
Bose headphones spy on listeners: lawsuit (2017) - 88840-8855
https://www.reuters.com/article/us-bose-lawsuit-idUSKBN17L2BT
======
Ice_cream_suit
The outcome :

"The court dismissed Zak’s novel wiretap and eavesdropping claims, writing
that the complaint failed to adequately allege that Bose is not a party to
communication, as is necessary for violations of these statutes. “ … [T]he
relevant inquiry,” the court wrote, “is whether the defendant is a participant
in the conversation, as opposed to a nonparticipant that uses other means to
gain access to – i.e., intercept – the communication.” Bose wasn’t an
intruding third party, so this line of attack was shut down.

Nonetheless, the unjust enrichment and Illinois state consumer fraud charges
survived. And, to make things a little more interesting for the defendant, the
court left the door open for Zak to file again under the Wiretap Act if he
could prove “that Bose is in fact not a party to the communication or that
Bose, while a party, nevertheless intercepted a communication with the purpose
of committing a crime or tort independent from the alleged interception.”"

[https://www.lexology.com/library/detail.aspx?g=5499bec3-8a87...](https://www.lexology.com/library/detail.aspx?g=5499bec3-8a87-4dc0-a010-dae6249a2932)

~~~
zaroth
Not an intruding party?! Well who the heck invited them to the conversation!!

I was assuming it would be thrown out because they only collected _metadata_
and if they didn’t pull full audio that they didn’t meet a required element.

Luckily the wording implies that it’s not that the judge found from the
evidence that they were an invited party, just that the claim failed to
properly lay the foundation in their briefs?

I hope they refile.

~~~
davemp
It looks like the app only sent song selections so there's no "communication"
in general.

> The alleged eavesdropping would deliver user information – including song
> selections . . .

[GP's source]

\---

Honestly I think it might be worth looking into the idea of metadata
collection as eavesdropping. Unless there's an implicit technical requirement
for data, the company should need to explicitly request it.

For phone lines it's obvious why the service provider is party to the
communications:

    
    
        caller --> switching equipment --> callee
    

The bose situation is more:

    
    
        user --> bluetooth --> headphones
                     |
                     +--> bose
    

Though this sort of ruling might just drive everything to an even more
disgusting state of centralized services so that companies can claim an
implicit technical need for data.

------
tty2300
This is exactly why I refuse to use an app for setting up hardware. Bose
pushes really hard to get you to use an app for something that really doesn't
require an app.

~~~
woadwarrior01
I switched from a Bose QC35 to a Sony WH-1000XM3 about half a year ago, and
the Sony app on iOS was egregiously requesting permission for location access,
even while the app is in background. The cited reason for location access
sounded rather flimsy and suspicious. Luckily, everything that can be done
with the app can also be done with the physical buttons on the headphones. I
guess their design philosophy is that if you want the convenience of using an
app with the product that you’ve already paid a lot of money for, you’ll need
to pay for it with your location info.

~~~
javajosh
A company should exist that simply takes wonderful products, removes the
offending bits, and resells them, perhaps at a premium. Both headphones are
really good, and I certainly would pay a $100 premium if the maker was "one of
the good ones" and provided, e.g., an optional, open-source app with minimal
permissions.

~~~
ImprovedSilence
I'm 100% right there with you. But the inner pessimist in me isn't holding my
breath. Said new company would perhaps start with an excellent and wholesome
mission statement, make some great products and then take on funding, need to
experience exponential growth, maybe have an IPO, and eventually betray it's
users in the quest for "maximizing shareholder value" and providing a "better
user experience". If it can happen to Google it can happen to anyone...

Also, can I even buy a sound bar for my TV that doesn't listen to me and need
an internet connection these days... It's unreal the unneeded complexity and
bullshit they put in some electronics.

The real heroes the world needs are just independent founders that use slow
growth over several generations and never sell the business, thus minimizing
incentives other than having a lifestyle business and making great stuff. But
the money is just too tempting eventually, or the business just isn't feasible
at that scale.

~~~
scarface74
Google was never “wholesome”. Their business model from day one was to collect
user information and sell ads.

~~~
derefr
For the first few years of its life, Google (nee BackRub) was a business-
model-less company that just ran a search indexer. They looked like they were
heading toward the Inktomi model of selling their compiled search-index (or
access to their index data warehouse) to companies to use. Google Ads came
later, and was honestly quite a shock to everyone who was telling their
friends that Google is an unalloyed good as the new AltaVista.

~~~
scarface74
Google was incorporated in September 1998. AdWords was introduced in October
2000. They were an ad company from almost day one as a business.

~~~
eitland
But there's still a difference I think.

IIRC, and I'm quite confident about this particular one, ads used to be served
based on the site you were visiting or the search had typed.

Some people hate all ads.

For me I felt old google ads were OK.

Some people will say this isn't a good enough business model and to that I'll
point out that google was widely profitable back then as well, again IIRC.

~~~
scarface74
Google ads on desktops on Google’s site aren’t that bad. But, because of
limited real estate, almost all ads on mobile devices are bad. Web page ads on
other sites have gotten so annoying that the web is horrible without an ad
blocker.

Strangely enough, ads in feeds like Facebook, LinkedIn, or Twitter don’t annoy
me as much.

I also think the ads in the iOS App Store are horrible.

------
EmilStenstrom
If you start the app (Bose Connect, iOS), there's a setting called "Privacy
Policy & Settings". There's one option there, which disables "Share data with
Bose". I'm not saying that everyone will find it, but at least it's a solution
for people that read Hacker News and wants to keep using the app.

~~~
craftyguy
Why do you _need_ a special app to use headphones? Is this really what the
future looks like?

~~~
RKearney
You don’t. The last pair of Bose headphones I had came with instructions to
download the app which I just ignored. The headphones worked perfectly fine
without the app.

~~~
paranoidrobot
You need it if you want to turn off or change the noise cancellation mode.

~~~
hckrnwsthrwwy
There is a button that cycles through high-low-no noise cancellation on mine

~~~
amlozano
When you buy a new pair these days, pressing that button causes the headphones
to say "Configure the action button in the Bose Connect App"

------
tr33house
Why do people build great companies then do unnecessary things to destroy them
just for a few more dollars

~~~
falcolas
A terminal (to the company) focus on short term profits over long term
sustainability. Profits, after all, boost stock prices, and a good portion of
a CEO’s compensation is typically in stock grants (not to mention share
holders or board members).

------
gffg
It is worth pointing out that MIT owns Bose. 100%. Omar Bose left it to MIT in
his will. He would be rolling in his grave if he saw what MIT was doing with
it.

~~~
ChrisLomont
MIT doesn’t own 100% of Bose; he didn’t leave it all to them.

~~~
sjwright
From Wikipedia:

 _In 2011, Bose donated a majority of the company 's non-voting shares to MIT
on the condition that the shares never be sold. Because these shares are non-
voting, MIT does not participate in operations or governance of Bose
Corporation._

What the heck is the point of owning shares if you can't sell them and you
can't influence the direction of the company? That sounds like an accountant's
joke.

(Presumably the benefit comes from the fact that Bose Corporation pays
dividends, but nothing stops the other shareholders from deciding to cut or
stop dividend payments. MIT certainly has no way to stop them.)

~~~
52-6F-62
Dividends, in order to provide funding to the school, I imagine.

~~~
TeMPOraL
I wonder how many problems in the world are ultimately caused from shares not
being seen primarily as a source of divident, but as an asset to gamble with.

~~~
craftyguy
Considering that it generally pays (far more) to gamble with them than to sit
on them and collect meager dividends slowly over time, it's not a surprise
really.

~~~
TeMPOraL
Yeah, it's not a surprise that this happens. I'm just wondering why the system
is designed to allow and encourage that, instead of blocking it. I can't see
anything good coming out of it.

~~~
JumpCrisscross
Long-term tax treatment for dividends on stock held for more than N years
wouldn’t be a bad idea.

~~~
akvadrako
We already have that, qualified earnings.

------
loki2005
Why should one need an app to control their headphones?

Give me hardware interface to control the functions.

~~~
jdietrich
You couldn't physically fit those controls onto a pair of headphones. There's
simple stuff like the level of noise cancellation, but also language settings
for the voice prompts and saved profiles for different paired devices.

The Bose app is relatively simple as headphone apps go. Nuro and Even offer
headphones with custom DSP profiles to match your hearing and the Audeze
Mobius has spatial audio with motion tracking. It's simply not possible to
implement features like that without some kind of companion app.

~~~
muxator
Or publish the APIs for at least allowing a third-party implementation?

~~~
UncleMeat
Now you have APIs that people depend on and will get pissed if they change. If
you do it all internally then major API changes are not a problem.

~~~
necovek
Assuming you are talking about lock-step updates of firmware and app, how
would an app work with firmware lagging hardware, or updated firmware but old
app?

People have multiple devices (eg tablet and phone) which means they'd easily
get into such a state.

I imagine they have to keep the most of backwards compatibility for their
internal purposes as well (or at least their developers' sanity :)).

I am pretty sure having open APIs (that evolve) would still be more
appreciated than not.

------
leowoo91
I've used QuietComfort (25) in past, I've never heard of any app that was
available to configure it.

~~~
lstamour
It’s very common to have an app for Bluetooth QC 35 headphones, as these
headphones play back digital audio (they basically have built-in iPods minus
the on-board storage), and in their newest variants, ship with Google or Alexa
via the app. But primarily you’d get the app to customize EQ, customize which
devices are connected, troubleshoot the Bluetooth connection or perform
software upgrades (an essential task these days...)

------
readparryrepost
I'd be fascinated to see whether a similar degree of monitoring is going on in
a post-GDPR context. A data request should return everything as Bose is an EU
based firm with some customers within the EU surely?

~~~
fyfy18
The GDPR haters need to realise this is exactly the sort of thing it is meant
to prevent. The EU legal landscape is very different from the US, in that
regulations protect consumers vs the threat of class action lawsuits. What
would happen here if Bose were a solely EU company with no US presense, who
would you sue then?

~~~
jacquesm
The GDPR haters on the tech side usually work for companies (or are founders
of) that do stuff that they really shouldn't be doing.

------
cecicasa
I have Bose QC35 and personally I think that app is great because: 1) you can
select the level of noise cancellation, and I found that I appreciate more
having a low level NC a part from when I am on a flight where I use high NC 2)
you can select 2 devices to pair at the same time, having 2 laptops and my
iPhone at work is great to be able to switch with an app

That said, these two actions do not require to collect users data..so they
should stop doing that without users’ consent

~~~
deogeo
If I planted a listening device in someone's home, I wouldn't be asked to
'stop doing that' \- I'd go to jail.

~~~
craftyguy
You? Yes.

"Tech" companies? Nope.

------
JumpCrisscross
The court’s opinion and order:
[https://f.datasrvr.com/fr1/319/48563/Bose_Memo_and_Order.pdf](https://f.datasrvr.com/fr1/319/48563/Bose_Memo_and_Order.pdf).

------
Angostura
It looks as if there are quite a few Bose-made apps available for download in
in the EU. Feels like a clears GDPR violation without active consent

------
neon_me
New marketing strategy: Bose // We Listen to our Customers

------
codedokode
Will there be similar consequences for Bose, as for Huawei? Like companies
stopping dealing with them, Google revoking software licenses? Or if it is an
American manufacturer, then it's ok to spy?

------
whatgoodisaroad
This is from 2017. IIRC it was quite widely reported then as well.

~~~
ncmncm
First I heard of it.

Mind you, I would never, ever buy a Bose product, or install their app if I
got one, so this is kind of academic for me.

~~~
ia42
And why not? They seem to have the best noise cancellation system on the
market, even when compared to headsets twice the price.

~~~
lightedman
My gun range headphones have physical noise elimination by nature of their
construction. Better than anything Bose can do digitally.

------
cbluth
Needs a (2017)

------
woofwoofwoof
I agree that this is quite shady, but they require your explicit permission
when you enable music sharing. My QC35s are great btw.

------
tinus_hn
Clearly this man is seeking a fat settlement but this kind of behavior by Bose
is indeed sleazy, even if it is mentioned in the small print most people
wouldn’t expect that and read it.

~~~
perfmode
Isn’t hitting corps with settlements an effective mechanism in the consumer
protection toolkit?

~~~
a-dub
it shouldn't be necessary.

~~~
perfmode
I’m curious what you suggest... how things ought to work in your mind.

~~~
Sharlin
The EU seems to work fine without the sort of litigation culture the US has.
Punitive damages aren’t a thing here either, and not all menber countries even
have class action lawsuits in their legislation.

