Unfortunately I have a Sonos system which became effectively bricked unless I signed a new user agreement allowing the collection of data. There are no physical controls on Sonos so the system becomes useless without accepting.
They used to sell dedicated controllers/remotes years ago but these were also bricked as part of an upgrade about a year or two ago. Unhappy owners were offered a voucher (worth less than the value of a single controller - many users owned multiple in order to fully support multi-room - see https://en.community.sonos.com/controllers-software-228995/s...) for their next Sonos purchase rather than allow them to continue to use the hardware they had purchased and used happily for years.
All concerns, requests to be allowed to downgrade, etc. are met on the official forums with a passive-aggressive dismissal of users' concerns by staff backed up by a few cultist fanatics.
I've tried to avoid any further updates (and deny Sonos access to my listening habits) by having it run on a disconnected network but if anyone accidentally updates the app on the old ipad we use as a controller, your forced to update everything. I just wish I had the same system which I originally bought which I use exclusively to play my ripped CDs from a NAS.
How valuable has that data proven to be? Is it worth collecting?
Has spying on your customers revealed any surprises?
Btw, this is a tough crowd, getting downvoted for a simple question like this. Sheesh.
Everything I build I want to last beyond myself. So beyond the source code I also write about the why for everything. That it improves sales is a nice bonus.
This is only a temporary solution to the problem of devices phoning home against your wishes (or knowledge). The "system-on-a-chip" CPUs used in embedded ("smart") devices with an integrated cellular (LTE/etc) modem have existed for years. The hardware that can simply bypass your local network and phone home over the cellular network already exists. The people that want to spy on everyone for profit will no longer ask for internet access through your LAN when someone finally negotiates with the carriers for some sort of low-priority/off-peak access they can use to batch-upload their eavesdropping ("analytics").
 random example from "Q4 3014" https://en.wikipedia.org/wiki/Exynos#List_of_ARMv8_Exynos_So...
I can happily confirm that Canada’s telecom oligopoly will never allow such a thing to happen.
Discounts for off-peak cellular data? Bwahahahahahaha
Wouldn't such a thing require an antenna that you could remove or disable to function?
Speaking of... is there a more effective way to disable a cellular modem than removing its antenna? Like some kind of component that you could replace the antenna with that would mitigate any residual antenna-function of the remaining wiring? I want to do this to the modem on my car.
Or a micro-wireless jammer that’s so weak, it wouldn’t even disrupt anything outside of what it’s built into.
Even if you can’t block the outgoing signal, you’ll disrupt the incoming signal and prevent any kind of handshake from happening.
Wrap it in aluminum foil as a Faraday cage?
That's not a practical solution for a car.
Basically, the problem is the car's electronics have a cellular modem component, but I want everything besides that to continue to function and receive other radio signals. I can disconnect the antenna plug, but my understanding is that will just make the reception worse but not eliminate it.
I'm wondering if there's something simple and safe that would basically act as an anti-antenna, and absorb or interfere with any signals the rest of the electronics manage to pick up or transmit. I don't know much about electronics, but I was thinking maybe some kind of passive component, like a capacitor or resistor, might be able to soak up any residual signal.
Yes I get this Sonos is arguably worse since they're spying on stuff not from a service. iTunes does this as well though you can opt out. Oculus does it too. No opt out there AFAIK. Steam as well. You can add in PS4/Switch/Xbox too.
Does the law preventing companies sharing your video rental history apply to internet companies and streaming music, videos, and games?
Would a class-action be successful in a situation like this?
Apparently they lost the class action, but only paid out a couple months ago.
Next step is different VLAN with no internet access.
A lot of these attempts are probably due to the fact that they fail and keep retrying. Possibly allowing them all would lead to far fewer attempts.
How very funny - as I read the OP and was clicking into the HN comments, all that I had on my mind was "Sonos".
I wish I had the time to clearly and succinctly elucidate the path of Sonos, corrupted by the mobile ecosystem and a reach for easy profits, from a darling hardware provider that users loved to a wannabe data broker that I hate-use.
I plan to buy 5-6 of them sometime later this year, and for what that costs, they have no excuse to data-harvest me.
"Usability" means very different things to different people (after all, the reason Sonos asks for location access is to improve usability), but maybe look at https://volumio.org/, http://www.runeaudio.com/, http://moodeaudio.org/.
Or just install MPD and Pianobar for that old school experience.
I have run a few Airport Expresses for the past 10 years and love them. Older models are cheap (<$30) and still work great.
Take it a step further (if you prefer portability of sound quality) and get an SBC with a bluetooth adapter, and several bluetooth modules which you can rig up to each speaker.
You can probably go by using a couple raspberry pis (or any ARM board with a jack output), a preconfigured SD card image, and some external speakers. I don't know the price of Sonos speakers, but I don't think it would be much higher.
I guess someone could even create a business out of this, especially if tailoring the PCBs to the task.
And looking at the Sonos debacle, I don't think they realize how damaging it is to their brand to just make their devices die every so often. Why not just save money and get something that is unreliable because it is cheap and poorly engineered?
Example: Dropbox's $99 plan used to be able to share a link with password protection, that's been conveniently moved to their $199 plan.
This simply can't happen with self hosted/controlled alternatives that you control updates to.
Protip for anyone else in this situation: The only way to make the cancellation happen without the fee is to repeat "I need to talk to your supervisor" to the drone on customer support, no matter what they try to tell you about not being able to waive the fee. They will never, ever connect you to a supervisor, but they will eventually waive the fee before hanging up on you.
The way they were set up, I ended up having to upgrade to a business user given the shared file sizes I was editing (had something to do with the book publisher being on a business account as well.) I ended up paying more for DropBox than I even made as an editor. Brutal.
It felt like a mobile phone contract: seemingly inexpensive, sneaky, convoluted, and before you know you have a gigantic bill committed to for the year.
That is why i cut the cord on my cable tv. I dont understand how companies can accept the ill-will of bait-and-switch tactics -- is it really more profitable than an upfront deal where each party feels it was an honest deal? I mean, I dont mind paying...but I want know know what i'll be paying and decide accordingly. Cable TV is a virtual monopoly, but DropBox is not and I dont know how they can deal with ill-will from former customers, once bit twice shy.
I'm also using Stack by TransIP. 1000 GB for 0 EUR/month, with e.g. offers of 1250 GB for 2,50 EUR/month. TransIP is by made by the same people as bunq (its Ali Niknam's first successful company)
It does seem to me that once a product is purchased, it ought to remain usable and supported under the terms it was purchased under, but that seems a long way from the current laws around user agreements.
That said, I'm not sure you can really pin this down. It's probably better to just assume that any device that requires a wi-fi connection to work is phoning home until proven otherwise.
And you have to assume that any device that phones home is collecting data. It's not even a secret that this is the case. Pretty much every time I go to a lunch-and-learn for a data product, the major premise of the obligatory client case study is, "We sell this consumer product that does X, but our most exciting product is actually all the data we can harvest from it and then resell."
It's really beyond me why people are buying these devices in case the wifi functionality is completely superfluous and has nothing to do with the main function of the device. It's like asking "hello strangers, tap me and track what I'm doing". This crap needs to stop.
This is IMHO a broader issue with products that receive firmware or OTA updates, it's probably legally a breach of contract already to modify products after sale and change functionality to the disadvantage of the consumer.
A common crypto algorithm gets broken to a degree where it is phased out of use industry-wide to prevent leaking user data, MitM attacks, etc.
But once you flip the switch on that old crypto algorithm, your old devices can no longer be updated without a complex manual process (good luck getting the group of users who have never updated to do that,) and the devices will stop working with any secure online connectivity the users have been used to having (purchasing, downloading, etc.)
You have been trying to let users choose how they use their devices, but now they are upset that you broke their product, which they purchased in a working state. What do you do? This is a very small number of people and the years of accommodating them is getting very expensive, but you want to do right by them.
Offer the old crypto algorithms as a configuration option, or offer 2 versions of the firmware (standard vs. compatibility). Can't be prohibitively expensive, but isn't necessary when it's in the clear interest of customers not to use these old algorithms.
But if you continue to 'support' the legacy algorithm to keep things working for those users, you also open them up to attack and they will surely complain if someone steals their information from "your service".
Roku/NowTV modified the device by connecting to it without authorisation and removing the ability to sideload.
In theory that's a breech of the UK Computer Misuse Act (similar to CFAA in USA), both in the access and separately in the modification.
In practice there's not much one can do, just never buy Sky/NowTV or Roku products ever again.
Moved to FireTV, installed the same app from the app store. Now we get Netflix instead.
You can find old used squeezeboxes on Ebay, and their server software is just a big perl script. That might meet your needs.
My iOS app asks the user for location permissions because without it the remote control app won't know when to attempt to connect when you walk in the door with your iPhone but your remote is sitting at home, waiting for you to hit it to turn on your lights or play music on your Sonos. If you hit the button and nothing happens, that's a horrible user experience!
I used to have location set to Always even though I don't store the location (and I'm explicit about that, even going so far as to open source the entire app ecosystem) but then Apple pushed back and said that always having a location was against their ToS for remotes. I then switched to a geofence, which is still a location based permission but takes less battery life.
 Turn Touch: https://turntouch.com
 iOS source code: https://github.com/samuelclay/turntouch-ios
You might be interested to know that the Turn Touch homepage starts playing audio as soon as it is opened. This was enough for me to close it and never come back, and I think this sentiment is reasonably widespread.
I'm genuinely curios about the reason some people decide to add audio (or video for that matter, but audio is way worse) on autoplay. Do you enjoy when web pages you visit do it? Did you see from some kind of metric that it increases your sales?
I also just added a muted attribute to the `video` tag so it should no longer do that even if I messed up the JS for some browser somewhere. I encourage you to try it once again to confirm.
I'm not going to fight reading a bloody advert with an annoying "GIMMEE EMAIL" advert. That pattern needs to die in a fire.
Firefox 65.0 on MacOS 10.14.
Have you ever seen anyone with nightstand or coffee table where they hollowed out a section for the remote to go in.
I like the idea of being able to pop it out and take it withe me, but 99% of the time I would want it in the exact same place so I would love if it could lie flush and be a part of nightstand.
But you are awesome. I will be making an order.
I've been looking for a way to turn all the lights off in the house and shut off my kids iPad. I can do these things by going into apps on my phone, but when I'm wanting to do it I'm often REALLY exhausted and would kill for a 1 button solution.
I don't quite see how I can use this to shut off the iPad easily. But it definitely helps with the lights. And I think if I hook the house Wifi up to a smart switch I can basically turn the iPad off.
It’s not an “excuse”, it’s a fact. If you allow an app to scan SSIDs you are allowing it to know your location. No amount of sarcasm on the part of OP is going to change that.
Our iOS app is able to run without any special prompts for the user on first run, whereas our Android app has to ask for location services with lengthy explanations before they can get past the first screen.
One suggestion- please update your blog, if this thread convinces you that Google did the right thing. Those posts hang around and impact product engineering.
What kind of api would you propose? The only one i can think of is one that says 'connect to x' instead of 'list all ssid', which still tells you about location but not a lot.
I occasionally think about g+ shutdown, and how Google engineered quite a bit for privacy, and removed things like games that leak location and quizzes, and forced people to create groups, which is the right thing but people liked the rich experience of facebook. Now that many are fleeibg from fb, they can't go to g+.
Sorry to thread-jack. Clearly i have a blog post pent up.
I bring an AirMac (Apple Airport Express) with me to hotels when I travel. I guess this is why my Android phone gets so confused about where I am if it's in airplane mode with wifi enabled.
BSSIDs can be easily mapped to a location using free and readily-available services. They are as good as most geolocation mechanisms you can get.
Google did this for the right reasons.
Still not perfect, since it can search for well-known SSID's like "StarbucksWifi" or "Comcast", but it limits the exposure - the API could have a limit on how many SSID's can be searched for by the app before you need to re-authorize it, so it can only search for 6 SSID's instead of the top 10,000 SSID's.
Or the permission request can include the SSID "This app asking for permission to search for PioneerSoundsystem SSID" or maybe a prefix like "PioneerSoundsystem-*" so they can append unique ID's.
Though in reality it will never happen because few people care -- most people are happy granting the app whatever permission it requests.
In this case, the remote wants to know if it is near the receiver. It doesn't want to search all devices - just to know if it is near a specific group.
Could one not just try to connect to the paired devices without scanning? There are presumably not that many paired devices.
That line implies Google made a "stupid mistake" here, when to me it seems like it was very much a calculated/malicious move.
The only legitimate use case for location I can think of would be to pull down cable/tv/radio channel/station listings. But this shouldn't be a requirement since the user could easily manually enter in the ones they want. My guess is that something like this might be used as the pretext for requiring location. However, if the app continues to require location to function longer term (i.e. that this wasn't just an oversight which gets corrected in a future update) then I would assume that the real use case is something that has nothing to do with helping the user.
Keep in mind that many things including trivial flashlight apps have a history of wanting location access. There's usually a pretext in the form of some questionable/marginal feature that's used as a justification for the permission. Often after some digging the real reason becomes apparent in the form of data collection or an included ad serving library.
For example, I have a 'smart' thermostat which has an app that requests location access. I deny it and it still works. There's at least one feature they use to justify requesting it but I suspect that if there weren't other uses (having nothing to do with benefiting me) for location data that the feature requiring location data probably wouldn't even exist.
Maybe. Perhaps they fielded a lot of support requests related to getting Bluetooth and/or WiFi connectivity established before using the remote for the first time.
So it worked fine for this user, but didn't work well for less technical customers.
Too many apps ask for permission immediately without any context as to why they're doing it.
Technically, for example, an app may not even want to see all available SSIDs. Maybe an app just wants one passed to it. Sort of like a browser file dialog works.
The pop up text from the OS says it wants the user's location. That's not what it wants or needs.
This comment has some other examples: https://news.ycombinator.com/item?id=19216715
I could make an app that logs every phone call I make along with it's duration so it can recommend friends for me. I wouldn't expect that app's permissions dialog to read "Allow app to recommend friends to you".
Getting into the technical details doesn't work for average users, especially for cases like this where the risk isn't obvious - non-technical people will almost certainly not know that revealing local SSIDs reveals your location.
Browser wants to download a file, so I have to give carte blanche permission to access all my files. Why can't I just give permission to place new files with app-supplied content, i.e. no reading of existing files, no overwriting / deleting of existing files, and OS-managed name collision resolution?
The same applies to the camera app. And no, the camera app does not need to read my files to display a gallery of photos taken. The gallery app already does that, and Android is perfectly capable to re-using an activity (via intent) of the gallery app as part of the camera app without the latter gaining any permissions.
Maybe an option to open up a more detailed description of what the app wants the permissions for?
To a non-technical user, "Access nearby Wifi signals" (or something similar) sounds totally innocuous. Most people would approve that assuming that the app just wants to connect to the internet.
You could get more detailed and say "Access nearby Wifi signals, which could reveal your location", which conveys the privacy risk. But to the average user, "access nearby wifi signals" isn't adding anything - the only real privacy risk is that location is revealed, so it just makes sense to convey it as your location.
There's other cases where I think there's a better case for finer-grained permissions - some apps ask for phone call permission just so they can know whether you're a call or not - arguably something that should hardly require permission at all, but it's lumped in with one of the more scary sounding ones.
In this case, the phone OS could provide a similar interface for an app to pass off selection of an SSID or Bluetooth device to the OS, without giving away other permissions.
I think a jQuery update fixed it, but don't recall. It wasn't simple to track down either.
Disclosure: I work on a Sonos competitor  that tracks customer data purely for product improvement and is fully opt-out-able.
Frankly, this text isn't alarming enough.
Clearly the answer is Yes because of security updates and bug fixes, and maybe the occasional interesting feature. Besides, once in a while an android developing HN poster will complain about all those pesky users that just don't update, and I know their pain very well.
Clearly the answer is No because I have no idea if the app will continue to work tomorrow after the next update? Will it start doing something sleazy, causing a worse security problem than just being hacked? Will it break because I happen to use an edge case which will be buggy.
I could manually update after a few days have passed, so I can make an informed choice. But finding detailed info for 1 app is challenging, and there are 40 or so on my phone. That's about a full time job, and my parents and neighbors have smart phones too.
I mean, I love my radio. You push power, you get music. Easy. I' pretty sure this will happen tomorrow, just like it did the last 20 years. It's not going to decide one day to start walking around and sell a map of the house to ikea or whatever. Now why can't I ask from my phone, being a personal organiser and extension of my mind, to be as trustworthy as this?
For now, my personal compromise is to auto update firefox, manually update the OS, and firewall the others and never ever update them when they work well enough. I trust firefox and HME(OS, zombie Nokia) not to fuck up too bad and fix things reasonably fast. I wish i could trust the ecosystems more and just auto update everything, but today? Not gonna happen.
In last 5 years or so, I have had a Garmin, a Fitbit and now a Garmin watch. I never used to have to enable location with my first Garmin tracker untill I upgraded Android os. After that point onward all my fitness trackers now ask to enable location in order to connect to my phone.
Yeah, the message could be made clearer about what's actually being allowed, but in the end I'm glad it's there. Maybe a generic system for when you request a permission being able to provide an explanation string or something. I know some apps made a pop-up before the prompt but I found that rather verbose especially when it was incredibly obvious why they needed the permission.
Minor nitpick, it’s the BSSID that’s used to lookup the location. In some cases the BSSID is the same as the MAC address (usually with cheaper consumer gear), but it’s not the case with APs that are broadcasting (or have capability to broadcast) more than one SSID. As one example, think of APs that have “Home” and “Guest” separate networks.
Somewhat ironically because Google went and made that dataset, then publicized it.
In Android and w/r/t BLE, the OS doesn't provide a user-facing bonding interface. The app has to do it.
I'm just saying fitness trackers have at least one legit reason. Unlike a remote control seemingly having no legit reason to scan local wifi.
What if they allowed you to name SSIDs such as 'Home' or 'Work', and then when the app scanned for networks in your house it would only see 'Home'?
There’s a reason Apple Maps says “enable WiFi to improve location accuracy”.
I’m incredibly annoyed that phones don’t report themselves with randomized Mac addresses. WiFi tracking is pervasive.
You've got it backwards. The phone isn't being tracked, the phone is the one doing the tracking. The phone is looking at all the wifi APs it can see and then looking those up in a database.
Nobody sees the phone's MAC address. It isn't broadcasting anything at all.
Fitbit UI, weirdly, explains what its doing but refuses to provide the actual numeric result.
To some extent its overkill... from my experience orienteering as a civilian and in the military, your average stride length might vary up to 5% based on conditions. You can't use dead reckoning alone to do land nav on foot for long distances, you need a map (or GPS). Which I guess is kinda the point of the fitbit needing GPS access. Doing theoretical calculations to 4 sig figs means at least on average its not too far off, and frankly most athletes use the same boring path every day with the same shoes etc so averaged track data is going to be more accurate than a wilderness land nav course anyway.
I have not decompiled the fitbit code or done anything illegal but IF I were to implement this I'd include GPS/map based ground slope data as a correction factor because I know that has a major impact on stride length. I have no idea if fitbit does that, but they should.
I plotted this data.
step counts: https://i.stack.imgur.com/x0TPU.png
Both quite reasonable looking.
Inferred stride length: https://i.stack.imgur.com/giz7V.png
Note that it breaks down into 5 distinct regions, with very sharp boundaries between them. Within each region the stride length has a fairly level average but a lot of variation around that. When you cross a region boundary, same patter but the average shifts down (sometimes dramatically, such as the shift in early 2016).
I have no explanation for any of these shifts except that last one and maybe the small one around Oct 2016. The last one, in the middle of 2018, corresponds to my changing phones from in iPhone 6 plus to an iPhone x. That small one before that matches up with when we switched to full time work at home
The earlier shifts were all on the iPhone 6 plus, and as far as I can tell do not correlate with iOS updates, or with anything in my life that might change my stride size such as seasonal changes (I probably take smaller strides in winter) or getting new shoes.
I asked about this on apple.stackexchange.com, but it got no answers or comments, a down vote, and was automatically deleted as a dead question.
Look under "How do I change my stride length?" on the page below. The same place you change it you can also see it.
Disclosure: #fitbitemployee but speaking only for myself.
For a very specific example of the genre, pdroid and its numerous clones (some of which were trojans as I recall) from around 2011 seems to almost perfectly match your request.
You know you're in deep when you have to root your phone, install a custom rom, then patch the custom rom, just to limit how much you're getting spied upon.
These days, if any important-to-me app is slated to be updated, I first run a backup in case ridiculous permission demands, feature removal, or other such f*ckery comes with the update.
I always know where my phone is, but the regular remote likes to hide in the sofa.
You can make a purpose built remote with BLE and a nice screen, or buy a cheap Android phone for a fifth (guessing!) of the dev costs?
We have a winner!