
Bose headphones spy on listeners: lawsuit - hamstah
http://reuters.com/article/idUSKBN17L2BT
======
Etheryte
Previously on HN:
[https://news.ycombinator.com/item?id=14148145](https://news.ycombinator.com/item?id=14148145)

------
krautsourced
Highly misleading headline (though I'm appalled by the apps' data collection
as well). The headline suggests (and it was why I initially clicked it) that
the noise-cancelling microphones listened on the user and transmitted those
recordings to Bose. Now _that_ what be a proper scandal.

------
throwaway628hdb
Statement from Bose's home page
([https://www.bose.com/en_us/index.html](https://www.bose.com/en_us/index.html)):

A message to our Bose Connect App customers

April 20, 2017 We understand the nature of Class Action lawsuits. And we’ll
fight the inflammatory, misleading allegations made against us through the
legal system.

For now, we want to talk directly to you. Nothing is more important to us than
your trust. We work tirelessly to earn and keep it, and have for over 50
years. That’s never changed, and never will. In the Bose Connect App, we don’t
wiretap your communications, we don’t sell your information, and we don’t use
anything we collect to identify you – or anyone else – by name.

If there’s anything else we think you should know, you’ll hear it straight
from us.

April 23, 2017 We told you you’d hear things straight from us. We’ve answered
your questions when they’ve come in, but when news stories repeat misleading
information from a class action lawsuit, we have to repeat our response to
clarify. So we’re going to share with everyone what we’ve shared with those of
you who’ve contacted us directly, and what we’ve shared more broadly to
correct the record.

First, our privacy policy can be found on the Connect App. You’ll find that
the Connect App collects standard things to make your experience, and our
products, better -- like device information, app performance, and app and
product usage. That includes information about songs playing on the device,
volume played, and other usage data.

But you have to be using the Connect App with your Bose product for that to
happen. You can use every Bose Bluetooth product without the Connect App.

For as long as we’re hearing from you, you’ll keep hearing from us. And we’ll
keep posting additional information that you haven’t asked us about, too.

------
philfrasty
I submitted an Amazon review for my QC35 (purchased on Amazon) mentioning the
questionable privacy policy.

It was instantly denied (..."not following review guidelines...")

~~~
techer
I've just done the same...wonder if they will publish mine. The app store did
publish it.

Edit: mine has been instantly published and I see another from 2 days ago that
also cites concerns. I wonder if it will be removed.

------
air7
The prevalence of suing in the US always surprises me. I wonder though: Can
Kyle Zak (the plaintiff) be just anybody? Does he need to prove any damage
occurred to him as a result, or is the violation of TOS enough?

"Zak is seeking millions of dollars of damages for buyers of headphones and
speakers"

who would hypothetically get said millions? This doesn't seem to be a class
action.

------
tzaman
Does this mean that anyone who's using Segment to collect data on their
customer and sends it to a warehouse like Google Big Query is more likely to
have a problem because the data is "shared" with two third parties? (pardon my
ignorance, not good with this stuff)

~~~
gog
I believe that is the reason we have "cookie law" in EU.

------
dingo_bat
The app does, not the headphones themselves.

Source: reddit :P

~~~
pluma
Ah, I was going to ask why in Earth someone would create Internet-enabled
headphones but I wouldn't have been particularly surprised.

~~~
mtgx
For the same reason Internet-connected "bottles of wine" exist: people want to
take advantage of the "smart" and "IoT" buzzwords, no matter how little sense
such products make, and how much they expose users to hacking and privacy
invasions.

[https://www.theverge.com/2016/3/28/11317518/kuvee-bottle-
kee...](https://www.theverge.com/2016/3/28/11317518/kuvee-bottle-keep-wine-
fresh-smart-wi-fi)

------
snowwolf
A more in depth look into what data is collected by a security researcher:

[https://bscc.support/files/bc_privacy/bose_connect_privacy_e...](https://bscc.support/files/bc_privacy/bose_connect_privacy_evaluation.pdf)

------
bjelkeman-again
This type of case could get interesting with the new EU data privacy laws,
GDPR, coming into effect in a year (May 2018).

You have to be able to prove consent. "Controllers should also implement
mechanisms to ensure that personal data is only processed when necessary for
each specific purpose." It will be interesting to see which type of cumbersome
consent forms we are going to have to go through when this comes into effect.

[https://en.m.wikipedia.org/wiki/General_Data_Protection_Regu...](https://en.m.wikipedia.org/wiki/General_Data_Protection_Regulation)

~~~
rmc
The interesting bit with consent (for EU data protection stuff) is that it has
be freely given (so you have to be able to say no), and it has to be informed,
so you'd have to show that the person _knew_ what they were signing up for. 20
pages of legalese is probably not "consent"

------
juststeve
always monitor your TCP connections.

~~~
cs2818
Is there an easy way to do this on iOS?

I use Little Snitch on my laptop, but haven't ever found an equivalent for
mobile devices.

~~~
walterbell
Enable Always-On VPN on iOS and monitor traffic at the VPN device.

