I recently decided to get a wireless speaker for our Kitchen. Sonos seems like an obvious choice these days. The sound quality and aesthetics were very appealing. So I ordered a Sonos One SL speaker.
In terms of sound quality and looks, I was very pleased. I’m not an audiophile but the sound quality seemed superb and the speaker just looks fantastic. A very clean and unassuming look.
As I later discovered, a dirty beast hides under the cool exterior.
My concerns started to grow almost immediately as I was setting up the new speaker. I downloaded the app, and started the setup process, soon to realize that I need to register with my email just to set up the device on my network… And of course, I had to accept the terms and conditions …. hmmm… ok, I guess.
I was then asked to allow sharing my location as well, which raised another alarm bell. Why does my speaker need my location? I’m not 100% sure, but if I recall, I had to allow it to access my location, or else I couldn’t continue.
Once the device was finally set up, I went through the settings, to explore and see what else is there. I was rather disappointed to find that “Additional usage data” was turned on by default. I live in Europe, and I thought that the EU regulations should prevent this kind of behaviour. They should explicitly ask my permission to track my usage, especially if it isn’t necessary for the device to function.
I could opt-out of it luckily, but it didn’t feel right to me.
What data is Sonos collecting, and why?
Digging into the Sonos privacy policy made my hair stand…
Functional Data:
This data is absolutely necessary for your Sonos Product or Service, including Sonos Radio, to perform its basic functions in a secure way and you will not be able to opt out from this data collection, sharing, and/or processing if you want to continue to use your Sonos Products.
We collect:
Registration data. This data includes your email address, location, language preference, Product serial number, IP address, and Sonos account login information (as described above).
System data. This data includes things like Product type, controller device type, controller operating system, software version, content source (audio line in), signal input (e.g. whether your TV outputs a specific audio signal such as Dolby to your Sonos system), information about WiFi antennas, system settings (such as equalisation or stereo pair), Product orientation, names of the music service(s) you added/enabled on your Sonos product, the names you have given your Sonos Product in different rooms, whether your Product has been tuned using Sonos Trueplay technology, system performance metrics (e.g. the temperature of your Product or WiFi signal strength) and error information.
(emphasis not mine)
So this is just the data that you cannot opt-out of. The data absolutely necessary to perform basic functions. And in case you wonder why they track this data, here’s what the privacy policy says
Why we collect Functional Data: We collect this information to help ensure that your Products are working properly, to provide you with customer support, to honour your audio preferences, and to guide product improvement and customer support decisions. We also collect this information to guide product improvement and customer support decisions which is our legitimate interest.
emphasis mine… we’ll go back to what legitimate interest actually means later on.
I’m not sure what basic functions for a speaker might be, that they require to share so much data with Sonos. And if this not enough, there’s also the (optional) Usage data that Sonos happily collects, by default, without asking for permission
Additional Usage Data:
In order to improve your experience with Sonos Products and to offer better, personalised Sonos Products and Services, including Sonos Radio, that meet the needs and expectations of our customers, we collect the following Additional Usage Data. The processing of this information is in our legitimate interest as further set out below (under Why). You can opt out of sharing this data by following the steps listed here.
We collect:
- Performance Information. This includes things like the temperature of your Product, WiFi information like signal strength, how often you use music services you have connected to your Sonos system (including, for some services, your login username, but not password), information about how often you use the Sonos app versus other control mechanisms, flow of interactions within the Sonos app, how often you use the physical controls on the unit, the flow of interactions within the Sonos app, duration of Sonos Product use, and, as required for certain Services, location-based data using GPS (or similar technology, where available) and crowdsourced WiFi access points and cell tower locations collected from your third party device when the Sonos app is in use.
- Activity Information. This includes duration of music service use, Product or room grouping information, command information (such as play, pause, change volume, or skip tracks), information about playlist or station container data including listening history (‘Recently Played’), and Sonos playlist or Sonos favourites information; each correlated to individual Sonos Products and your interactions with them. If you enable voice control or use Sonos Radio, we will additionally collect information about track data when using those features.
Why: We collect this information so that we can help ensure Sonos Products are functioning properly, provide a personalised experience for our customers, determine what types of Product or feature improvements would please our customers most, and to help predict potential problems with Sonos Products. Additionally, to provide Sonos Radio, we collect location-based information for licensing and reporting purposes. Collecting this data is our legitimate interest to support a user-friendly experience that meets your needs and help you with issues you may experience. It is your choice if you want us to collect this information, and therefore you can opt out of sharing this data by following the steps listed here.
Note: personalisation services (e.g. Recently Played), Sonos Radio, Voice Control, and Direct Control functionality require Additional Usage Data to function. If you decide to use any of these features and/or Services, the Additional Usage Data becomes functional. You can always clear all Recently Played by following the instructions in the Sonos app.
Again, the legitimate interest emphasis is mine…
If you read their privacy policy further, you could spot the real incentives and potential uses of the data, but I won’t dive into it here. I do recommend reading it though.
(il)legitimate interest
So what is this all about? Well, if you’re familiar with the General Data Protection Regulation (GDPR), you might guess the answer. I’m not a lawyer, so without going into too much detail, here’s my brief understanding of it.
First off, the GDPR is the regulation that aims to protect the privacy of all EU citizens. It’s meant to reduce privacy invasive practices, force companies to protect private data, and encourage companies to treat private data with care and respect.
But what’s “legitimate interest”, and why is it important?
Essentially, companies aren’t simply allowed to store any customer data they want. They need a “good reason” to do so. Or in other words, they need to have a legitimate interest in storing such data. Otherwise, they’re simply not allowed to store it at all.
So now, can I just ask someone who accesses my website “What’s your home address”? and store it, if they give it to me. I need to have a real reason to ask for this address. It can be my legitimate interest to ask it if, for example, I’m going to send you a free gift. I obviously can’t send you a gift without knowing your address.
As you can imagine, “legitimate interest” can be interpreted in many different ways. Is it legitimate interest to ask for an email address in order to send marketing emails? well, actually it might be. There’s no black and white answer here.
Putting it to the test
There are 3 tests for “legitimate interest”:
- Purpose test – is there a legitimate interest behind the processing?
- Necessity test – is the processing necessary for that purpose?
- Balancing test – is the legitimate interest overridden by the individual’s interests, rights or freedoms?
Whilst Sonos tries very hard to meet those first two tests with their policies (but in my opinion, have a very weak position there), I think it clearly fails the balancing test. Sonos blatantly violates its customer privacy by excessively tracking, analysing and making use of very detailed information about them. They capture their listening preferences, their location, neighbouring Wifi access points and lots more. And worse of all, they do it without asking for explicit consent. It’s all hidden in the privacy policy, and set to expose all this data by default.
What’s the purpose of collecting all this data? Sonos claims that their purpose is “[To] help ensure Sonos Products are functioning properly, provide a personalised experience for our customers, determine what types of Product or feature improvements would please our customers most, and to help predict potential problems with Sonos Products”. This seems fairly clear as a purpose. Still rather widespread and invasive, but there’s a purpose.
But is collecting all this data necessary to meet this purpose? I don’t think so. I think they collect far too detailed information, and they could meet the same purpose with far less data, or by using non-private / anonymised data.
For example: how does the IP address of the customer help with any of those stated purposes? Or why do they need to map neighbouring Wifi access points? I guess Sonos would claim something along the lines of “if a customer has a problem, these details help us support this customer and troubleshoot the problem”. But then is it necessary to collect this data constantly, even when there are no problems?
To drive product decisions and understand usage trends, they can collect data that’s been anonymised and still be able to improve features. In my mind, most of this collection is unnecessary. Rather than collect all this data indiscriminately and bundle all those purposes together, each purpose and data collection should be examined individually. The necessity argument easily breaks if you look at individual purposes and the data being collected to fulfill the specific purpose. Do they need to collect all this personal data about me to determine what feature improvements would please their customers most? I don’t think so.
Here’s a quick data point to you, Sonos: I’m not pleased by your excessive data collection.
And finally, let’s look at whether this excessive collection overrides the individual’s interests, rights and freedoms. I think the answer is as clear as day. The Sonos speaker works totally fine, even without an Internet connection. It meets the criteria of most customers who buy a speaker: it plays music via Wifi. The data collection that Sonos does isn’t primarily to help their customers. It’s to help Sonos learn more about its customers, sell aggregate data, and advertise to its customers. I’m pretty sure that if you ask a Sonos customer whether they want a “personalized experience” from their Sonos speaker, they will look back at you with a confused look on their faces… It’s a speaker. It plays what I ask it to play… If I buy a speaker, do I want it to manipulate me with ads based on my listening preferences? No. Can a reasonable person even imagine that so much data about their usage is being collected, by default, when they buy a speaker? absolutely not. This is far from balanced. It weighs heavily in Sonos’ interests, and those do not align with the interests of its customers.
I therefore find it very hard to believe that Sonos can really meet the legitimate interest tests. They are clearly using “legitimate interests” in the privacy policy language to protect themselves against a potential GDPR claim. However, I think it’s a thin veil, and they clearly fail to balance the privacy needs of their customers.
What can you do about it?
There are a few things I think we should collectively do to stop this kind of practice.
On the practical/technical level: try to block Sonos from collecting data about you. This requires some technical knowledge unfortunately, so most people won’t be able to do much. But even if you’re not technical, you can still do a lot.
- Opt-out of Additional data usage: this is a super-simple thing you can do inside your Sonos app to reduce the amount of data you share with Sonos.
- Don’t connect your Sonos to 3rd party services: Sonos would encourage you to give it access to your Spotify account, Amazon, Apple or any other 3rd party music service. You don’t actually need it in most cases. You can use the music service directly, and just play it on your Sonos speaker as a destination (e.g. using Airplay).
- Block Sonos from accessing the internet: many routers allow you to block individual IP or MAC addresses from accessing the internet. Beyond the initial setup, your Sonos speaker can work fine without an internet connection. If you can and know how to, block it.
- Use a privacy-blocking DNS product or service: For example: Pi-hole, Nextdns, or Adguard home all offer options to block your Sonos (and many other privacy-invasive apps and services) from sending personal data, without affecting other functionality.
- Complain to Sonos about it: let them know that you’re unhappy. If they truly look at ways of pleasing their customers, they should collect some data that this practice makes their customers unhappy.
- File a GDPR complaint: if you are a EU citizen or live in Europe. You should be protected by the GDPR. The more complaints about Sonos, the higher the chances of the regulators taking action against Sonos and forcing them to stop those practices.
- Become a member to support NOYB. This is a non-profit privacy-focused organization that helps fight against privacy violations. Disclaimer: I am a member, and I’m in discussion with one of their lawyers to promote some privacy initiatives. Other than promoting their cause, I have nothing to gain (financial or otherwise) from endorsing them.
UPDATE: thanks to Guillaume Besson who posted a link to his open-source (and privacy-respecting) Soundsync. That’s another option for the more tech-savvy crowd.
46 replies on “Sonos is spying on me… (and you)”
Re: apps asking for you location, this confuses people but any app that deals with Wifi networks directly has to request this. See: https://support.netanalyzer-an.techet.net/article/124-why-does-the-app-require-location-permission-for-wifi-signal-when-other-apps-dont
Most of this data collection looks reasonable to me, Sonos is playing in an extremely competitive market against massive companies, guessing at how their customers use their product would kill them. They need to know where to invest in their products.
The only thing that bothers me is where they collect “information about playlist or station container data including listening history (‘Recently Played’), and Sonos playlist or Sonos favourites information” – as that crosses the line between how I use the device (which doesn’t bother me) and what particular music I listen to on it (which does.)
minor quibble: support NOYB (not NYOB).
Hey,
Really nice blog/article. I appreciate you providing and going the distance in writing about your experience with Sonos. I was not aware that Sonos was collecting all of that info on myself, but at the same time, does it really matter. We live in a digital world, nearly every product that has access to the internet is collecting some type of data on you. I, personally hope it is truly to improve the next generation of the product or provide a concern better listening experience with the software updates that Sonos does regularly.
My view on this, could be because I am a millennial in living Canada, plus I love clean, rich audio, so it is worth it.
As long as I’m not getting cyber spammed with inappropriate content, thanks to Sonos, then all is with me.
My two cents.
Thanks again
I’d this article really impartial!?
Sadly I feel this article does accept these are ligitimate interest to run a system such as Sonos, you need bulk usage data, such data is not taking your song choices, just type of use, you must enable song history on Sonos for them to record such data.
To avoid a long comment I feel this is an over reaction in this specific instance, what is really feared about being tracked/monitored in an objectable way is simple to say no to.
I also suspect the need for your location on the mobile app is because you are likely using android, this is a decision made by Google that forces any app wanting to watch for your WiFi connection, to request location access, this is because Google correctly decides watching WiFi could be used for tracking, hence it asks for a rather large access right even if not using it for that purpose.
I’m unsure but iPhones maybe similar.
I hope this last bit is informative
This article was recommended to me in my news feed because of my interest in speakers, but I’m sad to see it’s so exaggerated and alarmist.
You’re skeptical of why you cannot opt out of the functional data Sonos collects? Here are some explanations:
Email address – identifies your Sonos account, used to contact you
Location – to know which laws apply to you. How could Sonos adhere to GDPR if they don’t know if you live in a GDPR-covered country?
Language – which language should be displayed in the Sonos app? Or when they email you?
IP address – every time the Sonos app connects to the internet, this info is required to make the connection work
Product/controller/OS/software – tells apps which speaker you want to play on, whether to use iOS/Android/etc connection method, if your software needs to be updated, etc
Content source (audio line in) – Which input jack should Sonos use to play the music? How much amplification should it provide to the audio signal?
Signal input – audio signals have codecs, and Sonos needs to know which one is being used so it can play back the audio correctly
WiFi antennas – are we streaming over WiFi? If so, how does Sonos know which WiFi network to connect to?
System settings (such as equalisation or stereo pair) – custom settings to affect your music experience
Product orientation – Is this speaker being used by itself, or as the left/right/center/surround in an audio setup? Which audio channel should go to this speaker?
Names of the music service(s) you added/enabled – What name/icon does Sonos display in the Sonos app so you can click on it to play music?
Names of Sonos Product in different rooms – Which names appear in the speaker list when you select where to play music
Tuned using Sonos Trueplay technology – room audio correction information, changes audio performance based on your setup
System performance metrics (e.g. the temperature of your Product or WiFi signal strength) and error information – used to monitor the health/integrity of your speaker itself
So that’s the bare necessities, the functional data. As far as the “additional data” goes, this is pretty standard for any software. Any time you take an action using the Sonos app, the app has to register it to know what result to produce–whether it’s making a button wiggle, showing you a new screen, authenticating with a music service, or playing an audio track. The Sonos team wants to know about this so they can make things better. That’s a “legitimate interest.”
The only things I would be concerned about are location and activity tracking. For location, while it’s hard to understand why GPS is necessary, I imagine it is because when you open the Sonos app on your phone it tries to connect to the internet using whatever’s available. Just like when you make a call, your phone needs to connect to either a cell tower or wifi network, and the process of doing that automatically generates some location data. I doubt that Sonos is trying to find out about your neighbor’s wifi–instead, it’s just asking your phone “are we connected? which connection should I use? if I’m not connected, should I try to connect to an open hotspot or use cellular data?”
For activity information, it seems like Sonos is saying, “If you use one of our features that lists the names of songs, we will collect that information so we can show you the song names.” They specifically mention Recently Played, Sonos playlists & favorites, Sonos Radio, and voice control. Each of those are features which require Sonos to display or collect the name of the song which is currently playing. However, there doesn’t seem to be anything in their policy which suggests they are collecting your listening data in general when you use connected services.
You say, “the answer is as clear as day,” but you haven’t clearly shown anything. You’ve just seized upon a few keywords in a privacy policy and imagined the rest without providing any supporting evidence. If you want to do an actual evidence-based review of Sonos privacy issues, I’m all for it, but this isn’t it.
“The Sonos speaker works totally fine, even without an Internet connection.” That’s a great feature, but you have to remember that Sonos is a service. 50% of Sonos is their app, and 50% of it is their hardware. The entire purpose of the app is to unify many sources of audio into a single controller.
If you want to connect a service like Spotify, then of course Sonos will know part of that information (like your user ID). The fact that Sonos has included extra hardware which lets 3rd party apps cast directly to the speakers doesn’t change the reality that if you want to use the Sonos app instead, it’s necessary for it to use some of your data to access those services.
I am not affiliated with Sonos in any way.
Maybe I don’t understand something. You say “Block Sonos from accessing the internet.” And that the speakers will work fine. How is that possible? It’s a connected speaker.
As far as I know, it has to have internet connection, right?
Get a life.
Or at least do a little research to understand how a product best works before you go and buy it.
“What can I do about it?”
None of your solutions are helpful and none of this shit will work.
It’s really very simple:
1. Return the device.
2. Advise everyone you know to informally boycott the company.
3. Write your elected representative.
4. Find phone numbers and call fucking everyone.
5. Sue.
Such surveillance is a moral outrage and they’re going to keep pushing until they meet resistance of righteous fury.
Most importantly, remember that this is not a technological problem and thus cannot be solved by technological means.
Stand up. Push back. Get out.
How do I find out how Sonos is invading my privacy in the United States of America and how can I protect myself in the U.S.
I took my Sonos back to the store. Needing an app to work it annoyed me. Now I have a Polk, which is much simpler.
Maybe you just brought the wrong product.? I have been involved in many web based personalised software which never sold or used user data for anything other than making it better for users, yet you can make it sound easily as though it’s impinging a uses rights. For sonos to give you certain degrees of personalisation, remember who you are and how you like to use the device, and to make it better in the future, all this is required. In their interest because they cannot do that level of personalisation and future improvement without that data.. I’d only be worries if they are selling it or if connected apps, device’s or companies have access to it.
so, did you get rid of your Sonos?
no one is forcing you to keep it.
After you wrote “the Sonos speaker works totally fine, even without an Internet connection” I paused to think of a what Sonos speaker could possibly do without an internet connection, and I came up blank.
Later, you mentioned Apple Airplay, and I got it, but for anyone outside of Apple’s ecosystem, Sonos speakers are 100% internet-connected devices, and most of the data you listed (but yes, not all) is really absolutely required for the speakers and their apps to do anything at all.
If all you wanted is an Airplay speaker, I get your point (and getting a Sonos was probably overkill)
but for the rest of us that is not at all the reason we got a Sonos system.
Sonos is an overpriced spying shit. They also burried an excelent semi open source sw Snips AI.
I don’t think your issues are warranted. I do have an in-depth knowledge on the systems you are worried about. Based on what I know….
1. The reason sonos asks for an email address is to make sure that only people who are authorized can control your speakers. They do this by installing a security certificate on your speaker so that it can securely connect to the internet and the services that are needed for the speakers to function correctly. This is primarily done for your security and not for company to benefit.
2. The reason they ask for a location is purely for 2 things. One to auto fill fields like city and state information which are needed purely for internal analysis like, which region should we focus our marketing expense vs which region to not. Second is to provide you with better radio station support that is more local to your location.
3. The reason they track usage information is, primarily to be able to provide customers with history information. Also, the data is used internally to give better search results, purely to improve the user experience when you search using voice commands. They don’t create a user behavioral map.
4. Performance information: this is purely to proactively detect issues/bugs. These are smart computers packed as speakers. They are extremely complex systems and it is very difficult to figure out all the possible bugs by a few handful of testers. So, sonos uses these performance information to detect and solve remote/corner case bugs.
5. System information: Sonos works on a very complex IoT platform. There are lot of cases where certain devices support a subset of all features. To know what features a system supports or not is only known by knowing what systems you have.
Sonos doesn’t sell any of the information, not does it share this information with its partners. What ever it collects is purely to drive the product experience and reliability. It is a fraction of information that Amazon/Google collects which they use to sell you more ads/stuff. Sonos doesn’t do that.
You’re right
Thanks very much for writing this article. At least you guys have the GDPR to afford some extra protections. The rest of the world has to pretty much fight the encroachment on its own.
It is depressing when you realize that it’s not just the Big Few who have the armies of lawyers thinking out ways to penetrate our privacy. Now there’s all these small to mid-size companies hiding behind their skirts or learning their ways.
Perhaps a complaint should be made to whichever EU authority deals with such blatant invasion of privacy. I urge the community to launch a class-action suit against Sonos.
You are aware that this requirement is made by Apple, not Sonos? How did you fail to realize this during your “research”?
I bought £2000 of sonos speakers a few years ago. I would never, ever buy another sonos product again. The sound quality is very good, the app is OK, but it will be obsolete soon, which is not something anyone ever bothered to tell me when I got it. But worst of all is their customer service. I would like a “jukebox” mode, so when we have a party, people can add a song to the END of the playlist without accidentally over writing it or skipping to the front of the queue. It has been on their own forums as a customer request for years. When I finally got through to someone in CS to ask when this (fairly simple) modification to the app might be released, I was told that is not how sonos wish you to use their products. End of discussion. You also cant connect it to your tv, or play YouTube through it or dozens of other quite legitimate uses, because it doesn’t fit with how sonos see the user interacting with THEIR product. In short, they are blinkered, unhelpful and so far up their own arses, I wouldn’t buy from them again for any reason.
You missed out return product for a refund as not fit for purpose
The data is used to personalize recommendations and correlate data. This is especially important when music in son demand for instance. how do you get exposed to new music without them understanding what you like. IP addresses can help validate and correlate as well as be used for troubleshooting. why do you care ultimately? what can someone do with the knowledge of how long you listened to a certain Artist or genre? they may sell it as insights but by then it is anonymized. Frankly I know I am not important enough for them to care about my identity as it pertains to my entertainment choices. Everyone wants personalized experience but does not want to share anything personal. that is the dilemma. the easement not legit concern IMHO is whether or not the data puts you at risk in the case of a data breach. But even there , all of your and my information is probably already available on the dark web if somebody wanted it. by the way to post this I had to give you my name email and website that I visited. Kind of ironic.
Thx, thought of buying a sonos device, now I will not. This was really usefull thx again.
Sonos does a great job, along with Amazon Alexa and Google Voice integration to customize all responses, based on location of the user. If you ask for Z93, for exame, there might be multiple radio stations that broadcast under that local moniker. Therefore, it helps to sort responses based on zip code proximity.
You can always choose to mute the microphone array on the top of your SONOS Speaker.
“Why does my speaker need my location? I’m not 100% sure,”
I guess doing proper research is somehow harder than writing a long spooky blog post about something.
iOS and Android don’t have a separate Bluetooth permission, it’s part of the location permission set. The initial setup of connecting your speaker to your network requires your phone communicate with the speaker via Bluetooth.
But instead let’s just post some clickbait that gets in Google’s trending articles and further spreads misinformation…
The whole point of owning a Sonos system is to use it to stream music from Internet services. Their application is how you decide which groups of speakers to play which content. Using Sonos speakers without their application is pretty pointless.
Location access is necessary for direct radio access: the access points visible in the area is enough to figure out location to a few hundred meters, so access to the radios is equivalent to access to your location.
I stopped reading after I drew the conclusion that you didn’t seem to know what you bought nor why you bought it; my apologies if you covered these points later.
Disclosure: I bought several shares of Sonos after I bought several speakers.
1. I would imagine a lot those data permissions are required in order to allow an API to read account / login data for 3rd party services (e.g. you passing through your details so that Spotify will allow you access to the licence platform).
2. Sonos wireless speakers absolutely do not perform without an internet connection. WiFi doesn’t work without an internet connection, therefore Sonos doesn’t.
3. When have you heard a Sonos speaker advertise to you of it’s own accord? You’ve accused it of something it doesn’t do. If you’re referring to the smart speaker version of One, your beef is with Amazon and Google not Sonos.
4. Rather thinking about the breadth of data they collect and how it’s necessary for the product (because checking that would obviously be a lot of work to undertake, and would create a hugely unfair market which favours companies who want to use your data), why not think about what they are using it for, whether you can be identified from it, and how long they will keep it.
5. Why are you picking on Sonos specifically? Sony, Apple, Amazon, Bose, FB, B&O, all the same.
Personally I don’t care what Sonos wants from me (that they can legally obtain) as long as they use it for a specific purpose and dispose of it thereafter.
What can you do about it?
– don’t use Sonos products
– tell everyone about Sonos’ assaults and attacks on privacy
– check every new device on similar assaults
simply starve companies who can’t behave
don’t allow that they collect – and probably sell – your data
Little rain drops add up to an ocean…
I do not subscribe to the ‘wisdom of markets’ BS, but I see a trend here. As more consumers move towards these types of devices, ones that require always-on connections, OEMs will shift their product lines towards them. Look at TVs, all now come with CPUs and WiFi, and some form of OS (usually Android based, I think), and that’s why it takes me TV 30 seconds to start.
What did you expect? 99% of Sonos users probably couldn’t be less bothered by the data collection. They want something that works out of the box, just plug it in and start streaming from your phone.
I’m reminded of that saying, you know that one: Something about the scorpion and frog…
Or, maybe more apt: “When you dance with the devil, don’t be surprised when…”
What can you do about it? For a start, don’t buy these types of devices, period!
If Sonos was really collecting all that data to keep tabs on how well our speakers were working why in the hell didn’t they contact me because I tried to contact them every week for the last 6 months because one of my speakers was not working it is on the internet so they should have been able to access it or were they just collecting data just to collect data and no I’m not happy about this at all not at all
Right on! And buy Sonos variants withOUT speakers.
Re 3rd party svcs, if you want multi room listening, no way around it.
I’m a long time Sonos user. They regularly release automatic updates to all components and the controller, predominantly based on the data collected from users. They use the error logs to develop patches for the firmware to reduce the number of users that have to contact tech support. That requires an intricate knowledge about every detail of how the equipment is being used. They also discontinue products and can offer discounts to users of specific equipment. That is only possible if they serialize the products and associate with users…it is also theft detection. They want the user experience as seamless as possible with all music services. That drives their data collection. It is not for personalized adds like the practice of Alexa, Google, Facebook, etc. That has been my experience and knowledge of their practices.
I stopped reading after you repeatedly stated that you don’t have any idea why would a speaker like that require so much data. Because to be honest, that shows you have no idea what this kind of product is for. This is a smart speaker similar to google nest and amazon echo. Where you will be able do something like look for nearby restaurants to deliver to your location. If you are not comfortable with all these, there are a lot of alternative products especially if you only need a simple working speaker.
Thanks for your feedback, Ed Manning. Briefly:
1. I don’t use Sonos with 3rd party services, so therefore they shouldn’t track this data about me
2. It does work. e.g. with Apple play
3. Read their privacy policy. They do use this data for advertising. Perhaps you didn’t bump into it (yet), but your data is collected for these purposes.
4. I did think about it, and can’t find a legitimate reason for it. They can ask for permission. They can use anonymised data.
5. You have to start somewhere. If we give Sonos a break because Google, Amazon, etc, then we will also give Google a break because of Sonos…
I hope your data isn’t going to be misused. I would personally rather not share the data in the first place. I don’t believe that what Sonos is doing is legal.
Thanks for the info, Nick G. Sonos explicitly states that it is *collecting* this information, which in my opinion is not necessary and illegal, at least where I live.
Thank you, Joe R Vidal. I bought a One SL without a microphone.
Thank you, Vin. I disabled the requirement to give a name and email and deleted your email, since I have no use for it. WordPress uses it to display an avatar I believe.
Regarding personalization, that’s up to you. I don’t want personalization from Sonos, yet they still track all this information. I don’t think it’s legitimate nor legal.
Hi “Good question”, Not sure which requirement you refer to, but I think data tracking and collection isn’t required by Apple.
Tom Kent, thanks for taking the time to write.
All this data might be useful for the speaker to operate, but there’s no legitimate reason to *collect* this data by Sonos and associate it with me personally. That’s the problem here. If they collected anonymised data, and asked for permission, I’m sure many people will be happy to share this information. But they collect personal information without asking for permission. This isn’t ethical nor legal in my opinion.
How would they know if GDPR applies? ideally they apply the same privacy rules everywhere, even when they’re not *legally* required (because it’s the right thing to do ethically). But even if they don’t, they clearly sell different devices in different countries, and they know which devices fall under GDPR or which ones aren’t. The device can still figure out the IP/location and then decide *not* to send data to comply with GDPR. That’s totally fine. But obviously they don’t do any of that, and instead they collect and track everyone indiscriminately. They simply hide behind “legitimate interest”. It’s not legitimate.
A lot of these comments from people in the field of “I don’t care about my privacy” just sound idiotic. Just perpetuating the no-expectation of privacy bullshit. – Idiots.
I’m sitting here with an Ikea Symfonisk (Sonos) hanging at the point the Sonos App is insisting it needs my location. The app has found the speaker… I didn’t expect I was buying a service, I thought I was buying an IP speaker. This one is going back. I guess everyone under the age of 30 doesn’t give a damn about what these companies collect and sell.
Everybody here works for the NSA. Snowden was right…
Here’s my idea on how to approach these issues. Returning the items is my last resort, but before that I need to test and see what will happen if I deny my units upstream access to WAN. Or has anyone tried that (successful or not)?
Have you gone any extend to pursue this potential breach of GDPR. They collect our personal information and process who knows how long they store it. Can we demand to remove in case we don’t want to use their services. I tried to terminate an account, after gone a great length to deregister it seems still an valid account that can be logged on.
I filed a GDPR complaint, but even after several years I don’t think there was any action taken against Sonos unfortunately. I didn’t even get an update about my complaint after asking the data protection office more than once.