Widevine 4.10.2209.0 on Windows 10 x64 This issue is still not fixed. I wonder if this is a Windows only issue or it happens on Linux and Mac as well?

[NyaomiDEV]

Using Chromium 89.0.4389.90 Widevine 4.10.2209.0 on Windows 10 x64 This issue is still not fixed. I wonder if this is a Windows only issue or it happens on Linux and Mac as well?

Windows only, it seems. On my Linux machines, Widevine works fine.

[mmshivesh]

Using Chromium 89.0.4389.90 Widevine 4.10.2209.0 on Windows 10 x64 This issue is still not fixed. I wonder if this is a Windows only issue or it happens on Linux and Mac as well?

Windows only, it seems. On my Linux machines, Widevine works fine.

I can confirm it still happens on my Mac with Version 88.0.4324.192. The Widevine module however seems to be working fine though, that's what makes this whole thing surprising (I tested it here).

However, this issue doesn't happen on Chromium Edge which points to it being something related to Ungoogled Chromium.

[vairag22]

@AryToNeX @mmshivesh Yep. I also did my testing and found the same thing.

Spotify web player works alright on my Debian machine but not on my Windows 10 laptop. I don't have a Mac so I am taking Shivesh's word on it that it does not work on MacOS either. Anyways this does not seem to be a Widevine or missing component issue coz all the tests given here returned positive. Maybe this bug is related to ungoogled-chromium because Spotify web player worked fine for me on Edge (based on Chromium 89) and Brave (didn't test, but I used Brave last summer and it worked fine), though few users have reported facing such issues. Thanks to @woolyss, with whom I've been discussing this issue, I got this screenshot: and links to some pretty interesting discussions from Spotify forum (see the last comment) and Vivaldi forum.

Vivaldi used to have this kind of issue. They have resolved this issue but I haven't tested it out yet, it would very interesting to see what fixing Vivaldi folks have done.

Ran my tests on Chromium (ungoogled) 89.0.4389.90 64-bit + Widevine 4.10.2209.0 + Proprietary codecs, Windows and Linux builds provided by Marmaduke (@macchrome).

[Eloston]

Are the requests that are failing on ungoogled-chromium present in the other browsers? Are they succeeding on the other browsers? Can we compare the request payloads of such requests?

[vairag22]

Are the requests that are failing on ungoogled-chromium present in the other browsers? Are they succeeding on the other browsers?

POST requests are failing only on ungoogled-chromium. They succeed on other browsers.

Can we compare the request payloads of such requests?

maybe 😕

[mmshivesh]

Are the requests that are failing on ungoogled-chromium present in the other browsers? Are they succeeding on the other browsers? Can we compare the request payloads of such requests?

I'd be happy to provide any help if needed

[Eloston]

@mmshivesh Based on what @vairag22 found, we probably want to investigate the payloads of those POST requests to see what's different. I don't have a Spotify account, but if someone has a way I can test as an anonymous user, I could take a look.

[ghost]

You could try to make an "anonymous" account with a temporally E-mail. No?

[woolyss]

You could try to make an "anonymous" account with a temporally E-mail. No?

No temporary email allowed on Spotify.

Note an important thing about Spotify : Chromium needs the support of the H.264 codec + Widevine CDM plugin to play songs on the Spotify Website.

Hibbiki, a developer, explains me that ever since Widevine L3 been publicly broken, Google has tighten out security around it and pretty much all resources using Widevine now require VMP (Verified Media Path) on Windows and Mac to be enabled.

Official explanation at https://www.widevine.com/news (Search "Browser CDM - Verified Media Path")

The process for VMP certification is to simply generate signature (for Chromium that would be both chrome.exe and chrome.dll) signed with appropriate Widevine-accepted certificate (note this is different from signing binary on Windows and if both are done, VMP must be performed after).

I know few open-source browsers like Brave and Vivaldi work nicely with the Spotify website. I tested them.

For info, their official app works nicely. https://www.spotify.com/us/download/other/

[ghost]

Damn. That sucks. Well, thank you for explaining things here.

[Eloston]

@woolyss Out of curiosity, do you know if the VMP check is done asynchronously? It would explain why Spotify suddenly stops working after a few seconds.

I also wonder what it takes to get VMP-certified since Brave and Vivaldi did it. Perhaps they have the resources to do it since they're companies (if I'm not mistaken)?

Also based on a quick search, there seems to be alternative FOSS clients and libraries like spotify-qt, spotifyd, and librespot. Might be worth a shot if the proprietary Widevine CDM plugin isn't to your liking.

[NyaomiDEV]

Also based on a quick search, there seems to be alternative FOSS clients and libraries like spotify-qt, spotifyd, and librespot. Might be worth a shot if the proprietary Widevine CDM plugin isn't to your liking.

Those libraries only work with Spotify Premium subscriptions, though

[kaimyel]

Any developments on this, lad?

[wchen342]

Yep, you need to be a company to get your key signed. See https://github.com/brave/browser-laptop/issues/10449. Also Google is explicitly hostile to open source projects on this, see https://blog.samuelmaddock.com/widevine/gmail-thread.html and https://github.com/electron/electron/issues/12427.

[wchen342]

Firefox is a big enough project and Mozilla is behind it. Brave is not as big but they are a company and have more leverage to afford the back and forth with Google. But for smaller projects and individuals it won't be the case.

I guess as long as you pawn your users with open-source software or write de-platforming articles instead of code, Google will send you VMP certificates with chocolates and roses.

That is most likely not true. I think they are strict on this because big corps see Linux users and devs as a risk when it comes to DRM (which is not necessarily true but that's the myth).

[mohitmujawdiya]

This issue still exists. Will it be resolved? @Eloston

[tylerrobb]

Still experiencing this issue on the Spotify web player after installing Widevine (win_x64 - 4.10.2391.0)

[KHR3b]

Same, also doesn't work on Firefox ESR

[amrbadreldin]

still facing the issue of Spotify skipping songs in ungoogled chromium (using Marmaduke (@macchrome) UC Builds because it patches a lot of things yet that Spotify issue still remains, Spotify works great on Brave or any browser though.)

[Request-timed-out]

Still facing this problem on the Spotify web player after installing Widevine (win_x64 - 4.10.2449.0)

[Request-timed-out]

Still facing this problem on the Spotify web player after installing Widevine (win_x64 - 4.10.2449.0) and upgrading to UC 102.0.5005.115

[networkException]

I don't know what to tell you, it has already been answered that we are unlikely to support this (basically ever): https://github.com/ungoogled-software/ungoogled-chromium/issues/1258#issuecomment-873456050

[mohitmujawdiya]

If you think piracy is fine

An alternative I am using for more than a year is cracked Spotify with ads blocked. You can download it via torrents and it's smooth as heck. No problems whatsoever, you can also make the "updates" folder read-only so that it can't auto-update.

[GunGunGun]

Thank to Google the web has become such a bs place.

[vzamanillo]

https://github.com/Alex313031/thorium/blob/main/docs/FAQ.md#2

Q: Why are Netflix, Spotify, Twitch, etc. not playing? A: Thorium includes Widevine, which is a proprietary component used to play encrypted media streams on sites like these. It is used to prevent piracy by preventing downloading these videos in any format that would be readable by an external application. However, there are various "security levels" for Widevine. There is L3 "software secure", which is the least secure. It is used on Linux. Then there is L2 "VMP secure", which is what Windows and MacOS uses. Then there is L1 "hardware secure", which is only used on specific Windows, MacOS, and ChromeOS devices that are very new and have a hardware decoding chip for H.264 or H.264 (HEVC) videos that supports integration with Widevine to prevent tampering or circumvention at the hardware level. Anyway, VMP Secure means that the application has been signed by widevine.org. On Windows with Google Chrome or Firefox, this can be seen by the fact that next to widevine.dll, there is a widevine.sig, and next to the main program .exes, there is a corresponding .sig file. For example firefox.sig or chrome.sig. While Widevine includes the widevine.sig file always, and is publicly available, this only contains the public key of the widevine binary. Signing with Google's VMP service sends a hash of the main executable to their servers, it is signed with their private key and then the results are encrypted and sent back as a .sig file with the name matching the executable that was sent to them. Using this service costs a prohibitive amount of money for a FOSS project (1,000's of dollars). On Linux, Widevine detects that the platform is Linux, and sends a response header to sites which then allows playback even though it is only software secure. But usually, sites will limit the resolution to 480p (i.e. SD), including Netflix. This has been a long standing problem/complaint in the Linux community. For Windows and MacOS, things are more complicated. While Widevine will work, since it is not VMP signed, it will only send an L3 header. Some sites will accept this on Windows (like Hulu), but some sites require VMP when it detects that it is on Windows or MacOS. Netflix used to not restrict this, but as of 2023, it will refuse to play without VMP. There is no way to spoof this by changing the User Agent to report Linux. Widevine detects the OS and sends it as part of the header to the website. As a side note, L1 is used to allow 4K or 8K playback on some sites that support it (like Netflix). Many streaming devices have a hardware chip like what was described above, and hence why they can play this high resolution content. So, the end result is that Thorium will play Widevine encrypted content on Linux, but at lower quality, and on Windows or MacOS it is highly dependent on the specific site. Your mileage may vary, and unless someone wants to send $7,000 on top of a yearly fee to be part of widevine.org's registered applications, Thorium will be restricted in this way (as are most FOSS Chromium and Firefox forks).

[ygxrr]

can confirm this issue is still present on version 127.0.6533.119 but only in Windows, on my netbook running Void Linux Spotify works fine on ungoogled-chromium