This piece was originally published at AVNation.tv September 7, 2017. I have updated it to reflect my personal opinions. Bradford September 18, 2020
During the week of August 25, 2017 Dreamhost, a hosting company, was under a Distributed Denial of Service (DDoS) attack. The attack resulted in basically everything AVNation.tv and my domains not working. In total I had about 45 domains and subdomains that were non functioning. I was also in China on a business trip.
The reasons for this attack has not been formally announced nor has anyone taken responsibility for the attack. There are two likely causes. Dreamhost had been in the news for two stories during that week; the first was telling the US Department of Justice that it would not supply IP addresses of who visited a site. The second reason was that “The Daily Stormer” used the automated registration process to start a new site, “Punished Stormer” after being denied hosting by other companies. For those that are not familiar, these sites are aimed toward spreading hate speech.
I indicated these reasons to AVNation and that I did not plan on changing hosting or DNS (Domain Name Server) services. There were practical reasons, but more importantly I support the decisions that Dreamhost made. I explained to AVNation that if the business risk was too high I would start changing once I got back to the United States. I would not be changing my personal hosting as I believe the issues causing the problems are important. Yes, there was no debate within AVNation that it was the right thing to do.
The Daily Stormer being denied service by Dreamhost and others is not a 1st Amendment issue. The government did not make a law banning the Daily Stormer; multiple hosting companies, GoDaddy, Cloudflare, and Google to name a few, did not want to host them. The Daily Stormer had quietly registered the new domain, Punished Stormer, using an online signup form. IOnce Dreamhost became aware of the domain they terminated the website. “Unfortunately, determined internet vigilantes weren’t willing to wait for us to take that action,” DreamHost said in a statement to Ars Technica. “They instead launched a DDoS attack against all of DreamHost. We were ultimately able to declaw that attack, but the end result was that most of our customers experienced intermittent connectivity issues to their sites today.”
I believe that The Daily Stormer has the right to free speech as well. The government is not censoring them. The companies refusing to host or support a website under their terms of service is mostly legal. [Yes, discrimination is not legal.] If it becomes Hate Speech and inciting violence it is no longer free speech. [Yes, also a slippery slope.]
I am supporting my beliefs even if it means an occasional problem, not all financial decisions are made solely by dollars.
At the time I wrong this piece I was employeed by Harman Professional which was a competitor of Bose. Harman has similar policies I disagree with. As a result while I have both brands’ products I do not run their software – September 13, 2020
This time last week (April 18, 2017) a class action lawsuit was being filed in the United States District Court for the Northern District of Illinois, Eastern Division claiming that Bose collected data without telling their users that they were. You can read the complaint (17-cv-2928) on the Sribd service. My previous writings have shown my preference for privacy in the digital age. I do not like that Bose is collecting that much information about its users. It might be legal and an accepted business practice at the moment, I still don’t like it. [Bradford’s note: I do work for a competitor. This discussion is about data tracking not products. I don’t use some of my employer’s software because of the data tracking policies.]
When I started this piece, I indicated that I was going to come out supporting Bose and their situation. However, in doing research for the column, I have changed my mind. Bose was very close to having done the right thing, telling people what they were monitoring. However, they did not quite get it right as they had inconsistent information available. What they are currently collecting through Bose Connect is your listening habits; what are you listening to, how long are you listening for, when are you listening, where are you listening and other things. The crux of the case in my opinion is this statement in the filing: “Bose Connect collects and record the titles of the music and audio files its customers choose to play through their Bose wireless products. They also transmit such data along with other personal identifiers to third-parties—including a data miner—without its customers’ knowledge or consent.” In my view that last sentence is false completely and should be removed from the conversation. Bose does indicate that they use a third-party.
Something to consider as you examine this issue is that this application is just one part of the entire digital media playback system. Using iTunes one can know the last time a media file was accessed and if it was listened to completely, that information is shared with Apple. There is a massive part of me that says, as soon as one became part of the digital media ecosystem one must work to stay private. The amount of data about customers that is available can be mind boggling. All of the information that the plaintiff is worried about is likely available already from other sources. Additional information such as where and when was the content was acquired is easy to gather if one uses the typical online services.
"If you use a Bose SoundTouch system or the SoundTouch software or mobile app, Bose also collects additional information about you, including technical information (such as your IP address, computer attributes and system ID); location information derived from your IP address; and product usage information (such as system presets and recently played content)."
While reading the document, I started getting confused. Is the Bose Connect App the “mobile app” listed in the policy? It is a mobile application, but they don’t call it out explicitly. Other hardware and software is listed by name. More research was required. I figured the best way to understand the experience and information provided to the user is to install the Bose Connect application and read the documentation.
I went to the Google Play store to look at the Android version. That was interesting as the information provided there was minuscule. There was the Google Permission information that indicated the application is granted access to:
bind to an accessibility service
view network connections
pair with Bluetooth devices
access Bluetooth settings
full network access
“What Information We [Bose] Collect About You
The app does not collect any information that Bose or our service providers can use to identify you personallyAs discussed below, however, the app does automatically collect certain information from the mobile phone, tablet, or other device that you use to access the app.
Log data. When you use the app, we or our service providers may automatically receive and record certain information from your mobile phone, tablet, or other device. This may include such data as your software and hardware attributes (including device OS version and hardware model information), the date and time you use the app, whether and when you update the app and your Bose products, and certain other tracking information. To do this, we may use web logs or applications that recognize your device and gather information about its online activity.
Analytics and related tracking mechanisms. We may use mechanisms to track and analyze how you use the app. We also may partner with third parties who do so on our behalf (see below in the section entitled “How We Share Information with Third Parties”). These mechanisms can be used, for example, to collect information about your use of the app during your current session and over time, when and why the app crashes on your device, and a variety of information about the mobile phone, tablet, or other device that you use to access the app. Such mechanisms may include software developer kits (“SDKs”), pixels, scripts, or other tracking mechanisms. Some of these mechanisms involve storing small files on your mobile phone, tablet, or other device. Others involve transmission of information to a third-party server through other means.”
That moment was also when Josh Srago and I started to disagree. Initially, we agreed that we thought Bose was in the clear, not necessarily right but had met their obligations to inform. We both still believe tracking the information is bad and should be stopped. We both think that clearly spelled out that they are using a third-party service. The disagreement started when Josh referred to the End User License Agreement (EULA) and pointed out a paragraph that states the user consents to Device Data Usage collection.
A few notes I want to include that just didn’t flow in writing:
The use of the application is not required as indicated in this video from the Bose site. Yes, you get more functions, the payment is Bose gets more data about you. Think of it as a frequent shopper card or a Starbucks registered card.