SPY-tunes scandal: Bloke sues Bose after headphones app squeals on his playlist A chap in Chicago is suing headphone maker Bose after discovering how much personal information its app was phoning home to base – this slurped data includes songs listened to, for how long, and when. The class-action lawsuit, filed Tuesday in the US district court of Illinois by a one Kyle Zak, claims the Bose Connect …
True. but on the other hand, they at least warn you about it, before you start using the app. Zak will have difficulty saying he wasn't warned of this behaviour.
When he downloaded the app and saw what information they would be slurping, he should have not accepted the app and asked for a refund on the headphones.
What's that you say? He didn't read the UA?
Whilst I think the amount of data slurping is wrong, I don't think Zak has a leg to stand on.
I can also see why they would find the information useful, for tuning the headphones based on the type of music / audio being listened to. But that should be down to the user to enable / disable.
I bought a cheap (£15) webcam that turned out not to be a webcam as such. It only works with a special Android app. The app asks for the following permissions:
Device & app history
retrieve running apps
read sensitive log data
Contacts
read your contacts
Location
approximate location (network-based)
Phone
read phone status and identity
Photos/Media/Files
access USB storage filesystem
read the contents of your USB storage
modify or delete the contents of your USB storage
Storage
read the contents of your USB storage
modify or delete the contents of your USB storage
Camera
take pictures and videos
Microphone
record audio
Wi-Fi connection information
view Wi-Fi connections
Device ID & call information
read phone status and identity
Other
Access download manager.
download files without notification
close other apps
view network connections
read battery statistics
pair with Bluetooth devices
send sticky broadcast
change system display settings
change network connectivity
allow Wi-Fi Multicast reception
connect and disconnect from Wi-Fi
disable your screen lock
control flashlight
full network access
close other apps
change your audio settings
run at startup
control vibration
prevent device from sleeping
modify system settings
"When he downloaded the app and saw what information they would be slurping, he should have not accepted the app and asked for a refund on the headphones."
Well, yes... but..
How boring would our lives be if everything we wanted to use had terms we didnt like.
I also think the whole world attitude to assuming its the norm to give up your data should be quashed to history like slavery.
I agree, which I would have asked for a refund, if I found out they were going to slurp that sort of data.
If I was a beta tester and getting the headphones for free, because I was providing them with data for them to improve the headset ahead of production, that would be fine. If I am paying that much money, I don't expect to be spied upon or used as a guniea pig.
@Daniel Hall
I also think the whole world attitude to assuming its the norm to give up your data should be quashed to history like slavery.
Have an upvote. I'd give you 100 if I could. It's REALLY time we did something about making privacy more than an (obsolete) word in the dictionary.
"What's that you say? He didn't read the UA?"
You mean the UA/EULA/TOC that's pages and pages of lawyer-speak, designed to obfuscate information and mislead the reader?
Let's say he did, does it matter? Not a bit, since they all say "You the customer and your descendants to the fourth generation are bound by this irrevocably forever and have no recourse to complain or sue. However, we can change this in any way at any time in ways we won't tell you about much less ask if you're still OK with it."
The universal TOC is really "You have no rights and never will. We have any right we want at any time. Click OK, you miserable ant.
"What's that you say? He didn't read the UA?"
UA or EULA or whatever "agreement" quickly passed by his eyeballs when he just purchased a device and wanted to use it... regardless of THAT, you missed the entire point:
THEY! SHOULD! NEVER! HAVE! SLURPED! THE! DATA! IN! THE! FIRST! PLACE!!!
Needless to say, until Bose ADJUSTS! THEIR! ATTITUDE! they won't be getting MY business.
/me wonders if it's ALSO designed to forward information on "illegally downloaded" music for future retribution by RIAA...
@smithwr101,
"Actually when you fire up Bose Connect it says "Apps using Bluetooth Low Energy are now required to have location access enabled. We don't like it either." So it looks like an Android or other third party constraint
That really sucks.
Taking a look over at Stack Overflow here and here reveals that this is an Android thing, and comparatively recent.
Sounds like the real culprit is Google. Again. Do no evil. Arse cakes.
Android has got better at letting you know which apps are using what dodgy permissions. When you download an app from the store, it will kindly list the permissions the app demands *before* you install it (GPS Location, photos, media files, permission to send and receive phone calls and messages, first dibs on your firstborn for a flashlight app, for example), and even if you still install, it's trivial to turn these permissions off afterwards. Of course, app providers are getting sneakier in their attempts to keep those permissions active ("your flashlight may not know how bright it needs to be unless it knows how dark it is where you are based on your GPS location and how much we can see through your camera").
Also the advantage of 3.5mm jack dumb phones, which inherently are better quality as any wireless earphones need an DAC anyway and have the additional overhead of Bluetooth. Space and power constraints also mean that five year old phone with 3.5mm analogue jack may have a better DAC and audio amp than the device(s) in the wireless headphones / earbuds.
Also the Analogue 3.5mm headphones work on anything without pairing, don't need an dataslurping app etc.
A BT earpiece is handy for handsfree conversation. I've got good BT stereo earphones and I've gone back to analogue, because no pairing and work on more stuff.
@Mage,
"Also the advantage of 3.5mm jack dumb phones, which inherently are better quality as any wireless earphones need an DAC anyway and have the additional overhead of Bluetooth. Space and power constraints also mean that five year old phone with 3.5mm analogue jack may have a better DAC and audio amp than the device(s) in the wireless headphones / earbuds."
<pedant mode>
<apologies>
The issue is one of audio compression on the Bluetooth link. It's not full, uncompressed 44.1kHz 16 bit stereo PCM. The loss of quality due to the compression artifacts would likely dominate any other impairments due to crummy DACs, etc. And generally music is stored / streamed compressed on a mobile phone, so it's a losing battle anyway.
Not that anyone who listens to todays modern popular beat combos would be able to tell hifi from cheapfi, given the appallingly reckless and discordant nature of such music.
</pedant mode>
"Also the Analogue 3.5mm headphones work on anything without pairing, don't need an dataslurping app etc."
Shhhh! Don't go giving the bastards bad ideas!!!!
The issue is one of audio compression on the Bluetooth link. It's not full, uncompressed 44.1kHz 16 bit stereo PCM.
A song stored in 44.kHz 16-bit WAV format is typically 40-50MB. However, most people will be listening to that song from an MP3 or AAC file, that was squashed down to 4MB or less using lossy compression. Bluetooth is not the weakest link in that signal chain.
> include not being able to afford Bose headphones.
I can afford Bose headphones, but I actually like music so I bought some real headphones instead.
They cost 1/3 of the price, don't require GPS to operate and don't make me look like a posing twat. Thanks to a 2nd hand blue-tooth brick they can also be wireless when I need them to be.
Music is but a small part of the QuietComfort experience. It's nice to have music, but the superior noise reduction these bring to the table (vs. el-cheapo Sony cans) is worth every damn penny. I put them on, I still hear some of the conversation from people who never learned the difference between their "inside voice" and "outside voice" in the open-floorplan hell almost all of us are forced to work in, and then I turn them on... Sweet, sweet (mostly) silence. Not quite a snowy day out in the country, but as close as I can get without screaming at everyone to "shut the fuck up for once". Adding my favorite music covers up the rest of the conversation.
n.b. I don't work for Bose, nor have I met a Bose. I just don't like having to listen to random twats prattle on all day long. The $350 I handed over to The Bezos for my QC35s was a fantastic investment in my sanity and employability.
"but the superior noise reduction these bring to the table (vs. el-cheapo Sony cans)"
Now there's where you and I differ.
I use a pair of Sony* outdoorsman earphones because I want to listen to my music and be aware of my surroundings.
(Wouldn't want to miss such outside sounds as *HONK*, *Look out!*, and "MY God! He's gotta gun!!") ☺
For just enjoying the music and nothing else, nothing beats a decent set of speakers and a quiet room.
* *Spit*, Only Sony product I own. Dates back before they let the media wing consume all that was good in the company. (Yes, the headphones are *that* good and durable!)
+1. I've got a large-ish collection of headphones. The QC35s are my every day carry. The sound isn't going to blow you away; the bass is paltry and the highs a bit thin, but they are sturdy, very comfortable, the battery lasts for ages, the call quality is good, the bluetooth performance is great and the noise cancelling is the best I've ever used.
I spend far too much of my life on trains and planes and in other people's noisy offices, so just being able to flick a switch and have it almost disappear is a godsend. Also means you can run the headphones themselves at a much lower volume, which is good for your ears.
If only wearing them didn't mark you out as that prick who dropped £300 on a pair of sub-standard cans...
You can't use all the functionality of the headphones without the app, so spend $350 then discover either, they revert to $50 [equivalent] 'phones, or "all your data are belong to us". Like all Bose gear a bit flawed, but otherwise awesome.
It's a bit like agreeing to the EULA inside they sealed box when you buy physical software media, which I believe is outlawed/unenforceable in some countries. [Oz, France? CBA searching]
Slurping!? Just ---->
It is illegal in Germany to apply terms to a EULA that weren't clearly readable on the retail box, before you get to the checkout (or in the case of mail order, before you open the packaging).
That is why a Hackintosh wasn't exactly illegal here, until they stopped selling retail copies of OS X - the relevant paragraphs in the EULA about not using it on non-Apple branded hardware were inside the sealed packaging and therefore could not be enforced in Germany.
"That is why a Hackintosh wasn't exactly illegal here (Germany)..."
In the USA, on one hand it is a DMCA violation, and one company has been ordered to pay $2,500 for each PC they shipped with MacOS X installed. On the other hand, in practice Apple does nothing _unless you claim in public that it is legal_. They don't care much if you make a copy of MacOS X. They care _a lot_ if you make a copy of MacOS X and claim it is legal.
"It's a bit like agreeing to the EULA inside they sealed box when you buy physical software media,"
Usually the way this works is that acceptance of the EULA is part of the contract. So you open the box with the software, find the EULA, don't like it, and you either go back to the store and ask for your money back, and they _have_ to give your money back because the sales contract was never finished, _or_ you don't accept the EULA, install the software and commit copyright infringement (but nobody can prove that you didn't accept the EULA), or you accept the EULA.
Yes, I can understand that's mildly annoying, but asking for $5 million shows him to be nothing more than a money grabbing twat.
To be fair, that's probably only $1,000 for him and $4.999m for the legal vultures really running this claim and looking forward to that third home in the Hamptons.
Plenty of downvotes for my previous comment, but can someone clarify why?
I agree that sending this data to Bose is unnecessary, but I really despair when people feel the need to sling multi-million dollar lawsuits every time they feel slightly put out. If the Bose app forced you to enter credit card details, social security numbers, address details etc, before the headphones could even perform their primary function of playing any music, then this might have some traction. But to sue a company because, in essence, you haven't read the T&C's, and Bose might find out that someone (though may not even know who, other than an identifier) actually willingly listened to Kanye West at 3PM on a Tuesday? *
I'm presumably in the minority here, but I just don't like the stance of trying to sue for millions for first-world problems. By all means complain to them, call them out on social media, name and shame on relevant news sites etc, but to feel the need to claim for "damages"? I just don't get it.
* - Though that in itself is a crime against music.
"Plenty of downvotes for my previous comment, but can someone clarify why?"
Because businesses that pull this sort of trattery need to be taught otherwise. A suit which makes a sizeable enough dent for upper management to start thinking about it has that effect. Asking for his money back doesn't.
Any less and they don't care and don't stop.
Even criminal fines are often regarded as "cost of business" if not severe and also because the top managers don't suffer unless the consequences seriously upset shareholders.
Senior managers / CEO etc need to be also personally liable for their management.
Untill such time those heads of industry are physically on the block with a sharp blade at the ready, nothing will be done.
Ok.. so you whack off the head of an exec. Does the change the exec? Was there actually a brain in that head or is it hidden? Too many execs I've met had their brains in their ass....
"despair when people feel the need to sling multi-million dollar lawsuits every time they feel slightly put out."
Other reasons to do so besides *KA-CHING*:
>Said publicity alerts more people to the problem, so more people less likely to fall in same trap or sue if they're in the same situation, and company is more likely to settle quickly to make bad publicity go away.
> Company is likely to offer to counter-offer that more in line with what he really wants.
>Because he's fucking pissed, and this is the version of two fingers up that the company understands and respects..
If he was presented with accurate and detailed disclosures and provided informed consent he may have a difficult case ahead. I guess there is also the question of whether the product itself provided enough notice prior to purchase that functionality is dependent on agreeing to terms of use and data sharing.
Data slurping is commonplace - a good % of apps (particularly free ones) collect more than strictly necessary to fulfil their function, what happens to the data collected and who it is shared with should be what worries us.
Bose's use of GPS is probably the most concerning - it doesn't take many time indexed GPS locations from a device to get to PII levels of data...
Play list suggestions,
Carly Simon - you belong to me
Lionel Richie - Hello
or the seminal classic,
The Police - every breath you take
I'm sure there's more but $350 for head phones and they have the cheek to sell your data as well. When will people learn? Interestingly though is there not a way for this case to be successful due to the fact it's not on the packaging of the purchased head phones. (It may be, I don't know) You could argue that the data collection was not explicitly stated when purchasing the item and that to use all the functionality you have to use their app.
"Connect app and while it's certainly very grabby on data – you need to have both GPS and Bluetooth turned on to use it"
While I do not see the need for the GPS I do have some sympathy for wanting the Bluetooth to be enabled what with them requiring the Bluetooth for Yer actual connectivity.
It's an optional app. It is not required to use Bose headphone with the app. If it was required, then Bose headphone won't work on other music device.
Then again, hardware company decided to develop apps? that's just calling for trouble. They deserve it (just like Lenovo laptop adsware, Samsung android, every IoT, etc)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
