I recently tcpdump'd an Android 11 device going through the initial setup. About 60MiB was downloaded just to get to the launcher. It contacts not only Google, but the manufacturer and Microsoft, as well as a few domains I couldn't recognize.
It's impossible to install privacy tools (like AFWall) before being subjected to built-in spyware. The bootloader was locked by default and could only be unlocked after creating a Google account (which involves accepting their terms and conditions). It was also impossible to go through initial setup using a proxy server. It did use the proxy server I had setup to contact Google, but it wouldn't accept the connection as having internet connectivity (and refuse to go any further) until traffic was routed through the default gateway.
I think it would be reasonable to add warnings to so-called "smart" devices the same way as packs of cigarettes. It'll never happen, sadly. If anything, the Powers That Be would rather make it illegal to "circumvent" or "tamper" with the locked-down computers that we used to own.
I recently tried to setup a Bluetooth speaker my mom had bought (with me at her side). I had carefully looked at the packaging and there were no red flags visible.
At her flat I tried to connect it to her laptop. It just wasn't visible.
I looked at the user manual. For initial setup you had to install the vendors app (and accept it to transmit any filename you listen to, any streaming account, any song/audiobook/radio station you are listening to.
There was now way of getting it to just connect via Bluetooth without allowing full data harvesting.
It instantly went back into its packaging, back to the shop.
In hindsight I should probably have filed a GDPR complaint as this goes against the GDPR as the data tracking is not necessary for the functionality (Bluetooth connection). And was not available as information before I bought it.
Sonos. Ordered a small Bose afterwards. I know the Bose headphones have their 'use the app feature' but the smaller soundbsrs (not sure how the new ones are named right now) just work for coupling by long pressing the bt-button.
I was able to remotely lead my mom through the process on the phone.
It was a small Sonos. Would need to look up the model. Was around the size of a Bose Soundbar (the smallest model). With these Bose Soumdbars it is just long pressing the BT button. No app, no nothing. Just works for me.
It's impossible to install privacy tools (like AFWall) before being subjected to built-in spyware. The bootloader was locked by default and could only be unlocked after creating a Google account (which involves accepting their terms and conditions). It was also impossible to go through initial setup using a proxy server. It did use the proxy server I had setup to contact Google, but it wouldn't accept the connection as having internet connectivity (and refuse to go any further) until traffic was routed through the default gateway.
I think it would be reasonable to add warnings to so-called "smart" devices the same way as packs of cigarettes. It'll never happen, sadly. If anything, the Powers That Be would rather make it illegal to "circumvent" or "tamper" with the locked-down computers that we used to own.