Answered

How to disable Direct Control / Streaming services?


I have an old ZP80 system that I use strictly for playing music from a vast catalog of music and podcasts that keep on my NAS.   So it’s all inside my personal network.   I don’t route any streaming or outside services, e.g., Spotify, Apple, Google, etc, through my Sonos system.   No do I have any accounts with those companies.

So was surprised the other day when my GF, who has Google and Spotify at her house, but not Sonos, was at my house and was able to play music from Spotify over my Sonos system.   I called Sonos support and they said that Sonos exposes an API called Direct Control to 3rd party services such as Spotify, so all she needs is her Spotify app on her phone to play music through my Sonos system.  

How do I disable that feature on Sonos?   I don’t want Spotify to have access to my Sonos system, or to be able to route content through my network or gain marketing information by knowing that content was routed through my network.   I want to keep my Sonos system tightly buttoned down to just my network inside my firewall.

 

Thanks in advance.

icon

Best answer by ratty 28 June 2022, 15:12

View original

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

22 replies

The easiest thing you could do is setup a guest WiFi network for GF and any other visitors to use, and change the password on the network your Sonos is on.  That could upset your GF, thinking you don’t trust her, but if you can’t simply ask her not to stream to your Sonos, then you don’t actually trust her.

 

The easiest thing you could do is setup a guest WiFi network for GF and any other visitors to use, and change the password on the network your Sonos is on.  That could upset your GF, thinking you don’t trust her, but if you can’t simply ask her not to stream to your Sonos, then you don’t actually trust her.

 

The question is about Sonos, not about my network or my GF. 

When I bought Sonos it was so I could stream my music from my NAS to different rooms in my house.  Services like Spotify didn’t exist in those days and Sonos had not yet  exposed an API so random apps on people’s phones could piggyback on my Sonos system.   Sonos has added this network wormhole as a “feature” that I have no use for.  I want to know how to disable it. 

 

I resent the way companies that make networked products  keep expanding the reach and scope of their products without asking our permission.  My GF herself ran into a similar problem at her house with her Alexa system when Amazon introduced Alexa Sidewalk last year, and suddenly her Alexa system became visible to her neighborhood!  But at least Amazon gave her a way to opt out.   I’d like the same courtesy from Sonos.  

The easiest thing you could do is setup a guest WiFi network for GF and any other visitors to use, and change the password on the network your Sonos is on.  That could upset your GF, thinking you don’t trust her, but if you can’t simply ask her not to stream to your Sonos, then you don’t actually trust her.

 

The question is about Sonos, not about my network or my GF. 

 

 

I took a few seconds and found this support document.   Closing off those ports may cause other issues though, depending on what other devices in your home may need.  I would definitely make my network private over this if it were me.  And yes, I realize this is still not a Sonos specific solution that you’re looking for, but there is no switch you can flip in the Sonos app that I’m aware of.

When I bought Sonos it was so I could stream my music from my NAS to different rooms in my house.  Services like Spotify didn’t exist in those days and Sonos had not yet  exposed an API so random apps on people’s phones could piggyback on my Sonos system.   Sonos has added this network wormhole as a “feature” that I have no use for.  I want to know how to disable it. 

 

 

Third party API has been around for quite a long time.  It really hasn’t been an issue, since the majority of people who want that level of restriction on their local network have already blocked ports and don’t give out their WiFi password.

 

 

I resent the way companies that make networked products  keep expanding the reach and scope of their products without asking our permission.  My GF herself ran into a similar problem at her house with her Alexa system when Amazon introduced Alexa Sidewalk last year, and suddenly her Alexa system became visible to her neighborhood!  But at least Amazon gave her a way to opt out.   I’d like the same courtesy from Sonos.  

 

Your Sonos system is not visible outside your WiFi network without you expressly giving permission to a 3rd party app/hardware  that expressly bridges the connection into your local network.

 

Your Sonos system is not visible outside your WiFi network without you expressly giving permission to a 3rd party app/hardware  that expressly bridges the connection into your local network.

 

My GF has access to my WiFi network so she can access files on my network and print things out on my printer.  To do both of those required additional setup and configuration beyond just having my WiFi password; that is, my NAS has its own logon and the printer required setting up a driver and configuration

I often give visitors a WiFi password so they can do WiFi enabled calling since cellphone service here is poor, or so we can work on projects that require shared access to files, scanners, or other resources here.  I have all kinds of devices on my network (including a network of critter-cams because I’m on the edge of a wildlife area).   All of those devices require their own separate login or configuration.

Of the dozen or so random devices on my network,  Sonos is the only one that does not seem to require any permission or gatekeeper to access beyond just the WiFi password itself. 

Userlevel 7
Badge +17

Most people would disagree with you about the expanding possibilities of the Sonos system. Sonos has indeed shifted for most people from a system that only plays your own music to a system that primarily plays music services. Your girlfriend probably used Spotify Connect, that does not really involve Sonos. By agreeing to use the Sonos services you also probably agreed to this. The only way to stop this is to stop your system accessing the internet.

 The only way to stop this is to stop your system accessing the internet.

All I want to do is stop Sonos from accessing the internet.   Sonos is the only device on my large and complex intranet involving dozens of devices that can’t be configured to either not be connected to the internet, or to require a logon or password first. 

“Most people would disagree with you about the expanding possibilities of the Sonos system” - I don’t know what this means -  I don’t object to Sonos expanding the “possibilities” - just want control over those possibilities.   Many people today are very privacy and security oriented, so what we want is control.    Sonos is the only device I’ve encountered so far that doesn’t seem to give you control.

 

Your Sonos system is not visible outside your WiFi network without you expressly giving permission to a 3rd party app/hardware  that expressly bridges the connection into your local network.

 

My GF has access to my WiFi network so she can access files on my network and print things out on my printer.  To do both of those required additional setup and configuration beyond just having my WiFi password; that is, my NAS has its own logon and the printer required setting up a driver and configuration

 

 

There are NAS and printers that can be access from outside your network...but it’s not really relevant.  Do you have to provide a password for your printer?  Or perhaps you can restrict which devices can connect to the printer?  From my experiences, home printers are available to any device on the same network, but I’ve never tried to restrict access.

 

 

I understand that you want this feature, but I can tell you from experience that it’s unlikely to change. 99% (approximately) want Sonos to be wide open on their network and easy to use.  They don’t want yet another password to remember just to access the system.  Even those that have asked for a password do so not to block use of streaming services, but so that guests can’t use the Sonos app on their own devices to control the system, once given the WiFi password.    Or they have kids in the home that they only want to access the speakers in the kid’s room(s).  Point is, there is a one size fits all solution for all the people that want to restrict access.

Your best bet is to look into blocking ports, if it doesn’t interfere with the rest of your devices in your system.

 

 

Partition your network, using a secondary wireless router. Put the Sonos on the router’s private side. Put visitors on the main WiFi. 

 

There are NAS and printers that can be access from outside your network...but it’s not really relevant.  Do you have to provide a password for your printer?  Or perhaps you can restrict which devices can connect to the printer?  From my experiences, home printers are available to any device on the same network, but I’ve never tried to restrict access.

 

I don’t have to provide a password to print because I had to set up a driver on my phone or PC to do so; setting up the driver required authentication.   So my point is that no one can just walk in off the street and print something from their phone just by having WiFi access.   But they can play music on my Sonos without even having Sonos software.

 

Your best bet is to look into blocking ports, if it doesn’t interfere with the rest of your devices in your system.

...and...

Partition your network, using a secondary wireless router. Put the Sonos on the router’s private side. Put visitors on the main WiFi.

 

Why should I have to go out and get a propeller beanie and play IT geek just to give my Sonos system the same level of control, privacy and security every other device on my network already has?   All they need is a switch in the settings to disable internet access or disable third-party access.  My Sonos app is already configured to my account so I’m the only one who would have access to it. 

 

I know people like things that are open and convenient, but not all of us as are so lackadaisical -  In these days of IoT there are lots of vulnerabilities -  https://www.bleepingcomputer.com/news/security/flaws-in-sonos-and-bose-smart-speakers-let-hackers-play-pranks-on-users/

 

If you want to stop your Sonos kit accessing the internet, just block all ports for those IP addresses at the router end. I keep all of my Sonos kit in one range, so it’s one line in the router settings.

Is this what is actually happening though, or is your GF streaming from her phone direct to your Sonos kit? If you give her access to the internet and allow her to stream, then I don’t see how you can stop it.

I doubt that Sonos is going to make changes just based on your own unusual requirements, but good luck :-)

You have bought speakers that are Spotify Connect enabled.  Your GF isn’t using the Sonos system - she is not using the Sonos app.  So putting a password in Sonos would have no effect.  (Does your GF even have the Sonos app on her phone?)  So I suspect that to prevent this, Sonos would have to abandon allowing the use of Spotify Connect. The chance of that happening is zero.

You are simply incorrect in your assertion that your GF is playing through your Sonos system, she is playing on your Spotify Connect enabled speakers.  The practical outcome may be very similar (you have to listen to her choice of music), but this matters for the action Sonos would have to take (if it could).  If (heaven forbid) you had a Spotify Connect enabled Bose speaker lying about the place, she would be able to play through that too.

Whether Sonos could give an option to disable this, or would be allowed to do so by Spotify, I don't know.  But I suspect it is wanted by so few people that it won't happen.

  I want to keep my Sonos system tightly buttoned down to just my network inside my firewall.

 

 

What’s the benefit of doing this?

Just to be clear, Spotify cannot unilaterally access the ZP80 from the outside. Someone on the local network has first to discover the ZP and make a request to the cloud based bridge between Spotify and Sonos.

Authorisation tokens are passed around the chain. The authorisation to play from a Spotify native app is subsequently rescinded when the player is instructed to play from a different source.

I wouldn’t allow onto my private network anyone I didn’t trust. 

Some firewalls allow blocking specific URL’s.

Is this what is actually happening though, or is your GF streaming from her phone direct to your Sonos kit? If you give her access to the internet and allow her to stream, then I don’t see how you can stop it.

She plays a song on her Spotify app and it comes out through Sonos.   Sonos tech support says Spotify is using the Sonos Direct Control API to discover that there’s a Sonos device on my network and using that.   I don’t want my Sonos mesh network to be discoverable.    This is not an unusual request -  Bluetooth works the same way -  you can control how “discoverable” a Bluetooth device is.   Everyone uses Bluetooth - it’s not a big inconvenience.

Some firewalls allow blocking specific URL’s.

Why would I want to block an entire URL?  What if I wanted to access Spotify via my PC or phone in my house?    This is a Sonos issue..   As I’ve said here several times, Sonos is the only device on my network that’s wide open.      Even the ubiquitous Bluetooth standard gives you more control and security.

I don’t want my Sonos mesh network to be discoverable.    This is not an unusual request -  Bluetooth works the same way -  you can control how “discoverable” a Bluetooth device is.   Everyone uses Bluetooth - it’s not a big inconvenience.

Sonos devices respond to standard local network discovery protocols, such as UPnP and mDNS. There’s nothing one can do about that without entirely crippling the operation of the system. 

A local network uses private IP addressing. The clue is in the name. The network is private. Within that network all devices are deemed contactable, including by broadcast.

Bluetooth is a completely different technology, essentially wire replacement. Of course one would want to control which nearby devices can be connected. 

  I want to keep my Sonos system tightly buttoned down to just my network inside my firewall.

 

 

What’s the benefit of doing this?

Every other device on my network has two levels of security:  access to the network and access to the device itself.   For example, if I have a designer at my house and he wants to show me his portfolio in the cloud I give him my WiFi password so he can access the internet.  But he still doesn’t have access to my NAS.   Because all the other devices require their own rigmarole (password or a special driver setup or a unique app)  for access I don’t have to set up and maintain some complicated set of router settings for guests or other special classes of users.   Only Sonos is wide open to anyone with access to my WiFi.

I don’t want my Sonos mesh network to be discoverable.    This is not an unusual request -  Bluetooth works the same way -  you can control how “discoverable” a Bluetooth device is.   Everyone uses Bluetooth - it’s not a big inconvenience.

Sonos devices respond to standard local network discovery protocols, such as UPnP and mDNS. There’s nothing one can do about that without entirely crippling the operation of the system.

My NAS is a UPnP device but it also requires a password.   The password is memorised by all of my own PC’s, laptops and phones so I don’t have to type it in every time, but if a visitor came here he could see that it exists, but he wouldn’t be able to access it.   So there’s no inconvenience for me but it provides an extra layer of security.

Partly in response to concerns about guests on the LAN being able to change the system configuration, Sonos introduced account sign-in via password to protect such settings.

They have steadfastly rejected any suggestions of putting obstacles in the way of simply playing music.

For someone so concerned about security you have a remarkably lax attitude to access to your network.

'Sonos is wide open ...'.  Heck it's not a bank account. It's wide open  shock horror..to someone in your house who you have let on your network playing music on your speakers. How often do visitors do this?

For someone so concerned about security you have a remarkably lax attitude to access to your network.

 

That is why I asked the question I did a little while ago;  this seems like a gated field with no fence. But maybe I am in different enviroment that does not needs some of these protocols. One of which is that my NAS contains only music files for Sonos.