Bose QuietComfort Earbuds

Warning: *Privacy Not Included with this product

Bose QuietComfort Earbuds

Bose
Bluetooth

Review date: Nov. 1, 2023

|
|

Mozilla says

|
People voted: Somewhat creepy

Shove these little buds in your ears and turn out the world around you. Both passive and active noise cancelling will keep the world at bay and the music you're listening to front and center. With four microphones built in, you can talk to your Mom, talk to Alexa, or even just talk to yourself. Connect to the app via Bluetooth and adjust all the sound and noise cancelling settings you want. Pop them in their little case to charge up for 6 hours of use. Just be careful not to lose the little guys, they aren't cheap!

What could happen if something goes wrong?

So, what's going on with Bose's privacy? Well, they can be rather nosey, for a smart speaker/headphone company. They collect a fair amount of personal information, such as your name, email, address, location from IP address and sometimes your precise location too, if you allow them. This is all pretty normal. They also say they can collect information about you from third parties, "such as business partners, marketers, researchers, analysts, social network services, and other parties to help us supplement our records." And then there is all the data Bose says they can collect about you automatically through the use of the smart speakers, headphones, apps, websites, and even in their retail stores. So yeah, Bose hopes to build a pretty good profile on you, which , ugh, why does a headphone company need to build such a profile on you?

To market you stuff, that's why. Bose says they do share or "sell" (under the definition of sell in California's strong CCPA privacy law) some personal information to third party advertising partners to target you with ads. This generally includes your email address as well as the information Bose says they can collect on you automatically through their technologies. That means the use and interaction with their website, apps, devices, and interactions in their retails stores. That includes things like your location, IP address, what media you access, what content you listen to such as "sleep tracks, stations, playlists, artists, albums, songs, or podcasts," and even sensor data from your headphones such as your head orientation and movement, and environmental data such as the noise levels and audio frequencies of sounds around you. That seems like a lot of weird little data points to collect about you. And while this might not reach the crazy level of what a car or your phone can collect and share on you, well, dang people, it's your smart speaker and headphones!. Headphones and smart speakers collecting and then sharing things like your head movement, environmental data like the sounds around you, and what podcats you like to listen to and where you are just seems kinda creepy.

Bose goes on to say they may use or share de-identified personal data for any purpose they choose, without limitation. This actually worries us a good bit because privacy researchers have long pointed out that it is relatively easy to re-identify such data, especially when location data has been collected. To explain this a bit further, when you see a company say they can share anonymous data without limitation, that's generally not as worrisome as that is data that is no longer personal information. But de-identified data could still be personal information, so for Bose to claim they can use your de-identified data "without limitation," that is something that worries us.

Oh, and if you choose to use Amazon Alexa or Google Assistant with this smart speaker, know that Google and Amazon will collect data on the voice requests you make. Amazon and Google aren't exactly known for being bastions of privacy.

How is Bose's track record at protecting and respecting your personal information? A few years back Bose came under fire when it was alleged they were secretly collecting personal information about users through the Bose app. Bose fought the class action lawsuit based on these allegations. And early in 2021, Bose made a good change when they stopped requiring users to create an account to use the Bose Music app that controls their headphones and speakers. They do really push users to make an account though, so beware of that.

What's the worst that could happen with Bose? Well, Bose does collect a fair amount of personal information for headphones -- things like your head movements, email address, IP address, location and what content you listen to. And they do say they can share and even "sell" some of this data for targeted advertising purposes. It would be weird for your headphones to give away to online advertisers the fact that you like to listen to lots of podcasts about how to get better at dating while nodding your head along to them, determine you are single and lonely, and target you with loads of adds for sexy AI chatbots. That could get weird -- and unhealthy -- fast.

Tips to protect yourself

  • If you use Alexa or Google Assistant, set up the respective privacy settings.
  • When starting a sign-up, do not agree to tracking of your data.
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • mobile

Can it snoop on me? information

Camera

Device: No

App: No

Microphone

Device: Yes

App: No

Tracks location

Device: No

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

We ding this product for combining users' data with data from third parties and for potentially "selling" personal information under the California CCPA definition of "sale" for online advertising services

Privacy Policy

"By using the Services, you agree to this Privacy Policy and that we may process, transfer, and store your information in the United States."

"Under the laws in certain US jurisdictions, you also have the right to opt out of our processing or sharing of your information for online targeted advertising purposes. Note that certain state laws also allow you to opt out of the “sale” of your information to third parties in exchange for valuable consideration. While we do not sell your information in exchange for money, we may use analytics or online advertising tools that result in the disclosure of your information to our third-party partners and that are subject to this opt out right. You can opt out of both of these activities by visiting "Your privacy choices" or by following the instructions in our Cookie Notice."

"We may receive information about you from other sources, such as business partners, marketers, researchers, analysts, social network services, and other parties to help us supplement our records."

Bose may collect: "Information we collect at retail locations, such as information about your mobile device or network when you choose to connect your device to Bose digital displays or scan QR codes in retail locations (e.g., device type, operating system, the name you assigned to your device, IP address)."

"Bose strives to provide you with relevant, value-added content in our online advertisements. We do not serve third-party advertisements to you while using our Services. However, we do work with online analytics and advertising partners to: (1) better understand the use of our Services so that we can improve our Services; and (2) deliver Bose advertisements that are more tailored to you both on our Services and on third-party Services.

Our partners may also place cookies, pixel tags and similar technologies on many online services, including ours. They use these technologies to collect information about your activities on these services in order to deliver you more relevant advertising. For example, they may use the information they collect from their cookies on our Services to identify Bose products and services you might be interested in and to recognize your device so they can show you relevant Bose advertisements while you are using our Services and other services. Additionally, we sometimes provide basic information we collect (such as email addresses) to service providers, who may “match” this information in de-identified form to cookies, mobile ad identifiers, and other proprietary IDs, in order to provide you with more relevant ads when you visit other online services."

"Bose may use the information we collect in the following ways: ...
--For marketing and advertising purposes, including providing you with the latest product announcements, promotions, and information about upcoming events.
--To personalize your experience and customize the Services, such as delivering relevant content, recommending features through our Services, and maintaining your product wish lists. ...
--Other purposes for which we seek your consent. We may also use your information for a specific purpose that we communicate to you. We will ask for your consent to process your information for such purpose in accordance with applicable legal requirements ..."

"For the purposes discussed in this Privacy Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Privacy Policy."

"We may de-identify information we collect so the information cannot reasonably identify you or your device, or we may collect information that is already in de-identified form. Our use and disclosure of de-identified information is not subject to any restrictions under this Privacy Policy, and we may use and disclose it to others for any purpose, without limitation."

California Privacy Notice of Collection
"We “share” information to provide more relevant and tailored advertising to you regarding our Services. While we do not disclose our customer’s personal information to third parties in exchange for money, our use of third-party analytics services and online advertising services may result in the sharing of online identifiers (e.g., cookie data, IP addresses, device identifiers, and usage information) in a way that may be considered a “sale” under the CCPA."

"Your Privacy Choices" Statement
"While Bose does not disclose our customer’s personal information to third parties in exchange for money, Bose’s use of third-party analytics services and online advertising services may result in the sharing of online identifiers (e.g., cookie data, IP addresses, device identifiers, and usage information) in a way that is subject to these state opt out rights.

To disable third-party analytics and online advertising activities that are subject to these opt out requirements, please adjust your preference below by toggling the button to the left (an X will appear) and clicking “Save Preferences”. Note that any choice you make here will only affect this website, and the browser and device from which you are exercising your choice. If you would like to opt out on other devices or browsers, please do so separately."

How can you control your data?

We ding this product as it is not clear if all users, regardless of what privacy laws they live under, have the right to get their data deleted.

Privacy Policy
"We provide you with the ability to exercise certain controls and choices regarding our collection, use, and disclosure of your information. Your legal rights to exercise such controls and choices vary based on the laws of your jurisdiction.."

"We retain information for different periods of time depending on the purposes for which we collect and use it, as described in this Privacy Policy. We will delete or de-identify information when it is no longer needed to fulfill these purposes unless a longer retention period is required to comply with applicable laws. There may be technical or other operational reasons where we are unable to fully delete or de-identify your information. Where this is the case, we will take reasonable measures to prevent further processing your information."

What is the company’s known track record of protecting users’ data?

Average

Bose suffered a ransomware attack in March 2021, it leaked employee and financial data, but no consumer-related data.

Child Privacy Information

"Our Services are intended for general audiences and are not directed at children. If we become aware that we have collected data without legally valid parental consent from children under an age where such consent is required, we will take reasonable steps to delete it as soon as possible."

Can this product be used offline?

Can’t Determine

User-friendly privacy information?

Yes

Bose's privacy policy, their California Privacy Notice of Collection, and their "Your Privacy Choices" links are all easily found at the bottom of their website. The language used in their privacy policy isn't exactly user-friendly, but it isn't as awful as some privacy policies we've read.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Uses encryption in transit and at rest.

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

Privacy policy

Yes

Does the product use AI? information

Yes

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

You can connect the headphones to Alexa or Google Assistant, if you wish, for voice recognition.

Is the company transparent about how the AI works?

N/A

Does the user have control over the AI features?

Yes

*Privacy Not Included

Dive Deeper

  • Ransomware attack on Bose exposes employee SSNs and financial information
    ZDNET Link opens in a new tab
  • Audio maker Bose discloses data breach after ransomware attack
    BleepingComputer Link opens in a new tab
  • Bose no longer requires you to make an account just to use its app
    The Verge Link opens in a new tab
  • Bose accused of spying on users, illegal wiretapping via Bose Connect app
    CSOnline Link opens in a new tab
  • Bose headphones have been spying on customers, lawsuit claims
    Washington Post Link opens in a new tab
  • A message to our Bose Connect App customers
    Bose Link opens in a new tab

Comments

Got a comment? Let us hear it.