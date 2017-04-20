Hacker News new | comments | show | ask | jobs | submit login
[dupe] Bose headphones spy on listeners: lawsuit (reuters.com)
107 points by hamstah 243 days ago | hide | past | web | favorite | 21 comments



Highly misleading headline (though I'm appalled by the apps' data collection as well). The headline suggests (and it was why I initially clicked it) that the noise-cancelling microphones listened on the user and transmitted those recordings to Bose. Now _that_ what be a proper scandal.


Statement from Bose's home page (https://www.bose.com/en_us/index.html):

A message to our Bose Connect App customers

April 20, 2017 We understand the nature of Class Action lawsuits. And we’ll fight the inflammatory, misleading allegations made against us through the legal system.

For now, we want to talk directly to you. Nothing is more important to us than your trust. We work tirelessly to earn and keep it, and have for over 50 years. That’s never changed, and never will. In the Bose Connect App, we don’t wiretap your communications, we don’t sell your information, and we don’t use anything we collect to identify you – or anyone else – by name.

If there’s anything else we think you should know, you’ll hear it straight from us.

April 23, 2017 We told you you’d hear things straight from us. We’ve answered your questions when they’ve come in, but when news stories repeat misleading information from a class action lawsuit, we have to repeat our response to clarify. So we’re going to share with everyone what we’ve shared with those of you who’ve contacted us directly, and what we’ve shared more broadly to correct the record.

First, our privacy policy can be found on the Connect App. You’ll find that the Connect App collects standard things to make your experience, and our products, better -- like device information, app performance, and app and product usage. That includes information about songs playing on the device, volume played, and other usage data.

But you have to be using the Connect App with your Bose product for that to happen. You can use every Bose Bluetooth product without the Connect App.

For as long as we’re hearing from you, you’ll keep hearing from us. And we’ll keep posting additional information that you haven’t asked us about, too.


I submitted an Amazon review for my QC35 (purchased on Amazon) mentioning the questionable privacy policy.

It was instantly denied (..."not following review guidelines...")


I've just done the same...wonder if they will publish mine. The app store did publish it.

Edit: mine has been instantly published and I see another from 2 days ago that also cites concerns. I wonder if it will be removed.


The prevalence of suing in the US always surprises me. I wonder though: Can Kyle Zak (the plaintiff) be just anybody? Does he need to prove any damage occurred to him as a result, or is the violation of TOS enough?

"Zak is seeking millions of dollars of damages for buyers of headphones and speakers"

who would hypothetically get said millions? This doesn't seem to be a class action.


Does this mean that anyone who's using Segment to collect data on their customer and sends it to a warehouse like Google Big Query is more likely to have a problem because the data is "shared" with two third parties? (pardon my ignorance, not good with this stuff)


I believe that is the reason we have "cookie law" in EU.


The app does, not the headphones themselves.

Source: reddit :P


More accurately, Bose spies on its customers, not the app, not the headphones. And Bose sells the collected information.

"No matter how cynical you become, it's never enough to keep up." - Lily Tomlin


Ah, I was going to ask why in Earth someone would create Internet-enabled headphones but I wouldn't have been particularly surprised.


For the same reason Internet-connected "bottles of wine" exist: people want to take advantage of the "smart" and "IoT" buzzwords, no matter how little sense such products make, and how much they expose users to hacking and privacy invasions.

https://www.theverge.com/2016/3/28/11317518/kuvee-bottle-kee...


A more in depth look into what data is collected by a security researcher:

https://bscc.support/files/bc_privacy/bose_connect_privacy_e...


This type of case could get interesting with the new EU data privacy laws, GDPR, coming into effect in a year (May 2018).

You have to be able to prove consent. "Controllers should also implement mechanisms to ensure that personal data is only processed when necessary for each specific purpose." It will be interesting to see which type of cumbersome consent forms we are going to have to go through when this comes into effect.

https://en.m.wikipedia.org/wiki/General_Data_Protection_Regu...


The interesting bit with consent (for EU data protection stuff) is that it has be freely given (so you have to be able to say no), and it has to be informed, so you'd have to show that the person knew what they were signing up for. 20 pages of legalese is probably not "consent"


always monitor your TCP connections.


I recently enabled Little Snitch on my Mac. It has a lot of system rules enabled but I disabled them all just to see what happened.

I knew that OS X has a lot of cloud interaction and phones home often... but it's staggering just how often and to how many addresses and protocols this is. I mean every minute or so it's doing something it probably doesn't have to.

It makes me wonder how safe VPNs are. I don't think they're safe at all seeing all this side traffic going out concurrently.


> It makes me wonder how safe VPNs are. I don't think they're safe at all seeing all this side traffic going out concurrently.

How do you mean? If you're worried about traffic outside of your VPN software locally on your machine you can put the VPN client in your router or get a dedicated VPN gateway.

Or are you referring to potential locally sourced personally identifiable data leaking over VPN to be sold by vendors? That one is tougher, other than don't have those services installed or run those OS:es.


Is there an easy way to do this on iOS?

I use Little Snitch on my laptop, but haven't ever found an equivalent for mobile devices.


Enable Always-On VPN on iOS and monitor traffic at the VPN device.


When I last tried about 2 years ago I had to use my MacBook as a proxy for the iPhone. You could intercept the traffic on the Mac via the mentioned softwares.




