Samsung Galaxy Buds

Waarschuwing: *Privacy niet inbegrepen bij dit product

Samsung Galaxy Buds

Samsung
Bluetooth

Beoordelingsdatum: 1 november 2023

|
|

Mozilla zegt

|
Mensen stemden op: Heel griezelig

Samsung offers many versions of their Galaxy earbuds. There's the Buds2, Buds Pro, Buds Live, and Buds+. That's a lot of Buds. And these tiny earbuds come in lots of shiny colors. They do the things earbuds do: sound good, cancel noise, let in ambient noise if you want, pair with a phone or computer over Bluetooth, get lost easily. You can use the Find My Earbuds feature in the app to help find them, but only if they are already connected to your phone, so don't lose these little guys if their battery is dead or you're more than 32 feet away. Oh, and FYI, Samsung is pretty bad at privacy, so maybe it's better if you lose these little guys after all.

Wat kan er gebeuren als er iets misgaat?

Not gonna lie, it sure seems Samsung likes to collect a lot of data on users, young and old alike (seriously, the children's data section in their Samsung account privacy policy seems nuts to us). When you talk, Samsung listens. Literally. Samsung can collect the recordings of your voice when you use voice commands. They can also collect your biometric information, geolocation, browsing history, the super-broad “sensory information” and information that you store on your device like your photos, contacts, text logs, and calendar information. Oh my! And that’s on top of the standard account information most companies collect, like your contact and payment information. They can also create “inferences” about you -- which are assumptions about your preferences and behavior based on other information they have. Samsung doesn’t stop there though, they can also collect information about you from third parties like social networks, data brokers, and more.

Like most companies that like to collect a lot of data, they may share some of that data all kinds of places -- with affiliates, business partners, marketing partners, and “data analytics providers.” They also reserve the right to sell your data for advertising purposes. Tisk tisk. They also say they can share information about you “to law enforcement authorities … if required or permitted to do so by law or legal process.” Hmm. Since it’s not usually illegal to share your data, that wording leaves the door open for your information to be shared pretty much at their discretion.

Oh, and parents, if you have a child please don't create a Samsung account for them. As we mention above, what Samsung says they can collect and share on your child if you create an account for this is crazy. They say they can collect things like video, images, geolocation information, health information, calls and messages. And then they go on to say they can use that information about your child for things like " delivering content and responses tailored to your child and the way your child interacts with the services and features," and the broadly defined "To operate, evaluate and improve our business, including developing new products and services, managing our communications, analyzing our services and customer base, aggregating and anonymizing data, performing data analytics and undertaking accounting, auditing and other internal functions." That's not all though. They also say they can share your child's information with subsidiaries, affiliates, service providers, and "our business partners, such as wireless carriers, as well as third parties who operate apps and services that connect with certain Child Services". This all seems like a lot of potential collection and sharing of your child's personal information that you probably don't want collected and sold. Poor form, Samsung, and the many others who share personal data willy nilly.

Speaking of “nilly,” Samsung also accidentally leaked sensitive data to ChatGPT in early 2023 when their employees reportedly pasted code into the AI chatbot asking for help -- to check and optimize it. Samsung banned its use on all company devices and devices that connect to their network when they found out. It’s a good reminder for everyone that what you share with ChatGPT and most other chatbots is not private.

One last gripe? We did not get off on the right foot with Samsung. If you search for Samsung’s privacy policy, you’ll find a bunch of different results that link to different Samsung websites -- with different policies for their accounts and for their services and products which is kinda confusing because most people who have one probably have the other, too. We based this review on their most recently updated policy (and its Californian counterpart) that says it covers their connected devices and services. Privacy researchers sure do have confusing privacy policy ecosystems because it makes our jobs hard, and because we know if we're struggling to find and understand it when it's our job, what chance do consumers have when they have little time to sort through everything. Do better Samsung!

It’s finally silver lining time! It seems like Samsung might (but probably not) extend the rights that protect users under California’s stronger privacy law, CCPA, to all of the United States, since they call them “US Consumer Privacy Rights” and the form where you can request to access or delete your data lets you choose different states. And Samsung users in Europe have those rights by default thanks to their own privacy protection law, GDPR. If you want to exercise them, you can kick off the request by choosing your country here. Unfortunately though, Samsung doesn’t make that promise to all its users (even in the US) in their privacy policy. They say those rights are “subject to applicable law” so they’re not guaranteed no matter where you live. That’s a shame. And to put another damper on that potential silver lining -- completing that form to try and excercise your rights to have your data deleted is nearly impossible without a computer science degree. Again, Samsung, do better!

What could go wrong? Well, Samsung likes to show ads tailored to you through various ad networks, and say they do a lot of tracking of your online activities to do so. These headphones come with a voice assistant named Bixby that will listen for your voice commands. Samsung may use your interactions with Bixby to learn more about you and then target you with ads or share this data with others who may use it to target you. That means it's possible that if you keep asking Bixby the same question over and over again, Samsung might “infer” that you have a bad memory (rude) and then target you with a bunch of ads for herbal remedies that make you doubt yourself. Not cool. OK, this is probably not likely, but also not impossible in our digital ad economy. Also, there are way worse things that could happen with all the huge amounts of data that Samsung collects on you. Especially given there not so great track record at protecting all that data.

Tips om uzelf te beschermen

  • Use privacy settings for Galaxy
  • Consider using your headphones without connecting it to an app. This way, you may decrease amount of data collected
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Kan het me bespioneren? informatie

Camera

Apparaat: Nee

App: Nee

Microfoon

Apparaat: Ja

App: Nee

Volgt locatie

Apparaat: Nee

App: Ja

Wat is er nodig om u aan te melden?

Welke gegevens verzamelt het bedrijf?

Hoe gebruikt het bedrijf deze gegevens?

We ding this product since it combines data collected on you with data obtained from third parties including data brokers, shares personal data including location to third parties, and sells identifiers & online activity of users for cross-context behavioral advertising purposes. We also ding them for combining data they could receive about your from outside sources with all the data they already collect on you.

Samsung's Privacy Policy

"We may share your personal information with our subsidiaries and affiliates and with service providers who perform services for us. We do not authorize our service providers to use or disclose the information except as necessary to perform services on our behalf or to comply with legal requirements. In addition, we may share your personal information with our business partners, such as wireless carriers, as well as third parties who operate apps and services that connect with certain Services. This kind of sharing may be considered a “sale” under certain state privacy laws."

"We may obtain certain information about you from publicly or commercially-available sources and from third parties who perform services for us. We also may obtain other information about you, your devices, and your use of the Services, in ways we describe at the time we collect the information or otherwise with your consent."

"We may use and combine the information we collect about you from our Services with data from other services or features you use, your devices, and other sources as well as information about your online activities on websites and connected devices over time and across third-party websites, devices, apps, and other online features and services."

"Through certain Services, both we and various third parties may collect information about your online activities to provide you with advertising about products and services tailored to your individual interests."

"We may use the personal information we obtain to:
[...]
• provide ads, which may include targeted (or interest-based) ads delivered on your Samsung device or within certain Samsung-branded apps (where targeted or interest-based ads are available, if you turn off targeted or interest-based ads, you will receive generic ads);
• support our marketing activities and sales initiatives, and provide you with product and service recommendations;
[...]
• operate, evaluate, and improve our business, including developing new products and services, managing our communications, analyzing our Services and customer base, conducting market research, aggregating and anonymizing data, performing data analytics, and undertaking accounting, auditing, and other internal functions;

CALIFORNIA CONSUMER PRIVACY STATEMENT

"During the 12-month period prior to the effective date of this Statement, we may have obtained personal information about you from various sources, including:
<...>
• data brokers;
• online advertising networks and services;
• publicly and commercially available sources (as permitted by applicable law);
• for our business customers and vendor representatives, your employer."

We may sell or share for cross-context behavioral advertising purposes (and may have sold or shared during the 12-month period prior to the effective date of this Statement) the following categories of personal information about you to or with online advertising services:
• Identifiers
• Online Activity"

"During the 12-month period prior to the effective date of this Statement, we may have disclosed the following categories of personal information about you for a business purposes to the following categories of third parties:
• Identifiers: affiliates and subsidiaries, joint marketing partners, business partners, ad networks, internet service providers, data analytics providers, social networks, and operating systems and platforms
• Device Information: affiliates and subsidiaries, ad networks and business partners
• Online Activity (such as Service usage): affiliates and subsidiaries, business partners, and data analytics providers
• Commercial information (such as purchase information): affiliates and subsidiaries and business partners
• Geolocation: business partners"

Hoe kunt u uw gegevens beheren?

It is not clear if all users regardless of location can get their data deleted.

Samsung's Privacy Policy

"Subject to applicable law and to the extent applicable to each Service, you may (1) request access to, or correction or deletion of, the personal information we maintain about you; (2) request that we limit our use and disclosure of your sensitive personal information; or (3) opt out of the (a) sale of your personal information, (b) sharing of your personal information for cross-context behavioral advertising purposes, or (c) processing of your personal information for targeted advertising purposes. In addition, subject to applicable law, you may receive, in a structured, commonly used and machine-readable format, certain of your personal information that you have provided to us. Subject to applicable law, you may have the right to have this information transmitted to another company, where it is technically feasible.

How to Submit a Request: To submit an access, deletion or correction request, click here or call us at 1-800-SAMSUNG (1-800-726-7864). To opt out of the (a) sale of your personal information, (b) sharing of your personal information for cross-context behavioral advertising purposes, or (c) processing of your personal information for targeted advertising purposes, click here or call us at 1-800-SAMSUNG (1-800-726-7864)."

Hoe staat het bedrijf bekend als het gaat om het beschermen van gebruikersgegevens?

Verbetering nodig

In April 2023, internal, sensitive data was leaked to ChatGPT from Samsung. As the result of the leak, Samsung banned use of generative AI tools at the company.

In early 2022, Samsung fell victim to the Lapsus$ cybergang, which boasted to have stolen 190 Gb of data from the tech giant. The data breach notice conspicuously notes that the breach “did not impact Social Security numbers or credit and debit card numbers.”TechCrunch asked Samsung if it collects and stores Social Security numbers and that this data is unaffected, but the company declined to say — only that the issue “did not impact” Social Security numbers. Samsung collects Social Security numbers as part of its financing options and as a requirement for users of Samsung Money.

In February, 2020, Samsung had a data breach on it UK customer account pages, affecting less than 150 people.

Privacyinformatie voor kinderen

Samsung account U.S. Privacy Notice
Children’s Section

This Children’s Section describes our personal information practices with respect to your child’s creation and use of a Samsung account, and the services and features available to your child (“Child Services”).

Information We Obtain From Your Child

When you first create a Samsung account for your child, we may ask you for certain information such as your child’s name, nickname, date of birth, gender, phone number, password and email address. When your child uses their Samsung account and the features and services available, we may collect information about your child’s device and connected devices and the Samsung apps, services and features they use. This information includes unique device identifiers, hardware, software, network (including connection and Bluetooth) and settings information, usage and log information (such as how long or when your child uses a certain device, app [including the list of apps installed on the device], service or feature, including third-party devices, apps, services, or features).

With a Samsung account, the following basic features will automatically be available to your child:

Samsung Cloud: Securely back up devices logged into with a Samsung account and sync data across Galaxy devices.
• SmartThings Find: Locate lost devices even when the device is not connected to a network, and protect data of lost devices.
• Group Sharing: Share a variety of content with family and friends on certain basic Samsung apps.
• Call & Text On Other Devices: Use your phone’s number to make and receive calls and texts on your other Samsung devices.
• Samsung Members:
o Quickly ask questions to customer service
o Connect with other Samsung account members on our Community Board

In addition, your child will be able to access the following Samsung apps through their Samsung account. Please click each app’s privacy notice (hyperlinked below) for information on how we may use and disclose the personal information we collect from your child through their use of the app.

Galaxy Store : Discover and download the best apps, as well as exclusive content and themes for your child’s Galaxy phone or tablet.
• Bixby Voice : Control services and features within Samsung devices using your voice.
• Galaxy Wearable : Use and control various Galaxy wearables, such as watches, bands and earbuds.
• SmartThings : Monitor and control connected devices within SmartThings, both inside and outside the home.
• Samsung Health : Track various types of fitness and health, such as nutrition and exercise.
• PENUP : Learn how to draw and enjoy coloring with various categories of coloring design.

Through the above features and apps, Samsung may collect the following information about or from your child:

Synced data, such as information we save for back-up purposes or that your child may choose to save to our cloud
• Contact lists when your child uses a certain feature that requires this information, such as the use of Group Sharing or certain capsules on Bixby Voice
• Downloaded, recommended, or played apps or games through or from the Galaxy Store, including when such apps are downloaded, installed, or deleted, as well as when your child starts, resumes, suspends, or finishes games or completes certain events within these games (e.g. tutorials)
• Information that gets passed through our servers to provide your child a service, such as calls and messages when providing the “Call & text on other devices” service
• Videos and images if your child connects a camera or other device through SmartThings that permits the taking of videos and images
• Information that gets provided to us and communications between your child and us or third parties, such as when your child contacts customer service or uses our Community Board
• Voice information, such as when your child makes voice commands using Bixby Voice
• Geolocation information
• Health information when your child uses Samsung Health and when a particular feature requires the collection of health information.

For child users with a Samsung account, Samsung enables children to make their personal information available publicly, for example, through postings to message boards.

We may use third-party analytics services on the above services, such as Google Analytics and Firebase Analytics. The information we obtain may be disclosed to, or collected directly by, these providers and other relevant third parties who use the information, for example, to evaluate the use of the above services or to help administer them. To learn more about Google Analytics, please visit https://www.google.com/policies/privacy/partners/. To learn more about Firebase Analytics, please visit https://firebase.google.com/policies/analytics/.

How We Use Your Child’s Information

We may use the information collected from your child for the following purposes:

To identify and authenticate your child so your child can use the Child Services
• To provide any of the Child Services, including any of their features. Such features may include syncing data, providing a location-based service such as finding a lost device, sharing information to other Samsung account users and other features available within the Child Services
• To improve and customize your child’s experience with the Child Services, such as delivering content and responses tailored to your child and the way your child interacts with the services and features
• To allow your child to interact with and use participating Samsung and third-party apps and services (such as when using a third-party service through one of the Child Services)
• To respond to requests, inquiries and instructions made through or about the Child Services
• To operate, evaluate and improve our business, including developing new products and services, managing our communications, analyzing our services and customer base, aggregating and anonymizing data, performing data analytics and undertaking accounting, auditing and other internal functions
• To protect against, identify and prevent fraud and other criminal activity, claims and other liabilities
• To comply with and enforce applicable legal requirements, relevant industry standards and our policies

Information Sharing of Children’s Information

We may share your child’s personal information with our subsidiaries and affiliates, as well as with service providers who perform services for us. We do not authorize our service providers to use or disclose the information except as necessary to perform services on our behalf or to comply with legal requirements. In addition, we may share your personal information with our business partners, such as wireless carriers, as well as third parties who operate apps and services that connect with certain Child Services.

We may share personal information we collect through the Child Services if you ask us to do so, or otherwise with your consent. We also may disclose information about your child in other circumstances, including:

To law enforcement authorities, government or public agencies or officials, regulators, and/or any other person or entity with appropriate legal authority or justification for receipt of such information, if required or permitted to do so by law or legal process
• When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity
• In the event we may or do sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution, or liquidation)

In addition, certain operators may collect or maintain your child’s personal information through your child’s use of their Samsung account and the Child Services. For a complete list of operators, including contact information for inquiries, click here.

Parents’ Rights

You have the option at any time to review or delete the personal information collected from your child. You may do so by submitting a request here.

You can also refuse to permit the further collection or use of your child’s personal information by deleting your child’s Samsung account. To do so, have your child log in to their Samsung account (https://account.samsung.com/membership/intro) then click “Leave Samsung account”. For certain services like Bixby Voice, Galaxy Wearable, SmartThings, or Samsung Members, you can go into your own Samsung account settings > Family > Select your child’s account > Allowed apps.

SAMSUNG PRIVACY POLICY FOR THE U.S.
Unless otherwise specified, the Services are designed for a general audience and are not directed at children. In connection with the Services, we do not knowingly solicit or collect personal information from children under the age of 13 without parental consent. If we learn that we have collected personal information from a child under age 13 without parental consent, we will either seek parental consent or promptly delete that information. If you believe that a child under age 13 may have provided us with personal information without parental consent, please contact us as specified in the How To Contact Us section of this Privacy Policy.

Kan dit product offline worden gebruikt?

Ja

Gebruikersvriendelijke privacy-informatie?

Nee

Trying to find, navigate, read, and understand's Samsung's various privacy policies is a nightmare.

Koppelingen naar privacy-informatie

Voldoet dit product aan onze minimale beveiligingsnormen? informatie

Ja

Versleuteling

Ja

Sterk wachtwoord

Ja

Beveiligingsupdates

Ja

Beheert kwetsbaarheden

Ja

Privacybeleid

Ja

Gebruikt het product AI? informatie

Ja

Is deze AI onbetrouwbaar?

Kan niet bepalen

Wat voor soort beslissingen neemt de AI over u of voor u?

Voice recognition, if a user uses Bixby, a Samsung-specific AI-assistant, or Google Assistant

Is het bedrijf transparant over hoe de AI werkt?

Kan niet bepalen

Heeft de gebruiker controle over de AI-functies?

Kan niet bepalen

*Privacy niet inbegrepen

Dieper duiken

  • Galaxy users, take note: Samsung's probably selling your data
    JR Raphael Koppeling opent in een nieuw tabblad
  • Samsung Bans Staff’s AI Use After Spotting ChatGPT Data Leak
    Bloomberg Koppeling opent in een nieuw tabblad
  • Samsung bans use of generative AI tools like ChatGPT after April internal data leak
    TechCrunch Koppeling opent in een nieuw tabblad
  • How Samsung Galaxy Cameras Combine Super Resolution Technologies With AI Technology to Produce High-Quality Images of the Moon
    Samsung Mobile Press Koppeling opent in een nieuw tabblad
  • Samsung cops to data leak after unsolicited '1/1' Find my Mobile push notification
    The Register Koppeling opent in een nieuw tabblad

Opmerkingen

Hebt u een opmerking? Laat het ons weten.