Warning: *Privacy Not Included with this product
Bose makes some nice headphones, if you can afford them. These noise cancelling headphones also offer stellar microphones to pick up your voice on calls in your office or in the world. You can also ask Alexa a question with a wake word or get Google Assistant or Siri involved too. And one tap gets you into your favorite Spotify playlist. All this through a Bluetooth connection to your phone. Fancy, pricey, and hopefully not too likely to invade your privacy (although Amazon and Spotify will collect data on those requests you make or songs you play).
What could happen if something goes wrong?
So, what's going on with Bose's privacy? Well, they can be rather nosey, for a smart speaker/headphone company. They collect a fair amount of personal information, such as your name, email, address, location from IP address and sometimes your precise location too, if you allow them. This is all pretty normal. They also say they can collect information about you from third parties, "such as business partners, marketers, researchers, analysts, social network services, and other parties to help us supplement our records." And then there is all the data Bose says they can collect about you automatically through the use of the smart speakers, headphones, apps, websites, and even in their retail stores. So yeah, Bose hopes to build a pretty good profile on you, which , ugh, why does a headphone company need to build such a profile on you?
To market you stuff, that's why. Bose says they do share or "sell" (under the definition of sell in California's strong CCPA privacy law) some personal information to third party advertising partners to target you with ads. This generally includes your email address as well as the information Bose says they can collect on you automatically through their technologies. That means the use and interaction with their website, apps, devices, and interactions in their retails stores. That includes things like your location, IP address, what media you access, what content you listen to such as "sleep tracks, stations, playlists, artists, albums, songs, or podcasts," and even sensor data from your headphones such as your head orientation and movement, and environmental data such as the noise levels and audio frequencies of sounds around you. That seems like a lot of weird little data points to collect about you. And while this might not reach the crazy level of what a car or your phone can collect and share on you, well, dang people, it's your smart speaker and headphones!. Headphones and smart speakers collecting and then sharing things like your head movement, environmental data like the sounds around you, and what podcats you like to listen to and where you are just seems kinda creepy.
Bose goes on to say they may use or share de-identified personal data for any purpose they choose, without limitation. This actually worries us a good bit because privacy researchers have long pointed out that it is relatively easy to re-identify such data, especially when location data has been collected. To explain this a bit further, when you see a company say they can share anonymous data without limitation, that's generally not as worrisome as that is data that is no longer personal information. But de-identified data could still be personal information, so for Bose to claim they can use your de-identified data "without limitation," that is something that worries us.
Oh, and if you choose to use Amazon Alexa or Google Assistant with this smart speaker, know that Google and Amazon will collect data on the voice requests you make. Amazon and Google aren't exactly known for being bastions of privacy.
How is Bose's track record at protecting and respecting your personal information? A few years back Bose came under fire when it was alleged they were secretly collecting personal information about users through the Bose app. Bose fought the class action lawsuit based on these allegations. And early in 2021, Bose made a good change when they stopped requiring users to create an account to use the Bose Music app that controls their headphones and speakers. They do really push users to make an account though, so beware of that.
What's the worst that could happen with Bose? Well, Bose does collect a fair amount of personal information for headphones -- things like your head movements, email address, IP address, location and what content you listen to. And they do say they can share and even "sell" some of this data for targeted advertising purposes. It would be weird for your headphones to give away to online advertisers the fact that you like to listen to lots of podcasts about how to get better at dating while nodding your head along to them, determine you are single and lonely, and target you with loads of adds for sexy AI chatbots. That could get weird -- and unhealthy -- fast.
Tips to protect yourself
- If you use Alexa or Google Assistant, set up the respective privacy settings.
- When starting a sign-up, do not agree to tracking of your data.
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
Can it snoop on me?
Camera
Device: No
App: No
Microphone
Device: Yes
App: No
Tracks location
Device: No
App: Yes
What can be used to sign up?
Yes
Phone
No
Third-party account
Yes
What data does the company collect?
Personal
Contact information such as name, address, telephone number, email address. General location information (e.g., city/state) which may be collected or derived from your IP address, some mobile applications will request your precise location information via GPS-based functionality to allow certain features to work such as enabling you to locate a lost or stolen device, providing access to local radio stations). "Information we collect at retail locations, such as information about your mobile device or network when you choose to connect your device to Bose digital displays or scan QR codes in retail locations (e.g., device type, operating system, the name you assigned to your device, IP address)."
Body related
Sensor data (e.g., head orientation and movement)
Social
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
Bose suffered a ransomware attack in March 2021, it leaked employee and financial data, but no consumer-related data.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Bose's privacy policy, their California Privacy Notice of Collection, and their "Your Privacy Choices" links are all easily found at the bottom of their website. The language used in their privacy policy isn't exactly user-friendly, but it isn't as awful as some privacy policies we've read.
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
Uses encryption in transit and at rest.
Strong password
Security updates
Manages vulnerabilities
Privacy policy
Dive Deeper
-
Ransomware attack on Bose exposes employee SSNs and financial informationZDNET
-
Audio maker Bose discloses data breach after ransomware attackBleepingComputer
-
Bose no longer requires you to make an account just to use its appThe Verge
-
Bose Headphones Lawsuit Wiretap Claims Trimmed | Top Class ActionsChristina Davis
-
Bose accused of spying on users, illegal wiretapping via Bose Connect appCSOnline
-
Bose headphones have been spying on customers, lawsuit claimsWashington Post
-
A message to our Bose Connect App customersBose
-
Federal Judge Refuses to Toss a Class Action Lawsuit Against Bose and Its ‘Collect’ AppDigital Music News
Comments
Got a comment? Let us hear it.