Good evening to all forum members,
most of us, I presume, would agree that the Soundbridges are fantastic devices - and that they have even become more valuable since Radio Roku was introduced.
Having enjoyed my Pinnacle branded HomeMusic for some time now I however was curious how Rokulabs managed to have such a large collection of stations. So - as I have a router that allows me to monitor all outgoing and incoming packets - I took a closer look at the communication the Soundbridges have with www.radioroku.com
when the "Data upload" option is enabled (this is the default setting introduced with firmware version 2.7).
To put it frankly: The results alarmed me!
Here is what is uploaded to www.radioroku.com
(IP address 126.96.36.199):
1. After having been switched on, the Soundbridge first contacts the configured time server and then the update server of Rokulabs without uploading anything. Immediately after that it uploads its individual device data to the Rokulabs server, including MAC address, local IP, serial number, WiFi strength, WiFi quality and country code as well as some other information. This upload is effected even if the upload function is disabled in the Soundbridges settings.
2. Every time a preset is selected the Soundbridge uploads the complete stream URL and the station's name (I'll come back on this later as it has very unsettling side effects).
3. Every time "Top stations", "Browse" or "Search" is selected the Soundbridge downloads the list of live stations from Radio Roku. To do that it uploads its MAC address as well as the configured country code and language (obviously this is not for technical reasons as the request returns the same result if this information is omitted).
4. Every time a specific station is selected to play the Soundbridge contacts the Rokulabs server again - once more uploading the MAC address (this again is not for technical reasons as this request, too, functions properly without this information).
5. On certain occasions the Soundbridge uploads the complete set of (locally saved) presets - including once more its MAC address. This upload is done independently from playing a preset.
6. From time to time the Soundbridge uploads "performance data" concerning the played stations, for example playing time, reliability and quality of the streams, again including its MAC address and serial number.
While this manner of collecting data is at least very questionable, the consequences of point #2 are highly worrying. If the upload function of the Soundbridges is enabled (remember: this is the default setting
), even individualized stream URLs get uploaded to the Rokulabs server and eventually show up in Radio Roku.
All users of streaming services that require registration should therefore IMO think of disabling the upload function of their Soundbridges.
Besides that I would like to ask Rokulabs in general and Chairman Anthony Wood in particular to answer the following questions:
(a) Why are the Soundbridges uploading data that is obviously not needed to ensure the functionality of the devices and the service?
(b) In which manner do Rokulabs intend to make use of the collected data (other than improving Radio Roku, which can certainly be done without uploads containing specific device information)?
(c) Why have Rokulabs never comprehensively informed their users and the public that the Soundbridges are uploading such a massive amount of data? Up to now there does not even exist a manual covering the firmware versions 2.7 or 3.0 - the latest version is covering 2.5 which has no upload functionality.
(d) When and how will Rokulabs ensure that no personal authentication data of Soundbridge users is uploaded and published any more?
I am sure many users would like to have the answers to these questions as soon as possible.