> Is that even possible for Spotify at this point?
Spotify are using Widevine on their web client, which is considerably more annoying to deal with than the encryption method used in the files fetched by Psst.
Nothing is stopping them from only serving files from the endpoint that serves Widevine protected files.
Then again, Widevine L3 has been broken[0], Google just keeps rotating the private keys used in the content decryption module.
Something is stopping them: all the old devices that already know how to speak Spotify.
Spotify is built on bringing your music library with you everywhere. If your car or five year old stereo stops being able to play spotify songs, why would you still pay for a Premium account? 2% loss doesn't sound like much, but at Spotify's scale, that would mean loosing 2 million paying customers. If they pay $5 /month, that's not pocket change.
One thing that could be done - and which is already what's being done by most video streaming companies - is to just propose really poor audio qualities to devices/softwares with less DRM capabilities and only unlock the better qualities when e.g. Widevine L1 or PlayReady SL3000 is available.
What's more, media-oriented devices like smart tvs or game consoles usually have those requirements.
Spotify are using Widevine on their web client, which is considerably more annoying to deal with than the encryption method used in the files fetched by Psst.
Nothing is stopping them from only serving files from the endpoint that serves Widevine protected files.
Then again, Widevine L3 has been broken[0], Google just keeps rotating the private keys used in the content decryption module.
[0]: https://github.com/Satsuoni/widevine-l3-guesser