Hacker News new | past | comments | ask | show | jobs | submit login

For those that missed it, a representative from one of the other companies named in the suit helpfully dropped in to provide additional context on their company's part in this. It even had a super positive "happy to answer ... questions" attitude. It was deleted in a few minutes as they realized how poorly that was going to turn out.

The reaction wasn't unexpected. Especially since, while they were supposedly not directly purchasing or selling the data, they did help collect the data that Bose allowed themselves to buy or sell. And the TOS allows for third-party collection and use of data with little restriction.

I did grab a snapshot and the text, but it's quite full of personally identifying information - name, position and company, as well as links to their dropbox account. I think the information is important, but I'll try to leave out those details. Not that it would stop anyone determined to dig through case details.

In any case, maybe this will help people to discuss the points they were making and share their attitudes about them without receiving a massive Twitter storm.

> 1. The suit implies that [Company x] buys the data from Bose for marketing, advertising, targeting or profiling. We don’t do that. We help Bose collect event tracking data (like you send to Google Analytics) and send that data to their product analytics tools (like Mixpanel, Amplitude, Crashlytics, Crittercism, AWS Redshift, etc.) Analytics tools like this are used to create reports to understand how a product is being used or how a product is performing.

> 2. The suit claims that the event tracking was done unexpectedly and in secret, but that’s not true. We require that our customers (like Bose) get appropriate customer consent, not collect any data in violation of the law, and not pass segment any sensitive customer information as defined in applicable laws. To the best of our knowledge, Bose complies with all of that. On the main screen of the app, there’s a link to “Privacy Policy” front and center

To be clear, no one thinks that you didn't do your job from the beginning in attempting to cover your legal bases. We're aware that analytics is a valid business. And that it has some valid use cases. But analytics is also an industry that gets abused frequently and doesn't self-regulate.

In this particular case, people are upset because the hardware is not completely functional without the app - so people can't just not use it or "opt out" without losing part of what they just paid a fair amount of money for. No one would use the app except for that functionality, so collecting information on "app use" when the use of the app is a manufactured scenario seems quite unfair for a high-end product.

When collecting data in these scenarios, you need to be explicit about what you're collecting and not deviate from it. Data overreach and intentionally vague language are both received poorly. It could be that they're only collecting audio metrics. But their TOS would also allow them to collect information on every running app at any time (ostensibly it could effect quality) or on phone contacts (like if you made a call using the hardware), device location, texts, calls, and could conceivably transmit even more sensitive information.

All it takes is one wide tie with a bright idea to slip that "feature" in. Furthermore, there's nothing stopping Bose from changing their TOS at a later point. So these "protections" don't really protect the consumer.

Bose chose language that gave them too much potential freedom, and they're paying for that. You just did your job, yes, but honestly the job probably wasn't required for this particular product.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact