Category Archives: Bandcamp

With Tragedy As Her Tailwind, Ingrid Chavez Soars On “Memories Of Flying”

Ingrid Chavez

When asked to consider the largely unpredictable trajectory of her career, poet, songwriter, and visual artist Ingrid Chavez is quick to point out the most important common thread in all of her work. “I’ve always just done whatever I felt like doing,” she explains. “But I have noticed that it generally takes me three to four years to make something new. That’s just because I’m living my life, and I’m writing as I go. I’m not just trying to churn out songs, I’m only trying to find things that are meaningful to me.” Meaning, as it exists in Chavez’s work, takes on many forms—from pure spoken-word poetry to sultry, Badu-esque jazz-inflected trip hop to breathy electronica, her work spans a variety of genres and an even wider spectrum of collaborators, many of whom make appearances on her forthcoming solo record, Memories of FlyingContinue reading

Here’s What Bandcamp’s Oakland Grand Opening Looked Like

bandcamp-grand-opening

Photography by Amina El Kabbany

Bandcamp’s new store and performance space opened in fine style on Friday night, with bracing sets from the soul group  Bells Atlas, hard-hitting hip-hop crew Sol Development, Oakland MC Queens D. Light, DJ FELA KUTCHii, and Ajai Kasim & Jazz on the Sidewalk. The night kicked off with a performance by the New Orleans-inspired sounds of MJ’s Brass Boppers, whose raucous tunes set the tone for the evening to come. Here’s a look at some of the fans who came out to hear great live music and browse the stacks in the shop.
bandcamp-grand-opening-
bandcamp-grand-opening-19-600bandcamp-grand-opening-17-600bandcamp-grand-opening-bandcamp-grand-openingbandcamp-grand-opening20-600bandcamp-grand-openingbandcamp-grand-opening18-600bandcamp-grand-openingbandcamp-grand-openingbandcamp-grand-opening-

Bandcamp IRL: Oakland Record Store Opening in February

Bandcamp record store

Photos by Richard Morgenstein

On Friday, February 1, Bandcamp will open a record shop and performance space in the great city of Oakland, California. We’ll feature a selection of records that showcase the diversity and design of the more than five million albums available on Bandcamp, and we’ll soon host free, all-ages shows as part of an upcoming video series.

Continue reading

An Update on Today’s Fundraiser for the Voting Rights Project

voting-rights-blogpost-2b

With seven hours still remaining in our fundraiser for the Voting Rights Project, we wanted to pause to thank everyone who stood with Bandcamp to help ensure the right to a safe, fair vote for all—with no obstacles, hassles, or threat of intimidation.

20180928-voting-rights-bandcamp-salesfeed

The live sales feed on Bandcamp’s home page, at around noon today.

We also would like to thank Pitchfork, Fader, Metal Sucks, Noisey, Decibel, Punk News, Music Ally, and Conor Oberst for spreading the word about the fundraiser, and helping to raise awareness about this critical issue. The right to vote and the exercise of that right are the very foundations of democracy, and we were inspired by and grateful for the outpouring of support from the Bandcamp community.

This is only the beginning: for true change to occur, we need to carry today’s momentum to the polls and elect people who reflect our values. If you have not already, register to vote now and, in November, show the current administration that we demand change.

Territory licensing comes to Bandcamp

Territory Licensing Support

We’re excited to introduce a new feature for label and Pro accounts: the ability to license albums to labels in specific territories.

Here’s how territory licensing on Bandcamp works. Imagine you’re a label releasing an album, and you’ve partnered with another label to distribute it to fans in Iceland. In the album editor, you’ll see a new “add a territory license” link. Click that, look up your partner (they will need to have an existing Bandcamp account), add them, and then select the territory you’d like to license to them.

Demo of Territory License Support

We’ll notify your partner via email that you’ve set up a territorial license for the album. Once they accept the license they can choose to add their own merch and artwork to be displayed to fans in their territory.

When fans in Iceland purchase the album on Bandcamp, we’ll collect the money and send the appropriate share of revenues to your partner. Voila.

Our territory licensing tool allows you to add multiple partners, and to assign a partner multiple territories. Because all of this is done behind-the-scenes, fans around the globe will still be able to buy and enjoy albums you’ve licensed just as they have in the past. We simply make sure the money goes to the right people in the right places.

Happy licensing!

Today, Stand with Bandcamp to Protect Voting Rights for All

voting-rights-blogpost

In just seven weeks, the United States will hold its midterm elections—a vitally important moment that will determine whether the country stays on its current path, or renews its commitment to democracy.

Continue reading

Bandcamp Email Bug – May 2018

We recently discovered and fixed a bug that inadvertently included certain users’ email addresses in the HTML of some Bandcamp pages. When present, the email address was not visible on the page, but did appear in the HTML.

No other personal information was included and there was no breach of our security systems, so you do not need to take any action to secure your Bandcamp account.

Although we cannot determine which specific accounts may have been impacted, if you created a Bandcamp account before March 20, 2018 and visited a Bandcamp site between March 20, 2018 and May 7, 2018 while logged-in, there’s a good chance your email was affected by the bug.

This should not have happened, and we sincerely apologize. The security of our users’ information is a top priority for us, and we are reviewing our development and security practices to ensure that something like this doesn’t happen again.

About the Bug

For the software developers out there (both professional and armchair), here is a detailed technical description of the bug:

In March, we rolled out an updated version of our “fan onboarding” flow — the introductory screens a new user sees immediately after signing up. As part of this work, we introduced a new “onboarding” object into our web controller code, which is the server code we use to generate pages on bandcamp.com. The onboarding object is a short-lived bucket of values associated with the user viewing the page, used by our page rendering logic to determine which onboarding steps the user has already completed.

A subsequent change added the user’s email address to this object. This alone is not dangerous or unusual, and allowed us to render an additional UI element. However, instead of adding the email value where the onboarding object is created, we added it elsewhere in the controller code, overriding the original value. This seemed safe in context, but combined with other decisions, it became dangerous:

  1. The onboarding object, at first glance always unique per request, was instead sometimes a reference to a shared object containing default values.
  2. This shared object was intended to be read-only, but its values could be modified. This meant that when overriding the email value, we might inadvertently modify the shared object.

The result was a race condition: when processing a page requested by a logged-in user, we would sometimes store that user’s email value in the shared object, where it might be picked up for page rendering in independent, parallel requests (our request handling environment uses multiple threads). Whether or not a user’s email showed up in someone else’s page depended on the precise timing of parallel requests on a given rendering app, and the types of users making those requests. To make matters worse, we optimistically wrote the onboarding data into the page even when it wasn’t needed for the current user. This increased the number of pages potentially affected.

Once we understood the problem, the immediate fix was simple — we modified the code to duplicate the shared object for every request. This eliminated the cross-request issue.

What We’ve Learned

There are several useful engineering lessons here. First, arbitrarily overriding values in a complex object can be dangerous, especially if it’s done far from the code where the object is created. Instead, if we had modified the object initialization to support an email value, it would have been immediately obvious that the email shouldn’t apply in some cases.

Second, read-only objects shared across multiple threads should be frozen or have appropriate access permissions set at the language level, even if it appears they are never modified in code. If the shared object in question here had been frozen, we would have caught the problem during development.

Third, we should be more careful not to render data and HTML we don’t need for the current page. This is just good practice in any case, as unused elements increase the page size and slow network transfers and page rendering.

Finally, and most important, we need to do a better job of reviewing code changes which involve the output of personal information.

Protecting the personal information of Bandcamp’s users is a top priority of our software engineering team. Our failure to do so in this case is a reminder of our blind spots as engineers, and our responsibility to continuously improve our development practices. We hope that our sharing the details of this bug and our response is useful to the software development community and our users.

Shawn Grunberger, Co-founder & CTO

The Bandcamp 2017 Year in Review

2017-year-in-review-2-anim

2017 was another stellar year for Bandcamp, with double digit growth in every aspect of the business. Digital album sales were up 16%, tracks 33%, and merch 36%. Growth in physical sales was led by vinyl (up 54%), CDs (up 18%), and cassettes (up 41%). Revenue from the 3,500 independent labels on Bandcamp grew 73%, and more than 600,000 artists have now sold something through the site. Our publication, Bandcamp Daily, grew its audience by 84%, and all-time payments to artists through Bandcamp reached $270 million. We launched a new app for artists and labels, added gift cards, improved fan collections, held successful fundraisers for the ACLU and TLC, and we’ll soon mark six straight years as a profitable company that only makes money when artists make a lot more money.

Meanwhile, standalone music streaming companies continued to lose money in 2017, and industry-wide record sales continued to decline: in the U.S., digital album sales dropped 20%, tracks were down 23%, and physical sales fell 20%. The seemingly inevitable upshot of these two trends is that the majority of music consumption will eventually take place within the subscription rental services of two or three enormous corporations, who can afford to lose money on music because it attracts customers to the parts of their businesses that are profitable.

As we said last year, allowing the distribution of an entire art form to be controlled by so few has troubling implications, and those continued to play out in 2017. The streaming giants exert tremendous influence over what music gets heard, and must primarily serve their most important supplier, the major labels. The result is that independent labels, and especially independent artists, are far less likely to be discovered on those platforms. 99% of all streaming is of the top 10% most-streamed tracks, and given the majors’ control over the music that is promoted on streaming services (documented in the must-read piece “The Secret Lives of Playlists”), listening hours are likely to become even more concentrated at the top.

Per stream rates also continued their decline in 2017, dropping another 9%, which is the opposite of the this-will-all-work-out-when-we’re-big-enough dream once sold by music rental companies. This trend feels unstoppable given the effect of decreased competition on artists’ ability to set fair rates, but a ray of hope seemed to emerge two weeks ago when the U.S. Copyright Royalty Board ruled to increase songwriter streaming rates by 48% over the next five years. However, that’s an impediment to profitability that can easily be resolved by eliminating musicians altogether.*

In the midst of all this, NPR Music’s Andrew Flanagan wrote:

“Bandcamp serves as an honest-to-goodness, proof-in-the-pudding bulwark against the creep of artistic monoculture fueled by the consolidation of digital life into the hands of a few companies. Maybe the future isn’t a dumpster fire after all.”

This made us laugh of course, but it also accurately captured what drives us to keep building and growing Bandcamp after all these years (we’ll celebrate our 10th anniversary this September, more on that to come). We want a music platform to exist where the playing field is level, where artists are compensated fairly and transparently, and where fans can both stream and own their music collections. The fact that this simple concept continues to resonate with so many talented artists and hard core fans inspires us every single day, and in 2018 we’ll be working hard to bring it to an even bigger audience. Thank you for another great year!

-Ethan Diamond

*Or hey, maybe there’s nothing to worry about after all.