'Smart' TVs Remain The Poster Child For Dismal Privacy, Transparency & Security Standards

from the watching-you-watching-me dept

The dumpster fire that passes for security and privacy standards in the internet of things space is by now pretty well understood. It’s also pretty clear that in this sector, “smart TV” vendors have been among the laziest sectors around in terms of making sure private consumer data is adequately encrypted, and that consumers understand that their viewing habits and even some in-room conversations are being hoovered up and monetized, usually sloppily.

Recent studies have found that upwards of 90% of smart TVs can be compromised remotely, and leaked documents have made it clear that intelligence agencies have been having a field day with the lack of security in such sets, easily exploiting paper-mache grade protections in order to use TV microphones to monitor targets without anybody being the wiser.

Meanwhile, set vendors and viewing tracking firms continue to do a pretty dismal job clearly explaining to the end user what data is being collected and monetized. The New York Times, for example, recently did a profile piece on a company named SambaTV, whose viewer-tracking software is now collects viewing data from 13.5 million smart TVs in the United States. Owners of these sets will find Samba’s Interactive TV software already installed, and are told that the software simply lets you receive handy recommendations and experience TV “in a whole new way”:

“Interact with your favorite shows. Get recommendations based on the content you love. Connect your devices for exclusive content and special offers. By cleverly recognizing onscreen content, Samba Interactive TV lets you engage with your TV in a whole new way.”

But at no point during set up does the company really make it obvious just how much data is being collected or how it’s used:

“Once enabled, Samba TV can track nearly everything that appears on the TV on a second-by-second basis, essentially reading pixels to identify network shows and ads, as well as programs on HBO and even video games played on the TV. Samba TV has even offered advertisers the ability to base their targeting on whether people watch conservative or liberal media outlets and which party?s presidential debate they watched.”

That’s certainly something that would never be abused, right? Especially since we keep seeing story after story after story about how anonymized data isn’t really “anonymous”, such data isn’t particularly well protected, and consumers don’t actually have the faintest understanding of what’s being collected and monetized in the first place. Consumer advocates say that transparency about what data is collected remains utterly lacking, as most users of this software have zero understanding it can potentially even track their political leanings:

?It?s still not intuitive that the box maker or the software embedded by the box maker is going to be doing this,? said Justin Brookman, director of consumer privacy and technology policy at the advocacy group Consumers Union and a former policy director at the Federal Trade Commission. ?I?d like to see companies do a better job of making that clear and explaining the value proposition to consumers.”

The FTC last year fined TV vendor Vizio $2.2 million for hoovering up the viewing data on 11 million consumer TVs without consumers? knowledge or consent. But FTC enforcement is inconsistent, and is often slow to address how companies now use numerous devices in concert (your smart phone, your home assistant, and your TV) to deepen in-home surveillance capabilities further. The rabbit hole gets deeper still when you consider that your ISP is also cashing in on your IOT device usage without much transparency or oversight thanks to the recent attacks on privacy rules and FCC authority over ISPs.

Quite often, such data hoovering systems are actively misrepresented as being of ambiguous benefit to the end user. And because users can technically dig through Samba’s 4,000 word privacy policy and 6,500 word terms of use to discover what’s actually happening (something companies know users won’t do and may not even understand if they did), they’re technically adhering to the law. Eventually we’ll get around to working together on modernizations of the law, but pretty clearly not before years and dozens of additional privacy and security scandals drive the point home.

Filed Under: , , ,
Companies: samba tv

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “'Smart' TVs Remain The Poster Child For Dismal Privacy, Transparency & Security Standards”

Subscribe: RSS Leave a comment
Anonymous Anonymous Coward (profile) says:

Re: Re: So...turn it off.

And I am the antipode. I have a TV, not connected to the Internet, but connected to my network (it’s not a ‘smart version so even though my network is connected to the internet, it is not (older model ‘smart options not available)). I use my collection. There is a Raspberry Pi runing my NAS hooked up to a couple of 4 TB SSD’s that don’t need power supplies and another Raspberry Pi running LibreElec to collate and play my content. There is lots of content, and though I may have violated some stupid copyright maximalist rules by transferring it to digital media without DRM, I am unconcerned. And for good reason.

I am over 60 years old, if you think I haven’t been collecting content for some time, your mistaken.

Anonymous Coward says:

Re: So...turn it off.

The problem with this particular response is that it tends to be an argument used to obviate any desire or responsibility to make sure the bad behavior does not occur.

To summarize the problem:
A) Smart TVs are designed to track everything and monetize the hell out of it
B) Companies are deliberately terrible at making this clear to the people that buy them

“Turn it off” only works for people who know this is happening, which point B ensures is an incredibly small portion of people. For those unaware, there is no redress provided for the invasion of their privacy with this particular answer.

It does nothing to solve the root problem.

Or, to put it another way, why are we placing this burden entirely on the shoulders of the consumers, and not ensuring there is consumer-friendly transparency on the part of the manufacturers and distributors? Why would we give them a free pass, and just tell people to “turn it off?”

Anonymous Anonymous Coward (profile) says:

Re: Re: So...turn it off.

I did not, nor would I suggest that the behavior of these TV manufacturers, or for that matter many other IOT devices, or for that matter many, many Internet websites that their behavior is not reprehensible. My suggestion above was not about stopping the practice, but about protecting oneself when one becomes aware. The mere fact that few, if any non-smart TV’s are available in the marketplace it very telling about the intent of manufacturers. They want continued income by spying on us. Don’t let them.

The problem with merely making their schemes transparent is that it really should be illegal. Try getting your legislature to follow up on that. I wish you luck. I am for that effort, but I wish you luck under current conditions. When those companies have more power with your representative than you do, it is not going anywhere…fast.

Anonymous Coward says:

Re: Re: Re: So...turn it off.

Aye – the point is more that the presentation of “so turn it off” often implies the (see last post).

As for the legislature, well – I don’t believe in not trying. Not trying will by default result in no success. Trying has a possibility of success.

I prefer a non-zero chance of success, however, small, to a zero chance of success.

Anonymous Coward says:

Re: Re: Re: So...turn it off.

I did not … suggest that the behavior of these TV manufacturers … is not reprehensible. My suggestion above was … about protecting oneself when one becomes aware.

If the TV manufacturers are to be considered adversaries, how sure should we be that "off" is really off? If they’re making money off your data, they could probe for an unprotected wifi network over which to upload it.

Gary (profile) says:

On or off

Disabling the networking is a great way to protect yourself. (And maybe the only way.)
My TV is powered by a media PC I built for it.
Not everyone can/will do that.
Many folks actually want to use the features their smart TV offers.
Pulling the ethernet cable works, but it isn’t a (good) solution to the problem. Raising awareness about the problem to shame the manufacturers may not work, but it’s a first step.
Last time I checked, I had a hard time finding a TV *without* smart features.

ECA (profile) says:

Re: On or off

Wow, so being paranoid is a good thing..
To anyone that DONT GET IT…just going to an internet site can track you(ALMOST) directly to your home..

an untrackable media system DOES NOT connect to the net, Anymore.. You have to do something ABIT illegal, and digitize all your Neighbors/family/frineds movies, and install them in a Wireless Server/network device, HIDDEN in your walls, or your Neighbors home, OR UNDER GROUND..
Setup to NOT send a signal, unless they KNOW the Net address to the device..

I cansee them NOW in your yard with a metal detector, scanning the ground and your Outside walls..

ECA (profile) says:

Re: Re: On or off

Funny thing about this..

Is a person in Germany had the same car as person in Australia..
After he found out he could REMOTE access his own car, the Aussie was asked to test something…
FROM Germany, the person could access the Aussie car, over the internet..

!0+ years ago, Cali wanted an interesting device in cars… remote shutoff/controls..
Think they got it??

Ninja (profile) says:

So it’s 10500 words to be read. No seriously, this is the same mindset used with safety drivers in autonomous car testing. It’s safe to assume they’ll alternate 15 minutes of focus with a lot of porn streaming.. Er, Netflix. Same with these absurdly long EULAs, TOS etc. A tiny fraction of people will read them and even then they’ll need some law degree to understand everything. Just no.

We do need to update our laws indeed.

Anonymous Coward says:

Counterpoint -- Is This Really So Bad?

I’ll leave network safety aside because I still barely understand Wi-Fi, I’ll just go into the data collection. Short answer, so what?

Yes it’s seedy, sneaky, and even sketchy. Honestly though there’s not a lot of dangerous data that can be scraped by TV viewing habits. This isn’t banking info or HIPAA compliance whatevers, it’s behavioural information to tailor advertising. It’s a big steamy dump on expectations of privacy but it’s the least likely data to be used against you for malice. Recording voice information is a little worse but with the amount of phone apps which do that already it’s a lost fight.

But hey, let’s say we’re crowned kings for a day and ban data collection from smart TVs. The price of these puppies will see an enormous spike. I don’t know about you peeps but I’m finding it very difficult lately to find a non-smart TV. You wanna pay 25% more for the same quality TVs for the piece of mind that advertising will be slightly less effective on you?

I will say I do not own a Smart TV yet, I’m holding out as long as possible. I do know that gathering data and selling it to the highest bidder is one of the best cost-offsets around in the modern tech world. The little data a Smart V could get is a drop-in-the-bucket compared to everything else we use.

Anonymous Anonymous Coward (profile) says:

Re: Counterpoint -- Is This Really So Bad?

The little data a Smart V could get is a drop-in-the-bucket compared to everything else we use.

Except when you consider the videos and recordings of conversations and activities held within the ‘ahem’ purview (aka view of or hearing of) the TV. Viewing habits are one thing, conversations or ‘activities’ are another. Both are vulnerable with some systems.

Anonymous Anonymous Coward (profile) says:

Re: Re: Re: Counterpoint -- Is This Really So Bad?

The cameras of my laptop and tablet are covered with pieces of duct tape (the TV doesn’t have one). I live alone and rarely have conversations at home, though I doubt anything could be learned from what I tend to talk about. But I don’t know if either is listening, I wish I did. That disclosure should not only be required, but it should legally, and easily be disabled. Better yet, it should be opt in or not possible.

Anonymous Coward says:

Re: Re: Re:2 Counterpoint -- Is This Really So Bad?

That disclosure should not only be required, but it should legally, and easily be disabled.

If that’s all that’s mandated, they’ll do it in the simplest way possible: disable it in software, which only works until someone finds a software exploit and re-enables the microphone. If you’re going to legally mandate something, mandate a hardware switch.

TDR says:

There are modern dumb TV's available

Just thought I’d let you all know if you’re interested that Sceptre makes good modern dumb TV’s even up to 4k. You probably won’t find them in-store (I didn’t) but you can order them online from places like Walmart and Amazon. They’re also typically less expensive than same size smart TV’s by other manufacturers. I got a non-smart 65″ Sceptre 4k HDTV from Walmart online for only about $500 or so after tax. I just thought it’d share for those of you who don’t know and were interested in trying to find a modern dumb TV.

Jinxed (profile) says:

I don’t consider myself too old for technology (yet, anyway), but I will never fathom why anyone would hook an internet cable to their television set.

Let’s remove the privacy issue for a moment. Most TVs still use a remote, and last time I checked, these were horrendous to use as “keyboards”.

More importantly, none of the software on a television is designed well enough to make the experience pleasant for the user. “Android” != perfection.

There are so many alternatives to attaching the network cord/WiFi that I cannot feel sorry for those whose privacy is lost over their “need” to…


Anonymous Coward says:

There was a YouTube video claiming the the Feds use SmartTVs to listen in on your activities, and that if you tinker with the TV to disable the monitoring/recording function, you are committing a felony act under the DMCA.

The are wrong. In order for the felony provisions of the DMCA to apply, such tinkering would have to be for either commercial or financial private gain, so tinkering with any of your devices, for your own personal use, does not all under this.

It might be possible, that someone might be charged with obstruction of justice, it it can be proven that recording/monitoring on a smart TV was disable to hide criminal activity, but the DMCA would not apply, since tinkering with your smart TV for your own private use, without intending to make any kind of commercial or private financial gain, would not be a felony under the DMCA. It is only a felony, under the DMCA, if violate section 1201, for some kind of financial gain.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...