'Smart' TVs Remain The Poster Child For Dismal Privacy, Transparency & Security Standards
from the watching-you-watching-me dept
The dumpster fire that passes for security and privacy standards in the internet of things space is by now pretty well understood. It’s also pretty clear that in this sector, “smart TV” vendors have been among the laziest sectors around in terms of making sure private consumer data is adequately encrypted, and that consumers understand that their viewing habits and even some in-room conversations are being hoovered up and monetized, usually sloppily.
Recent studies have found that upwards of 90% of smart TVs can be compromised remotely, and leaked documents have made it clear that intelligence agencies have been having a field day with the lack of security in such sets, easily exploiting paper-mache grade protections in order to use TV microphones to monitor targets without anybody being the wiser.
Meanwhile, set vendors and viewing tracking firms continue to do a pretty dismal job clearly explaining to the end user what data is being collected and monetized. The New York Times, for example, recently did a profile piece on a company named SambaTV, whose viewer-tracking software is now collects viewing data from 13.5 million smart TVs in the United States. Owners of these sets will find Samba’s Interactive TV software already installed, and are told that the software simply lets you receive handy recommendations and experience TV “in a whole new way”:
“Interact with your favorite shows. Get recommendations based on the content you love. Connect your devices for exclusive content and special offers. By cleverly recognizing onscreen content, Samba Interactive TV lets you engage with your TV in a whole new way.”
But at no point during set up does the company really make it obvious just how much data is being collected or how it’s used:
“Once enabled, Samba TV can track nearly everything that appears on the TV on a second-by-second basis, essentially reading pixels to identify network shows and ads, as well as programs on HBO and even video games played on the TV. Samba TV has even offered advertisers the ability to base their targeting on whether people watch conservative or liberal media outlets and which party?s presidential debate they watched.”
That’s certainly something that would never be abused, right? Especially since we keep seeing story after story after story about how anonymized data isn’t really “anonymous”, such data isn’t particularly well protected, and consumers don’t actually have the faintest understanding of what’s being collected and monetized in the first place. Consumer advocates say that transparency about what data is collected remains utterly lacking, as most users of this software have zero understanding it can potentially even track their political leanings:
?It?s still not intuitive that the box maker or the software embedded by the box maker is going to be doing this,? said Justin Brookman, director of consumer privacy and technology policy at the advocacy group Consumers Union and a former policy director at the Federal Trade Commission. ?I?d like to see companies do a better job of making that clear and explaining the value proposition to consumers.”
The FTC last year fined TV vendor Vizio $2.2 million for hoovering up the viewing data on 11 million consumer TVs without consumers? knowledge or consent. But FTC enforcement is inconsistent, and is often slow to address how companies now use numerous devices in concert (your smart phone, your home assistant, and your TV) to deepen in-home surveillance capabilities further. The rabbit hole gets deeper still when you consider that your ISP is also cashing in on your IOT device usage without much transparency or oversight thanks to the recent attacks on privacy rules and FCC authority over ISPs.
Quite often, such data hoovering systems are actively misrepresented as being of ambiguous benefit to the end user. And because users can technically dig through Samba’s 4,000 word privacy policy and 6,500 word terms of use to discover what’s actually happening (something companies know users won’t do and may not even understand if they did), they’re technically adhering to the law. Eventually we’ll get around to working together on modernizations of the law, but pretty clearly not before years and dozens of additional privacy and security scandals drive the point home.
Filed Under: privacy, security, smart tv, transparency
Companies: samba tv
Comments on “'Smart' TVs Remain The Poster Child For Dismal Privacy, Transparency & Security Standards”
So...turn it off.
Isn’t the way to defeat smart TV collecting information is to not enable (or disable it now) the ‘smart’ software and to deny the TV internet access (remove the WiFi password and/or unplug the Ethernet)?
Re: So...turn it off.
Why pay for something you never intend to use?
Re: Re: So...turn it off.
Have you checked the availability of non-smart TV’s?
Re: Re: Re: So...turn it off.
Exactly .. and all the while they claim to have your best interests in mind – lol, not.
Re: Re: So...turn it off.
Because OLED displays are goddamn sexy, and you can’t get them any other way.
Seriously. Go to a store and just look at one. Bring a bib.
Re: So...turn it off.
In theory yes. If you have a seperate box that gives smart features its entirely doable. But I know lots of folks who buy the TVs specifically so they don’t have to have a seperate box.
Re: Re: So...turn it off.
And I am the antipode. I have a TV, not connected to the Internet, but connected to my network (it’s not a ‘smart version so even though my network is connected to the internet, it is not (older model ‘smart options not available)). I use my collection. There is a Raspberry Pi runing my NAS hooked up to a couple of 4 TB SSD’s that don’t need power supplies and another Raspberry Pi running LibreElec to collate and play my content. There is lots of content, and though I may have violated some stupid copyright maximalist rules by transferring it to digital media without DRM, I am unconcerned. And for good reason.
I am over 60 years old, if you think I haven’t been collecting content for some time, your mistaken.
Re: So...turn it off.
The problem with this particular response is that it tends to be an argument used to obviate any desire or responsibility to make sure the bad behavior does not occur.
To summarize the problem:
A) Smart TVs are designed to track everything and monetize the hell out of it
B) Companies are deliberately terrible at making this clear to the people that buy them
“Turn it off” only works for people who know this is happening, which point B ensures is an incredibly small portion of people. For those unaware, there is no redress provided for the invasion of their privacy with this particular answer.
It does nothing to solve the root problem.
Or, to put it another way, why are we placing this burden entirely on the shoulders of the consumers, and not ensuring there is consumer-friendly transparency on the part of the manufacturers and distributors? Why would we give them a free pass, and just tell people to “turn it off?”
Re: Re: So...turn it off.
I did not, nor would I suggest that the behavior of these TV manufacturers, or for that matter many other IOT devices, or for that matter many, many Internet websites that their behavior is not reprehensible. My suggestion above was not about stopping the practice, but about protecting oneself when one becomes aware. The mere fact that few, if any non-smart TV’s are available in the marketplace it very telling about the intent of manufacturers. They want continued income by spying on us. Don’t let them.
The problem with merely making their schemes transparent is that it really should be illegal. Try getting your legislature to follow up on that. I wish you luck. I am for that effort, but I wish you luck under current conditions. When those companies have more power with your representative than you do, it is not going anywhere…fast.
Re: Re: Re: So...turn it off.
Aye – the point is more that the presentation of “so turn it off” often implies the (see last post).
As for the legislature, well – I don’t believe in not trying. Not trying will by default result in no success. Trying has a possibility of success.
I prefer a non-zero chance of success, however, small, to a zero chance of success.
Re: Re: Re: So...turn it off.
If the TV manufacturers are to be considered adversaries, how sure should we be that "off" is really off? If they’re making money off your data, they could probe for an unprotected wifi network over which to upload it.
Re: Re: Re:2 So...turn it off.
What if you were to then connect it to your network, but instruct your router to block the device from accessing any addresses and ports? That way it’s “connected” to your network, but can’t do anything once it’s on.
Re: Re: Re:3 So...turn it off.
You’re still relying on the manufacturer to not probe for other wifi networks. They probably won’t do it (attacks against knowledgeable users are more likely to get caught, and being part of multiple networks simultaneously isn’t always easy w.r.t. wifi firmware).
Re: So...turn it off.
That only works until they start adding automatic cellular connectivity to Smart TVs, such that they can collect all of this data whether or not you set up wifi. They’re doing this with cars already.
Re: Re: So...turn it off.
Or the TV refuses to do anything except show the “connect me to the Internet” screen until it is connected.
Re: So...turn it off.
That must be the 10% of smart TVs that aren’t exploitable.
On or off
Disabling the networking is a great way to protect yourself. (And maybe the only way.)
My TV is powered by a media PC I built for it.
Not everyone can/will do that.
Many folks actually want to use the features their smart TV offers.
Pulling the ethernet cable works, but it isn’t a (good) solution to the problem. Raising awareness about the problem to shame the manufacturers may not work, but it’s a first step.
Last time I checked, I had a hard time finding a TV *without* smart features.
Re: On or off
Wow, so being paranoid is a good thing..
To anyone that DONT GET IT…just going to an internet site can track you(ALMOST) directly to your home..
an untrackable media system DOES NOT connect to the net, Anymore.. You have to do something ABIT illegal, and digitize all your Neighbors/family/frineds movies, and install them in a Wireless Server/network device, HIDDEN in your walls, or your Neighbors home, OR UNDER GROUND..
Setup to NOT send a signal, unless they KNOW the Net address to the device..
I cansee them NOW in your yard with a metal detector, scanning the ground and your Outside walls..
Re: Re: On or off
ECA – I am pretty sure I don’t have any wireless devices hidden in my walls. Or buried in my yard.
Re: Re: Re: On or off
Good job gary..
Then the DHS can come into the home and find everything..even if there is NOTHING, they will get it all, and in 30 days, if not claimed(after loosing your paper work) can sell it off the the next police force that wants it..
Re: Re: On or off
Your rant needs more capital letters and periods.
Re: Re: On or off
Funny thing about this..
Is a person in Germany had the same car as person in Australia..
After he found out he could REMOTE access his own car, the Aussie was asked to test something…
FROM Germany, the person could access the Aussie car, over the internet..
!0+ years ago, Cali wanted an interesting device in cars… remote shutoff/controls..
Think they got it??
So it’s 10500 words to be read. No seriously, this is the same mindset used with safety drivers in autonomous car testing. It’s safe to assume they’ll alternate 15 minutes of focus with a lot of porn streaming.. Er, Netflix. Same with these absurdly long EULAs, TOS etc. A tiny fraction of people will read them and even then they’ll need some law degree to understand everything. Just no.
We do need to update our laws indeed.
Counterpoint -- Is This Really So Bad?
I’ll leave network safety aside because I still barely understand Wi-Fi, I’ll just go into the data collection. Short answer, so what?
Yes it’s seedy, sneaky, and even sketchy. Honestly though there’s not a lot of dangerous data that can be scraped by TV viewing habits. This isn’t banking info or HIPAA compliance whatevers, it’s behavioural information to tailor advertising. It’s a big steamy dump on expectations of privacy but it’s the least likely data to be used against you for malice. Recording voice information is a little worse but with the amount of phone apps which do that already it’s a lost fight.
But hey, let’s say we’re crowned kings for a day and ban data collection from smart TVs. The price of these puppies will see an enormous spike. I don’t know about you peeps but I’m finding it very difficult lately to find a non-smart TV. You wanna pay 25% more for the same quality TVs for the piece of mind that advertising will be slightly less effective on you?
I will say I do not own a Smart TV yet, I’m holding out as long as possible. I do know that gathering data and selling it to the highest bidder is one of the best cost-offsets around in the modern tech world. The little data a Smart V could get is a drop-in-the-bucket compared to everything else we use.
Re: Counterpoint -- Is This Really So Bad?
Except when you consider the videos and recordings of conversations and activities held within the ‘ahem’ purview (aka view of or hearing of) the TV. Viewing habits are one thing, conversations or ‘activities’ are another. Both are vulnerable with some systems.
Re: Re: Counterpoint -- Is This Really So Bad?
Compared with the mobile apps, discount security systems, laptops with built-in cameras, and other things already doing this; it’s minuscule and redundant.
Re: Re: Re: Counterpoint -- Is This Really So Bad?
The cameras of my laptop and tablet are covered with pieces of duct tape (the TV doesn’t have one). I live alone and rarely have conversations at home, though I doubt anything could be learned from what I tend to talk about. But I don’t know if either is listening, I wish I did. That disclosure should not only be required, but it should legally, and easily be disabled. Better yet, it should be opt in or not possible.
Re: Re: Re:2 Counterpoint -- Is This Really So Bad?
If that’s all that’s mandated, they’ll do it in the simplest way possible: disable it in software, which only works until someone finds a software exploit and re-enables the microphone. If you’re going to legally mandate something, mandate a hardware switch.
Re: Counterpoint -- Is This Really So Bad?
Go fuck yourself goigle
Re: Counterpoint -- Is This Really So Bad?
They can see what porn you watch, and the camera can watch you masturbate. You’re cool with this?
You may not know but your television is never actually turned off except when disconnected from power. It is in standby mode which can allow functions to stay active even when you believe the device is off. Monitoring of the rooms audio and the data connections are always on…. <cue spooky music here>
If I knew for a fact someone was watching my family through spyware in a tv, I would bludgeon that person to a fucking pulp. WTF? W-T-F?? THIS FUCKING HAS TO STOP ON THIS FUCKING PLANET.
Is this why Alexa laughs for no reason?
There are modern dumb TV's available
Just thought I’d let you all know if you’re interested that Sceptre makes good modern dumb TV’s even up to 4k. You probably won’t find them in-store (I didn’t) but you can order them online from places like Walmart and Amazon. They’re also typically less expensive than same size smart TV’s by other manufacturers. I got a non-smart 65″ Sceptre 4k HDTV from Walmart online for only about $500 or so after tax. I just thought it’d share for those of you who don’t know and were interested in trying to find a modern dumb TV.
Re: There are modern dumb TV's available
Thanks! Been looking for one.
I don’t consider myself too old for technology (yet, anyway), but I will never fathom why anyone would hook an internet cable to their television set.
Let’s remove the privacy issue for a moment. Most TVs still use a remote, and last time I checked, these were horrendous to use as “keyboards”.
More importantly, none of the software on a television is designed well enough to make the experience pleasant for the user. “Android” != perfection.
There are so many alternatives to attaching the network cord/WiFi that I cannot feel sorry for those whose privacy is lost over their “need” to…
…
…
porn?
There was a YouTube video claiming the the Feds use SmartTVs to listen in on your activities, and that if you tinker with the TV to disable the monitoring/recording function, you are committing a felony act under the DMCA.
The are wrong. In order for the felony provisions of the DMCA to apply, such tinkering would have to be for either commercial or financial private gain, so tinkering with any of your devices, for your own personal use, does not all under this.
It might be possible, that someone might be charged with obstruction of justice, it it can be proven that recording/monitoring on a smart TV was disable to hide criminal activity, but the DMCA would not apply, since tinkering with your smart TV for your own private use, without intending to make any kind of commercial or private financial gain, would not be a felony under the DMCA. It is only a felony, under the DMCA, if violate section 1201, for some kind of financial gain.