
VIZIO to Pay $2.2M to FTC - el_duderino
https://www.ftc.gov/news-events/press-releases/2017/02/vizio-pay-22-million-ftc-state-new-jersey-settle-charges-it
======
turc1656
I'm sick and tired of hearing about fines for clearly criminal activity. This
is most likely a felony issue at hand, here. The executives who green-lighted
this activity should be held accountable and charged accordingly. That's the
only thing people understand. That, or ruinous fines. Not a paltry $2.2M for a
company with revenues of $3.1B - that's less than 0.1%!!! That's a rounding
error to them. $10,000 per occurrence for the company would be much better,
and jail for the executive(s) who are responsible, and then this crap might
actually stop.

~~~
vm
I hear you on that point and broadly agree that the penalties can be too
trivial to cause deterrence (though VW's steep fines and criminal charges
signal change).

However in this case, who doesn't assume that everything we do is tracked for
optimization? Every recommended product, story, TV show, news feed article,
whatever comes from boatloads of testing.

And it doesn't seem like people care. Although some bemoan Facebook and Google
data tracking, almost everyone still uses the products.

~~~
eugeniub
People still use them because there are often significant consequences to not
using them. Not using Facebook can often mean some level of social ostracism,
missing out on important moments from family and friends. Not using Google
means not being able to collaborate with people using Docs, not watching
videos your friends send you, and so on. They're almost like public utilities,
and saying "you use Facebook so you must not actually care about privacy" is
like saying "you rely on the police, so you most not actually care about cases
of police brutality."

~~~
morganvachon
> _They 're almost like public utilities, and saying "you use Facebook so you
> must not actually care about privacy" is like saying "you rely on the
> police, so you most not actually care about cases of police brutality."_

While I agree that they are like public utilities in many ways, I think your
analogy is grossly flawed. For Facebook and Google to do what we want them to,
they have no choice but to constantly invade our privacy. The very features we
desire most from them are directly related to and tied to our personal
information. By contrast, a police department absolutely does not require a
single officer to commit violent crimes in order for them to keep the peace,
arrest criminals, and protect the public.

------
nfriedly
I have a Samsung "smart" TV. A while back, it started opening a pop-up every
10 minutes on top of whatever I was watching to reporting that my internet
connection was down. My internet was just fine, but apparently their update
server had gone down. I had to factory reset it to make it forget my Wi-Fi
password and stop bothering me.

Now it just has an computer attached and isn't used for anything other than a
dumb screen.

~~~
computator
Imagine if all wifi were open. Those TVs and other IoT appliances would
happily upload whatever the hell they wanted without asking you anything.

I used to bemoan that more people don't maintain completely open wifi
connections in the spirit of sharing (assuming you have unlimited Internet).
But there's the upside to everyone putting a password: You can choke off all
those household devices that demand Internet access!

~~~
elihu
> But there's the upside to everyone putting a password: You can choke off all
> those household devices that demand Internet access!

Not for long. As those devices move to prepaid low-data rate cellular service,
you won't be able to stop them from phoning home, short of RF shielding.

(Sometimes I wonder if a lot of the older electronic devices we consider junk
now will become desirable in the future because they "just work" without the
various user-hostile spyware, DRM, rootkits, anti-repair features and remote-
exploitable security vulnerabilities that seem to be proliferating in modern
devices.)

~~~
pdimitar
That's exactly the reason why I curse myself for not going into an engineering
highschool and university and becoming a professional electronics engineer --
on top of being a programmer.

Nowadays I feel like a helpless puppet in the hands of vendors that want to
make their tech transmit as much data as possible to their servers. I am not
even sure the TV I have at home (and to which I didn't give any internet
access) can't secretly negotiate a connection with my router.

I too feel that some of us have to start collecting some older tech just in
case.

------
HCIdivision17
Awesome. Note that this isn't merely a fine, but also comes with the
stipulation that they "prominently disclose and obtain affirmative express
consent for its data collection and sharing practices, and prohibits
misrepresentations about the privacy, security, or confidentiality of consumer
information they collect". _And_ they need to destroy the data collected
before March, last year.

That's pretty good! At the very least, this will make it so people are more
aware of the constant telemetry. Some find that sort of feature useful, and
others find it chilling, but at least this is a step in the direction of
making it _obvious_.

~~~
ysavir
Sure, they can destroy their data, but everything shared with those 3rd
parties is still at those third parties. It's not exactly accomplishing much.

~~~
porpoisemonkey
> Sure, they can destroy their data, but everything shared with those 3rd
> parties is still at those third parties.

Agreed.

I think it would be more effective deterrent if VIZIO had to work with those
third parties to locate and delete the material that was transferred to them.
This 1) would nullify the contract between VIZIO and those parties forcing
VIZIO into back payment and 2) create an annoyance for the third-parties,
hopefully making them think to ask how any data they're purchasing is being
collected.

At a minimum I think that customers whose data was collected prior to March
2016 have a right to know which third-party companies purchased their
information.

~~~
PirateDave
In California, there is the "Shine the Light" law [0] that requires a company
to release third-party information to a consumer if there is identifiable
information given to third-parties along with the data collected. So in this
case, Vizio would be required (at least to California natives) to release
those third-parties' names and associated data collected from you. [0]
[http://leginfo.legislature.ca.gov/faces/codes_displaySection...](http://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.83).

~~~
porpoisemonkey
Thanks for the additional information.

This is a step in the right direction but it's unfortunate that the obligation
to disclose appears to be opt-in and not opt-out as detailed in paragraph (a).

> that business shall, _after the receipt of a written or electronic mail
> request_ , or, if the business chooses to receive requests by toll-free
> telephone or facsimile numbers, a telephone or facsimile request from the
> customer, provide all of the following information to the customer free of
> charge

To compile a list of all companies that have their personal information an
user would have to identify every business they have a business relationship
with that could possibly be gathering this information and then send a written
request to each on a regular basis as the request is only valid for
information disclosed in the proceeding year. It seems then that this law only
really covers consumers in the event that they find one specific and recent
instance where they'd like this information disclosed.

~~~
porpoisemonkey
Correction:

> To compile a list of all companies that have their personal information an
> user would have to identify every business they have a business relationship
> with that could possibly be gathering this information and then send a
> written request to each on a regular basis as the request is only valid for
> information disclosed in the _preceding_ year.

------
stevenleeg
Foof, this is yet another reason for me to be completely out on smart tvs.

I really don't see the appeal of hooking up my tv to the internet if the only
thing I'll get in return is buggy service integrations and, worse, the tv
spying on my viewing habits. This is on top of the added potential for
security exploits on a poorly maintained device connected to my home network.

~~~
cptskippy
I agree that Smart TVs need to die. I think some sort of law or regulation
mandating security updates for the average life expectancy of such devices
would ago a long way towards killing off Smart TVs. That's assuming the life
expectancy is something reasonable like 5-10 years.

~~~
DannyB2
It's about more than security updates. And this may seem off topic, but bear
with me for a moment.

Smart devices, including but not limited to Smart TVs. The manufacturers need
to be legally and financially liable for damages caused by their devices
getting hacked and used as a botnet.

When I buy a toaster, I have a reasonable expectation that it won't burn my
house down.

When I buy a Smart TV, I have a reasonable expectation that it won't get
hacked, become part of a botnet and cause massive damage to someone else, far
away that I don't even know.

It is not impossible to build a very secure IoT device. Anyone who has ever
gone through PCI compliance to build a web site or anything else that accepts
credit card data knows this. It's not impossible. It's just a very high bar to
jump over. Demonstrating a similar level of security should be enough to be
able to get insurance in case your IoT devices do get hacked and cause harm.

The costs of this would be passed on to consumers. This would make Smart TVs
more secure. But I'm also happy to pay more for a toaster that doesn't burn my
house down, instead of a super cheap one that is dangerous.

This would either kill smart TVs as an economical consumer item, or it would
make them very secure. If it kills them, then the data / privacy issue is
solved -- to move this back on topic.

~~~
asdfasdfa11112
In the case where your device was compromised and used in a botnet attack,
wouldn't you need to prove damages? I'm just curious what that argument would
look like to a layperson.

I suspect the average person wouldn't get too riled up to hear that their
internet connection was used to block someone's website, as long as they don't
notice it in their service quality.

Another tangent -- do any sophisticated botnet systems throttle their
connection during an attack to minimize impact on the device/network owner?

[edit - in case it's not clear, I'm admittedly ignorant about this kind of
stuff, so I was just curious if anyone else can shed some light]

------
beat
As a Vizio tv owner who will probably by more Vizio tvs... Meh. I just
_assume_ every electronic device I own is spying on my habits and selling the
data to whomever. Glad to see them busted on this, because I want to see the
line for this stuff set as far back as possible, to be the most trouble and
risk possible for businesses.

But yeah, you can't really expect corporate ethics or laws to protect you.

~~~
shuntress
Writing off the right to privacy because you have nothing to hide is like
writing off the right to free speech because you have nothing to say.

~~~
beat
It has nothing to do with whether I have something to hide or not. I don't
_want_ them collecting data without my permission. But I assume they _will_ do
so.

And to the post comparing this to violent crime... um, no. It's not the same.
I don't need to be paranoid and assume that everyone is a violent criminal. I
do, however, need to be conscious it's possible.

------
mark-r
So they got fined for doing what essentially every internet company is doing?
It's a good start, but I'm afraid it won't go nearly far enough.

~~~
kernel_sanders
Yeah, I don't understand this. I read the FTC complaint and it hinged on the
issue of collecting the data w/o explicit user consent, ie a pop up or
message. Wouldn't nearly all internet companies fall in to this bucket? Ie,
log aggregators, analytics SDKs etc?

------
emodendroket
That's cool but it feels like drops in the ocean.

~~~
pdimitar
From the amazing "Cloud Atlas" (2012) movie:

"But what is an ocean, if not a multitude of drops?"

I am feeling a lot of despair and paranoia about this case but there are still
reasons to be hopeful and optimistic.

------
huehehue
Super interesting to see the population's attitude shift over time with
regards to privacy.

Feels like even the HN crowd is starting to get worn down and accept this sort
of thing as a fact of life. It's absolutely going to get worse, and I'm
surprised TVs aren't already using their cameras to measure physical movement
during suspenseful scenes, or track how many people leave the room during
commercial breaks.

Of course, most non-technical end users I know _100%_ just don't care about
this sort of thing, which bums me out. _" Well, I know I'm being spied on, but
if it makes my life easier then does it matter?"_

~~~
TeMPOraL
> _" Well, I know I'm being spied on, but if it makes my life easier then does
> it matter?"_

That is still a somewhat defensible attitude. But most tracking, Vizio
included, doesn't give you _any_ benefits. It doesn't make your life easier in
any way. It exists so that other people can make more money selling
information about you to people who make money trying to sell useless shit to
you.

~~~
Eridrus
> But most tracking, Vizio included, doesn't give you any benefits.

It makes the products you want cheaper/more commercially viable.

It's usually not completely obvious, but look at the Kindle Fire tablets which
have ads on the home screen for a $10 discount.

It's the same reason many computers come preinstalled with crapware; consumers
want the cheapest price and are willing to tolerate crapware being installed
by default for a cheaper computer.

~~~
TeMPOraL
Here's the thing with consumer "wants" \- I feel it often is portrayed
backwards. Consumers tend to not "want" stuff - they choose from what's
available. There are no polls made in which consumers express an opinion that
they'd happily buy a TV that tracks their watching habits if it was cheaper.
Instead, somebody introduces such user-hostile way to make money on the side,
allowing them to sell the product cheaper, and people start buying it because
it's cheaper. Competition has to follow suit.

The point being, companies are guilty of putting such products on the market
in the first place; you can't then turn around and say "look at the sales
figures, it's obviously what people want!".

~~~
Eridrus
I couldn't find data on this, but I think the ads version of the Kindle Fire
is the more popular one, and users have the option to pay more for no ads.

I don't know why everyone gets so torn up about this when we all know
Netflix.and YouTube track what we're watching, and the dream of personalized
content recommendations relies on this data. I'm guessing it's mostly because
adtech companies and advertisers are generally disliked around here.

------
itsmemattchung
I feel conflicted.

On one hand, my Vizio comes built in with several apps—NetFlix, Hulu, Local
News—that improves the overall tv watching experience. Without the apps
installed, I doubt that the members of my house hold would be consuming half
the amount of entertainment. On the other hand, I hate the fact that data
leaks to Vizio.

So, what's the best way to strike a balance?

Buy a "non-smart" tv and plug in a laptop (or rasberry pi) via an HDMI cable?

~~~
jusuchin
Try finding any newer "non-smart" tvs.

~~~
itsmemattchung
You're probably right.

The last time I hunted for a new TV was about 3-4 years ago; I'm guessing
nowadays, most (if not all) TVs are now "smart."

~~~
marceldegraaf
Look for the Humax Pure Vision Display. Comes in 43", 49", and 55". 4K, with a
bunch of HDMI/USB ports, and no more.

------
keyle
Does your Samsung TV turns itself on in the middle of the day to make updates?
(screen stays black but you can hear the click). About once a week I hear it
click on and then click off 5 minutes later... It's just spooky. Why would
anyone buy a TV with voice control?!

------
sailfast
Vizio was sold to LeEco in July, right? Does anybody have an idea about
whether this data went along with the purchase or not and/or whether it would
have made for a significant boost in the price paid for the firm? Seems like
pretty valuable data to re-sell to third parties.

~~~
sp332
Vizio's data service is set to be spun off into its own company.
[https://en.wikipedia.org/wiki/Inscape_Data_Services](https://en.wikipedia.org/wiki/Inscape_Data_Services)

------
thinkloop
2,200,000 / 11,000,000 = 0.2

Stealing entire viewing privacy is only worth 20 cents - painfully low for my
tastes, but I guess it's about right given what people currently expose to get
"free".

~~~
tedmiston
Exactly. 20¢ per TV, which might correspond to multiple users, is a slap on
the wrist.

~~~
awqrre
very light slap...

------
OliverJones
I know it's a pipe dream: It would be good for their retail and distribution
channels to drop their product lines; it would be a noticeable way for outfits
like Best Buy and Walmart to brand themselves with a "we care about our
customers" aura.

Loss of access to markets is also a suitable consequence for this kind of
monkey business.

Like I said, pipe dream.

------
randyrand
why not to their customers? why does the FTC deserve this money?

------
dudurocha
There are another cases like these?

------
knite
This is my old company! Cognitive Networks, acquired by VIZIO and rebranded
VIZIO Inscape.

------
throthrowaway
Likely related to Samba TV, connecting viewing data for advertising.

------
asher_
Can anyone recommend good non-smart TVs?

------
homero
I'll never buy a smart tv

~~~
Viper007Bond
Good luck finding one that isn't.

~~~
homero
I just bought a westinghouse that isn't

------
akulbe
Interesting. It's fine for the government to collect data and spy on its
citizenry (without disclosing that it's doing so), but if a company does it it
means millions in fines? Smacks of rank hypocrisy, to me.

~~~
mulmen
The government isn't a corporation. Visio also doesn't have fighter jets and
tanks. The rules are different.

