SONOS holding their users "hostage" - Cloud account now required

[TerraHertz]

My rules:
1. Wired.  Cut wireless anything to an absolute minimum. Then cut some more.
2. F*ck the Cloud. All personal play and work data must be local and private. No exceptions.
3. No subscription software/IOT services. None. This includes OSs, so excludes Win10.
4. No 'auto-updates.' Disable them all, ditch anything that doesn't allow disabling auto-updates.
5. If you have a choice between a thing that has a CPU, and something that doesn't, pick the latter.
6. Any company that progressively reduces utility of their products, is your enemy. Boycott them absolutely and forever.
    (That includes Apple and Microsoft.)

[Halcyon]

My rules:
1. Wired.  Cut wireless anything to an absolute minimum. Then cut some more.
2. F*ck the Cloud. All personal play and work data must be local and private. No exceptions.
3. No subscription software/IOT services. None. This includes OSs, so excludes Win10.
4. No 'auto-updates.' Disable them all, ditch anything that doesn't allow disabling auto-updates.
5. If you have a choice between a thing that has a CPU, and something that doesn't, pick the latter.
6. Any company that progressively reduces utility of their products, is your enemy. Boycott them absolutely and forever.
    (That includes Apple and Microsoft.)

My rules follow along these lines however let me add...

Wi-Fi can be secure, but forget about it using standard consumer gear. I do some work from home and use a mixture of both Ethernet and Wi-Fi. Among other things, my Wi-Fi network uses certificate and user name based RADIUS authentication, it's also protected against unauthorised de-auth attacks. I use that Wi-Fi network for anything classified as "Protected" and below. Anything above that goes over Ethernet and varying layers of encryption.

I have a separate Wi-Fi network for "Unclassified" material, such as anything to do with my vintage computer collection or guest access.

I also disagree with disabling automatic updates. I want to know the moment an update comes out for my infrastructure. I don't necessarily want it to install without me authorising it first, but I definitely want to be notified.

[Brumby]

My rules:
1. Wired.  Cut wireless anything to an absolute minimum. Then cut some more.
2. F*ck the Cloud. All personal play and work data must be local and private. No exceptions.
3. No subscription software/IOT services. None. This includes OSs, so excludes Win10.
4. No 'auto-updates.' Disable them all, ditch anything that doesn't allow disabling auto-updates.
5. If you have a choice between a thing that has a CPU, and something that doesn't, pick the latter.
6. Any company that progressively reduces utility of their products, is your enemy. Boycott them absolutely and forever.
    (That includes Apple and Microsoft.)

Sounds like the tune I've been playing for a while.   

[TerraHertz]

Wi-Fi can be secure, but forget about it using standard consumer gear. I do some work from home and use a mixture of both Ethernet and Wi-Fi. Among other things, my Wi-Fi network uses certificate and user name based RADIUS authentication, it's also protected against unauthorised de-auth attacks. I use that Wi-Fi network for anything classified as "Protected" and below. Anything above that goes over Ethernet and varying layers of encryption.

For me, it's only partially about security. More about time sinks, avoiding stupid complexity creep, and the general precautionary principle.
When I do set something up, and it works, I want it to stay working just like that, effectively forever. Or until I decide to change it.
I'm not a networking professional, and don't want to have to play at being one.

Also my anti-WiFi bias is partially founded in a contrarian desire to live in as little RF noise as possible. Just in case increasing background RF level turns out to be medically a bad idea. (And there's an increasing body of evidence it is.)

As for updates, you *cannot* know exactly what is in an update. Unless you can disassemble the code yourself and examine it instruction by instruction. See 'time sinks'.

[3db]

sounds like the FBI are gonna crawl so far up your ass your gonna sneeze paper for a year

Did you find a connection between nose and ass otherwise I do not get this statement.

Nice one 

[madires]

Sounds like the tune I've been playing for a while.   

My rule is quite simple: I own it and I have full control.

[2N3055]

According to GDPR (new privacy law in EU), if they have any EU customers, they will soon stop to exist as a company.
GDPR explicitly states that they cannot deny you service if you deny them personal data. Also, demanding your data for you to be able to use hardware device you own, and that doesn't need any Internet or any other outside connection to perform it's work is excessive data collection and is punishable by itself..

In addition to GDPR they are also violating several consumer protection laws in many countries...
Hope they get sued big ...

P.S. Wireless speakers that cannot work without internet connection.. Honestly ?

[rbm]

Agreed, 2N3055.  The actual condition is explained well in this discussion thread: https://news.ycombinator.com/item?id=16874399

It's a bit different - you can deny service to people; however, if offering or denying service is conditional on consent, then this means that this consent isn't freely given and thus "doesn't count", doesn't give you any rights to handle that data.
It's done in the same manner as with other consumer contracts - there's a broad range of contractual terms that (in EU) automatically are unenforceable if they're put into a "take it or leave it" consumer contract; GDPR clarifies that permission to use private data is one of such terms; this permission cannot be transferred by some term in a nonnegotiable contract.

I.e. if customer A clicks "agree", customer B clicks "disagree", and you deny service to customer B because of that - then this means that the "agreement" of customer A (and everyone else) is worthless to you, it means that these clicks don't indicate freely given consent and thus do not give you permission to use their data, as customer A can reasonably claim that they did not really want you to use that data in this manner and they clicked "agree" only because you'd refuse them service otherwise.

The legal wording is such that you can't (and shouldn't be able to) gain GDPR-consent unless the users actually want you to do the thing you do with their data; GDPR requires that they know what exactly you'll do, and they without any coercion give an explicit opt-in indication that they want you to do it, and they can freely revoke that permission.

If you feel that you are being forced to give consent for the Sonos service that you otherwise would not prefer to give, then exercise your right to complain to the EU commission tasked with enforcing GDPR.  Enough complaints should result in action.

[CopperCone]

My rules:
1. Wired.  Cut wireless anything to an absolute minimum. Then cut some more.
2. F*ck the Cloud. All personal play and work data must be local and private. No exceptions.
3. No subscription software/IOT services. None. This includes OSs, so excludes Win10.
4. No 'auto-updates.' Disable them all, ditch anything that doesn't allow disabling auto-updates.
5. If you have a choice between a thing that has a CPU, and something that doesn't, pick the latter.
6. Any company that progressively reduces utility of their products, is your enemy. Boycott them absolutely and forever.
    (That includes Apple and Microsoft.)

I like auto updates for security because chances are if a company is spending money on patching it, someone figured out how to use it for no good and its on all the script kiddy forums and shit, so you minimize exposure. Criminals are super lazy.

if you talk to security professionals, most will advise you that its good to run the updates, it goes from 'i need to figure out some kind of exploit, i kinda know what to do but I need to engineer a solution' vs 'some one wrote a nice script for me on a forum I just have to run'. Most criminals want to make a career that's less work and more money then the alternative (honest work), so you figure out which target they will choose.

I have known a few, they are fucking disgracefully lazy, drug users, drinkers, etc most of the time.

[rdl]

If it's Windows updates causing the problem, they come out on a regular schedule so you can just shut down the service until it's needed. Set it to check for updates, but not download or install them. You might also look into something called WSUS Offline to replace the built in Windows Update service. I have it and it looks interesting, but I haven't really had time to actually try it.

[Kleinstein]

Maybe it is time to give Donald Duck another account.

[Tepe]

Could those internet connected speakers be used as microphones? 

[Halcyon]

Could those internet connected speakers be used as microphones? 

The Play:1 and the Play:3, no, they don't contain microphones. The Play:5 and the new Sonos One however do. So yes, they have the potential to be used as listening devices.

[Tepe]

Could those internet connected speakers be used as microphones? 

The Play:1 and the Play:3, no, they don't contain microphones. The Play:5 and the new Sonos One however do. So yes, they have the potential to be used as listening devices.

I also meant using the speakers as microphones... (the other meaning of speaker - the component)

[rdl]

Yes, they definitely could also function as microphones. The newer models include a separate microphone because SONOS has this idea that they can compete with Google Voice and Amazon Echo and Alexa.

[TerraHertz]

 I can't help wondering if maybe Sonos is owned by Soros.

[CJay]

Wow, I hadn't ever contemplated speakers without wires. How obsolete can I be.
They must be making money from your data in order to justify to themselves it is worth pissing you off like that.

The trouble with looking elsewhere is not knowing if the alternatives won't do the same thing down the track.

I kinda curious about what exactly a Sonos system does, but I also think I'd rather remain ignorant.

Do they at least sound good? I can't help thinking they price them according to the feature list rather than the sound quality.

If they haven't already I think they're either going to launch a subscription based streaming music service or partner up with one, it makes sense from a business point of view if your 'core' revenue is from an internet enabled sound system.

It doesn't make sense to force your customers to sign up or throw your products away though, I like the idea of being able to hack their spoeakers for my own purposes though, I suspect there'll be a few kicking around for low cost...

[bitwelder]

I'm yet to take one apart to see if it can be easily re-flashed with a custom Linux system. If it's possible, I would love to scrap the Sonos ecosystem altogether and just run them as standalone network speakers.

Well, simply googling for "sonos github" finds already a bunch of interesting projects of all kinds, so if it's possible, I'm quite convinced somebody must have already walked the extra mile to flash Linux to it.

[Halcyon]

I'm yet to take one apart to see if it can be easily re-flashed with a custom Linux system. If it's possible, I would love to scrap the Sonos ecosystem altogether and just run them as standalone network speakers.

Well, simply googling for "sonos github" finds already a bunch of interesting projects of all kinds, so if it's possible, I'm quite convinced somebody must have already walked the extra mile to flash Linux to it.

I wouldn't think it would be too hard. It already runs Linux of some kind. According to iFixit, the Play:3 (the middle sized unit) contains 512MB RAM and a 266MHz PowerQUICC CPU. The trickiest part will probably be flashing the device itself, it looks like there are no other ports other than Ethernet.

[Bassman59]

If they haven't already I think they're either going to launch a subscription based streaming music service or partner up with one, it makes sense from a business point of view if your 'core' revenue is from an internet enabled sound system.

Oh, great, Yet Another Fucking Music Streaming Service. The thing is, with whom would they partner? The only player that makes sense would be Spotify, which doesn't have a piece of hardware already. (Does Pandora still exist?)

Content providers have Yet Another Service with which to negotiate terms.

Customers have Yet Another App with which to deal. And what happens if Sonos gets really greedy and somehow precludes using anything but their partner streaming services with their product?

Their problem is that they're not happy just selling hardware, especially the sort of hardware that basically needs to never be replaced. Customers buy one or two Sonos speakers, set them up, and that's that. A one-time transaction per customer. So they are looking at creating revenue streams out of thin air. What could possibly go wrong?

[Brumby]

sounds like the FBI are gonna crawl so far up your ass your gonna sneeze paper for a year

Did you find a connection between nose and ass otherwise I do not get this statement.

Nice one 

There are two possibilities here.  The first is the alimentary canal; the second is commonly referred to as "brown nosing".

The alimentary canal interpretation perfectly fits the topography required for this saying to carry meaning.

[Cyberdragon]

sounds like the FBI are gonna crawl so far up your ass your gonna sneeze paper for a year

Did you find a connection between nose and ass otherwise I do not get this statement.

Nice one 

There are two possibilities here.  The first is the alimentary canal; the second is commonly referred to as "brown nosing".

You'll have one after they're done with you. It'll be their "spy hole".