Absolutely no need to do kernel level packet filtering for this. You can use the absurdly easy hostfile approach, or a simple self-hosted DNS server. This looks entirely LLM generated as well.
Also... who the hell tries to make changes to a user's sudoers file from their install script? This is an awful project.
The great thing about AI coding is that you never have to learn enough judgment or context to know if something should be written a certain way or not!
Can you share a pre made hosts blocklist that is regularly updated & works on Spotify? The ones I've come across are all dated or still let ads through.
I got AI-generated vibes from the banner image, which surprised me because I wouldn't expect someone to generate something so trivial.
So I investigated, lining up the real Spotify logo in GIMP - it doesn't match up, the details are different!
But then I checked the image metadata:
`Actions Software Agent Name : GPT-4o, OpenAI API`
Doh, I should've saved time and checked that first. TIL OpenAI explicitly watermarks their output images via metadata. It even has c2pa signatures (which I didn't bother trying to verify)
After that hint, I thought I'd give the code a quick audit. The install script adds sudoers rules to allow ebaf executable to be run with no password[0] (and also to `pkill -P` any PPID).
The ebaf executable checks the current directory by default, to look for the ebpf code to load[1].
So, running the install script this allows any ebpf code to be loaded into the kernel without a sudo password. You probably don't want this! (I'm pretty sure that'd be enough for a root LPE)
Further, the ebaf executable writes logs to a file named `/tmp/ebaf-stats.dat` [2]. An unprivileged user could put a symlink here, causing the destination file to get clobbered.
It also re-resolves all domain names every 600 seconds. Given that there are over a thousand domains listed, that's quite a lot of DNS traffic! [3]
Also, the "web dashboard" claims to listen on localhost, but it actually listens on INADDR_ANY [4]
Effectively, not a lot. eBPF does have the capabilities to do more than a regular firewall, but this just seems to do an IP lookup in a blacklist file.
If you buy a fancy network card from a company like Nvidia, you could run the eBPF program on the card itself and the kernel wouldn't even see the packet come in. This use case doesn't seem like it'd need that kind of performance tweak, though.
It's useful as a fun project to experiment with eBPF, though!
It's one program that blocks everything everywhere, and doesn't rely on specific firewall configurations or DNS resolvers to be able to block requests.
And because it uses eBPF, technically (it probably doesn't support this yet but it could) you could block requests at the application level, even if it uses TLS, before it ever even gets to a resolver or firewall.
Taking that fact even further, this means that not only well-behaved resolv.conf-reading applications are blocked, but programs that use their own DoH/DoT could be as well. Your browser wouldn't even need an ad-blocker extension. Your local resolver and your VPN-specific resolver both continue to work normally while also blocking what you want.
> We’re not here to pirate. We’re here to opt out.
Then "opt out" by not using the product? No one has a right to use Spotify. If you don't like the terms, don't use the service.
I'll never get why people smart enough to build something technically impressive like this feel the need to throw these completely childish pseudo-rationalizations out there. Yeah, you are stealing actually.. Is it that big of a deal? Nope. But it still is what it is.
Do they think this kind of false-moralizing will protect them from DMCA takedowns or something?
Spotify also doesn't have a right to unmodified client systems.
If their server sends you bits, why should you delete the bits? If you accidentally sent them the wrong bits, do you think they'd be nice enough to delete them? Pre-emptively before receiving any notification from you?
Terms are irrelevant and in most cases have no legal power at all. Fighting back with technical power (as YouTube has done) is fair game though.
The golden rule of capitalism is to do everything in your physical ability to improve your individual situation at the expense of others. Feel free to come to an agreement with Spotify, that neither of you will do capitalism against the other. Until then, you should probably play the game or you will lose by default. Spotify isn't that important but you should definitely get into the mindset of playing the hand you're dealt.
You're "stealing" (if you can even call it that) from Spotify, not artists. As of July 2025, Spotify has a market cap of $145.48B USD. This makes Spotify the world's 118th most valuable company by market cap. They'll be fine. No one has a right to revenue or profit.
Mental models differ, it is what it is. Stealing from artists is of course always poor form, don't do that.
I'm curious about it's eBPF coexistence capabilities. If you are running an XDR like Crowdstrike, this might interfere with their eBPF sensors for Linux desktops.
no advertiser has the right to tell me how to process their advertising data. hypothetically, once it's in my network, i can do whatever i please with it.
Kernel level packet filtering to avoid Spotify ads is about the same level of mental gymnastics as the GPT-generated “we’re not pirates” argument in their README.
While Spotify is obviously an immoral company, you, the person reading this, are not entitled to free 24/7 cloud-streamed music on demand. They are a business and they don’t owe that service to you on principle.
If you don’t like them as a company, there’s way to purchase the music directly (remember how we all used the iTunes Store back in the day) and there are other streaming services whose morals you might find more acceptable.
To be clear, I’m not making some grand “piracy is evil” argument, but I’m saying that to publish software enabling piracy with the justification that a business’ free service is not good enough value for you is a bit out there.
>you, the person reading this, are not entitled to free 24/7 cloud-streamed music on demand.
I took it anyway. I have a few terabytes of flac that I stream through Plex when I feel like it. I dare anyone to stop me. Pay hard drive manufacturers, not IP companies.
Neither is Spotify owed anything from you. They aren't owed money, unless you agreed to pay them money (actually agreed, not clickwrap). They aren't owed ad views, because clickwrap agreements to watch ads generally don't actually have any legal force. And if they think they do, let them sue you and find out. You don't owe them advance compliance according to what would benefit them the most, but they benefit greatly from you thinking you do.
This applies to a lot of things, not Spotify in particular.
> Kernel level packet filtering to avoid Spotify ads is about the same level of mental gymnastics as the GPT-generated “we’re not pirates” argument in their README.
This jumble of sentences stuck out to me as logically incoherent, but not necessarily LLM-generated. I guess I need to update my mental model a bit to account for more things being being LLM-generated.
mfro|8 months ago
Also... who the hell tries to make changes to a user's sudoers file from their install script? This is an awful project.
add-sub-mul-div|8 months ago
pogue|8 months ago
unknown|8 months ago
[deleted]
Retr0id|8 months ago
So I investigated, lining up the real Spotify logo in GIMP - it doesn't match up, the details are different!
But then I checked the image metadata:
`Actions Software Agent Name : GPT-4o, OpenAI API`
Doh, I should've saved time and checked that first. TIL OpenAI explicitly watermarks their output images via metadata. It even has c2pa signatures (which I didn't bother trying to verify)
Retr0id|8 months ago
The ebaf executable checks the current directory by default, to look for the ebpf code to load[1].
So, running the install script this allows any ebpf code to be loaded into the kernel without a sudo password. You probably don't want this! (I'm pretty sure that'd be enough for a root LPE)
Further, the ebaf executable writes logs to a file named `/tmp/ebaf-stats.dat` [2]. An unprivileged user could put a symlink here, causing the destination file to get clobbered.
It also re-resolves all domain names every 600 seconds. Given that there are over a thousand domains listed, that's quite a lot of DNS traffic! [3]
Also, the "web dashboard" claims to listen on localhost, but it actually listens on INADDR_ANY [4]
[0] https://github.com/Kazedaa/eBAF/blob/8f88cefe0b5a837aa99f454...
[1] https://github.com/Kazedaa/eBAF/blob/8f88cefe0b5a837aa99f454...
[2] https://github.com/Kazedaa/eBAF/blob/8f88cefe0b5a837aa99f454...
[3] https://github.com/Kazedaa/eBAF/blob/8f88cefe0b5a837aa99f454...
[4] https://github.com/Kazedaa/eBAF/blob/8f88cefe0b5a837aa99f454...
bobbyraduloff|8 months ago
What I find most interesting is that it apparently didn’t trigger their content filters which, at least previously, were also blocking piracy stuff.
_benj|8 months ago
I see that it all comes down to a blacklist of urls. Wouldn’t eBPF just make things more complicated?
jeroenhd|8 months ago
If you buy a fancy network card from a company like Nvidia, you could run the eBPF program on the card itself and the kernel wouldn't even see the packet come in. This use case doesn't seem like it'd need that kind of performance tweak, though.
It's useful as a fun project to experiment with eBPF, though!
ranger_danger|8 months ago
And because it uses eBPF, technically (it probably doesn't support this yet but it could) you could block requests at the application level, even if it uses TLS, before it ever even gets to a resolver or firewall.
Taking that fact even further, this means that not only well-behaved resolv.conf-reading applications are blocked, but programs that use their own DoH/DoT could be as well. Your browser wouldn't even need an ad-blocker extension. Your local resolver and your VPN-specific resolver both continue to work normally while also blocking what you want.
unknown|8 months ago
[deleted]
sbarre|8 months ago
Then "opt out" by not using the product? No one has a right to use Spotify. If you don't like the terms, don't use the service.
I'll never get why people smart enough to build something technically impressive like this feel the need to throw these completely childish pseudo-rationalizations out there. Yeah, you are stealing actually.. Is it that big of a deal? Nope. But it still is what it is.
Do they think this kind of false-moralizing will protect them from DMCA takedowns or something?
breppp|8 months ago
immibis|8 months ago
If their server sends you bits, why should you delete the bits? If you accidentally sent them the wrong bits, do you think they'd be nice enough to delete them? Pre-emptively before receiving any notification from you?
Terms are irrelevant and in most cases have no legal power at all. Fighting back with technical power (as YouTube has done) is fair game though.
The golden rule of capitalism is to do everything in your physical ability to improve your individual situation at the expense of others. Feel free to come to an agreement with Spotify, that neither of you will do capitalism against the other. Until then, you should probably play the game or you will lose by default. Spotify isn't that important but you should definitely get into the mindset of playing the hand you're dealt.
toomuchtodo|8 months ago
Mental models differ, it is what it is. Stealing from artists is of course always poor form, don't do that.
alephnerd|8 months ago
sciencesama|8 months ago
unknown|8 months ago
[deleted]
unknown|8 months ago
[deleted]
jekwoooooe|8 months ago
GuinansEyebrows|8 months ago
bobbyraduloff|8 months ago
While Spotify is obviously an immoral company, you, the person reading this, are not entitled to free 24/7 cloud-streamed music on demand. They are a business and they don’t owe that service to you on principle.
If you don’t like them as a company, there’s way to purchase the music directly (remember how we all used the iTunes Store back in the day) and there are other streaming services whose morals you might find more acceptable.
To be clear, I’m not making some grand “piracy is evil” argument, but I’m saying that to publish software enabling piracy with the justification that a business’ free service is not good enough value for you is a bit out there.
antif|8 months ago
I thought TiVo settled that argument long ago.
Edit; maybe not TiVo leading the disruption here: https://modern-counsel.com/2016/tivo/
NoMoreNicksLeft|8 months ago
I took it anyway. I have a few terabytes of flac that I stream through Plex when I feel like it. I dare anyone to stop me. Pay hard drive manufacturers, not IP companies.
immibis|8 months ago
This applies to a lot of things, not Spotify in particular.
Marsymars|8 months ago
This jumble of sentences stuck out to me as logically incoherent, but not necessarily LLM-generated. I guess I need to update my mental model a bit to account for more things being being LLM-generated.