Privacy Concerns

  • 30 August 2017
  • 39 replies
  • 5804 views

Userlevel 1
Badge
I bought the Sonos 5 to stream music period!. If I wanted a snooping, listening always on "assistant" I would have bought the Google Home or the Amazon Alexa. If I am forced to add this capability to my Sonos 5 with a mandatory "upgrade" I would rather brick the device and simply use it as a Powered Speaker...

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

39 replies

Userlevel 5
Badge +9
I don't think it is capable if you don't have an "assistant" linked to your Sonos speaker. How will it listen or snoop on you?
Userlevel 1
Badge
The Sonos 5 has two built in microphones, it uses the microphones to determine optimal room equalisation. It is possible to use the microphones for other purposes as well.
Userlevel 5
Badge +9
Good point. I did read that they were not designed with far field recognition in mind but i guess they could pick a conversation.

For want of me sounding like an old person, in this day and age i'm beyond worrying about things like that. Computers, TVs, tablets all have "snooping" capabilites sometimes you just need to embrace them.
Userlevel 5
Badge +11
I bought the Sonos 5 to stream music period!. If I wanted a snooping, listening always on "assistant" I would have bought the Google Home or the Amazon Alexa. If I am forced to add this capability to my Sonos 5 with a mandatory "upgrade" I would rather brick the device and simply use it as a Powered Speaker...
Save yourself some outrage and actually read the privacy policy. It clearly states that you have to enable the functionality for them to do anything other than Trueplay tuning with the mics.
Userlevel 1
Badge
That was true until the last pushed upgrade.
Userlevel 5
Badge +11
Have you taped over all cameras and microphones and all your devices? You never know who is listening or looking.
Userlevel 1
Badge
You sir are a troll. Give me your ip address I have something I would like to give you.
In case you're not too bad at cutting wires just open the speaker and disconnect the mics. After all it's not rocket science.
Userlevel 1
Badge
True.
Userlevel 4
Badge +9
The Sonos 5 has two built in microphones, it uses the microphones to determine optimal room equalisation. It is possible to use the microphones for other purposes as well.

It doesn't, Trueplay is done with the microphone of an iDevice.
If you don't add a voice assistent to your set up there's no one listening in, if you think that that's what the privacy statement is implying you should read it again.
Userlevel 1
Badge
You maybe correct, but the specs on the Sonos 5 do claim 2 microphones. Thoughts as to why?
You maybe correct, but the specs on the Sonos 5 do claim 2 microphones. Thoughts as to why?

Sonos has stated that they were put in possibly for room tuning, but they were never used, as the iPhone mic can be far more effective at this task, as it can be walked around the room.
Userlevel 1
Badge
I have a product development background. The mics were designed in for a long-term product goal. Sonos have not been totally quiet on their ambitions to compete with the likes of Google and Amazon. I am unhappy about the metadata and any potential backdoor application that could be pushed out to the Sonos 5.
Posted on SlashDot
"Sonos has confirmed that existing customers will not be given an option to opt out of its new privacy policy, leaving customers with sound systems that may eventually "cease to function". It comes as the home sound system maker prepares to begin collecting audio settings, error data, and other account data before the launch of its smart speaker integration in the near future. A spokesperson for the home sound system maker told ZDNet that, "if a customer chooses not to acknowledge the privacy statement, the customer will not be able to update the software on their Sonos system, and over time the functionality of the product will decrease. The customer can choose to acknowledge the policy, or can accept that over time their product may cease to function."
Userlevel 7
Badge +26
You maybe correct, but the specs on the Sonos 5 do claim 2 microphones. Thoughts as to why?

Sonos has stated that they were put in possibly for room tuning, but they were never used, as the iPhone mic can be far more effective at this task, as it can be walked around the room.


I wanted to confirm this, the mics in the PLAY:5 gen2 were originally designed with room tuning and future use in mind. However, to this day, they are inactive. The PLAY:5 gen2 doesn't even know how to turn them on yet as they are entirely unutilized right now. For room tuning, we need to be able to "listen" where you are going to be sitting, as it's not so important to know what it sounds like at the speaker's location.

You'll be notified prior to any change in the status of the microphone, and we will ask for permission to activate them too.
I have a product development background. The mics were designed in for a long-term product goal. Sonos have not been totally quiet on their ambitions to compete with the likes of Google and Amazon. I am unhappy about the metadata and any potential backdoor application that could be pushed out to the Sonos 5.
Posted on SlashDot
"Sonos has confirmed that existing customers will not be given an option to opt out of its new privacy policy, leaving customers with sound systems that may eventually "cease to function". It comes as the home sound system maker prepares to begin collecting audio settings, error data, and other account data before the launch of its smart speaker integration in the near future. A spokesperson for the home sound system maker told ZDNet that, "if a customer chooses not to acknowledge the privacy statement, the customer will not be able to update the software on their Sonos system, and over time the functionality of the product will decrease. The customer can choose to acknowledge the policy, or can accept that over time their product may cease to function."


To the bolded: I've got news for you, they've been collecting "audio settings, error data, and other account data" all along, and that fact has been in the privacy policy for a long, long time. You know, the same privacy policy that you originally agreed to when you bought your Sonos, and you paid no attention until some obscure website posted nonsense and got people all fired up over nothing in order to generate clicks? How's it feel to be manipulated?
Userlevel 1
Badge
@Jgatie. How does it feel to be naive? Sure, the original EULA did claim "audio settings, error data, and other account data" but the expectation of privacy will always need to be considered after all, the end user is buying an Audio Speaker System and not a "home helper". The fact that Sonos is mandating expansion of the original EULA, adding additional undefined capabilities and stating that the device may cease to function if upgrades are not performed should be of concern to all Sonos users.

I have worked in IT Security since 2011 in both commercial and government agencies protecting infrastructure against such data/metadata exfiltration attacks.

I suggest your read up. SANS.org or ISC2 are good starting places.

Here is one of the first class actions against Sonos.

https://www.bostonglobe.com/business/2017/08/24/sonos-triggers-fight-over-privacy-with-new-data-rules-for-audio-devices/FOvJy8dkgeiylkv8RKot0J/story.html
*YAWN*

I would counter your quip about my naivete by asking how it feels to wear a tin-foil hat so tight that it cuts off oxygen to the brain, but I'm not into personal attacks.

I do find it funny that you criticize my naivete, but you yourself trust a story that states as fact "It comes as the home sound system maker prepares to begin collecting audio settings, error data, and other account data before the launch of its smart speaker integration in the near future" when Sonos is not preparing "to begin collecting" any of these things, for they have been doing it all along. To used a very overused, but totally applicable in this case term - You are falling for fake news.

But I will sit back and laugh when that lawsuit ultimately gets thrown out of court.
Userlevel 4
Badge +9
The fact that Sonos is mandating expansion of the original EULA, adding additional undefined capabilities and stating that the device may cease to function if upgrades are not performed should be of concern to all Sonos users.

This has also always been the case, if I remember correctly somewhere around the release of 6.0 Spotify would stop working if you didn't update since the way how Spotify connected had changed.
Userlevel 1
Badge
@jgatie..It seems you are very much invested in Sonos based on the equipment list so I understand your avoidance of the issues here. I will not respond any further to your quips. BTW Aluminium has replaced Tin in foil since 1910. There are some really good books out there that may help you catch up.


You’re a loudmouth, baby. You better shut it up. I’m gonna beat you up ’cause you’re a loudmouth, babe.
-Ramones, Loudmouth
*Double YAWN* :8

This has also always been the case, if I remember correctly somewhere around the release of 6.0 Spotify would stop working if you didn't update since the way how Spotify connected had changed.


Yup. The same with acknowledging the new AWS security measures. Once again, some silly website is fishing for clicks by stating Sonos' privacy policy has changed into a cross between Orwell's Big Brother and Beria's NKVD, when it really hasn't changed at all. Except to reflect the fact that Sonos needs to share the information it has collected all along with their voice control partners. Voice control which is completely voluntary and must be explicitly activated by the user.

In other words, acknowledging the privacy policy is required, but any of the new data collection announced by that policy is 100% voluntary. Truly a tempest in a teapot.
Userlevel 5
Badge +11
I have a product development background. The mics were designed in for a long-term product goal.

Those two sentences don't make sense together. If you worked in PD then you'd know goals change. There's nothing unusual about component use change, and the implication of anything else is contrived.


You sir are a troll. Give me your ip address I have something I would like to give you.
...
I have worked in IT Security since 2011 in both commercial and government agencies protecting infrastructure against such data/metadata exfiltration attacks.

So you went from script kiddie threats to security expert in the span of a few posts?

Your ostensible, short security background notwithstanding you're making multiple inaccurate points. The most egregious is suggesting that Sonos has some sort of malicious intent with the devices failing to work. This is simply reality. If you stop updating your operating system then applications won't work either.

It's not naive to express skepticism about murky, undefined future threats. In my view Sonos has been upfront about the update, and they have clearly communicated the reasons for it. I'm unable to see how, if you actually read the policy/posts from Sonos, you could get a different understanding.
Userlevel 1
Badge
When the US office of National Intelligence add a new category to Intel TEMPINT to characterise the threat of Metadata and IoT then we all need to pay attention

https://www.wired.com/2017/01/connected-devices-give-spies-powerful-new-way-surveil
None of which has to do with Sonos' privacy statement.
When the US office of National Intelligence add a new category to Intel TEMPINT to characterise the threat of Metadata and IoT then we all need to pay attention

https://www.wired.com/2017/01/connected-devices-give-spies-powerful-new-way-surveil


Hi, Kellyanne! :8