Sonos app can turn a disabled Sonos One microphone back on - privacy issue?

  • 1 January 2018
  • 36 replies
  • 18399 views

Userlevel 1
Badge
Hi all. I have a set of stereo paired Sonos Ones. I have manually disabled the microphone on the right speaker by pressing the button on top. Today I disabled Alexa by going to [Settings - Room Settings - Living Riving Room (L+R) - Voice Services]. When I followed the same steps to re-enable, I was surprised to see that the app turned the right speaker's microphone back on. Seems to me that a manually disabled microphone should not be able to be turned back on through the network. It's a potential privacy hole. Have others noticed this, and has Sonos stated whether this is expected behavior?

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

36 replies

Since Sonos is a public company, I imagine their SOX policy also becomes a big factor in this. Auditors, and thus stock holders, surely want to make sure Sonos isn't storing unnecessary customer data as any data breach would surely be a big hit on the stock.

As a side note, my company has been pushing to identify all the locations where PII (Personal Identification Information) of employees is stored. The powers that be don't seem to understand what they are dealing with though as they consider username (which is first initial + last name) to be PII, but the email address (which is username@xxxx.com) is not.
As an aside, I can tell you this stuff is taken very seriously by the FTC. I was involved in a project that required drivers license verification for a point of sale terminal. There was a ton of questions from the legal department about processing and/or retention of the personal info. We had to document and provide proof that the bar code information not only wasn't retained/stored or sent to the central server, but also that there was a call to 'Arrays.fill(array, 0)' to zero out the data after each transaction. A little overkill, but it shut the naysayers up (as much as you can allay the fears of those worried about stuff like that).


But the voice stuff is not Sonos controlled, or at least I think it is not, they just pass the voice information along to the voice recognition provider, Amazon for Alexa and probably soon Apple and Google as their services get integrated.

If Sonos did the voice stuff in-house I'd feel a bit differently.


No, it is controlled by Sonos locally at the point of origin. Sonos controls when the microphones are listening, how much is recorded/stored, and exactly what is sent for processing to the Amazon/Google cloud. And they state quite clearly what that all entails:

In greater depth, this 'listening' means that the voice-enabled Sonos Product buffers and re-records locally, without transmitting or storing any information, until it detects the word or phrase (such as “Alexa”) that triggers the device to begin actively recording. If the Product does not detect the wake-up word, it continues to record over itself in a never-ending loop lasting a few seconds. This is all done locally on your Sonos Product and is not sent to Sonos or any third party. If a wake-up word is detected, the Sonos Product begins recording. In other words, it does not record or retain any audio data, or begin to transmit any data until it is 'woken up.' You are notified that it is recording by a visual element, such as a light on the Sonos Product, and a specific sound.


https://www.sonos.com/en-us/legal/privacy

So if Sonos were ever to record whole conversations not prompted by the wake word and/or they stored or sent them for processing, they would be liable for prosecution/civil suits because their Privacy Policy states just the opposite.
Userlevel 7
Badge +21
[Apple and Google, not to mention hundreds of apps, have been proven to be spying on you. Sonos has not, aside from the very specific data gathering they have laid out in their very clear privacy policy.

But the voice stuff is not Sonos controlled, or at least I think it is not, they just pass the voice information along to the voice recognition provider, Amazon for Alexa and probably soon Apple and Google as their services get integrated.

If Sonos did the voice stuff in-house I'd feel a bit differently.
A nit on GPS. -- Using GPS is perfectly safe and anonymous, as it is a receive only system. There is only a problem when something else reports your location.


Well yes, GPS isn't the issue, it's when google decides to store the information of where you've been. It's great that Google can tell me how long my commute is today, not so great that I never told Google where I work.


Well yea, I'd agree that privacy concerns can be looked at as a risk/reward decision.

. . .

So I get why people don't want voice assistants in their home. I just don't get why people claim I'm irrational for using them when their privacy is already compromised.


But I go back to my analogy of worrying about the locks on the attic windows when you are leaving the door wide open. Sure the front door being open may give you a fine cross breeze that is beneficial on a hot summer day, but that doesn't mean the robbers getting in through the attic are more of a worry just because the breeze is nice. This is where I can't understand the cherry picking of what is a worry and what is not; if your concern is actually privacy, and not merely an exercise of one's penchant for worry.

It is also akin to not allowing a trusted friend in your home, one who has never given any reason to be untrustworthy (and even signs an agreement to that end), while simultaneously letting in the local street gang for a party. Sure the street gang might throw great parties, but then why kick your friend out of the house? Apple and Google, not to mention hundreds of apps, have been proven to be spying on you. Sonos has not, aside from the very specific data gathering they have laid out in their very clear privacy policy.
Userlevel 7
Badge +21
A nit on GPS. -- Using GPS is perfectly safe and anonymous, as it is a receive only system. There is only a problem when something else reports your location.

Several paragraphs of non-Sonos related issues deleted before I hit post. 🙂
So you aren't actually worried about privacy, only that the positives of losing that privacy outweigh the negatives?


Well yea, I'd agree that privacy concerns can be looked at as a risk/reward decision. People use smartphones because they find them very useful, even though they give up some privacy to do so. That does not mean they'll give up privacy for little or no benefit to themselves. Take GPS for example. People would not want a phone with GPS if it did not provide navigation benefits to them.

And this is not just tech, but life in general. Automobiles are dangerous, but people use them all the time since they see a massive benefit. Not as many people will ride a motorcycle as they do not see the added risk as worth the added benefit.

That said, people often miscalculate the risk based off appearances/perception. Most people would tell you that driving is more dangerous than flying, even though the opposite is true. Much of that has to do with how use they are to driving vs flying and they're comfortable level with what they know. I think voice assistance creep some people out because it actually responds to you, reminding you that's it's listening, while the mic on your phone does not (unless you tell it to)

So I get why people don't want voice assistants in their home. I just don't get why people claim I'm irrational for using them when their privacy is already compromised.
Userlevel 7
Badge +21
Who interested in privacy carries a smart phone?
My flip phone supports far too much snooping for my comfort and I often power it down for that reason.
So you aren't actually worried about privacy, only that the positives of losing that privacy outweigh the negatives?

Color me confused. It seems like someone concerned about privacy would be more worried about the various and sundry data collection practices of dozens to hundreds of app manufacturers, not to mention billion dollar conglomerates whose very business is to hoard and exploit personal data, over a small audio company who at the very most is going to collect your musical tastes. A small company who, by the way, has actually told you what they collect of your data, how much of the voice data is stored (none), and has put in a legally binding privacy statement that they do not, nor ever will, sell your data. Try getting Google and Apple to do that.

I can understand those who eschew smart phones would have a problem with Sonos. I cannot fathom one accepting the proven to be guilty listening/spying actions of Apple/Google and the various apps they host, while simultaneously bringing the wrath down on Sonos for having a microphone. It's like worrying about the locks on the attic windows while leaving the front door wide open.

Soapbox dismounted. Regardless, unlike my fellow poster back a page, I give the chance of a microphone-less Sonos One to between slim and none, and slim ain't looking too healthy.
Userlevel 1
Badge
@pwt Thanks for that link!

I'm not shunning Sonos. On the contrary, I'm a customer and I like their products. I even promote them. I've gotten other people to purchase thousands of dollars of their products.

> On the very unlikely chance it gets turned on in software, the LED gets turned on. That cannot be defeated via software, for it is hardwired to the power lead to the microphones.

I appreciate that Sonos designed the device with privacy in mind, as evidenced by that light. With due respect to the designers, I'll reiterate what I said before: as a privacy-conscious user, having to look at the device to make sure the mic is still off is not a good user experience.

Regarding smartphones: privacy decisions can be thought of as questions of cost and benefit. Smartphones are bad for privacy: they have a high cost. However, for many users, they provide enough utility that the benefit outweighs. Home devices that send audio to the cloud don't provide enough benefit for me to make that tradeoff. Or should I say, they don't… yet.
Sonos is not going to make a One without a microphone array.


I don't know about that.

-The Sonos One has been out for over a year, and yet, the Play:1 is still for sale. I don't know what the sales numbers are, but you'd think there would be significant interest, otherwise it would go away as did the Play:3.

- I wouldn't think it would be too difficult to create a version of the Sonos One without a mic. Marketing and choice a non-confusing name may actually be harder.

- A speaker with a built in mic is useless when bonded with the Beam. It's not hard to imagine that a future hypothetical playbar 2.0 would also have it's own mic and CEC controls, making the built in mic useless in that scenario as well.

- Voice control features are ever changing. Sonos seems to always be in catch-up mode with this, and will likely never be able to implement some feature like calling. As well, some users are going to want a screen as comes with the echo show or Google Home. In these cases, yours may prefer to have a separate voice assistant and speaker.

- Although privacy is currently only a concern for a relatively small group, it's entirely possible that privacy concerns could grow exponentially overnight, killing the sales of voice control smart speakers. It might make sense for Sonos to have a line of speakers without mics, so not all their eggs are in one basket.

Then again, maybe maintaining two separate products that are virtually identical is not worth it.
Appreciate it, though that suggestion misses the point. A physical switch provides confidence because it takes potential software vulnerabilities out of the picture. If Alexa gets set up in software, and that's what turns on the mic. It follows then, that software can turn on the mic, and whether I set up Alexa or not, the mic still can be turned by software.

If the mic is triggerable in software, there's always the possibility of software missteps, bugs, and vulnerabilities. Consider that security vulnerabilities can be in fundamental aspects of systems, like CVE-2015-7547, the glibc vulnerability in 2016. Security vulnerabilities are simply part of software reality (which is why the industry has a long history of them).


On the very unlikely chance it gets turned on in software, the LED gets turned on. That cannot be defeated via software, for it is hardwired to the power lead to the microphones.

Because I don't need the microphone, I want to opt out.

If the reassurances given by Sonos, along with the hardwired indicator of those assurances, are not enough for you, then I'm afraid you are out of luck. Sonos is not going to make a One without a microphone array.

Also, as is always asked in these types of threads: Why would anyone so paranoid about eavesdropping carry a smart phone around? A smart phone has a microphone with no power indicator, are chock full of 3rd party apps doing who knows what, and are manufactured and/or licensed by two of the most predatory and data hungry companies on earth. Not to mention they have been proven to be listening when not authorized to do so many times in the past!

Meanwhile Sonos gives you an actual opt out that shuts down the microphones, accepts no 3rd party software, and gives a non-circumventable hardwired indicator the mic is on, and they are being shunned? I just don't get it.
Userlevel 7
Badge +20
Because I don't need the microphone, I want to opt out.
So don't buy a ONE: it doesn't meet your criteria.

If you have the technical skills you might want to look at setting up AIrConnect [1] to provide direct AirPlay (v1) to all your existing Sonos devices. It works well.

[1] https://github.com/philippe44/AirConnect
Userlevel 1
Badge
Appreciate it, though that suggestion misses the point. A physical switch provides confidence because it takes potential software vulnerabilities out of the picture. If Alexa gets set up in software, and that's what turns on the mic. It follows then, that software can turn on the mic, and whether I set up Alexa or not, the mic still can be turned by software.

If the mic is triggerable in software, there's always the possibility of software missteps, bugs, and vulnerabilities. Consider that security vulnerabilities can be in fundamental aspects of systems, like CVE-2015-7547, the glibc vulnerability in 2016. Security vulnerabilities are simply part of software reality (which is why the industry has a long history of them).

Because I don't need the microphone, I want to opt out.
Just a suggestion, but if you're getting a Sonos One for airplay support, you could simply skip the setup for Alexa and therefore the microphone is essentially disconnected always.

Exactly. If you never enable Alexa (or Google in the future), the microphone is always off.
Just a suggestion, but if you're getting a Sonos One for airplay support, you could simply skip the setup for Alexa and therefore the microphone is essentially disconnected always.
Userlevel 1
Badge
I'm in a polyglot household – a combination of Apple, Android, Microsoft, Google, and Sonos – so I'm familiar with some of the competition. Our Google Home devices have physical mute switches in back which spend most of their time in the off position.

I want to buy the Sonos One to add AirPlay support to my existing speaker group, but I won't do that if I have to _look at the device_ to make sure the mic is still off. That doesn't inspire confidence that I'm in control of my privacy.
Userlevel 7
Badge +21
I know I'm not going to win this argument with Sonos even if the answer is a couple cents for adding a switch.

I'd also be good if they let me open the device and snip a wire without voiding my warranty. 🙂
Userlevel 7
Badge +20
I quit reading about the new playbar when I got to the mikes, no physical disconnect switch no sale here.

In my opinion having a mic on a product like a Sonos One or Sonos Beam is no different to having a mic on your smart phone - apart from the fact that your smart phone mic is not hardwired and is entirely controlled by software and so could be activated remotely.


For you this could be true; however, there are millions of people that disable Siri, Hey Google, and Alexa. This should, according to most hardware and software agreements, keep the phone from listening in all of the time. So for me, it's apples and oranges.

Again, it's not a stretch to expect Sonos to provide a product that gives the user a reasonable expectation of privacy. For me, Alexa enabled devices breach my threshold for what I'm willing to put in my home. This doesn't have to be true for everyone, and hopefully the Alexa camp will allow for those of us that have been spurned by privacy violations, to keep the open mics out of our homes.


If there's mic on a device that is software controlled then it's technically possible to turn it on remotely, you don't need an AI enabled to do this.

Don't get me wrong, I understand your privacy concerns. All I'm saying is that you should have the same concern about laptops, tablets, smart phones etc. In my opinion, the Sonos One is slightly better than most devices in this regard.
For you this could be true; however, there are millions of people that disable Siri, Hey Google, and Alexa. This should, according to most hardware and software agreements, keep the phone from listening in all of the time. So for me, it's apples and oranges.

Again, it's not a stretch to expect Sonos to provide a product that gives the user a reasonable expectation of privacy. For me, Alexa enabled devices breach my threshold for what I'm willing to put in my home. This doesn't have to be true for everyone, and hopefully the Alexa camp will allow for those of us that have been spurned by privacy violations, to keep the open mics out of our homes.


What makes you think you can't disable Alexa on Sonos devices? You most certainly can. In fact, Alexa is defaulted to off, you have to choose to activate it on Sonos devices.

Oh, and for those who think disabling Siri et al on their phone keeps it from listening, you may want to read this:

http://www.dailymail.co.uk/sciencetech/article-5816269/Its-not-paranoia-phone-really-listening-you.html

At least Sonos gives a nice visual cue as to when the mic is on.
How is it apples and oranges? Whether it's a phone, tablet, or Alexa device, the mic can be turned off via software configuration. Enabling a skill that is entirely about voice control makes sense to turn on the mic. If you enable siri, are you surprised that the mic is turned on?

Sonos one actually goes one step further giving you a visual que.
Userlevel 2
Badge
I quit reading about the new playbar when I got to the mikes, no physical disconnect switch no sale here.

In my opinion having a mic on a product like a Sonos One or Sonos Beam is no different to having a mic on your smart phone - apart from the fact that your smart phone mic is not hardwired and is entirely controlled by software and so could be activated remotely.


For you this could be true; however, there are millions of people that disable Siri, Hey Google, and Alexa. This should, according to most hardware and software agreements, keep the phone from listening in all of the time. So for me, it's apples and oranges.

Again, it's not a stretch to expect Sonos to provide a product that gives the user a reasonable expectation of privacy. For me, Alexa enabled devices breach my threshold for what I'm willing to put in my home. This doesn't have to be true for everyone, and hopefully the Alexa camp will allow for those of us that have been spurned by privacy violations, to keep the open mics out of our homes.
Userlevel 7
Badge +20
n my opinion having a mic on a product like a Sonos One or Sonos Beam is no different to having a mic on your smart phone - apart from the fact that your smart phone mic is not hardwired and is entirely controlled by software and so could be activated remotely.

I agree completely which is why we have no smart phones here either.


I suspect that there are very few Sonos customers that don't own a Tablet or Smartphone...
Userlevel 7
Badge +21
n my opinion having a mic on a product like a Sonos One or Sonos Beam is no different to having a mic on your smart phone - apart from the fact that your smart phone mic is not hardwired and is entirely controlled by software and so could be activated remotely.

I agree completely which is why we have no smart phones here either.