Skip to main content

Hello,

Now that we are being forced by Google to switch from Google Play Music to YouTube Music, I noticed the following permissions requirements when linking YTM to Sonos:

  • View and manage your videos and playlists
  • View and manage your YouTube activity, including posting public comments.

Questions:

  1. What exactly does Sonos do in terms of retaining my YTM playlist data? Is this sent back to the mothership and analyzed? I’m asking because I have many video playlists in YouTube that have nothing to do with music, but I actually consider them somewhat personal and sensitive.*
  2. Why the heck is Sonos asking to post public comments under my name, and to ‘manage’ my activity? What do they actually do? This permission seems to be very excessive and unrelated to the function of playing music. What do they do with this ability? Has Sonos ever ‘managed’ someone’s account or posted comments under their name?

Thank you for reading.

 

* Note: I am fully aware that Google is an advertising company and they probably analyze all of your data and playlists anyway. I keep a seconday Google account apart from my main account in which I house this stuff, and that where my YT Premium subscription is located. I used to piggyback GPM off this account since it came free with YT Premium. I much preferred the old Google Play Music model in which the music service was isolated from YouTube. This merging of YT and GPM has been pretty annoying IMO.

It’s unlikely that the community would have answers to your specific questions, you might be better off sending an email to either their lawyers, or perhaps the CEO. 


Maybe the permissions you give are meant to make is possible for you to change tis from the Sonos app. For this the app (and thus Sonos) must have the right to interact with your YT account and have the right to change things on your behalf.


Think this is the “standard” YTM OAuth2 dialog, where you are giving permission for the YTM SAMPI service to access the YTM back-end. Those generic messages depend on the “scopes” of the access. Why those two specific scopes? Try this section: https://developers.google.com/youtube/reporting/guides/authorization/installed-apps

Sonos really aren’t involved here, other than storing the resulting access token, which they pass on all the calls to YTM to authenticate that “you” are “you”. Sonos themselves don’t need access to anything in your account, that token is it, they just put it on every SMAPI call.