Sonos app can turn a disabled Sonos One microphone back on - privacy issue?
Hi all. I have a set of stereo paired Sonos Ones. I have manually disabled the microphone on the right speaker by pressing the button on top. Today I disabled Alexa by going to [Settings - Room Settings - Living Riving Room (L+R) - Voice Services]. When I followed the same steps to re-enable, I was surprised to see that the app turned the right speaker's microphone back on. Seems to me that a manually disabled microphone should not be able to be turned back on through the network. It's a potential privacy hole. Have others noticed this, and has Sonos stated whether this is expected behavior?
This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.
Page 2 / 2
If the mic is triggerable in software, there's always the possibility of software missteps, bugs, and vulnerabilities. Consider that security vulnerabilities can be in fundamental aspects of systems, like CVE-2015-7547, the glibc vulnerability in 2016. Security vulnerabilities are simply part of software reality (which is why the industry has a long history of them).
On the very unlikely chance it gets turned on in software, the LED gets turned on. That cannot be defeated via software, for it is hardwired to the power lead to the microphones.
If the reassurances given by Sonos, along with the hardwired indicator of those assurances, are not enough for you, then I'm afraid you are out of luck. Sonos is not going to make a One without a microphone array.
Also, as is always asked in these types of threads: Why would anyone so paranoid about eavesdropping carry a smart phone around? A smart phone has a microphone with no power indicator, are chock full of 3rd party apps doing who knows what, and are manufactured and/or licensed by two of the most predatory and data hungry companies on earth. Not to mention they have been proven to be listening when not authorized to do so many times in the past!
Meanwhile Sonos gives you an actual opt out that shuts down the microphones, accepts no 3rd party software, and gives a non-circumventable hardwired indicator the mic is on, and they are being shunned? I just don't get it.
I don't know about that.
-The Sonos One has been out for over a year, and yet, the Play:1 is still for sale. I don't know what the sales numbers are, but you'd think there would be significant interest, otherwise it would go away as did the Play:3.
- I wouldn't think it would be too difficult to create a version of the Sonos One without a mic. Marketing and choice a non-confusing name may actually be harder.
- A speaker with a built in mic is useless when bonded with the Beam. It's not hard to imagine that a future hypothetical playbar 2.0 would also have it's own mic and CEC controls, making the built in mic useless in that scenario as well.
- Voice control features are ever changing. Sonos seems to always be in catch-up mode with this, and will likely never be able to implement some feature like calling. As well, some users are going to want a screen as comes with the echo show or Google Home. In these cases, yours may prefer to have a separate voice assistant and speaker.
- Although privacy is currently only a concern for a relatively small group, it's entirely possible that privacy concerns could grow exponentially overnight, killing the sales of voice control smart speakers. It might make sense for Sonos to have a line of speakers without mics, so not all their eggs are in one basket.
Then again, maybe maintaining two separate products that are virtually identical is not worth it.
So you aren't actually worried about privacy, only that the positives of losing that privacy outweigh the negatives?
Color me confused. It seems like someone concerned about privacy would be more worried about the various and sundry data collection practices of dozens to hundreds of app manufacturers, not to mention billion dollar conglomerates whose very business is to hoard and exploit personal data, over a small audio company who at the very most is going to collect your musical tastes. A small company who, by the way, has actually told you what they collect of your data, how much of the voice data is stored (none), and has put in a legally binding privacy statement that they do not, nor ever will, sell your data. Try getting Google and Apple to do that.
I can understand those who eschew smart phones would have a problem with Sonos. I cannot fathom one accepting the proven to be guilty listening/spying actions of Apple/Google and the various apps they host, while simultaneously bringing the wrath down on Sonos for having a microphone. It's like worrying about the locks on the attic windows while leaving the front door wide open.
Soapbox dismounted. Regardless, unlike my fellow poster back a page, I give the chance of a microphone-less Sonos One to between slim and none, and slim ain't looking too healthy.
Color me confused. It seems like someone concerned about privacy would be more worried about the various and sundry data collection practices of dozens to hundreds of app manufacturers, not to mention billion dollar conglomerates whose very business is to hoard and exploit personal data, over a small audio company who at the very most is going to collect your musical tastes. A small company who, by the way, has actually told you what they collect of your data, how much of the voice data is stored (none), and has put in a legally binding privacy statement that they do not, nor ever will, sell your data. Try getting Google and Apple to do that.
I can understand those who eschew smart phones would have a problem with Sonos. I cannot fathom one accepting the proven to be guilty listening/spying actions of Apple/Google and the various apps they host, while simultaneously bringing the wrath down on Sonos for having a microphone. It's like worrying about the locks on the attic windows while leaving the front door wide open.
Soapbox dismounted. Regardless, unlike my fellow poster back a page, I give the chance of a microphone-less Sonos One to between slim and none, and slim ain't looking too healthy.
Userlevel 7
+22
Who interested in privacy carries a smart phone?
My flip phone supports far too much snooping for my comfort and I often power it down for that reason.
My flip phone supports far too much snooping for my comfort and I often power it down for that reason.
Userlevel 7
+22
A nit on GPS. -- Using GPS is perfectly safe and anonymous, as it is a receive only system. There is only a problem when something else reports your location.
Several paragraphs of non-Sonos related issues deleted before I hit post. 🙂
Several paragraphs of non-Sonos related issues deleted before I hit post. 🙂
Well yea, I'd agree that privacy concerns can be looked at as a risk/reward decision.
. . .
So I get why people don't want voice assistants in their home. I just don't get why people claim I'm irrational for using them when their privacy is already compromised.
But I go back to my analogy of worrying about the locks on the attic windows when you are leaving the door wide open. Sure the front door being open may give you a fine cross breeze that is beneficial on a hot summer day, but that doesn't mean the robbers getting in through the attic are more of a worry just because the breeze is nice. This is where I can't understand the cherry picking of what is a worry and what is not; if your concern is actually privacy, and not merely an exercise of one's penchant for worry.
It is also akin to not allowing a trusted friend in your home, one who has never given any reason to be untrustworthy (and even signs an agreement to that end), while simultaneously letting in the local street gang for a party. Sure the street gang might throw great parties, but then why kick your friend out of the house? Apple and Google, not to mention hundreds of apps, have been proven to be spying on you. Sonos has not, aside from the very specific data gathering they have laid out in their very clear privacy policy.
Well yes, GPS isn't the issue, it's when google decides to store the information of where you've been. It's great that Google can tell me how long my commute is today, not so great that I never told Google where I work.
Userlevel 7
+22
But the voice stuff is not Sonos controlled, or at least I think it is not, they just pass the voice information along to the voice recognition provider, Amazon for Alexa and probably soon Apple and Google as their services get integrated.
If Sonos did the voice stuff in-house I'd feel a bit differently.
But the voice stuff is not Sonos controlled, or at least I think it is not, they just pass the voice information along to the voice recognition provider, Amazon for Alexa and probably soon Apple and Google as their services get integrated.
If Sonos did the voice stuff in-house I'd feel a bit differently.
No, it is controlled by Sonos locally at the point of origin. Sonos controls when the microphones are listening, how much is recorded/stored, and exactly what is sent for processing to the Amazon/Google cloud. And they state quite clearly what that all entails:
In greater depth, this 'listening' means that the voice-enabled Sonos Product buffers and re-records locally, without transmitting or storing any information, until it detects the word or phrase (such as “Alexa”) that triggers the device to begin actively recording. If the Product does not detect the wake-up word, it continues to record over itself in a never-ending loop lasting a few seconds. This is all done locally on your Sonos Product and is not sent to Sonos or any third party. If a wake-up word is detected, the Sonos Product begins recording. In other words, it does not record or retain any audio data, or begin to transmit any data until it is 'woken up.' You are notified that it is recording by a visual element, such as a light on the Sonos Product, and a specific sound.
https://www.sonos.com/en-us/legal/privacy
So if Sonos were ever to record whole conversations not prompted by the wake word and/or they stored or sent them for processing, they would be liable for prosecution/civil suits because their Privacy Policy states just the opposite.
As an aside, I can tell you this stuff is taken very seriously by the FTC. I was involved in a project that required drivers license verification for a point of sale terminal. There was a ton of questions from the legal department about processing and/or retention of the personal info. We had to document and provide proof that the bar code information not only wasn't retained/stored or sent to the central server, but also that there was a call to 'Arrays.fill(array, 0)' to zero out the data after each transaction. A little overkill, but it shut the naysayers up (as much as you can allay the fears of those worried about stuff like that).
Since Sonos is a public company, I imagine their SOX policy also becomes a big factor in this. Auditors, and thus stock holders, surely want to make sure Sonos isn't storing unnecessary customer data as any data breach would surely be a big hit on the stock.
As a side note, my company has been pushing to identify all the locations where PII (Personal Identification Information) of employees is stored. The powers that be don't seem to understand what they are dealing with though as they consider username (which is first initial + last name) to be PII, but the email address (which is username@xxxx.com) is not.
As a side note, my company has been pushing to identify all the locations where PII (Personal Identification Information) of employees is stored. The powers that be don't seem to understand what they are dealing with though as they consider username (which is first initial + last name) to be PII, but the email address (which is username@xxxx.com) is not.
Page 2 / 2
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.