There was another thread with a paywalled article, but here’s the actual study that found that smart TVs use “automatic content recognition” to build an ad profile for you based on what’s on your screen… including HDMI content streamed from a laptop, game console, etc. Yikes.
At a high level, ACR works by periodically capturing the content displayed on a TV’s screen and matching it against a content library to detect the content being viewed on the TV. It is essentially a Shazam-like technology for audio/video content on the smart TV [38]. ACR is implemented by all major smart TV manufacturers, including Samsung [9] and LG [55 ].
Our findings indicate that (1) ACR operates even when it is used as a “dumb” display via HDMI; (2) opt-out mecha- nisms stop ACR traffic; (3) ACR works differently in the UK as com- pared to the US.
So it seems like you’re opted-in by default, but you can stop ACR traffic by simply configuring six different options on Samsung, or eleven different options on LG.
Oh, and this doesn’t seem to happen when you’re using native streaming apps like Netflix or Disney+, because hey, they wouldn’t want to infringe on those companies’ rights by spying on them, right?
Table 1 describes the settings that you need to configure on LG and Samsung TVs to stop ACR behavior.
Those shouldn’t exist at all, and if they have to, the settings should be expressly asked about as part of the initial setup, not buried in a menu that nobody goes to unless they’re specifically looking for the options.
Or scattered across many menus in this case
This why I go out of my way to manually block all traffic from my televisions to my router.
I just don’t connect it to the network.
It’s what most of us do, sure. This is more on the off-chance there’s a software update is required for fixing a design problem with a product. (Had to with an older smart television) So theres a lot of people who already have theirs connected but don’t realize it’s even an easy option, router-side.
not sure about others, but my samsung can update from an usb drive.
What happens when there’s an open Wi-Fi connection close enough for the smart TV to connect to?
No idea. My closest neighbour is 250 m/820 feet away, so not something I need to think about.
You’d be surprised. I have one neighbor across the street and my next closest is a quarter mile up the road. I still see multiple Wi-Fi signals to connect to, 2.4GHz wifi can travel way farther than you might think.
Best to let it have an IP but block WAN access so it can’t leave the home network. This also keeps the TV from complaining about not being connected.
There’s probably lots of situations in anything but rural environments where open Wi-Fi networks are either already available, or highly likely to be. Dorms, apartments, anything like that becomes a mess.
Yeah. I’m in the rurals and at any given time can see between 5 and a dozen networks. Years back when I was apartment living, there was a ridiculous number of networks in range, couldn’t even give you a count.
If you’re curious and have an android phone or tablet, check out WifiAnalyzer. It gives a graphical view of nearby Wi-Fi networks, channels they’re on, signal strength, and so on.
Your not that rural if your seeing that many wifi networks.
I just block at firewall since I need lan access to control the tv with automation.
Control the tv with automations? Now in curious; what automations would you set up on a tv?
But I use netflix
Get a Google TV. Sure, they father days, but at least you don’t connect the TV online, which also sends screenshots of what you’re watching to the producer…
I have a Google TV.
Time for a lawsuit.
Since the presence of a TV in your house is a commercial benefit for the companies who make them, AND you do not actually have control over them, it is clear that the ‘sales contract’ was fraudulent and part of a bad-faith act on the manufacturers’ part.
So I say a class-action lawsuit is in order: Each person who bought (say) an LG TV gets back 100% of their purchase price, plus some reimbursement for being spied on - probably a per-month amount. Then LG has to pay a punitive fee on top of their payouts to customers.
I know that everyone is screaming “that will never work!” and “They’ll go bankrupt!” I don’t care - SOMETHING has to change to remind these evil fuckers that they need our business, or the abuse will just ramp up.
Bankrupt them all. Tear down the entire industry. Tear down the entire economy and start again from scratch if that’s what it takes.
If they can’t be reined in legally, then it will happen illegally - and probably violently.
Yeah I feel that way sometimes too. They won’t even go bankrupt, they’ll just have to settle for less line go up.
Shit like this is why my smart tv has never been given internet access.
The software on my Samsung is so fucked that if I physically switch HDMI connections between inputs, it puts up a screen saying “switching source” despite my new source already being visible on the screen for 3-5 seconds before the tv claims to switch it. One of these days it will piss me off enough to softmod it, but right now I’m too stubborn to spend a day reading how and taking the time to do it.
My TV isn’t even connected to wifi!
It’s worth keeping in mind that your network is not the only network in the world, and WiFi is not the only kind of link.
Neighbors exist. Open guest networks exist. Drive-by and fly-by networks exist. Mesh networks exist (and are already created by devices like Amazon Echo for use by other devices in the neighborhood). Special-purpose networks quietly created by internet providers using their CPE exist. Satellite links exist, and have been getting smaller and cheaper; maybe enough for a TV before long. Power line networking exists, and can reach across property lines. Bluetooth, LoRa, cellular, etc. etc. etc.
I’m not suggesting that all smart TVs make use of these things today, but some of them are already capable, and since the capabilities are increasingly cheap and easy to implement, they will almost certainly become more common in the years to come. Let’s also remember that behavior that is not documented or enabled at purchase time can be enabled later, and sometimes is.
If I were buying today, it wouldn’t be a smart TV. I would instead look at gaming console monitors, computer monitors, projectors, dumb TVs, and commercial displays. That way I wouldn’t be showing manufacturers that spyware appliances are okay with me, nor giving them money in support of spyware product lines.
If I already had a smart TV and wasn’t in a position to replace it with something trustworthy, I would mod it: Open it up, find any network-capable components inside, and physically disconnect them. (Or if I didn’t have those skills, I would get a qualified friend or electronics repair shop to do it for me.)
If I were buying today, it wouldn’t be a smart TV
Good luck finding one of those.
They’ll make a comeback in a few years when people with Google’s advertisement TVs start having to buy whole new TVs because the cheap Android tablet built into the TV will age like a cheap Android tablet and start struggling with basic tasks like browsing content.
No they wont.
There is no demand for dumb-TVs. People are stupid, people don’t know what they want, people don’t know that their TV is broken because the manufacture made it broken. People will buy what they are told to buy.
At best you can buy a smart TV, hobble it, and use your own video sources.
That’s why my TV doesn’t have internet access. I just bought a cheap laptop and plugged it in. It’s probably cheaper and runs software better than the cheap ass hardware they put into TVs.
Lot of people saying they don’t give internet access to their TVs.
Fine, but that doesn’t work for cord-cutters who opted out of cable to go with streaming. And if you keep your TV away from internet but have a cable box, it will be doing all the tracking in this paper (and worse) then sending it to the cable provider.
So short of sticking with DVD/Bluray (unconnected) or over-the-air broadcast TV, there’s no way to stop from getting tracked.
The paper also lists domains where the data is being sent. You could always try blocking the destination addresses at the router level.
how about cutting the cord, making the tv dumb and just your own foss software? like some hdmi stick or tv box with kodi etc…
better than just blocking some domains for an overall scammy device.
AFAICT, keeping the TV offline (i.e. not connected to any wifi) and plugging in a laptop/Chromecast/etc. via HDMI would eliminate both sides of the problem. You can still use streaming services on the laptop, but the TV would be unable to phone home.
There’s always the yar har option as well, which is also effectively implemented with a laptop.
And the domains would require maintenance. When new ones are added or changed or whatever.
This should be illegal, though. One can dream.
I find this difficult to read. What would have been useful is a per country/state and manufacturer overview that shows where I have to worry about what with whom. Nevertheless this is very alarming and a good reminder to never connect your TV to the internet.
Yeah, someone should definitely do that. I think this is written from the perspective of a security researcher communicating with others in the security world about a discovery they made, so it’s a) dense to read, and b) not thorough as a consumer guide.
Hopefully someone follows up with a resource like you describe.
Yeah fair enough we’re not really the target audience and the main message came through anyway.