Online music: what are the methods to create fake streams?
“False currents, a real phenomenon. With this sale, the Center for National Music (CNM) is participating in an explosive report on the manipulation of listening on music platforms.
Therefore, it drew attention to fake streams, which the CNM defines as “processes that allow artificially increasing the number of plays or views in order to generate revenue.” And the CNM is very clear about this: it is a matter of theft, because the reward for the rights holders results from the share of the national market represented for each title during one year.
So understand that artists who inflate their listening numbers are paid to not cheat. The first victims of these audience manipulations are therefore his colleagues. Then advertisers of these ad-supported music services, whether free or paid.
Analysis of the data reveals three noteworthy points.
1. There are many techniques for manipulating listening
It takes 30 seconds to listen to the file to count the listen. Research shows that many fraudulent methods are used to achieve this result. Robots, individuals, fake playlists, title additions to platforms are well known to experts. But new techniques such as streaming farms and hacking are emerging.
In detail, offers to buy streams are offered by many players:
- These referral sites offer to increase the placement of their client’s product(s) on the platforms where they are distributed.
- Marketplaces that allow individual entrepreneurs to offer their services on a variety of topics.
- Promotional agencies that offer titles to be included in a playlist (true or false) in order to increase the number of broadcasts, as an external promotion service.
- Check out exchanges that offer deals to increase views on YouTube (free), Spotify, or SoundCloud (paid).
On the technical side, service providers use several tools:
- Device farms are mobilized through free user accounts and personas, i.e. real fake accounts opened using expired, stolen or virtual credit cards. Premium accounts are also dedicated to manipulation, such as hacked accounts.
- The old technique of zombie computers (botnets) is also used to control a group of computers by installing a virus. From the point of view of fake streams, it allows eavesdropping on platforms from compromised devices or engaging in click fraud through involuntary opening of pop-ups.
- The technique of credential stuffing (or credential stuffing) is also used in user accounts, without cyber-attacking the accounts, but using logins/passwords collected from databases (see example at the bottom of the article). CNM also notes the use of artist accounts, for example, to integrate fake titles into an artist page.
- Finally, affiliation remains a good way to create fake listening by sending malicious links to fake sites.
And this scam affects all catalogues, be it specialty, independent labels, French and international repertoire, new releases or back catalogue. The logical conclusion: all musical styles are equally affected.
Outside of the top 10,000 titles – which is where we enter the long tail – “detected fraud is over 80%”. Why? Generating low-volume artificial income, but staying under the radar over time. Cheating is also available for the most prominent titles, but the goal is short-term. It’s not about making direct income, it’s about ranking optimization for better SEO purposes.
Credentialing expert Sébastien M. explains how he hacked Spotify
Last November, ZDNET.fr attended a hearing dedicated to this topic at a Paris court in mid-November. “Spotify lasted four or five months. To make broadcasts: OpenBullet sang my songs to attract an audience. Even very famous people do it, fake streams,” thirty-year-old Sébastien, who tried to hack a computer in Paris in mid-November 2022, explained to the hearing.
The accused admitted to stealing Spotify accounts to maliciously increase the audience of his streams. In this context, OpenBullet is used to verify the login/password credentials of service users. (Read: How hackers attack your loyalty accounts using credential stuffing)
2. Between 1-3% of total games
In France, in 2021, at least between one and three billion broadcasts are fake. This is between 1-3% of the total listening. This is important, but these numbers mask the reality, CNM assures, adding that “the extent of non-detection should be highlighted”.
“This is only about the anomalous behavior detected by the platforms and not the actual reality of the manipulation of streams, which is definitely higher,” notes SNEP, the National Association of Phonographic Publishers. It is limited to listening created in France and does not reflect the level of manipulation of streams elsewhere in the world.”
Finally, the report notes that some experts said they were approached directly by service providers who offered to artificially increase flows.
3. Fake streams threaten trust in the ecosystem
Some industry professionals say they can no longer rely on artists playing on the platform, which means signing an artist to a label, scheduling them in concert or on the radio, the report said. Thus, mistrust arises between the actors.
On the artist side, fraudulent streams disrupt algorithmic profiles and weaken engagement rates. What reduces the recommendability of the artist, because fake users do not behave like regular fans. But the CNM report doesn’t say who the fraudsters are in this growing economy.
The IFPI (International Federation of the Phonographic Industry) notes that streaming revenues accounted for 65% of global recorded music revenues in 2021. With a turnover of more than 500 million euros in France, the share of streams in revenues rises to even 70%, against 10% in 2011.
Deezer, Qobuz and Spotify are among the good students who provided CNM with data to conduct research on the subject, although their fraud detection methods differ. A large panel of distributors and manufacturers was also present. Amazon Music, Apple Music and YouTube did not play the game, CNM assures.
