Your smart TV (probably) sends screenshots to advertisers
Your smart TV (probably) sends screenshots to advertisers
There was another thread with a paywalled article, but here's the actual study that found that smart TVs use "automatic content recognition" to build an ad profile for you based on what's on your screen... including HDMI content streamed from a laptop, game console, etc. Yikes.
At a high level, ACR works by periodically capturing the content displayed on a TV’s screen and matching it against a content library to detect the content being viewed on the TV. It is essentially a Shazam-like technology for audio/video content on the smart TV [38]. ACR is implemented by all major smart TV manufacturers, including Samsung [9] and LG [55 ].
Our findings indicate that (1) ACR operates even when it is used as a “dumb” display via HDMI; (2) opt-out mecha- nisms stop ACR traffic; (3) ACR works differently in the UK as com- pared to the US.
So it seems like you're opted-in by default, but you can stop ACR traffic by simply configuring six different options on Samsung, or eleven different options on LG.
Oh, and this doesn't seem to happen when you're using native streaming apps like Netflix or Disney+, because hey, they wouldn't want to infringe on those companies' rights by spying on them, right?
Table 1 describes the settings that you need to configure on LG and Samsung TVs to stop ACR behavior.
Those shouldn't exist at all, and if they have to, the settings should be expressly asked about as part of the initial setup, not buried in a menu that nobody goes to unless they're specifically looking for the options.
Or scattered across many menus in this case
This why I go out of my way to manually block all traffic from my televisions to my router.
I just don't connect it to the network.
It’s what most of us do, sure. This is more on the off-chance there’s a software update is required for fixing a design problem with a product. (Had to with an older smart television) So theres a lot of people who already have theirs connected but don’t realize it’s even an easy option, router-side.
Time for a lawsuit.
Since the presence of a TV in your house is a commercial benefit for the companies who make them, AND you do not actually have control over them, it is clear that the 'sales contract' was fraudulent and part of a bad-faith act on the manufacturers' part.
So I say a class-action lawsuit is in order: Each person who bought (say) an LG TV gets back 100% of their purchase price, plus some reimbursement for being spied on - probably a per-month amount. Then LG has to pay a punitive fee on top of their payouts to customers.
I know that everyone is screaming "that will never work!" and "They'll go bankrupt!" I don't care - SOMETHING has to change to remind these evil fuckers that they need our business, or the abuse will just ramp up.
Bankrupt them all. Tear down the entire industry. Tear down the entire economy and start again from scratch if that's what it takes.
If they can't be reined in legally, then it will happen illegally - and probably violently.
Yeah I feel that way sometimes too. They won't even go bankrupt, they'll just have to settle for less line go up.
Shit like this is why my smart tv has never been given internet access.
The software on my Samsung is so fucked that if I physically switch HDMI connections between inputs, it puts up a screen saying "switching source" despite my new source already being visible on the screen for 3-5 seconds before the tv claims to switch it. One of these days it will piss me off enough to softmod it, but right now I'm too stubborn to spend a day reading how and taking the time to do it.
That's why my TV doesn't have internet access. I just bought a cheap laptop and plugged it in. It's probably cheaper and runs software better than the cheap ass hardware they put into TVs.
My TV isn’t even connected to wifi!
It's worth keeping in mind that your network is not the only network in the world, and WiFi is not the only kind of link.
Neighbors exist. Open guest networks exist. Drive-by and fly-by networks exist. Mesh networks exist (and are already created by devices like Amazon Echo for use by other devices in the neighborhood). Special-purpose networks quietly created by internet providers using their CPE exist. Satellite links exist, and have been getting smaller and cheaper; maybe enough for a TV before long. Power line networking exists, and can reach across property lines. Bluetooth, LoRa, cellular, etc. etc. etc.
I'm not suggesting that all smart TVs make use of these things today, but some of them are already capable, and since the capabilities are increasingly cheap and easy to implement, they will almost certainly become more common in the years to come. Let's also remember that behavior that is not documented or enabled at purchase time can be enabled later, and sometimes is.
If I were buying today, it wouldn't be a smart TV. I would instead look at gaming console monitors, computer monitors, projectors, dumb TVs, and commercial displays. That way I wouldn't be showing manufacturers that spyware appliances are okay with me, nor giving them money in support of spyware product lines.
If I already had a smart TV and wasn't in a position to replace it with something trustworthy, I would mod it: Open it up, find any network-capable components inside, and physically disconnect them. (Or if I didn't have those skills, I would get a qualified friend or electronics repair shop to do it for me.)
Lot of people saying they don't give internet access to their TVs.
Fine, but that doesn't work for cord-cutters who opted out of cable to go with streaming. And if you keep your TV away from internet but have a cable box, it will be doing all the tracking in this paper (and worse) then sending it to the cable provider.
So short of sticking with DVD/Bluray (unconnected) or over-the-air broadcast TV, there's no way to stop from getting tracked.
The paper also lists domains where the data is being sent. You could always try blocking the destination addresses at the router level.
how about cutting the cord, making the tv dumb and just your own foss software? like some hdmi stick or tv box with kodi etc...
better than just blocking some domains for an overall scammy device.
AFAICT, keeping the TV offline (i.e. not connected to any wifi) and plugging in a laptop/Chromecast/etc. via HDMI would eliminate both sides of the problem. You can still use streaming services on the laptop, but the TV would be unable to phone home.
There's always the yar har option as well, which is also effectively implemented with a laptop.
And the domains would require maintenance. When new ones are added or changed or whatever.
This should be illegal, though. One can dream.
I find this difficult to read. What would have been useful is a per country/state and manufacturer overview that shows where I have to worry about what with whom. Nevertheless this is very alarming and a good reminder to never connect your TV to the internet.
Yeah, someone should definitely do that. I think this is written from the perspective of a security researcher communicating with others in the security world about a discovery they made, so it's a) dense to read, and b) not thorough as a consumer guide.
Hopefully someone follows up with a resource like you describe.
Yeah fair enough we’re not really the target audience and the main message came through anyway.