Skip to main content

I am growing very concerned that when the capability to add and edit a local music library is reimplemented sometime in July, that I will be forced to accept a new method of sharing that involves security vulnerabilities and with little to no transparency. I want to a) know what the plan is for this in the mobile app/how it’s intended to work, b) why are there no release notes for 16.2 desktop app updates which had extensive changes to the music library sharing 

 

OS X and iOS user - I bought into SONOS because of its app’s ability to index my local music library from the Mac’s Music folder with ease, including the Music app’s playlists. No NAS, or SMB protocols involved.

When the new mobile app launched with the entire music library capability missing, I was somewhat consoled by the fact that I could still manage this with the desktop app. And I ignored its prompts to update it.

Despite that, there were changes made to the desktop app anyway which broke the ability to add/update from my local music folder. Music library was deleted, then error 913 in trying to add it back.  My desktop app is now 16.2 but I cannot find the release notes posted for it. 
 

The only way to workaround that is to enable file sharing settings and readd the music folder as if it were on a NAS, but it’s not a perfect solution. In trying to figure out why i) the original method of pointing the app to my music folder didn’t work, and ii) why the NAS workaround didn’t include my Music app’s playlists anymore - I did some digging.

When trying to re-add my local music folder using the original method, I can see that SONOS is added to the music folder’s permissions at first, then removed before the process fails with 913 error. 
 

When using the NAS workaround method, which requires file sharing via SMB to be enabled as well as the sharing with a Windows computer setting to be enabled - the latter of which comes with a warning that this stores the user’s password in a less secure place.

I also tried to share my iTunes folder in a similar way in an attempt to have SONOS read the associated XML file and restore my missing playlists. I could get the permissions right, but whenever I would Update Music Library, this would remove the SONOS permission for that folder.

 

Without the necessary transparency from SONOS, I got concerned about what the desktop app was doing behind the scenes. I went digging into computer’s privacy settings and found SONOS in several spots with access that I wasn’t aware of. So I ended up removing the whole thing from my computer.

—————

I had figured this might all be put right with the upcoming uodates planned for the mobile app, but now I am not so sure about how SONOS intends to accomplish this.

Is SONOS going to essentially turn my computer into a NAS device with the mobile app acting as the interface? I don’t want that or the security vulnerabilities that would come with that if it’s not done properly and with transparency. Or if not, how does SONOS intend for this to work? 
Also, how is the web app and its information about my music library secure? 
 

I really don’t want to wait for several more weeks just to find out that I will be forced, perhaps unwittingly, to give SONOS unprecedented new access to my system to accomplish music library indexing.

 

Is SONOS going to essentially turn my computer into a NAS device with the mobile app acting as the interface? I don’t want that or the security vulnerabilities that would come with that if it’s not done properly and with transparency. Or if not, how does SONOS intend for this to work? 

Years ago, Sonos included ‘http’ sharing in the desktop apps which pretty transparently made a Windows/Mac-based music folder available to your Sonos system. While really convenient—I used it myself—that sharing mechanism was not particularly secure and it has “gone away” in the past month.

Sonos now relies exclusively on SMBv2 or SMBv3 sharing … and none of the Sonos apps (desktop or mobile) will “act as the interface” as described in the previous paragraph. If your music folder is on your Mac, you need to share that folder through MacOS. So long as you enable sharing with a password that ought to be quite secure.

Re-stated for clarity (one hopes) …

  • BEFORE—Sonos desktop app included (proprietary) file sharing mechanism.
    Good news: really easy, no OS knowledge needed. Bad news: weak security.
  • NOW—no file sharing mechanism included in Sonos desktop (or mobile) app.
    Good news: OS-based SMBv2/v3 strong security. Bad news: you have to navigate the file sharing process yourself.

Hope this helps!

I appreciate your reply. It explains what has happened to the old method I was using - I was not aware it was using http as I had assumed this was for libraries on a NAS drive, and I’d been able to continue updating my music library beyond May 13th when support for it was to have stopped.

But, I am not reassured about the SMB sharing given the issues I observed and the lack of an explanation for what the existing SONOS desktop app is doing. 

Also, Mac OS is notoriously bad with SMB connections. Even the most up to date versions. Many other services use HTTP like DAAP without exposure to security risks, so I don’t understand why its support needed to be discontinue along with SMBv1.

Terms & ConditionsCookie settings