This cannot be good news for Last.fm


Image representing Last.fm as depicted in Crun...
Image via CrunchBase

Just logged in to Last.fm to be told that I’d have to pay a subscription for a desktop client from next Tuesday and if I lived in most countries in the world I wouldn’t be able to listen full stop.

Now I generally listen to Last.fm via the website so I am not likely to be affected while in the UK (it seems years since I was able to use that on a trip abroad without paying a subscription).

But the European Union is failing to implement its “great freedoms” if it is impossible to organise a business like Last.fm on a pan-European basis. In recent years the EU has seemed more concerned about stealing from the commons than protecting consumers rights in what too many call “intellectual property” (how can anyone own an idea? Are we not supposed to regard Prometheus as a hero, or is he just a pirate these days?).

And now it’s last.fm


Last.fm have had a security breach and advised all their users (such as me) to change their passwords. As with LinkedIn, having passwords hashed may not be enough to keep them secure.

I don’t know what has happened here and will refrain from commenting on Last.fm in particular, but one does begin to feel that these companies need some form of forceful reminder of their duty to hold these things as securely as possibly. People should just not be able to filch masses of passwords. Not even the chief executive (again, for the avoidance of doubt I am certainly not accusing any chief executive of having done so – the point is a general one).

What can be done? Two piece authentication, as practised by GitHub – the machines I use GitHub on have to have access to a public key I have registered with them as well as a per session password – would be one form. But can you see users of mass social network sites generating public keys and registering them? Neither can I and more importantly I don’t think the companies can either: but if they are not going to implement that then they need to tighten things up considerably at the server side.