Looks like you need to download a special app to enable this "feature"
>The lead plaintiff in the lawsuit is a man named Kyle Zak, who claims he followed the company's suggestion to "get the most out of your headphones" by downloading the Bose Connect app, and supplying information such as his name, phone number and email address.
It's the app you're being pushed heavily into downloading (even by iOS itself as it is the "accessory accompanying app" as detected by the OS when connecting the headset), for things like updating the headset firmware and setting the bluetooth device name.
Thing is, no other bluetooth device I own needs its name to be set. I don't care. I don't need to change the language. I don't plan to update the firmware frequently, though if I do I can always just download the app, update, and delete the app.
The ONLY feature I can see using is the managing bluetooth devices. I had 4 devices in my list -- old computer, new computer, old phone, new phone. Unless you're around 3+ devices you regularly connect to, its not really an issue.
My computer and phone are the only 2 devices that will be in range so I'll never need to "manage" this. Again, think of all of the other devices that only support connecting to ONE other device and don't need a proprietary app to manage this.
Bose describes the Bose Connect app as being for firmware updates and advanced settings tweaking (noise reduction, sharing music between two headphones, etc). No mention of traffic monitoring and/or distribution to ad scum.
"YOUR USE OF THE SOFTWARE ALSO OPERATES AS YOUR CONSENT TO THE COLLECTION, TRANSMISSION AND STORAGE OF CERTAIN STANDARD NETWORKING INFORMATION, DEVICE USAGE DATA, AND BOSE PRODUCT INFORMATION VIA THE INTERNET TO SERVERS OWNED OR CONTROLLED BY BOSE OR OPERATED BY THIRD PARTIES ON BEHALF OF BOSE"
I suppose that's really the heart of the matter, isn't it? When should a company be able to collect what would otherwise be private information protected by law? And if they do collect it, what does the law provide as default protections on selling or transferring that private information?
The "Privacy Policy" bits posted by aaronpk [0] only speaks to collecting what engineers would call telemetry information. It has zero mention of collecting other data, and zero mention of reselling the data.
I know the US is relatively weak on such laws compared to some EU countries. This lawsuit might not go anywhere here, but there could very well be a strong case in, say, Germany.
I read it on my device but it said NOTHING about tracking listening. Though of course it did say "we may collect data.. this data MAY INCLUDE date/time of opening the app.."
Listening data was not mentioned under a MAY INCLUDE section, however of course its' covered by the blanket "data".
Scary. "The third parties are not bound by this privacy policy, but by their own privacy policies, which we won't link to or spell out all of our third party companies."
No indication that the data collected (independently of Boise) is even anonymized.
The courts have repeatedly shown that a meeting of the minds is not required to be bound to an EULA contract. The consuemr does not have to comprehend or understand their loss of rights in order to have them stripped.
What I think would be interesting is: what if a company like this made an app like this, but then clearly stated to users that it'd be collecting data on them and sending it to marketers? They could even pitch it as helping to keep prices "low". How much would this hurt sales? Would it even hurt sales at all? Given the proliferation of "smart TVs" and various IoT devices, I'm extremely skeptical that a company would experience any decrease in sales by simply being honest about their collection of data. The only reason these companies are getting in trouble is because they're sneaky and dishonest and try to hide their data-collection activities. Google has a gigantic business involving collecting user data, without hiding this fact, and they're extremely successful.
This example would only work if you had the same product in two different price ranges, e.g 350$ without tracking and 300$ with tracking or something similar.
The problem is that they could do some damage to the user even in perfect good faith. Just think about someone who listens music at unusually high levels or with channels heavily unbalanced compared to someone with normal hearing abilities. That innocuous information if leaked could hurt the user insurance or job opportunities.
I have no idea if their app collects this information too, but it's just a matter of time before someone becomes interested to it as it happens with any kind of data that can be used to profile people.
> Just think about someone who listens music at unusually high levels or with channels heavily unbalanced compared to someone with normal hearing abilities. That innocuous information if leaked could hurt the user insurance or job opportunities.
A person who listens to music at unusually loud levels SHOULD be charged more for insurance. Just as a 24 year old Asian single male software engineer in Mountain View gets charged more for car insurance. And if you have poor hearing skills, I sure as hell don't want you on my Marvel Studios audio engineering team (example)
It seems that your really want everyone to be treated equally when in reality it will never happen, and in fact comments like yours increase the disparity.
Depends on the price reduction. Those earbud noise cancellation speakers go for like $200. If you could cut the price in half, I'd get them. They'd pretty much know which movies I watch and what flight I'm on, but so do a lot of other people that give me no benefit.
No one who I know personally, outside one or two folks who also work in tech and would fit perfectly with HN's demographic, cares about tech spying on them.
Friends of mine have gotten home assistants, video game console, smart TVs, etc for years without one thought of their data being sold to a third party.
I think, sadly, that this is the essence of the "problem". That is, few people outside of those who know about consumer data collection actually care about it.
And it is one reason why we are hurtling inexorably to Idiocracy...
If someone familiar with Amazon's hardware business and Kindle sales numbers could chime in, we could get a sense of whether the transparency approach works.
> They could even pitch it as helping to keep prices "low".
Considering that code has creation and maintenance costs, I doubt this would ever actually reduce the price. They would just inflate the final price to cover the cost. And if it collects enough data to actually make money, the price reduction would probably not significant enough to match perpetual data theft. Not to say that some people wouldn't go for it. It's amazing the lengths people will go to for free or cheap products.
But there's still the many liabilities of collecting, transferring and securing sensitive data. People who know the risks and hassles involved with identity theft would be very selective about these services.
What makes you believe this? Why would they not also send through names and fingerprints of played music so they can use those tracks to "improve compression over bluetooth for the things people are actually listening to"? I could see quite a few engineers thinking this is perfectly acceptable, without considering the repercussions.
And this doesn't even account for the "third party SDKs, bound by privacy policies not covered in this document".
(i) collect and record the titles of the music and audio files its customers choose to play through their Bose wireless products and
(ii) transmit such data along with other personal identifiers to third-parties—including a data miner—without its customers’ knowledge or consent.
This right here. Music titles are bad enough, but titles and sources of podcasts and videos played through the headphones should be enough to upset even the most naive consumers. This amounts to a slice of your browsing history as it relates to audio and video content.
...Whereas underhandedly surveilling people who are naive enough to buy a product from you and then profiting from the fruits of one's panty-sniffing is a brilliant one?
Since the headphones only have bluetooth available, it's hard to imagine it transporting the information anywhere without the application, even if the headset still aggregates information.
I would understand it if the app were tracking how often the headphones were connected, when they were actually being used, or possibly even which app is playing audio (e.g. how much are the headphones being used for listening to music vs podcasts vs videogames) -- although this should all be done anonymously.
But the idea that the app can detect which music or podcasts I'm listening to, and build a profile from that -- if true, that would be shocking. Can anyone answer, is that even possible via iOS API's?
The app shows metadata about the currently playing track, such as title and artist, so it really does look like it has full access to what is currently playing. This is discomforting. What if I am playing a locally synced file "board meeting xyz company case abc something secret in the title.mp3"
Bose is not a HIPAA-covered entity and, if a user is or is working for one, probably they haven't had Bose sign a BAA, so Bose is not in any kind of trouble for any unauthorized disclosure of PHI.
The user, again if they are or are employed by a HIPAA covered entity, might be, though.
Hmm, not pleased, we have two sets of the 35 earphones and I use the app - well, I have to, else I can't change some settings on the earphones. This is totally overstepping the boundaries of what earphones/headphones should be doing.
Any company that collects my data and moves it from under my purview to theirs should have to display or expose this data in the exact form that it's collected to the user, so we can see exactly what it is. Not cool.
Language, device name, firmware updates, voice-prompts, auto-off-timer, list of paired devices, multi-headset-mode, and so on. The app is almost mandatory, especially since iOS pushes you to download it on connect.
Interesting. I have QC35s but have never downloaded the app, although I have Android so I'm not sure how pushy iOS is. I've been able to use the headphones regularly without the App. The features you mention don't seem that important to me.
I have these headphones paired to a number of devices and the app makes managing that simpler (if, say, I want to prioritize the output from my phone instead of my laptop).
You'll be disappointed to know that project was axed more than a decade ago. The tech is incredible, but the only manufacturer they could interest in that level of performance at that high level of cost (Ferrari) had serious issues with the weight of the system. Ferrari declined to use it and invested more research into magnetorheological dampers, instead.
Source: I know one of the engineers who was on the project.
This reminds me of a bluetooth toothbrush I just bought that requires my location to be enabled to change the settings via the oral b app which is required since this model has less buttons than others.
The reason why I bought a bluetooth toothbrush was for a wireless hardware clock, brushing timer, and ranking system which also really doesn't work correctly even with the app.
> The reason why I bought a bluetooth toothbrush was for a ranking system
We are truly living in a modern fall of rome. We will choke on our bluetooth enabled toothbrushes, 700 dollar juicer machines, our fucking fitbits. We've ravaged the earth to adorn ourselves with decadent shackles and we will reap the consequences with fake tans and ultra clean teeth.
In the past year I've gone from being an environmentalist to a big fan of the end times. We're going to eat ourselves out of a home, and a few billion years later, the Earth will still be here, not missing us at all. Fuck it, get three bluetooth toothbrushes next time.
An age where "idiots are getting promoted for baseless ideas" is closer to the truth. This is why people who were traditionally more humble now have the obligation to speak out - but I often see them silenced at the tech companies they work for... These companies are often selectively listening to exactly the wrong people, who are usually in the minority in the company anyway!
Phone apps...for a goddamn toothbrush. Were someone to ask me, "Mike, you do a lot of Bluetooth work, what if we BT-enabled our electric toothbrush...what kind of value could we add with that?" Because I'm horrible at coming up with creative ideas for new technologies, I'd come up with something lame like, say, maybe a "ranking system". I could add a "brushing timer", but a plain ol' Sonicare can do that without adding radios, so why bother? And my manager, because she's smart that way, says "meh, I guess it was a dumb idea, but never hurts to ask, right?" Except at Oral B they say, "outSTANDING, Jones! I think you're in line for a promotion!"
And don't take this personally, ecomhacker. You bought such a beast for your own good reasons and need not answer to me. I'm just both astounded and horrified that such a thing even exists.
I actually don't mind a phone app for a toothbrush, but I surely do mind a proprietary phone app for just a toothbrush. Give me a generic app that allows me to discover local bluetooth and IoT devices and prevents configuration for them through an open and highly standardized configuration protocol, and we'll have shifted back a bit more to utopia from distopia, IMO.
Sorry for the late reply. I was hacking on some code.
I got the toothbrush because I am depressed/a drug addict and usually don't brush my teeth as often as I should. I was using a tracking app, but I figured since it was bluetooth I might be able to integrate it with the app I'm using for tracking. I figured it wouldn't support this out of the box, but I'm a CS/EE and figured if I was bored, it would be one more toy to play with.
TLDR, I've got money to burn and I'm spending it to avoid personal responsibility
> change the settings via the oral b app which is required since this model has less buttons than others.
I find it disturbing that we're moving to an era where even simple devices require the equivalent of a sonic screwdriver to make work.
I really, really wish we had a generic discovery, configuration and reporting protocol (like HTML forms but much more rigid and no styling) for configuring bluetooth devices that was open, and popular enough that companies would feel pressured to use it.
Then again, I really wish we had the exact same thing for IoT devices on the local network.
I swear, if it was good enough, and you marketed it to the Chinese knock-off manufacturers (who I assume would love to take some open source embedded code and not write their own), it might actually get enough momentum to force the brand names to support it as well.
I mean something that hasn't been overcomplicated and extended to the point that it's impossible to assume simple standard behavior.
That is, SNMP might make a good underlying protocol that something that is much more constrained might sit on top of. Ideally, a simpler markup language that can compile down to SNMP.
E.g. a "device" has one or more named "config-forms" (which an app might choose to represent each as a separate tab or section), with a well defined set of settings with a name, type (integer, decimal, sized string) and description. A device might have one or more "reports" which provide a consolidated view of particular variables.
Very simplistic, but with simplicity comes interoperability. SNMP by itself is far too general to support this without some constraints put on top of it (as far as I know, at least. I have experience with SNMP, but not a huge amount, and not for a long time).
Sure. I don't think SNMP is complete in any way for this solution... For instance, it communicates in OIDs, while a user interface would want names and data constraints at a minimum. But I also agree that it would make a good base to build on top of. I mostly just wanted to avoid the xkcd standards problem [0].
I'm pretty much in the same place on SNMP... Had to do some integration with it 10 years ago. Had to even do some Google-fu to remember the name, since the only thing that would come to mind was SMTP.
There's a version of Poe's law at work here. I legitimately can't tell if you're seriously into some sort of competitive toothbrushing or if this is satire.
I am very surprised at the negativity in the reply to this. Of all things to gameify, brushing your teeth is a fantastic subject. It helps develop good habits for a personal and typically solitary activity.
I assume you're wondering if the "high quality" part is serious. The fact is, they do generally make good quality products. They may be overpriced for what they are (the "Bose tax"), but they're still good quality. Their current noise canceling headphones are considered among, if not the, best ones available right now.
You don't need to use the app for QC35, I didn't know about it till I had them for a month.
The reason I got the app is because it does firmware updates. They've released quite a few updates to improve audio quality, noise cancelling, and compatibility with some devices.
Reading about spying headphones on website where video with sound starts automatically and continues to play when pressing pause (but jumps to right corner, just like hoaxes for Windows 95 where "start" button evaded mouse) — we're living in adtechpunk world.
Or another option: uBlock Origin + uMatrix. Playing embedded videos will need such an amount of configuration that you'll really want to watch it before bothering. This could be a positive or a negative, depending on the person :)
I use NoScript, uBlock Origin AND uMatrix on most of my instances.
Noscript as the first line of defense against 3rd party scripts, uBlock in advanced mode for fine-tuning what content goes through, and uMatrix for being the safety net as well as providing cookie control and spoofing/referrer masking, since Cookie Monster still cannot work with multi-process mode.
I really wish uMatrix and uBlock would just combine forces or that uBlock would at least match uMatrix's privacy protection.
Don't you find that your surfing is a configurational nightmare? Using uMatrix was doable, but I finally gave it because it always interupted my browsing. Adding NoScript to the mix would probably drive me insane. Do you have any special techniques? :)
It usually only takes a moment to configure uMatrix for any given site. However, adding NoScript into the mix means that, each time I allow a new script or group of scripts, I have to refresh so that previously unallowed external requests can be made and uMatrix can register them. uBlock is usually not a problem and I usually don't have to touch it, but sometimes I have to let a request or two through.
Sometimes it's absolutely infuriating when I have to spend 5 minutes configuring a new site before I use it, incrementally configuring and reloading, but my anger directed isn't towards my addons. It's directed towards the shitty website that requires a thousand external APIs to function properly.
When it's bad enough, it's a sign that I don't need to be using that website. After all, what is the point of having three layers of blocking (not counting my other addons) if I just let everything through anyway in order to use the site? I also don't allow any third-party cookies and that is non-negotiable for any service.
If it's absolutely critical, as in work-related or I cannot find my information elsewhere, I spin up a thinly-provisioned untrusted VM to minimize my exposure to malware and spy/tracking agencies.
All of this effort is completely pointless if you let yourself get pixeled[0] or pinged with APIs like Google AJAX. And it's pretty much currently impossible to avoid getting pixeled entirely.
Until we fix the major security holes that allow beacons to track us, it's all just intellectual masturbation when we use these tools.
What I would like to see is an addon that intercepts all images and provides them as a tree to allow whitelisting of images, and a caching system similar to Decentraleyes[1].
Sorry for going meta, but I find it very odd your comment was dead, as your GP post was not.
I've been seeing this quite a lot in the last 2-3 months, perfectly reasonable comments that are [dead] for no discernible reason; could this be trolling or a form of botting?
If it's too much bother with NoScript making the page work, it probably wasn't worth wasting any time on it in the first place. So I gained time instead of lost!
Enable the tab mute button that's existed in chrome for years but is still hidden:
Go to URL chrome://flags in a new tab
Search for the ‘Enable tab audio muting UI control’ flag
Hit the ‘Enable’ link
Relaunch Chrome when prompted (on Chrome OS a full restart is required)
Now you can click the little speaker that appears next to the tab's close button when a tab is playing sound to stop that tab from playing audio.
God knows why this isn't enabled by default, somethingsomething advertising money...
I believe that the button is disabled because it's too easy to click by mistake. You can mute a tab in the right click menu without turning on any flags.
Wow, this is awesome. Thanks for mentioning this. I've been using Firefox for months now (switched from chrome) and never knew about this feature in either browser.
When you regularly have open 100+ tabs in more than one instance of Firefox across multiple VMs, this is an absolutely indispensable feature. Before its time you would basically have to shut everything down and start over instead of finding that obscure tab that suddenly started belting out news headlines
People can use a ton of tabs for a ton of reasons. I used to do the same thing at times, when I used Treestyle tab in Firefox. But it's an old type of extension soon to be deprecated, and was giving me bugs on browser updates (maybe due to it being a XUL extension).
The add-on put tabs on the side of the screen, and grouped them up into trees, which you could also collapse. So if you were to browse Wikipedia and click on all sorts of links, you'd have a whole tree with different branches. Then when you take a break, you just collapse the tree and start a new tree. Want to reference something from the Wikipedia tree? Just expand it again!
It worked really well with the session restore functionality of Firefox, which doesn't reload all tabs again when the browser launches. So you had very little performance impact for what felt like the perfect bookmark and tab integration.
So in order to reach 100+ tabs, it's just one hour of casual browsing per day and within a week you'll have 100 tabs open of Wikipedia trees, various clothing stores, a code problem tree or two, and a HN tree with all the little interesting links.
Then you may wonder why you wouldn't just bookmark pages and close tabs? Personally I open bookmarks a few times a year, but this Treestyle extension made me click around so many times per day.
(By the way, if anyone has found a similar add-on please let me know)
Wow I've never heard of that. The most tabs I've ever personally used is around 25 to do some server stress testing (very low-scale). The most I've ever seen is around 35 from one of my coworkers that uses tabs instead of bookmarks for some reason.
It's closer to 500 or so at a given time. I have a few instances that only run up a dozen or two tabs in their lifetimes.
I do lots of research on a variety of topics, and break it up with ADHD wikipedia binges and the like, then with aggregators like HN it's very easy to open a dozen or two tabs and just start powering through them.
Some of these tabs sit for weeks, and some just rot away till they are irrelevant and I delete them. You could think of this as a temporary bookmarking system, much in the way you may have a filing cabinet but your desk still stays covered with mountains of papers that are relevant to your current work.
I keep a bookmark bar with just favicons and no text. Only my most-used sites for the domain on which the instance runs. When this bar fills up, that's it. I either make room for new items or they aren't important enough. I have a folder for more "long term" bookmarks that I basically never check. This way, I only keep links to stuff I currently need. Firefox doesn't load them on default so it's very quick and non-resource hungry. It has to be or I couldn't be running 3-4 instances of Firefox at once, when you factor in all of the VM overhead.
I don't use Tree Style tabs like sister comment suggests. I have an unorthodox browsing style that doesn't mesh well with the way it sorts tabs. Besides, the API it uses is indeed being phased out. I prefer using the location bar to quickly search my tabs.
In general, bookmarks just have a limited use-case for me because, if it's static and information-dense I would probably rather save an offline copy anyway in the spirit of doomsday prepping.
This is increasingly more common. Companies building in data collection to products and marketing it as a 'feature'. Especially in cars manufacturers, who are openly offering to sell this data. The unsettling part is most customers don't seem to mind.
The unsettling part is most customers don't seem to mind.
A lot of consumers don't even know, as we see here.
Those who do know often don't understand the full implications.
The state of privacy and security in modern cars is particularly disturbing, as you say, and really needs a blunt, in-your-face public information campaign and preferably statutory regulation. But that would require the relevant governments to understand the dangers themselves, and I don't think most politicians are any better at knowing and understanding these things than anyone else.
Disgusting... I just deleted the app, however I hadn't opened it for a while, anyone know / can guess if it had still been sending stuff out (e.g. as a background process of some sort)?
This link has an autoplay video with sound. Can we get some kind of title warning on these, like the [pdf] or [1927] warnings? I really don't want to click on these without being prepared. Lacking a better alternative, for now, I'm just flagging it.
That's certainly a debate I'm willing to have, but as of right now flagging doesn't exist to let HN admins know you don't like a website's ad structure.
Are we really getting this finicky now? Like, I'm usually on the more compassionate side of listening to people's concerns, but being offended by a video playing is just... sissified to the max.
I don't read your parent as being offended. I'm annoyed by autoplay videos myself. I don't think a tag is necessary, but I understand where they're coming from. Please be a little more charitable in reading others comments. No matter how they post, there's never a reason to make it worse.
I have the 35s. How does one get in on signing the class action? Or can you only do this after it has gone to trial and has gone in favor of plaintiff?
Ok, this is DEFINITELY NOT cool (+ the fact I own those and I have the app installed).
One small note of optimism (but not coming from Bose) is this: http://imgur.com/a/ezLUi (i.e. the iOS on/off setting for Background App Refresh - I have it globally off for the whole device, always). So I don't think once the app is not running that there's an easy/Apple approved way for them to keep running to app to transmit data, etc.
I also just turned off Cellular Data for this...
If someone from Bose is reading this - just wow...
I'm tired of the implication that using non-free software for which a free alternative does not exist is inherently stupid.
Software is a tool. People can't use tools that don't exist. If you want free software to win, get off your high horse and focus on making more/better free software.
wow! I own a couple of these headsets, and while I've never used the app (I don't feel the need to install an app for an headphone device thank you very much), I'm disappointed in Bose.
Does anyone know any other headphone manufacturer that's got as good a sound + build quality as Bose?
I'm loving my Sennheiser Momentum wireless phones. However, apparently the current king of the hill is the new Sony MDR-1000X. Better noise cancelling than Bose, and sound quality as good as the Sennheiser.
Avoid Bose headphones because they're overpriced and riding off brand recognition.
Avoid """"smart"""" devices made by hardware manufacturers because hardware manufacturers don't know how to write software.
While I sympathize for the people who are affected by this, everyone should really avoid buying such manifestly bad products in the first place. We should really be doing our best to avoid "smart" TVs, "smart" headphones, and other superfluous and poorly done computerization.
If you don't mind IEMs, they offer superior sound blocking to over-ear headphones with active noise cancelling, especially with foam earpieces.
If that works for you, get any decent pair of Shure IEMs (or anything that uses the MMCX connector). Then you can purchase a Bluetooth receiver that connects to any brand of MMCX IEMs. This is nice because now the most expensive part (the IEM) you can keep using for as long as you want while periodically upgrading the wireless component as new technologies emerge.
As someone who's actually currently hunting for wireless noise-canceling cans, what's your suggestion? (other than IEMs or something I have to plug into another receiver) I'm quite satisfied with the sound of my Seinnheiser 598s but they have a cable and are open back.
Brand loyalty can be tough. As an outsider to Bose, but a Sennheiser fan, that feeling of finding out you were not getting a fair deal in this case is pretty bad. Bummer.
Agreed. I've been a Bose customer for over the past decade, buying a new pair of headphones every couple years. While I get that people criticize them for a number of good reasons, I don't mind paying a bit more for a premium product that I use daily. That they offered great discounts for returned/broken headphones has kept me a customer for a long time. In the next year or two I'll probably be getting a new pair of wireless headphones, as that seems to be clearly the way that things are going. Bose would have been a simple choice, but now they're not. As a customer it's frustrating to see companies whose products I enjoy using compromise my trust in them with such short sighted actions.
Is anyone compiling a black-list of companies that implicitly charge users by quietly (or not-so-quietly) collecting their data? This is increasingly becoming the consumer protection issue of our time.
A white-list of companies that do NOT do this could also be useful, especially as alternatives to companies on the black-list.
I think that for ANYTHING that requires an app and connection to the internet, we all should take for granted that:
1) data is being collected (e.g. my precious steps/vitals/food intake on fitbit)
2) data is being transmitted to "mother ship" and then sold to everyone that is willing to buy (e.g. why on earth did iOS fitbit app wanted to connect to facebook??? and then I stopped using fitbit - of course I was using a throwaway email and false name/DoB to begin with)
3) data is being correlated and adding more juice to each user's profile (e.g. iOS fitbit app getting my IP, fake-name, throwaway-email, vitals, not-my-iOS advertising identifier)
No way around this. Only using a good hosts file, PMP, and Firewall IP (on iOS and for jailbroken devices). Anyone who runs stock iOS or Android is in the mercy of all "these people".
Timely, considering I was just thinking about buying a Q35 tonight. (Oh who am I kidding, I'm probably still going to do it).
I'm curious if anyone knows a way to temporarily disable/enable apps without having to uninstall them. Android used to have a "Disable" button in the App Manager, but my current 6.0.1 phone isn't showing that for any apps. Am I missing something?
I've got a Q35, I installed the app to set it up, but deleted it later, and have never been prompted again or anything, and everything works fine. So I think you can just delete it no problem.
I'm sure I could, but I would be missing out on the features I may want to occasionally use/change.
Bose is hardly the only app I would want to block. There are dozens of apps I might use only occasionally - a month or a year might go by between uses. But having to reinstall is just a cumbersome step.
214 comments
[ 3.9 ms ] story [ 276 ms ] thread>The lead plaintiff in the lawsuit is a man named Kyle Zak, who claims he followed the company's suggestion to "get the most out of your headphones" by downloading the Bose Connect app, and supplying information such as his name, phone number and email address.
The ONLY feature I can see using is the managing bluetooth devices. I had 4 devices in my list -- old computer, new computer, old phone, new phone. Unless you're around 3+ devices you regularly connect to, its not really an issue.
My computer and phone are the only 2 devices that will be in range so I'll never need to "manage" this. Again, think of all of the other devices that only support connecting to ONE other device and don't need a proprietary app to manage this.
It's promoted as the only way to update the headphones and to control what they connect to over Bluetooth.
"Well, your honor, he agreed.."
"YOUR USE OF THE SOFTWARE ALSO OPERATES AS YOUR CONSENT TO THE COLLECTION, TRANSMISSION AND STORAGE OF CERTAIN STANDARD NETWORKING INFORMATION, DEVICE USAGE DATA, AND BOSE PRODUCT INFORMATION VIA THE INTERNET TO SERVERS OWNED OR CONTROLLED BY BOSE OR OPERATED BY THIRD PARTIES ON BEHALF OF BOSE"
The "Privacy Policy" bits posted by aaronpk [0] only speaks to collecting what engineers would call telemetry information. It has zero mention of collecting other data, and zero mention of reselling the data.
I know the US is relatively weak on such laws compared to some EU countries. This lawsuit might not go anywhere here, but there could very well be a strong case in, say, Germany.
[0] https://news.ycombinator.com/item?id=14148461
Listening data was not mentioned under a MAY INCLUDE section, however of course its' covered by the blanket "data".
http://i.imgur.com/rQZYTvT.png
http://i.imgur.com/0YD1D9l.png
No indication that the data collected (independently of Boise) is even anonymized.
The courts have repeatedly shown that a meeting of the minds is not required to be bound to an EULA contract. The consuemr does not have to comprehend or understand their loss of rights in order to have them stripped.
Of course it would. What is the consumer benefit derived from the collection of this data?
I have no idea if their app collects this information too, but it's just a matter of time before someone becomes interested to it as it happens with any kind of data that can be used to profile people.
A person who listens to music at unusually loud levels SHOULD be charged more for insurance. Just as a 24 year old Asian single male software engineer in Mountain View gets charged more for car insurance. And if you have poor hearing skills, I sure as hell don't want you on my Marvel Studios audio engineering team (example)
It seems that your really want everyone to be treated equally when in reality it will never happen, and in fact comments like yours increase the disparity.
No one who I know personally, outside one or two folks who also work in tech and would fit perfectly with HN's demographic, cares about tech spying on them.
Friends of mine have gotten home assistants, video game console, smart TVs, etc for years without one thought of their data being sold to a third party.
And it is one reason why we are hurtling inexorably to Idiocracy...
If someone familiar with Amazon's hardware business and Kindle sales numbers could chime in, we could get a sense of whether the transparency approach works.
Considering that code has creation and maintenance costs, I doubt this would ever actually reduce the price. They would just inflate the final price to cover the cost. And if it collects enough data to actually make money, the price reduction would probably not significant enough to match perpetual data theft. Not to say that some people wouldn't go for it. It's amazing the lengths people will go to for free or cheap products.
But there's still the many liabilities of collecting, transferring and securing sensitive data. People who know the risks and hassles involved with identity theft would be very selective about these services.
And this doesn't even account for the "third party SDKs, bound by privacy policies not covered in this document".
https://www.scribd.com/document/345620278/Bose-Privacy-Compl...
(i) collect and record the titles of the music and audio files its customers choose to play through their Bose wireless products and (ii) transmit such data along with other personal identifiers to third-parties—including a data miner—without its customers’ knowledge or consent.
This right here. Music titles are bad enough, but titles and sources of podcasts and videos played through the headphones should be enough to upset even the most naive consumers. This amounts to a slice of your browsing history as it relates to audio and video content.
But the idea that the app can detect which music or podcasts I'm listening to, and build a profile from that -- if true, that would be shocking. Can anyone answer, is that even possible via iOS API's?
The user, again if they are or are employed by a HIPAA covered entity, might be, though.
https://imgur.com/a/Uvzak
https://www.youtube.com/watch?v=q8sVDenpPOE
Source: I know one of the engineers who was on the project.
The reason why I bought a bluetooth toothbrush was for a wireless hardware clock, brushing timer, and ranking system which also really doesn't work correctly even with the app.
Gamification of dental health! I think this is a good thing.
We are truly living in a modern fall of rome. We will choke on our bluetooth enabled toothbrushes, 700 dollar juicer machines, our fucking fitbits. We've ravaged the earth to adorn ourselves with decadent shackles and we will reap the consequences with fake tans and ultra clean teeth.
In the past year I've gone from being an environmentalist to a big fan of the end times. We're going to eat ourselves out of a home, and a few billion years later, the Earth will still be here, not missing us at all. Fuck it, get three bluetooth toothbrushes next time.
You don't appreciate the diversity?
Fake tans are better than cancer and ultra clean teeth sounds like it would cut down on dental issues.
Something like 70% of Americans are vitamin-D deficient. Get some damn sunlight.
(It's probably historically wrong, but still a popular belief.)
Phone apps...for a goddamn toothbrush. Were someone to ask me, "Mike, you do a lot of Bluetooth work, what if we BT-enabled our electric toothbrush...what kind of value could we add with that?" Because I'm horrible at coming up with creative ideas for new technologies, I'd come up with something lame like, say, maybe a "ranking system". I could add a "brushing timer", but a plain ol' Sonicare can do that without adding radios, so why bother? And my manager, because she's smart that way, says "meh, I guess it was a dumb idea, but never hurts to ask, right?" Except at Oral B they say, "outSTANDING, Jones! I think you're in line for a promotion!"
And don't take this personally, ecomhacker. You bought such a beast for your own good reasons and need not answer to me. I'm just both astounded and horrified that such a thing even exists.
I got the toothbrush because I am depressed/a drug addict and usually don't brush my teeth as often as I should. I was using a tracking app, but I figured since it was bluetooth I might be able to integrate it with the app I'm using for tracking. I figured it wouldn't support this out of the box, but I'm a CS/EE and figured if I was bored, it would be one more toy to play with.
TLDR, I've got money to burn and I'm spending it to avoid personal responsibility
I find it disturbing that we're moving to an era where even simple devices require the equivalent of a sonic screwdriver to make work.
I really, really wish we had a generic discovery, configuration and reporting protocol (like HTML forms but much more rigid and no styling) for configuring bluetooth devices that was open, and popular enough that companies would feel pressured to use it.
Then again, I really wish we had the exact same thing for IoT devices on the local network.
I swear, if it was good enough, and you marketed it to the Chinese knock-off manufacturers (who I assume would love to take some open source embedded code and not write their own), it might actually get enough momentum to force the brand names to support it as well.
https://en.wikipedia.org/wiki/Simple_Network_Management_Prot...
That is, SNMP might make a good underlying protocol that something that is much more constrained might sit on top of. Ideally, a simpler markup language that can compile down to SNMP.
E.g. a "device" has one or more named "config-forms" (which an app might choose to represent each as a separate tab or section), with a well defined set of settings with a name, type (integer, decimal, sized string) and description. A device might have one or more "reports" which provide a consolidated view of particular variables.
Very simplistic, but with simplicity comes interoperability. SNMP by itself is far too general to support this without some constraints put on top of it (as far as I know, at least. I have experience with SNMP, but not a huge amount, and not for a long time).
I'm pretty much in the same place on SNMP... Had to do some integration with it 10 years ago. Had to even do some Google-fu to remember the name, since the only thing that would come to mind was SMTP.
[0] https://xkcd.com/927/
The downside is that ANC is on all the time, with no way to disable it. But they're actually better headphones.
The reason I got the app is because it does firmware updates. They've released quite a few updates to improve audio quality, noise cancelling, and compatibility with some devices.
It's a Procrustean approach but it works.
Noscript as the first line of defense against 3rd party scripts, uBlock in advanced mode for fine-tuning what content goes through, and uMatrix for being the safety net as well as providing cookie control and spoofing/referrer masking, since Cookie Monster still cannot work with multi-process mode.
I really wish uMatrix and uBlock would just combine forces or that uBlock would at least match uMatrix's privacy protection.
Sometimes it's absolutely infuriating when I have to spend 5 minutes configuring a new site before I use it, incrementally configuring and reloading, but my anger directed isn't towards my addons. It's directed towards the shitty website that requires a thousand external APIs to function properly.
When it's bad enough, it's a sign that I don't need to be using that website. After all, what is the point of having three layers of blocking (not counting my other addons) if I just let everything through anyway in order to use the site? I also don't allow any third-party cookies and that is non-negotiable for any service.
If it's absolutely critical, as in work-related or I cannot find my information elsewhere, I spin up a thinly-provisioned untrusted VM to minimize my exposure to malware and spy/tracking agencies.
All of this effort is completely pointless if you let yourself get pixeled[0] or pinged with APIs like Google AJAX. And it's pretty much currently impossible to avoid getting pixeled entirely.
Until we fix the major security holes that allow beacons to track us, it's all just intellectual masturbation when we use these tools.
What I would like to see is an addon that intercepts all images and provides them as a tree to allow whitelisting of images, and a caching system similar to Decentraleyes[1].
[0] https://en.wikipedia.org/wiki/Web_beacon#Implementation
[1] https://addons.mozilla.org/en-US/firefox/addon/decentraleyes...
I've been seeing this quite a lot in the last 2-3 months, perfectly reasonable comments that are [dead] for no discernible reason; could this be trolling or a form of botting?
If it's too much bother with NoScript making the page work, it probably wasn't worth wasting any time on it in the first place. So I gained time instead of lost!
Go to URL chrome://flags in a new tab Search for the ‘Enable tab audio muting UI control’ flag Hit the ‘Enable’ link Relaunch Chrome when prompted (on Chrome OS a full restart is required)
Now you can click the little speaker that appears next to the tab's close button when a tab is playing sound to stop that tab from playing audio.
God knows why this isn't enabled by default, somethingsomething advertising money...
The add-on put tabs on the side of the screen, and grouped them up into trees, which you could also collapse. So if you were to browse Wikipedia and click on all sorts of links, you'd have a whole tree with different branches. Then when you take a break, you just collapse the tree and start a new tree. Want to reference something from the Wikipedia tree? Just expand it again!
It worked really well with the session restore functionality of Firefox, which doesn't reload all tabs again when the browser launches. So you had very little performance impact for what felt like the perfect bookmark and tab integration.
So in order to reach 100+ tabs, it's just one hour of casual browsing per day and within a week you'll have 100 tabs open of Wikipedia trees, various clothing stores, a code problem tree or two, and a HN tree with all the little interesting links.
Then you may wonder why you wouldn't just bookmark pages and close tabs? Personally I open bookmarks a few times a year, but this Treestyle extension made me click around so many times per day.
(By the way, if anyone has found a similar add-on please let me know)
It's closer to 500 or so at a given time. I have a few instances that only run up a dozen or two tabs in their lifetimes.
I do lots of research on a variety of topics, and break it up with ADHD wikipedia binges and the like, then with aggregators like HN it's very easy to open a dozen or two tabs and just start powering through them.
Some of these tabs sit for weeks, and some just rot away till they are irrelevant and I delete them. You could think of this as a temporary bookmarking system, much in the way you may have a filing cabinet but your desk still stays covered with mountains of papers that are relevant to your current work.
I keep a bookmark bar with just favicons and no text. Only my most-used sites for the domain on which the instance runs. When this bar fills up, that's it. I either make room for new items or they aren't important enough. I have a folder for more "long term" bookmarks that I basically never check. This way, I only keep links to stuff I currently need. Firefox doesn't load them on default so it's very quick and non-resource hungry. It has to be or I couldn't be running 3-4 instances of Firefox at once, when you factor in all of the VM overhead.
I don't use Tree Style tabs like sister comment suggests. I have an unorthodox browsing style that doesn't mesh well with the way it sorts tabs. Besides, the API it uses is indeed being phased out. I prefer using the location bar to quickly search my tabs.
In general, bookmarks just have a limited use-case for me because, if it's static and information-dense I would probably rather save an offline copy anyway in the spirit of doomsday prepping.
I've been "training" my Adblock+ and my NoScript for soooo long that by now most of the metrics/trackers/beacons/crap don't even load.
A lot of consumers don't even know, as we see here.
Those who do know often don't understand the full implications.
The state of privacy and security in modern cars is particularly disturbing, as you say, and really needs a blunt, in-your-face public information campaign and preferably statutory regulation. But that would require the relevant governments to understand the dangers themselves, and I don't think most politicians are any better at knowing and understanding these things than anyone else.
Are we really getting this finicky now? Like, I'm usually on the more compassionate side of listening to people's concerns, but being offended by a video playing is just... sissified to the max.
One small note of optimism (but not coming from Bose) is this: http://imgur.com/a/ezLUi (i.e. the iOS on/off setting for Background App Refresh - I have it globally off for the whole device, always). So I don't think once the app is not running that there's an easy/Apple approved way for them to keep running to app to transmit data, etc.
I also just turned off Cellular Data for this...
If someone from Bose is reading this - just wow...
In any case, I would encourage everyone to delete the app at this point.
Also looms are destroying cottage industry and maybe it isn't too late to riot some more against the enclosure of common grazing lands.
You're being sarcastic, but do we really need an app to deliver sound to headphones? I think that's a solved problem.
Software is a tool. People can't use tools that don't exist. If you want free software to win, get off your high horse and focus on making more/better free software.
Does anyone know any other headphone manufacturer that's got as good a sound + build quality as Bose?
Avoid """"smart"""" devices made by hardware manufacturers because hardware manufacturers don't know how to write software.
While I sympathize for the people who are affected by this, everyone should really avoid buying such manifestly bad products in the first place. We should really be doing our best to avoid "smart" TVs, "smart" headphones, and other superfluous and poorly done computerization.
*edit put the x in the wrong place
If that works for you, get any decent pair of Shure IEMs (or anything that uses the MMCX connector). Then you can purchase a Bluetooth receiver that connects to any brand of MMCX IEMs. This is nice because now the most expensive part (the IEM) you can keep using for as long as you want while periodically upgrading the wireless component as new technologies emerge.
- https://itunes.apple.com/us/app/bose-connect/id1046510029?mt...
- https://play.google.com/store/apps/details?id=com.bose.monet...
A white-list of companies that do NOT do this could also be useful, especially as alternatives to companies on the black-list.
1) data is being collected (e.g. my precious steps/vitals/food intake on fitbit)
2) data is being transmitted to "mother ship" and then sold to everyone that is willing to buy (e.g. why on earth did iOS fitbit app wanted to connect to facebook??? and then I stopped using fitbit - of course I was using a throwaway email and false name/DoB to begin with)
3) data is being correlated and adding more juice to each user's profile (e.g. iOS fitbit app getting my IP, fake-name, throwaway-email, vitals, not-my-iOS advertising identifier)
No way around this. Only using a good hosts file, PMP, and Firewall IP (on iOS and for jailbroken devices). Anyone who runs stock iOS or Android is in the mercy of all "these people".
Open source isn't a panacea when no one reads the code.
I'm curious if anyone knows a way to temporarily disable/enable apps without having to uninstall them. Android used to have a "Disable" button in the App Manager, but my current 6.0.1 phone isn't showing that for any apps. Am I missing something?
Bose is hardly the only app I would want to block. There are dozens of apps I might use only occasionally - a month or a year might go by between uses. But having to reinstall is just a cumbersome step.
I downloaded it again just now. Again, nothing I needed, deleted.