this post was submitted on 27 Sep 2024
131 points (98.5% liked)

privacy

2979 readers
1 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

founded 2 years ago
MODERATORS
 

There was another thread with a paywalled article, but here's the actual study that found that smart TVs use "automatic content recognition" to build an ad profile for you based on what's on your screen... including HDMI content streamed from a laptop, game console, etc. Yikes.

At a high level, ACR works by periodically capturing the content displayed on a TV’s screen and matching it against a content library to detect the content being viewed on the TV. It is essentially a Shazam-like technology for audio/video content on the smart TV [38]. ACR is implemented by all major smart TV manufacturers, including Samsung [9] and LG [55 ].

Our findings indicate that (1) ACR operates even when it is used as a “dumb” display via HDMI; (2) opt-out mecha- nisms stop ACR traffic; (3) ACR works differently in the UK as com- pared to the US.

So it seems like you're opted-in by default, but you can stop ACR traffic by simply configuring six different options on Samsung, or eleven different options on LG.

Oh, and this doesn't seem to happen when you're using native streaming apps like Netflix or Disney+, because hey, they wouldn't want to infringe on those companies' rights by spying on them, right?

top 36 comments
sorted by: hot top controversial new old
[–] thanks_shakey_snake@lemmy.ca 40 points 1 month ago (1 children)

Table 1 describes the settings that you need to configure on LG and Samsung TVs to stop ACR behavior.

[–] kent_eh@lemmy.ca 17 points 1 month ago* (last edited 1 month ago) (1 children)

Those shouldn't exist at all, and if they have to, the settings should be expressly asked about as part of the initial setup, not buried in a menu that nobody goes to unless they're specifically looking for the options.

[–] thanks_shakey_snake@lemmy.ca 12 points 1 month ago

Or scattered across many menus in this case

[–] RustyShackleford 24 points 1 month ago (1 children)

This why I go out of my way to manually block all traffic from my televisions to my router.

[–] P1nkman@lemmy.world 17 points 1 month ago (4 children)

I just don't connect it to the network.

[–] RustyShackleford 12 points 1 month ago (1 children)

It’s what most of us do, sure. This is more on the off-chance there’s a software update is required for fixing a design problem with a product. (Had to with an older smart television) So theres a lot of people who already have theirs connected but don’t realize it’s even an easy option, router-side.

[–] umbrella@lemmy.ml 2 points 1 month ago

not sure about others, but my samsung can update from an usb drive.

[–] LWD@lemm.ee 7 points 1 month ago (1 children)

What happens when there's an open Wi-Fi connection close enough for the smart TV to connect to?

[–] P1nkman@lemmy.world 2 points 1 month ago (1 children)

No idea. My closest neighbour is 250 m/820 feet away, so not something I need to think about.

[–] tomkatt@lemmy.world 9 points 1 month ago (1 children)

You’d be surprised. I have one neighbor across the street and my next closest is a quarter mile up the road. I still see multiple Wi-Fi signals to connect to, 2.4GHz wifi can travel way farther than you might think.

Best to let it have an IP but block WAN access so it can’t leave the home network. This also keeps the TV from complaining about not being connected.

[–] LWD@lemm.ee 4 points 1 month ago (1 children)

There's probably lots of situations in anything but rural environments where open Wi-Fi networks are either already available, or highly likely to be. Dorms, apartments, anything like that becomes a mess.

[–] tomkatt@lemmy.world 5 points 1 month ago (1 children)

Yeah. I’m in the rurals and at any given time can see between 5 and a dozen networks. Years back when I was apartment living, there was a ridiculous number of networks in range, couldn’t even give you a count.

If you’re curious and have an android phone or tablet, check out WifiAnalyzer. It gives a graphical view of nearby Wi-Fi networks, channels they’re on, signal strength, and so on.

[–] Auli@lemmy.ca 0 points 1 month ago (1 children)

Your not that rural if your seeing that many wifi networks.

[–] tomkatt@lemmy.world 1 points 1 month ago* (last edited 1 month ago)

Okay. I live in a town with a population barely over 2000 people, the paved road ends at my house and continues on as dirt roads, I'm surrounded by miles of empty lots of wild growth with a few houses interspersed here and there, and I have one direct neighbor across the street with the next two closest neighbors being a quarter mile up the road.

I guess I don't understand your definition of rural then. Or you don't understand just how far wifi signals can travel when there are no obstructions, or that people can have multiple network SSIDs in their home (hell, I have three, one for 2.4 GHz, one for 5 GHz, and then a separate 5 GHz for a work network). Rural doesn't mean tech illiterate.


Edit - and to be clear, most of the signals I see are probably too weak to be usable due to attenuation, but I can pick them up all the same via Wifi Analyzer. How many networks I see is dependent on the device used. Currently my mini-PC only sees my networks, then a Roku somewhere (probably neighbors across the street) and another single network at low strength, but it varies.

I used to easily see dozens or more networks in the city if sniffing for them. Your PC's wifi won't list all of them, just the strongest signals and there will still be many because city life is saturated that way.

[–] Auli@lemmy.ca 2 points 1 month ago (1 children)

I just block at firewall since I need lan access to control the tv with automation.

[–] P1nkman@lemmy.world 1 points 1 month ago

Control the tv with automations? Now in curious; what automations would you set up on a tv?

[–] cyberpunk007@lemmy.ca 1 points 1 month ago (1 children)
[–] P1nkman@lemmy.world 2 points 1 month ago (1 children)

Get a Google TV. Sure, they father days, but at least you don't connect the TV online, which also sends screenshots of what you're watching to the producer...

[–] cyberpunk007@lemmy.ca 1 points 1 month ago

I have a Google TV.

[–] swordgeek@lemmy.ca 20 points 1 month ago (1 children)

Time for a lawsuit.

Since the presence of a TV in your house is a commercial benefit for the companies who make them, AND you do not actually have control over them, it is clear that the 'sales contract' was fraudulent and part of a bad-faith act on the manufacturers' part.

So I say a class-action lawsuit is in order: Each person who bought (say) an LG TV gets back 100% of their purchase price, plus some reimbursement for being spied on - probably a per-month amount. Then LG has to pay a punitive fee on top of their payouts to customers.

I know that everyone is screaming "that will never work!" and "They'll go bankrupt!" I don't care - SOMETHING has to change to remind these evil fuckers that they need our business, or the abuse will just ramp up.

Bankrupt them all. Tear down the entire industry. Tear down the entire economy and start again from scratch if that's what it takes.

If they can't be reined in legally, then it will happen illegally - and probably violently.

[–] thanks_shakey_snake@lemmy.ca 2 points 1 month ago

Yeah I feel that way sometimes too. They won't even go bankrupt, they'll just have to settle for less line go up.

[–] SirDankbud@lemmy.ca 11 points 1 month ago

Shit like this is why my smart tv has never been given internet access.

The software on my Samsung is so fucked that if I physically switch HDMI connections between inputs, it puts up a screen saying "switching source" despite my new source already being visible on the screen for 3-5 seconds before the tv claims to switch it. One of these days it will piss me off enough to softmod it, but right now I'm too stubborn to spend a day reading how and taking the time to do it.

[–] TommySoda@lemmy.world 7 points 1 month ago

That's why my TV doesn't have internet access. I just bought a cheap laptop and plugged it in. It's probably cheaper and runs software better than the cheap ass hardware they put into TVs.

[–] GammaGames@beehaw.org 7 points 1 month ago (1 children)

My TV isn’t even connected to wifi!

[–] mox@lemmy.sdf.org 9 points 1 month ago* (last edited 1 month ago) (1 children)

It's worth keeping in mind that your network is not the only network in the world, and WiFi is not the only kind of link.

Neighbors exist. Open guest networks exist. Drive-by and fly-by networks exist. Mesh networks exist (and are already created by devices like Amazon Echo for use by other devices in the neighborhood). Special-purpose networks quietly created by internet providers using their CPE exist. Satellite links exist, and have been getting smaller and cheaper; maybe enough for a TV before long. Power line networking exists, and can reach across property lines. Bluetooth, LoRa, cellular, etc. etc. etc.

I'm not suggesting that all smart TVs make use of these things today, but some of them are already capable, and since the capabilities are increasingly cheap and easy to implement, they will almost certainly become more common in the years to come. Let's also remember that behavior that is not documented or enabled at purchase time can be enabled later, and sometimes is.

If I were buying today, it wouldn't be a smart TV. I would instead look at gaming console monitors, computer monitors, projectors, dumb TVs, and commercial displays. That way I wouldn't be showing manufacturers that spyware appliances are okay with me, nor giving them money in support of spyware product lines.

If I already had a smart TV and wasn't in a position to replace it with something trustworthy, I would mod it: Open it up, find any network-capable components inside, and physically disconnect them. (Or if I didn't have those skills, I would get a qualified friend or electronics repair shop to do it for me.)

[–] kent_eh@lemmy.ca 6 points 1 month ago (1 children)

If I were buying today, it wouldn't be a smart TV

Good luck finding one of those.

[–] i_am_not_a_robot@discuss.tchncs.de 3 points 1 month ago (1 children)

They'll make a comeback in a few years when people with Google's advertisement TVs start having to buy whole new TVs because the cheap Android tablet built into the TV will age like a cheap Android tablet and start struggling with basic tasks like browsing content.

[–] nik282000@lemmy.ca 1 points 1 month ago

No they wont.

There is no demand for dumb-TVs. People are stupid, people don't know what they want, people don't know that their TV is broken because the manufacture made it broken. People will buy what they are told to buy.

At best you can buy a smart TV, hobble it, and use your own video sources.

[–] fubarx@lemmy.ml 4 points 1 month ago (3 children)

Lot of people saying they don't give internet access to their TVs.

Fine, but that doesn't work for cord-cutters who opted out of cable to go with streaming. And if you keep your TV away from internet but have a cable box, it will be doing all the tracking in this paper (and worse) then sending it to the cable provider.

So short of sticking with DVD/Bluray (unconnected) or over-the-air broadcast TV, there's no way to stop from getting tracked.

The paper also lists domains where the data is being sent. You could always try blocking the destination addresses at the router level.

[–] yournamehere@lemm.ee 7 points 1 month ago

how about cutting the cord, making the tv dumb and just your own foss software? like some hdmi stick or tv box with kodi etc...

better than just blocking some domains for an overall scammy device.

[–] thanks_shakey_snake@lemmy.ca 3 points 1 month ago

AFAICT, keeping the TV offline (i.e. not connected to any wifi) and plugging in a laptop/Chromecast/etc. via HDMI would eliminate both sides of the problem. You can still use streaming services on the laptop, but the TV would be unable to phone home.

There's always the yar har option as well, which is also effectively implemented with a laptop.

[–] cyberpunk007@lemmy.ca 1 points 1 month ago

And the domains would require maintenance. When new ones are added or changed or whatever.

This should be illegal, though. One can dream.

[–] shaserlark@sh.itjust.works 2 points 1 month ago (1 children)

I find this difficult to read. What would have been useful is a per country/state and manufacturer overview that shows where I have to worry about what with whom. Nevertheless this is very alarming and a good reminder to never connect your TV to the internet.

[–] thanks_shakey_snake@lemmy.ca 2 points 1 month ago (1 children)

Yeah, someone should definitely do that. I think this is written from the perspective of a security researcher communicating with others in the security world about a discovery they made, so it's a) dense to read, and b) not thorough as a consumer guide.

Hopefully someone follows up with a resource like you describe.

[–] shaserlark@sh.itjust.works 2 points 1 month ago

Yeah fair enough we’re not really the target audience and the main message came through anyway.

[–] fubarx@lemmy.ml 2 points 1 month ago* (last edited 1 month ago)