Joint lawsuit against SONOS


Userlevel 2
Badge +2

Today I ran into a problem. I rebooted the playbar to the factory settings, and when I try to reconfigure, the application requires access to my location. If I refuse to grant access, I can’t set up my playbar !!!!! Starting from iOS 13, SONOS requires the provision of a geographical location via the GPS of your phone. If you refuse to provide access to a geographical location, you cannot use the product that you bought. It turns out that Sonos put forward an ultimatum to me. Want to use a player, we need to know where you are! But this is a violation of my rights. When I bought the device, the use agreement did not contain information that I must provide my location to use the product.

I am going to go to court.  Because I believe that Sonos illegally restricts me in my right to privacy. If you want to join the lawsuit, write me a message. 

I admit that when selling a new device, Sonos may require certain conditions from the buyer, but when Sonos forbids me to use the device I bought earlier, this is a violation of my rights.

Sonos should return my money and take the goods back.  Because I do not agree with the rules that Sonos has implemented without agreement with me. If you agree with me and consider that SONOS limits your right to use your equipment, write to me.


110 replies

The diagnostic is optional because, well, you have to actually submit a diagnostic for them to get one.  Duh.  

 

Look we obviously aren’t going to see eye to eye on this.  So if you think Sonos has wronged you, stop all the bluster in this forum and go contact a lawyer.  When they file the case, post your docket number here.  Because until you do that, all you are doing here is howling at the wind.  

 

I agree this is possibly the end of any intelligent debate on the matter. If the Sonos argument was clear then it wouldn’t still be going on. The only way forward is to get a laywer. I don’t think anyone is going to get a lawyer (I would love it if they did, count me in).

This is obviously Sonos’ standpoint - ‘Go get a lawyer’… nice relationship to have with your customers.

I would never, never of gone down the Sonos route if I knew of all the issues I was going to have with them, my options are now to sell all my kit and choose another route or shut up. 

The diagnostic is optional because, well, you have to actually submit a diagnostic for them to get one.  Duh.  

 

Look we obviously aren’t going to see eye to eye on this.  So if you think Sonos has wronged you, stop all the bluster in this forum and go contact a lawyer.  When they file the case, post your docket number here.  Because until you do that, all you are doing here is howling at the wind.  

Again, there is 100% no techincal reason forcibly collect any of this personal data to use an AirPlay speaker in my home.

 

 

You didn’t buy an Airplay speaker, you bought a multi-room, internet connected smart speaker that happens to have Airplay capability.  Caveat emptor.

 

 

This MUST be an opt-in. Asking for all this information or otherwise refusing access to your devices is a very shady practice and highly uncommon even for the shadiest hardware companies.

 

So you wish to opt out of your warranty, and forego free service for the life of the unit?  Something tells me you’d be the first one screaming when it stopped working.  

Oh and as I said, diagnostics are already optional.  Don’t send one, and they don’t get the data.  

I bought a speaker with internet service capabilities. (Btw, to my knowledge few to none of the service intergrations would actually require personal information sent to Sonos, actually. But I haven’t signed up for or used or plan to use any of the services anyway). I did not buy a device that cannot be used in any way unless they forcibly take my personal information.

Where did you get the diagnostics information from? Can you provide a source for that? Can you confirm that my IP address won’t be stored with my account information unless I actively request it?

If and when I decide to make use of any warranty support is MY decision. A warranty is not a legally binding contract for the customer.

Again, there is 100% no techincal reason forcibly collect any of this personal data to use an AirPlay speaker in my home.

 

 

You didn’t buy an Airplay speaker, you bought a multi-room, internet connected smart speaker that happens to have Airplay capability.  Caveat emptor.

 

 

This MUST be an opt-in. Asking for all this information or otherwise refusing access to your devices is a very shady practice and highly uncommon even for the shadiest hardware companies.

 

So you wish to opt out of your warranty, and forego free service for the life of the unit?  Something tells me you’d be the first one screaming when it stopped working.  

Oh and as I said, diagnostics are already optional.  Don’t send one, and they don’t get the data.  

Location - Geofencing of services, listing local radio stations

Name - Not required by Sonos.

email - Requiring an email is so ubiquitous in this day and age, as is the use of burner emails, so this is sheer pedantry. 

IP Address - Part of the warranty is lifetime support.  These are the types of things in a diagnostic needed for that support.  If you don’t want them knowing it, don’t get support and don’t send a diagnostic.  It is entirely voluntary.  

Again, there is 100% no techincal reason forcibly collect any of this personal data to use an AirPlay speaker in my home. This MUST be an opt-in. Asking for all this information or otherwise refusing access to your devices is a very shady practice and highly uncommon even for the shadiest hardware companies.

Location - Geofencing of services, listing local radio stations

Name - Not required by Sonos.

email - Requiring an email is so ubiquitous in this day and age, as is the use of burner emails, so this is sheer pedantry. 

IP Address - Part of the warranty is lifetime support.  These are the types of things in a diagnostic needed for that support.  If you don’t want them knowing it, don’t get support and don’t send a diagnostic.  It is entirely voluntary.  

Again, there is no technical justification to do this! This is pure (and in the EU illegal) data hording. Even software updates DO NOT technically require registration and collection of personal data.

 

Without knowledge what products you got, said products won’t receive the corresponding firmware build. You can’t, say, operate a Beam with the firmware a Play:5 is running on.

The “you” is the important part. My personal information is the thing that’s not technically required. Be it location, name, email or IP address.

Again, there is no technical justification to do this! This is pure (and in the EU illegal) data hording. Even software updates DO NOT technically require registration and collection of personal data.

 

Without knowledge what products you got, said products won’t receive the corresponding firmware build. You can’t, say, operate a Beam with the firmware a Play:5 is running on.

While it might not be the case with some speakers out there, Sonos devices are much more than just speakers. They are computers that are designed to play music as a system, synchronized and controllable across multiple devices and platforms. I get that you disagree on what you think is a basic function, but Sonos devices need to be running the same software build on all devices, which makes updating at the beginning an important part of the setup process, and a core function.

Here is a short list of examples for devices that can also be used to stream and use all kinds of internet services, but don’t force users to create a personal profile and transfer personal data including location data to the manufacturer in order to just set them up for local use and don’t de facto brick them if the legal right to opt-out of these practices is desired:

  • Smartphones
  • Computers
  • Routers

Again, there is no technical justification to do this! This is pure (and in the EU illegal) data hording. Even software updates DO NOT technically require registration and collection of personal data.

I think the background for removing the option to set up a Sonos system with the desktop app is also pretty clear now, since those machines don’t have GPS.

Userlevel 3
Badge +1

This is not how it works for Sonos. Sonos do not share your information with third parties, it’s in time terms and conditions and adheres to GDPR in Europe. 

Not sure anything about the GDPR topic, but times have changed and Sonos now does share some information with 3rd parties (anonymized, but related directly to the user).

Advertising Partners

If you decide to use Sonos Radio, we will share a subset of your pseudonymized and anonymized data with third party advertising companies to present, via Sonos Products, interest-based ads for features, products, and services that might be of interest to you. Specifically, we share the following information with our advertising partners: location, language, and genre of the station you are currently listening to (which is not based on your overall listening history). We will share anonymous information with advertisers, which describes the overall listening audience in general. We may also share limited location information (i.e. an IP address and anonymized ID) with some of our third party radio content partners who may run ads on their stations. We do not use information that personally identifies you to present interest-based ads.

Userlevel 7
Badge +26

While it might not be the case with some speakers out there, Sonos devices are much more than just speakers. They are computers that are designed to play music as a system, synchronized and controllable across multiple devices and platforms. I get that you disagree on what you think is a basic function, but Sonos devices need to be running the same software build on all devices, which makes updating at the beginning an important part of the setup process, and a core function.

Check out the link at the end there to find out more about what Apple includes in Location Services.

Sonos players are all Internet connected devices, designed for music and streaming. They get updates online for security patches, new features, and other things, like adding AirPlay 2 and updating AirPlay protocols.

A while back, we improved our security policies to add passwords to preexisting accounts which have always required an email address for registration. Along with this, we implemented account linking to facilitate seamless integration with cloud services like Amazon Alexa, Spotify, and Deezer. This allows for things like starting a stream with AirPlay, and skipping the track with Alexa or Google Assistant, or the Sonos app. While it might not be a feature you’re looking for, it’s something that we had to lay the groundwork for everyone.
 

As to storing and using personal data, I can’t say it any better than our privacy policy, stated here.

To summarise it, as of this writing, the privacy policy states Sonos collects and processes the following data of users:

email address, location, language preference, Product serial number, IP address, and Sonos account login information

To justify this it states:

This processing is necessary for the performance of the contract we have with you.

This is not legally sound. I do not have nor wish to have a contract with Sonos. It further states:

This data is absolutely necessary for your Sonos Product [...] to perform its basic functions in a secure way

This is a false statement. Until I set up any online services, not even an internet connection is technically necessary. Not even a firmware update is a basic function. There is just as little reason for my speaker to be registered to my name and location, collect personal data and have internet access to perform its basic functions as for my fridge, my toilet and my vacuum cleaner.

Userlevel 7
Badge +26

Check out the link at the end there to find out more about what Apple includes in Location Services.

Sonos players are all Internet connected devices, designed for music and streaming. They get updates online for security patches, new features, and other things, like adding AirPlay 2 and updating AirPlay protocols.

A while back, we improved our security policies to add passwords to preexisting accounts which have always required an email address for registration. Along with this, we implemented account linking to facilitate seamless integration with cloud services like Amazon Alexa, Spotify, and Deezer. This allows for things like starting a stream with AirPlay, and skipping the track with Alexa or Google Assistant, or the Sonos app. While it might not be a feature you’re looking for, it’s something that we had to lay the groundwork for everyone.
 

As to storing and using personal data, I can’t say it any better than our privacy policy, stated here.

Hi @HartwigHart, I know this thread is a bit long, but here’s a reply that you might have missed:

 

  

Hi everyone, please remember to try and stay friendly here on the community.@RUBIX2 tagged me in above and I’m happy to share some clarity. It sounds like the main confusion here is around what Location Services includes.

 

With iOS 13, Apple gave users the ability to control their privacy in a more granular way. This impacts the user experience for Apple partners like Sonos, especially during setup. We support this change although it does mean users have to grant permission in a new way for location services. The permissions for Location Services now include settings beyond just GPS which can be used to point to a location by Apps, such as WiFi scans and Bluetooth Low Energy.

The Sonos app uses both Wifi scanning and BLE to find Sonos devices during setup, so it will ask for Location Services permissions at startup, and can't search for devices on iOS without these permissions. You can use the option to allow the app to do so only once, or only when the app is running. You can read more about how Apple outlines their Location Services here. If you have any concerns about the Sonos privacy statement, please feel free to contact us at privacy@sonos.com.

 

The Sonos app isn't asking for GPS details, it needs location services enabled so that it can use WiFi to scan for networks.

This could be plausible. Is this necessity documented anywhere with Apple? Can you assure, that at no point location data is transferred to Sonos?

Once I allow location access, why do I need to provide internet access, create an account, and have all kinds of information associated with my name and email address and transferred to and stored on Sonos servers?

I simply want to stream music from my Apple devices to my speakers via AirPlay in my home, without giving Sonos devices internet access and having them transmitting and processing any kind of my personal information!

Userlevel 7
Badge +26

Hi @HartwigHart, I know this thread is a bit long, but here’s a reply that you might have missed:

 

  

Hi everyone, please remember to try and stay friendly here on the community.@RUBIX2 tagged me in above and I’m happy to share some clarity. It sounds like the main confusion here is around what Location Services includes.

 

With iOS 13, Apple gave users the ability to control their privacy in a more granular way. This impacts the user experience for Apple partners like Sonos, especially during setup. We support this change although it does mean users have to grant permission in a new way for location services. The permissions for Location Services now include settings beyond just GPS which can be used to point to a location by Apps, such as WiFi scans and Bluetooth Low Energy.

The Sonos app uses both Wifi scanning and BLE to find Sonos devices during setup, so it will ask for Location Services permissions at startup, and can't search for devices on iOS without these permissions. You can use the option to allow the app to do so only once, or only when the app is running. You can read more about how Apple outlines their Location Services here. If you have any concerns about the Sonos privacy statement, please feel free to contact us at privacy@sonos.com.

 

The Sonos app isn't asking for GPS details, it needs location services enabled so that it can use WiFi to scan for networks.

Userlevel 7
Badge +20

Claim away then.  I think you are wasting your time, and money.  Certainly a no win no fee lawyer won’t be interested.

Since Sonos announced ad-supported features for all Sonos products yesterday, where they will be providing certain user data to advertisers, I decided to factory reset all my products and unlinking them from my account. Setting up my equipment again is now impossible without providing exact location data in the form of GPS access to Sonos. I‘m looking to prepare a lawsuit in the EU right now, where I live. European privacy and consumer protection laws should make this an easy win.

This is not how it works for Sonos. Sonos do not share your information with third parties, it’s in time terms and conditions and adheres to GDPR in Europe. 

GDPR is not restricted to sharing information with third parties. It basically gives consumers the power to opt-out of any processing of their data and at the same requires any data processing that is not necessary to perform a service to be opt-in. I am not interested in using any of Sonos‘ services. I just want to connect my speakers via AirPlay to my Mac. Having my GPS location sent to Sonos is not necessary for that. I am not necessarily looking to file a GDPR complaint, but GDPR violations will help support certain claims in court.

Userlevel 7
Badge +20

Since Sonos announced ad-supported features for all Sonos products yesterday, where they will be providing certain user data to advertisers, I decided to factory reset all my products and unlinking them from my account. Setting up my equipment again is now impossible without providing exact location data in the form of GPS access to Sonos. I‘m looking to prepare a lawsuit in the EU right now, where I live. European privacy and consumer protection laws should make this an easy win.

This is not how it works for Sonos. Sonos do not share your information with third parties, it’s in time terms and conditions and adheres to GDPR in Europe. 

European privacy and consumer protection laws should make this an easy win.

 

I don't think you understand GDPR then.

Since Sonos announced ad-supported features for all Sonos products yesterday, where they will be providing certain user data to advertisers, I decided to factory reset all my products and unlinking them from my account. Setting up my equipment again is now impossible without providing exact location data in the form of GPS access to Sonos. I‘m looking to prepare a lawsuit in the EU right now, where I live. European privacy and consumer protection laws should make this an easy win.

Just FYI, your phone/tablet is just a controller, and doesn’t store information about your system such as what was last played.  The reason is that you can have multiple controllers for the system. 

 

I only have one controller. There should be an option to store recently played items on that controller.

It’s dumb software design when you remove basic features because of the *possibility* of certain future scenarios, that may never happen.

An option in settings to enable a locally stored list would be easy to make. I could tick a box acknowledging that if I ever get multiple controllers, the list would not sync. Fine. Just give me the option!

A recently played list tied to ONE controller, is better than no list without account authentication over the internet. Given that in homes where people have their own phones to control their own music, a locally stored recent playlist to that controller makes perfect sense anyway if you don’t want to see what your parents played recently for example. So even with multiple controllers, the option to NOT sync the recent play list between controllers, would be a useful option.

 

 

This is a daft suggestion. This is about the fundamental design of Sonos.  The speakers store the info and do the work. Controllers control. That is the way it is and must stay.

 

Badge

Just FYI, your phone/tablet is just a controller, and doesn’t store information about your system such as what was last played.  The reason is that you can have multiple controllers for the system. 

 

I only have one controller. There should be an option to store recently played items on that controller.

It’s dumb software design when you remove basic features because of the *possibility* of certain future scenarios, that may never happen.

An option in settings to enable a locally stored list would be easy to make. I could tick a box acknowledging that if I ever get multiple controllers, the list would not sync. Fine. Just give me the option!

A recently played list tied to ONE controller, is better than no list without account authentication over the internet. Given that in homes where people have their own phones to control their own music, a locally stored recent playlist to that controller makes perfect sense anyway if you don’t want to see what your parents played recently for example. So even with multiple controllers, the option to NOT sync the recent play list between controllers, would be a useful option.

 

 

As far as I can see, the limit won’t ‘stick’ unless you allow the kit access to the internet - presumably, to a remote server, which assumes a log in.

 

The Sonos devices could easily store your log in credentials, as they do from streaming services.  You don’t need to log in every time to access a remote server.  Therefore, log in is for a different reason.

I’m also getting prompted to log in when tapping the volume limit item in settings.

Quite… I see no reason at all why a simple per device setting should need to be ‘phoned home’.

 

Requiring a log in is to prevent just anyone on your WiFi from changing your volume limit settings.  It’s not about sending info to a remote server (which really wouldn’t require a log in)

As far as I can see, the limit won’t ‘stick’ unless you allow the kit access to the internet - presumably, to a remote server, which assumes a log in.

I’m also getting prompted to log in when tapping the volume limit item in settings.

Quite… I see no reason at all why a simple per device setting should need to be ‘phoned home’.

 

Requiring a log in is to prevent just anyone on your WiFi from changing your volume limit settings.  It’s not about sending info to a remote server (which really wouldn’t require a log in)

Reply