Hacker News new | past | comments | ask | show | jobs | submit login
Smart TVs sending sensitive user data to Netflix and Facebook (ft.com)
685 points by hhs on Sept 18, 2019 | hide | past | favorite | 500 comments

This is a pretty open secret within the industry. Geographic data can be provided via setup (a lot of TV's ask for a zip code on setup) or usually simply via GeoIP lookup.

Dig a bit deeper and you get into service provided by Samba TV and or Inscape and you can find that they're sending back frames of video in a lot of cases to track what you're watching.

This data is becoming a huge mechanism for subsidizing TV sales and the interactivity is being looked at as a huge opportunity to recoup some of the ad spend being lost via streaming and fewer 30 second spots.

With new TV's its time to view them as private as a browser (With less controls).

https://samba.tv/ https://www.inscape.tv/

Not even a secret. A TV manufacturer publicly said a while ago that a TV without "smart" features is more expensive for the company (even if sold at the same retail price) because they cannot make any money from selling usage data.

It was the Vizio CTO, while trying to spin it positively it came out a bit too honest. https://www.techdirt.com/articles/20190114/08084341384/vizio...

This is kind of spot on to Succession's "ATN News: We're listening"

"We hear... for you."

That assumes that developing the smart system (and supporting the infrastructure) does cost the same as for the dumb one, which seems wrong to me.

Or maybe at high volume it becomes negligible anyway.

As long as I can keep the TV offline to operate it I'm fine with it. The day it needs to be online to work is where I'll be seriously pissed enough that I'll return it without hesitation.

How can you be sure it's offline? Possibly it has wireless capabilities that work without your consent..

How? By putting in cellular or sat connections in secret? Because the FCC would be very interested in someone selling unlabeled and unlicensed radio containing equipment.

By connecting to open wi-fi, supposedly, maybe with the help of some kind of dark pattern: https://www.reddit.com/r/security/comments/bpjky4/worried_ab...

Would it need to be labeled if they were plugging in a 5G pci-e/USB WAN module?


You wrap it in tin foil

It's a TV, wrapped in tinfoil you won't be able to see anything anymore.

You could, but you need Star Trek materials:


We have a house without any Internet connection - that would require at least a mobile link.

Don't worry, in a few years they will have their own sim card and network.

This behavior is despicable and we must not accept it just because "I wouldn't connect the network cable/wifi anyway". Because one day that isn't an option and by then it is already too late.

They are missing a trick with peer to peer piggy backs.

You can see what devices are connected to your router for one. Also not if you: factory reset or change the password.

No open wifi networks nearby.

Which could be impossible in a dense city with Xfinity access points.

Aren’t Xfinity APs only for Xfinity subscribers? I doubt they’re just wide open. Now if a TV manufacturer struck a deal with an ISP and gave it its own access point to join...

Like Sonos did. And I did what you said. Into the trash can.

Sonos needs to be called out for the dramatic disparity between how they present their products and what those products actually do.

Their userbase is almost universally clueless as to what it is these devices are doing and what the goals of Sonos, as a company, must be.

They should have been one of the good ones - and I had such enthusiasm for their products - but they have proven to be very, very antagonistic towards their users.

Wait, what is Sonos doing that am I missing?

Force you to register and login or they brick your device. Stuff a recording device connecting to amazon in what should otherwise be a speaker.

How much do they make per user? I would have have thought it was in the $10-$20 range and not enough to trigger any price sensitivity. I'm a tightass with an aldi TV but wouldn't have cared if it cost $10 more.

Not entirely related, but I remember thinking when Hulu was talking about an ad-free version of their streaming library that “this will clearly cost a lot more per month because my eyeballs are worth A LOT!!”

Imagine my surprise when it turned out only being $4 a month to remove commercials. It almost hurts my feelings knowing how little I’m worth to advertisers...

Paying to have commercials removed may not imply that your activity is not spied on, then the corresponding data not sold to third parties. You "locally" (on the site you paid) escape from advertising, indeed, but for the rest...

It's not only about allowing customers to pay for their share of ad revenue in order to remove it the ads. But to also enter new markets of customers.

For example I would never subscribe to a service with ads, regardless of price. The Hulu tier that includes ads would have to pay me about $30/mo before I would consider switching from the ad free tier.

The number might be unrelated to ad revenue at all and they figured that was the perfect threshold between capturing the highest number of "cheaper" subscribers while also maximizing new ad-free subscribers.

But it was 50% higher... that’s indeed a lot.

But "a lot" can still be insignificant. Imagine an ant falling from 1 meter, it would live, but would have fallen thousands of times its own height.

The data of one user is worthless AFAIK, only aggregation gives any usable stats.

Then why do ad networks spend so much time, energy, and money to track individuals?

How is this even a question? One persons data is useless. They don’t care what you’re watching specifically, they care what everybody in a region is watching. They have to track individuals to get the profile data to categorize them in the first place.

Nowhere does it mention "usage data".

Services revenue in general is where all devices are going. If you subscribe to Netflix on your smart TV, the TV maker gets comms. Again, this referral/conversion model is pretty dated. Otherwise TV maker has no incentive to pre-bundle your app (same as Windows, some Android phones, Lenovo laptops, etc).

> Otherwise TV maker has no incentive to pre-bundle your app

The big one is "supports popular services out of the box" is a selling point to consumers.

Even if it boots up to a store page where you can download them all, a whingy answer for "Does it do Netflix" will drive buyers to the next TV.

Roku enabled TVs very clearly send back frames of what you are watching. I've been watching YouTube casted via chromecast plugged into HDMI (NOT the built in chromecast, I have verified multiple times) and the Roku will give me a full width toast saying to press `*` to watch the full movie or some similar contextual option

I was pretty put off the first time this happened. That said, I don't even know if I looked through the settings to see if I could turn it off..

I worked on that.

It sends audio and/or video fingerprints (not frames, for privacy and bandwidth reasons), which are matched against a fingerprint database. Whatever people see on TV is usually 10 to 60 seconds behind the real live stream at the broadcaster (which is where the reference fingerprinting happens). GeoIP data can be used to roughly deduce where the TV is located, in order to better filter out false positives out of multiple matches (e.g. in the US where lots of programming on east/west side is just shifted by ~3 hours due to time difference).

are you saying that hypothetically, if the MPAA comes knocking on Roku's door with enough money and a fingerprint database of torrented movies/songs, Roku could then tell them they have people matching those fingerprints? After which I'm assuming they'd have enough justification to get a court order to get the contact info from Roku for matching users?

Possession, use, and downloading of copyrighted content is legal,* or no legal streaming services could exist. Copyright law is only concerned with licensing the transfer.

* in theory, as a civil matter, they could make you destroy any unlicensed copies, but they would have a hard time getting criminal charges pressed, as well as proving damages from watching a TV show from an unlicensed provider vs a licensed one

And yet I still can't fast forward/rewind when using Roku media player and dlna.

Is that mainly for ad attribution purposes?

Not for attribution. It’s for exposure. If Pepsi buys $1M in ads on NBC, it only knows the DMA and time slot/programs it bought the ads on. It doesn’t know the households it bought the ads on. With ACR data, it will know that you were exposed. From there, they can do a few different things. Audience studies (like they reached 2000 households with a certain income etc). Or they can run attribution studies. A company called Data+Math looks at exposure of these kinds of ads, understands which households weren’t exposed (as a control) and gives statistically significance calculations on linear TV ads to understand lift of sales (one example).

What's funny about this is that I think this is a legitimate and relatively non-evil use case.

It all comes down to lack of transparency/oversight and the option to exercise control as an individual.

Inscape, an ACR company, have this revealing paragraph on their blog. Note the "following your IP from the exposure to the ad, to the sales funnel" part:

"Advertisers like ACR data because it provides second-by-second feedback on how their ads are performing. Nielsen provides its data in 15-minute blocks, so if viewers tuned out after the first ad in a pod, the advertiser has no way of knowing. And since IP addresses are included, companies like iSpot.tv and Data + Math are able to use that information to create multi-touch attribution ratings that help advertisers understand how certain ads and placements helped move viewers through the sales funnel, from seeing the ad, to googling the product to actually buying it. It’s a lengthy process that requires a lot of data and a lot of rigor, but it’s an excellent way to prove to marketers that TV advertising actually works."


They are spying on millions of people without their consent and without telling them about it. In what universe is this legitimate and non-evil?

I believe the parent isn't disagreeing with you.

Breaking down the parent's post:

""" What's funny about this is that I think this is a legitimate and relatively non-evil use case. """ - parent is saying that fingerprinting so the advertisers know who saw the ads is legitimate and relatively non-evil.

It all comes down to lack of transparency/oversight and the option to exercise control as an individual. """ - parent acknowledges that not telling the user and not making it configurable can be problematic.

"They are spying on millions of people"

If you consider tracking an anonymous identifier for the purposes of better marketing "spying" then I think that's a stretch. Calling out TV in particular for it is a bit silly - it's simply everywhere.

"...without their consent and without telling them about it."

Yes they are. You opt in or out when you buy the TV. They tell you about it then. You can be like most people and not read the fine print, but then don't be all surprised when someone's pulling the wool over your eyes.

> If you consider tracking an anonymous identifier for the purposes of better marketing "spying" then I think that's a stretch

If information about me or my machines is being collected without my express informed consent, that counts as spying.

Also "anonymous identifier" is a bit of an oxymoron. If the identifier is unique, then anonymity is not part of the equation.

I can't fathom the math and scale involved here making sense in the long term.

Eventually the marginal increase in profit is less than the marginal increase in adtech cost. I wouldn't be surprised if many industries passed that point years ago. There's probably a lot of hype and hubris disguising that fact, but someone's going to make a successful business case out of cheap, low-creepiness spray-and-pray advertising.

Depends on the manufacturer. Some use it to get you to use their other services. Some use it for second screen apps. Others for various on-screen info. Not sure of all use cases. I don't think the data was ever used for targeted tracking.

What is the video fingerprinting method used? Is it a publicly known algo? I was using a combination of "dhash" for individual frames and "simhash" to generate shingles for a bunch of videos and it worked "ok" but not as efficient as I wanted.

Any way to turn it off? Or perhaps block a specific domain via pihole?

Don’t let your TV access the internet at all.

Smart TV interfaces are almost uniformly worse than set top boxes (one or more of: bad UI, slow CPU, weird quirks, few updates) so you should avoid it anyway.

The current Apple TV (which I cite only because of familiarity) has a great UI, every major app, and robust HDMI-CEC support so you might never have to touch your TV’s remote again.

And Apple respects your privacy.

I have a TCL TV and use my Apple TV exclusively.

I was actually really pissed a while back because my in-laws were over and when I came home they told me "For some reason you hadn't connected your TV to the internet. We gave it your wifi password, and now it works!" Thanks. Now I have to change wifi passwords, and the power light on the TV constantly blinks because it thinks it should be connected to the internet, but isn't.

>And Apple respects your privacy.

And you really believe that?

Pretty much, yes. Because respecting my privacy fits their business model.

Consider that even the most trivial thing that makes Apple look bad gets leaked. If Apple was selling your private information, it would have leaked long before now. Also their financial reports show no indication of revenues that could be associated with private information marketing.

Nobody sells data, like pay and get hdd with data. They "analyze" it and sell results, or "allow access" for "optimization" of whatever. Or they have "partnership" and "exchange". Or they slightly obscure data (of course insufficiently) and then sell whatever resulted claiming that they don't sell "data". And so on, whole departments work full time on the ways to bullshit regulatory authorities into thinking that they don't sell personal data. (And they here I mean corporations in general).

And regarding Apple - I hear this "not their business model" argument often but I see zero real life reasons why it couldn't be but we wouldn't know it. It is like saying that "John only trades tomatoes, it is impossible to him to sell cucumbers, it is not his business model". How is even related, monster corporations have multiple divisions with multiple business models, one doesn't exclude another.

PS: this is for the sake of discussion. Personally I also tend to think that Apple collects much less data than FAGM, and there were experiments that indirectly support this theory. I'm thinking about moving to Apple ecosystem but it is rather costly and will cause vendorlock. Not an easy choice.

> Nobody sells data, like pay and get hdd with data. They "analyze" it and sell results, or "allow access" for "optimization" of whatever.

Yes, I think most people understand this and say "selling data" as shorthand (because, for a lot of people, it's a distinction without a difference).

Some smart TVs will join open networks if you don't give them one. And I expect that if 5G works as advertised you'll see surveillance capitalism adding 5G connectivity so you no longer have control over connectivity.

A website that catalogued the misbehaviours of the various smart TV operating systems (and the easiest methods of defeat) would be handy here.

E.g. Some TVs will honor wifi off setting. Or alternatively setting the TV to use the Ethernet port.

Or if it needs something on the other end, set up old underclocked Raspberry Pi as a basic router/DHCP server that connects to nothing; power it with TV's USB port.

If you've got a fancy router, connect it to your network with a fixed IP and firewall deny all packets from/to its IP.

If you've got a fancy AP, set up an alternative SSID that connects to an unused VLAN or otherwise routes to nowhere.

A Pi-Hole is good to have in every household. Takes minutes to set up and makes sure that queries to unwanted domains end up in the land of /dev/null

A pi-hole only works against adversaries that rely upon DNS, or haven't been coded to connect directly to "trusted" public DNS servers.

(I'm almost astonished that advertising networks haven't switched to using raw IP addresses everywhere.)

You could probably very easily make a list of the "evil" IP addresses if that happened

You can combine approaches of course. My main in-home DNS, per the DHCP settings on the wi-fi, is a Pi-Hole. Secondary DNS is the pfSense firewall, so nothing's dead in the water if the Raspberry Pi falls over for some reason.

The firewall has the same DNS block-lists as the Pi-Hole, but also has subscription lists of IPs to avoid. Most of those are spammers or malware, but can include whatever other category of malfeasance you desire.

Now we need some DIY guide on how to extract the 5G radio from your TV and turn it into an access point for a laptop.

This will depend on the jurisdiction. In GDPR land neither of this will fly as you obviously don't have consent. I own an Aldi TV which hasn't set up for internet connection. When I first started it I was greeted with a consent form which I declined. I am pretty sure that the setting I did (no internet) is honored both for PR and GDPR reasons.

With 5G, you will have the same problem. And I'd be very reluctant to buy anything stationary which has 5G connectivity.


Unscrew the back of your TV, the internal Wi-Fi antennas may well be be easily identified and disconnected.



Fun fact: If the signal is reasonably strong, Wi-Fi will sometimes still work even with the antenna disconnected.

If there is an unwanted and wide-open AP within range of an antenna-less smart TV, you have an unusual problem with countless fun and creative solutions.

I guess it's much less likely if the exposed antenna connector is properly terminated.

Or maybe grounding it? I bet if you mash a little ball of tinfoil into the connector, any residual chance of it working will evaporate.

Who knows? This could make a nice little experiment.

   1. Leave the antenna connected
   2. Unplug the antenna, leave the connector unterminated.
   3. Terminate the connector with ball of tinfoil.
   4. Use a proper impedance matched termination.
   5. Terminate with a proper impedance as close to the wifi chip as possible
   5./b Also cut the antenna trace on the PCB as close to the chip as possible
   Measure signal strength in all scenarios.

In the past I would have agreed with you on the poor quality of smart TVs. My Roku TV shatters all those expectations however, its fantastic. Great UI, plenty fast, no quirks I have found, and updates regularly.

I specifically bought a smart TV with Roku instead of whatever software Samsung/Sony is doing for these reasons.

I guess you ignored all the parents where they said that Roku sells your data.

> And Apple respects your privacy.

Yeah, exactly for their users in China.

We just provided the technology for major TV manufacturers. Most TVs allow you to disable it, although the feature may be called something unintuitive such as "Live Plus".

Create a fake username, setup a proxy with logger and connect your TV to internet via proxy. After couple of days/weeks just analyze all traffic and block strange hosts via /etc/hosts or Pi-hole.

AFAICT Roku sends logs to two separate endpoints, so blocking those visa pihole can give you some protection, however, it's hard to tell if any data is being sent to raw IP addresses.

It is not enabled by default. For the first time when you use a TV input, it asks you whether you want to enable it. If you have enabled it, you can opt out from settings later on.

Did you ask user's permission for fingerprinting?

It's probably using fingerprinting rather than uploading the whole frame.

And I would guess it's only audio fingerprinting, rather than full video.

This is a good reason for a pi-hole type of ad blocker on your network.

When I noticed my Roku TV was sending something to some remote analytics or tracking server every 30 seconds whenever it was turned on, I just blocked everything coming from it.

Eventually though I factory-reset it and didn't bother connecting it to the network at all. All the on-TV apps are junk and I'd rather just use an Apple TV (which sends it's own analytics, I know).

It may be sending video or audio frames but it’s also possible without it. The Chromecast can send side channel data to the TV.

Huh...I feel stupid. I should've realized that HDMI can send additional data... or rather should've put 2 and 2 together

I remember reading a comment some time ago which stated that they were concerned about the trustworthiness of HDMI, Thunderbolt, and the like as they can contain hidden features that could compromise the user. Fascinating. We need a firewall on our gateways, and on our peripheral ports.

That or it could be sending only a fingerprint (still a privacy issue, but less severe)

The setting is controlled by "Settings/Privacy/Smart TV Experience". The first time you go into an input a dialog shows up asking the user to opt-in or out of this.

It is off by default and is enabled only if you opt in. They call it "More ways to watch". If you have enabled it, you can disable it later on from the settings.

I'm really curious about this now, I wonder if there is some sort of way to sniff the the data / packets / whatever being sent and try to decode it

Are you sure about this? If the TV really is phoning home with whatever is on the screen, including anything personal the owner might happen to be displaying, that's a vast set of lawsuits waiting to happen. The GDPR fines alone could be staggering. I could easily imagine spyware logging whatever TV shows you're streaming and the like, but it's hard to imagine any business in this industry having lawyers dumb enough to allow sending actual screen images like that.

Sorry, I was being a bit lazy in my comment. I didn't specify, but I don't really suspect they are sending full frames back if for no other reason than bandwidth. But, honestly fingerprinting is so similar it might as well be the same thing. Though thankfully, yes, the fingerprint calculated for something personal probably is meaningless to them, but possibly could be replaced with a reversible option

One danger is that videos can now "phone home" with the TV they're viewed on. You could torrent through Tor and take all sorts of precautions, then watch on your TV at home and leak your viewing habits. Or worse, get someone else targeted for copyright enforcement if you watch pirated content on their TV.

How would data in the video be used to direct the TV to phone home? As in, what field would be set?

I guess it would be a watermark style change through all the video frames which affects the hashes - e.g. brightness or contrast or sharpness or some combination of that kind of thing - then seed that on torrent sites, and advertisers get to see which TVs watched the torrented film vs the official film.

I don't think fingerprints are the same at all. While still having privacy implications, fingerprints to match against broadcast content aren't uploading your family photo or caps from your home movie if that's what you're showing on screen.

It’s called ACR data and it’s very common. And yes, TVs are phoning home with it.

And GDPR only requires that you opt in. So when you sign into the TV for the first time, it gives you an opt in choice and many do it. The States is less regulated but will be soon.

It isn't nearly as easy as you're suggesting to escape the scope of GDPR protections. There could be sensitive personal data or data about children involved. Even if it's just some identifiable individual in the screenshot, you still can't just rely on some sneaky "consent" as a blank cheque - that is merely a possible lawful basis for processing, and all the other provisions of the GDPR still apply.

Edit: Also, on your first point, ACR is generally a variation of fingerprinting technology. It wouldn't be sending entire screenshots of whatever is being displayed even if it's not broadcast content, at least not in any variation I've heard of. It was the idea of uploading the entire image that I was questioning before.

Fair point on the screenshot. Yea I dont think any TV is phoning home with screenshots. Rather it's phoning home with a processed signal of the A/V in order to ID that A/V. If there is A/V that cannot be recognized, it may phone home a screenshot of that.

And I also don't think it's easy to escape the scope of GDPR. I'm just saying companies come up with ways of being "GDPR compliant" and they've done so.

GDPR can be quite strict on consent. See for example the UK's ICO guidelines. A sample of them:

> We don’t use pre-ticked boxes or any other type of default consent.

> We use clear, plain language that is easy to understand.

> We specify why we want the data and what we’re going to do with it.

> We give separate distinct (‘granular’) options to consent separately to different purposes and types of processing.


These are of course just guidelines, but if you don't explicitly inform your users that you will be sending images of what's on the screen over the Internet, you are likely to get in trouble. (And no, a giant EULA-type wall of text probably wouldn't be sufficient)

Also see:

My Sony "smart" TV has updated itself and tried to force me to use a new app


How Smart TVs in Millions of U.S. Homes Track More Than What’s On Tonight


I no longer have a TV connected to the internet, I only have a local Plex connected to the TV and a Chromecast for things like Netflix.

How do Doctor's that use TVs like this in meeting rooms get around HIPAA? or other places with PII, etc? With so much stuff being thrown to TVs now, a lot of times they are inheriently monitors, and there are very few people who think taking a screenshot of a monitor is not invasive.

I'm fairly sure there's a line of TVs for "industrial" purposes (e.g. the ones you see in airports) that are both hardened and lack any privacy invasive features - however, they come at a premium.

Which is always the issue - people want a 65" TV, but they don't want to spend $6000 on it. But if they can have it for $2000 (for example) they're all over it, glossing over the mostly unobtrusive privacy invasion that goes with it.

And if there's a vendor that can sell that same TV without the privacy invasion for $4000, it can't even compete. This way, honest players are priced out of the market. This pattern is so predictable that I maintain advertising needs to be aggressively curtailed.

Maybe insurance companies could be our ally here. Warn them of the risks and get them to ensure all hospital TVs do not get internet access.

There go the already-terrible tv options in hospital rooms.

After spending a significant amount of time in the hospital I found a portable router, Android TV/Chromecast and a universal tv remote to be really useful

They are in my go bag now for when I have to go last minute and get checked in


Not sure if you're being serious, but being in extreme pain and/or drugged out of your mind on painkillers, TV is often the only good thing to do in that situation. Podcasts work too, but something stupid please.

There shouldn't be any overlap between TVs used for entertainment and TVs used for medical purposes.

The article cites things like location, IP addresses, and the content being watched.

That's a far cry from relaying an audio recording of a surgical conference containing HIPAA-sensitive data.

No, the above comment (not article) mentions screenshots. If I have an x-ray of someone on my screen along with patient name then how is that not personal information that could be screen shotted and sent to some endpoint?

Even if the contents of the radiology scan are not included, the mere fact that someone _had_ a radiology scan or any other medical procedure or exam might be important.

Insurance might be interested, for one party. Or parents. Or pimps.

That would be. Is there evidence screenshots like this are being sent?

The article mentions this bit:

> The researchers also found that other smart devices including speakers and cameras were sending user data to dozens of third parties including Spotify and Microsoft.

Maybe someone can find the referenced studies to see what data is actually sent...

That the devices have speakers and cameras doesn't mean they're sending the speaker and camera data to those third-parties.

actually, I'm reading this entirely different...

> other smart devices including speakers and cameras

In my perspective, these are other devices entirely, like smart speakers and those video hubs the FAANG companies produce, or maybe entrance cameras.. Some reasoning: what kind of television doesn't have speakers.

I've been using a Samsung digital signage screen as a 'TV' for years because I don't want to have to deal with all of this smart TV nonsense.

We buy super cheap TVs for our meeting rooms, and then just never connect them to the internet. They have Netflix etc on them, but none of it works. We then just use HDMI or Chromecasts that are provisioned on the company GSuite account.

>This data is becoming a huge mechanism for subsidizing TV sales and the interactivity is being looked at as a huge opportunity to recoup some of the ad spend being lost via streaming and fewer 30 second spots

So what are the options for a consumer willing to pay for privacy? Will console manufacturers be more respectful for example? (I've considered a console to serve as a bluray player / host OS for streaming apps that also plays games).

Or are we stuck using dumb tvs and connecting out laptops to them via HDMI? (And thus no 4K iirc)

I was watching a ripped Spiderman years ago on my PS3 and the PlayStation refused to play it after 10 mins with an antipiracy message. This was via a network video server. Don't see why Sony would have rolled back that feature since.

This is Cinavia audio watermarking. It's designed to survive lossy compression by staying within the human audible range.

> If a "theatrical release" watermark is detected in a consumer Blu-ray Disc audio track, the accompanying video is deemed to have been sourced from a "cam" recording. If the "AACS watermark" is present in the audio tracks, but no accompanying and matching AACS key is found on the disc, then it is deemed to have been a "rip" made by copying to a second blank Blu-ray Disc.


Edit: that same page says its now a requirement for all consumer bluray players to use this tech. But I don't remember seeing those messages for years. The pirates must be winning with their methods of changing the signatures.

> So what are the options for a consumer willing to pay for privacy?

Don't buy a TV at all. Instead, buy a large monitor and hook it up to a computer to act as a media center.

Maybe this is another selling point for Asus new TV-sized gaming monitors.

pihole (while list DNS, etc.) or not connecting the TV to internet, block it by MAC entirely on the router.

>Or are we stuck using dumb tvs and connecting out laptops to them via HDMI? (And thus no 4K iirc)

HDMI 2.0 (2013) supports 4k/60Hz.

HDMI 2.1 is significantly more ambitious with 8/10k resolution and variable refresh rate.

The 4K comment was likely in refrence to streaming providers like Netflix, etc. which don't offer 4K content playback on devives which are not deemed to be adequately locked down, which is a typically a stipulation of their content licensing agreements.

I'm more worried about this eventually being tied into some copyright enforcement mechanism (Cinavia on steroids) than anything else.

This headline seems a bit sensational in trying to blame favorite privacy scapegoat, Facebook. I would first blame the device maker for selling such data, but I bet half the reason this occurs is due to figuring out which CDN to use given Akamai is one of the companies receiving the most data?

Shouldn't this be relatively easy to block on an internet route / firewall?

and this is why I don't allow my televisions to be smart. blocked at the network level.

samba tv yikes

I disabled WiFi on my Samsung TV after they were injecting ads into the home screen. Spend $800 to get ads served in their shitty/slow UI.

An acquaintance attempted that with Kindle, by keeping it in flight mode. After some days it popped up a message kindly asking to give it some network access. After a few more days it simply ignored the flight mode and connected to get fresh ads.

Edit: I've checked with my wife who has an ad supported Kindle for over a year and keeps it in flight mode for months at a time. It never did that to her. So either Amazon changed that a long time ago, or I've believed a lie.

I had the same thing happen. I rooted my Kindle and kept it in flight mode to avoid tracking and updates. After not using it for months I recharged it and when I turned it on it had auto updated to the latest version, killing root.

So not only did mine exit flight mode it somehow re-enabled updates and updated itself.

It's possible that it may have cleared its settings after being away from power for that long.

It shouldn't since settings aren't stored in volatile memory.

Not sure about Kindles, but with the super cheap Fire Tablets, Amazon basically tells you "this device is subsidized by ads". You can pay a small fee ($15 IIRC) to remove them permanently.

Unless you do pay the fee, and then somehow the device still keeps resetting itself to the advertisement mode.

I just use a Kobo now.

That's honestly outrageous to the point of scandal. Aside from the point that these are expensive devices, these are devices that you own. You, the owner, should be able to control them to a complete degree.

While I agree with you it's my understanding that this was an ad-supported Kindle. Amazon offers them with a discount, which means the buyer explicitely accepted ads for a slightly lower purchase price.

I'm not saying it's ok to ignore flight mode options, but neither is the expectation to completely avoid ads when buying this very version of the Kindle.

I'd agree with you but the user agreement that you sign when turning on the device the first time states they can do shit like this.

EULAs are an entirely separate problem, though.

That is surprising. I've had my Kindles on airplane mode for up to a year and haven't received any notices like that.

Do you have the ad supported version?

I have the ad supported version and leave airplane mode on at all times. I don't believe it has ever exited airplane mode without my consent.

Kindle Voyage 1st generation, if that's relevant.

My ad supported Kindle Paperwhite has never turned off airplane mode either. I only turn off airplane mode when I have a new book to download to it and turn it back on afterward.

Yes. It shows cached ads for about a week after turning airplane mode and then just stays on a default Kindle ad screen indefinitely.

> After a few more days it simply ignored the flight mode and connected to get fresh ads.

Worrying. "Flight" mode exists for a reason and should not be overridden.

Flight mode exists because the FAA applies unsafe-until-proven-safe methodology to everything flight related (as they should). If flight mode mattered at all planes would be falling out of the sky on the regular, many people just leave their phones on the whole trip. The only reason I turn my phone off is because it wastes a lot of battery as it tries to manage tower hopping the whole time. Planes are getting blasted by RF in the cellular bands continuously from the ground, too, so this is taken into consideration in the design process.

Don't get me wrong the Kindle shouldn't do what it's doing but it's by no means a safety issue.

IIRC there isn't a problem for most of the flight; but right as you're ascending/descending your phone can end up getting a very weak line-of-sight connection to a whole bunch of cell towers at once, which causes a few different problems, but all of which come down to "it makes both your phone, and all the towers, shout really loudly at one-another to try to achieve a circuit." Which, sure, means that there might be EM interference (on bands ATC doesn't even use, but which the pilots might like to switch to in event of emergency.)

But, more importantly, it puts your phone's radio through an unusual high-power-draw situation that the phone's manufacturer may not have bothered testing for, which can make phone batteries explode that might not have otherwise ever exploded.

Oh, and also, a plane-load of people whose phones are all ranging hogs circuits on a bunch of towers at once (for no productive purpose, since the phones don't have high-enough SNR to actually communicate anything useful with any of the towers they can "see"), so the cellular service providers have politely asked the FAA to get people to not do that.

Do you realize how many people leave their cellular devices on during flight?

2.7 million people fly on airplanes every day.

Even if you think the vast majority of them turn their phones off, it's still a huge number of people who don't.

I think a significant percentage of flyers don’t bother with flight mode anymore.

Was on a full plane from CA to TX a while back. During the final landing approach I heard dozens of alerts as the plane got nearer to the ground.

Nobody cared one bit.

> 2.7 million people fly on airplanes every day.

That sounded way too low so I checked -- I think your number is US domestic flights, worldwide we have about 12.6 million daily passengers.

Uh, wouldn't the same thing happen as you enter a dead zone, or go underground? I'd sure hope that my phone isn't at risk of exploding in those circumstances...

No, because you don't have line-of-sight to 80 different towers in such cases.

Meh, I don't buy it. A colleague had his phone put in the plane's hold by airport security without being allowed to turn it off. Landed with a whole bunch of "Welcome to <country>!" texts. So not only can you get non-zero reception in flight (maybe only on lower flight levels?), but also it clearly doesn't bother the plane or cause phones to explode (else airport security wouldn't do it).

I have never seen the claim that cell service providers played an active role in this. Do you have a source for this info? I am curious to learn more.

I've heard this claim before but the justification was because the network wasn't designed to cope with someone hopping from tower to tower every few seconds. No citation here either. The handoff must be a total mess.

The closest I can find the the 2013 FAA press release about allowing devices to be used during all phases of flight.

> The FAA did not consider changing the regulations regarding the use of cell phones for voice communications during flight because the issue is under the jurisdiction of the Federal Communications Commission (FCC). The ARC did recommend that the FAA consult with the Federal Communications Commission (FCC) to review its current rules.

So it seems to be the FCC that has made this decision (in consultation with the FAA it sounds like).

[0] https://www.faa.gov/news/press_releases/news_story.cfm?newsI...

I think this is some psuedo-science/old wives tale...

Thanks for this clear explanation of why this rule exists. Never understood it until now.


Indeed, the reality is that people will leave their phones on intentionally or unintentionally so engineering within aerospace has to, and does, take this into consideration. There's reasons the rule exists, but it doesn't put you at increased risk.

> Planes are getting blasted by RF in the cellular bands continuously from the ground, too, so this is taken into consideration in the design process.

It's a totally different affair if you are receiving a signal by a 100 Watt transmitter at 10 Km or a signal from a 1 Watt transmitter at 5 meters distance. The 1 Watt transmitter will overpower anything in its band with great ease and any dirt on the spectral output will have the same effect in other bands. Note that most cellphones will crank up their output if they can't connect to a base station that they can receive.

Of course plane designers will still do what they can to reduce this nuisance but leaving our phone on makes it harder than it should be. Please turn your phone off or to airplane mode and consider it a very small price to pay for flying an airplane.

Yes, flight mode does matter, no it probably won't crash a plane but does it have to before you would consider following a very simple rule?

The reasons being (1) you are moving faster than the network hand over protocol is designed for and (2) even if it worked you could be impinging on the juicy margings of in-flight service offers.

If airplanes could be brought down by turning on a cellphone you would never have been allowed to travel with one in the first place.

>> After some days it popped up a message kindly asking to give it some network access. After a few more days it simply ignored the flight mode and connected to get fresh ads.

Yeah that's gross. Btw, Amazon does sell some cheaper ebook readers on the understanding that they will show ads. Was that the case here?

Yes they do sell some ad supported ebook readers. And the price difference is not a lot. $20 savings for months of ads is not worth it.

I have a relatively old ad-supported kindle.

It was fairly straightforward to replace the ad images. Now it shows me cat pictures when turned off.

Honestly, I wish I could switch my non-ad-supported Kindle Oasis to a mode where the lock screen would cycle book recommendations. The normal cover is a bit boring.

My Kindle's never been connected to the network (always in flight mode) since I got it and I haven't had issues. I use Calibri and a USB cable to load ebooks. Not sure, would it be possible for it to call home through the USB cable?

Same for me, mine has been in flight mode for over a year, it's definitely not connecting to sync collections.

Change your WiFi password on the little bugger.

If you want to get rid of the ads without hacks, just contact amazon with the web chat and ask if they can remove them. They did it for me for free. (I’m serious)

It makes sense. Not enough people care about it enough to go through the ordeal. By offering an option for concerned people, they can avoid bad publicity about what they do.

Well that is pretty much what you paid for - a low cost device with the caveat being that it's ad supported. You get what you (don't) pay for. Of course, it used to be that Kindles were relatively low cost because you could easily buy books from Amazon directly from it. I guess they didn't earn enough money from that - piracy maybe?

Do you have a real source for this? That’s a pretty serious accusation.

I'm guessing it's an ad supported kindle. The user paid less on the agreement that they would see ads. My non-ad supported kindle has never done anything like this.

That’s fine, but until the FAA changes their policy, devices need to actually turn off their radios while in airplane mode. It’s not okay to lie to the user about things like that.

Even if I went through the trouble of finding where he described it, you would get a pseudonymous guy on the Internet saying a thing, instead of a pseudonymous guy on the Internet mentioning an anonymous guy told him something. So, well, apply your pinch of salt. But I remember it pretty cleanly, as it did shock me a bit.

As others suggested: it was an app-supported Kindle indeed. So it's not like Amazon went crazy unprovoked evil or something.

Edit: I've checked with my wife who has an ad supported Kindle for over a year and keeps it in flight mode for months at a time. It never did that to her. So either Amazon changed that a long time ago, or I've believed a lie.

It’s not the evil of displaying ads, but the evil of connecting while in airplane mode that bothers me. I don’t personally believe that it’s actually going to crash a plane, but until the FAA agrees with me devices shouldn’t be connecting while claiming to be in airplane mode. I’ll have to dig into it a bit, but I expect that doing so is a violation of FAA or more likely FCC regulations.

You can also ask Amazon support to turn off those ads, that's what I did and don't have to deal with ads on my Kindles screen anymore.

I leave my Kindle in airplane mode for weeks at a time and have never experienced this. I've had Kindles for 6 or 7 years now.

Same. My ~2017 Kindle stays on airplane mode for weeks/months at a time. It's the only device I read on, so I leave it in airplane mode to save battery. I've never had it re-enable wifi.

Nothing I've purchased matches the level of outright disgust I feel for the Kindle and it's ads.

Given that you can pay just a little bit of money to have it be ad free, it seems that your level of outright disgust isn’t that high.

> ignored the flight mode and connected to get fresh ads.

What's the worst that could happen? It's not like a plane's gonna fall out of the sky - Exhibit A.

just do factory reset and immediately put it into flight mode. It can't update if it has no wifi password. If you want to update, just do it via cable.

I have couple kindle paperwhites of different generations, and none of them did any unexpected update for years.

I can't watch more than 5 minutes of any YouTube video on my Samsung smart TV before an advertisement interrupts the video. Often several times for short videos. The ads are the same ones over and over too at the moment it's the J-Lo Hustler movie. If not that it's an ad from my local tourist board advertising my own home town.

It's getting to the point where it's not even watchable. I click back to exit and maybe go back later but I have hundreds of partially watched videos I've forgotten about.

Shelby Church explains how much she makes from YouTube ads and mentions that doubling the ads per video dramatically increased her revenue.


YouTube has YouTube Red so you can kill ads. Seems like either way you're going to pay.

> ". If not that it's an ad from my local tourist board advertising my own home town."

And they're paying for that. Well, more like, and YOU'RE paying for that.

Five years from now, 5G will be widely deployed, with a connection density of 1M/sqkm, 1000 times larger than 4G. The TV will connect directly to the 5G network without asking for permission. For your convenience [TM].

At which point I hope there will be websites describing how to take the TV apart and disable the 5G modem.

Or somebody will invent a small short-range backhaul-less 5G spoof microcell you can put next to the TV that will confuse the TV's modem into connecting to nothing.

Or just wrap the TV in a Faraday cage. But keeping the screen visible might make that tricky.

We will just wait for the next Zuckerberg interview to see how he dealt with his smart TV at home. Better to learn from people who really care about their own privacy.

1% of us will take the troubles to protect themselves. We'll even marginally succeed, as long as we don't go out in public or visit a friend's house. Too expensive to circumvent protections if the other 99% have no [time to develop an] understanding of what they are exposed to.

Smart TVs will start including bluetooth sniffing so they'll know how many people are watching and who.

We'll install 5G connected, AI powered cameras and far-field microphones in your TV, to measure the emotional impact of our ads. To offer you a better service [TM].


At which point I hope there will be websites describing how to take the TV apart and disable the 5G modem.

There's always been rumours that some Intel vPro CPUs have modems (and entire secondary CPUs..) built in to the chip itself.

Atom x3/x5/x7 processors have a modem in the CPU package.

I imagine disabling the modem without breaking the TV would be impossible.

But a modem won't help if it isn't connected to anything.

On-chip antennas are a thing!

I can imagine myself 10 years from now standing over a $500 chip with a power drill, nervously following a tutorial telling me what exact spot I have to drive the drill head through to disable the antenna without destroying any of the surrounding circuitry...

At that point TV may become a thin sheet of everything integrated in a single piece of electronics. They are already close to it.

We're just gonna start wrapping our TVs in tinfoil, I guess.

If we can believe Star Trek, transparent aluminum foil is the way to go!


Pro tip for other people with 2019 and 2018 Samsung Smart TVs, if you back out of the network config and never set it up during the initial config or after a factory reset the TV will never show any ads and will never have the annoying icons for its own apps in the menus. If you attempt to use these features the TV will kindly remind you that you are not connected to the internet/have no accepted the user agreement. I have done this on all of my Samsung TVs and the result is a much cleaner UI.

Alternatively, don't buy samsung TVs on principal.

Normally I’d agree with you, however when laying out things like picture quality between brand and cost, many times Samsung comes out on top and that’s why I end up going with them.

i have read repeatedly on this site that it is effectively impossible to buy a new dumb tv unless you get the kind of commercial ones meant for installation on walls in commercial buildings etc

Nope. I purchased a dumb tv from Sam's Club in June of this year. It's a 4k 55 inch vizio. Cost me all of $300.

Edit- my bad, it was a Hitachi. The vizio tv I have was purchased last year. However both are dumb, they have no internet capabilities at all

You can find them on Amazon pretty easily. That's how I bought my 4k dumb TV.

Just beware that some models don’t have speakers.

Even better. Can we go any dumber?

No channel controls? TV automatically switches to a whoever has made a better deal with the manufacturer?

That sounds like a traditional "smart" feature to me. Dumb could be a manual selection of HDMI input without scanning for the signal.

I have a pretty dumb TV with no apps or internet features, but I'll admit that the one "smart-ish" feature I do kind of appreciate is support for CEC controls over HDMI.

It makes it a bit more convenient to switch between my Roku/Switch/PC when I can push a button on the remote to have the devices ping the TV themselves.

I do prefer a dumb TV, but it doesn't have to be completely brainless.

"... effectively impossible to buy a new dumb tv unless you get the kind of commercial ones meant for installation on walls in commercial buildings ..."

Which is great news - they are fantastic displays, they last forever, and they behave just like a very big computer monitor.

NEC commercial displays (P461, for instance) are not expensive. I highly recommend you look into it.

i intend to next time i need a tv, but most people aren't thinking so much about their tv's spying on them

any idea if simply using HDMI only on a 2016 model stops "phone home" behaviors? The wifi is setup on the device, almost certainly, but never on the TV mode

My Samsung SmartTV randomly turns on itself. Sometimes, we can't turn it on and I have to remove the batteris from the remote, plug them back then it works. The UI is sooo sluggish. I just wish they make a dump TV with superior image quality and let the other streaming devices handling the "smart" features. I will not buy another Samsung electronic product.

I have the exact same problems with my Samsung Smart TV. I joke that I am "rebooting the remote" when I pop out the remote batteries about once a week.

The UI seems to gotten much more sluggish over the last year or two. I have a 500 Mbps internet connection, but speed tests in the TV's browser measure only 40 Mbps (on Wi-Fi or Ethernet). The TV's apps load images and data as if I'm on a 2G connection.

The Amazon and YouTube apps hang if I turn the TV off and try to resume playback later. I have to switch to two other apps and then back to Amazon to force the app to crash. Then I can launch it again. And sometimes the only way to exit the Netflix app is to power cycle the TV.

And people thought programming VHS-recorders was bad, we somehow managed to make something even worse.

> "I just wish they make a dump TV with superior image quality and let the other streaming devices handling the "smart" features."

They do, but from what I understand you'll pay more for such panels. As I understand it they're intended for commercial use.

So a commercial display at a commercial price, but with a commercial warranty and support.

That actually sounds like the dream.

Even if the commercial price is an order of magnitude greater?

Really? Can you get a commercial display with the image quality (4k OLED) and feature support (Dolby Vision HDR) of the LG C8?

You can get a large format displays. The prices are reasonable for forty inch displays with 1080p resolution.

Plan on getting one with a stick PC.

Could it be that someone in your household or a neighbor is connected to your network and using an app (there are loads) turn your TV on/off?

I used to joke with my brother and turn his TV on/off, he went crazy thinking the TV is broke.

Samsung has a habit of making awesome hardware then shitting all over it with their subpar software.

If a TV manufacturer added ads to my TV after purchase, I'd feel ethically obligated to return the purchase as defective.

Things like this are why I never will buy a so-called smart tv, the only exception being is that it is better/cheaper than alternative and in that case will keep connectivity disabled like you did.

Good luck in 5 years, there will likely only be an option or two left and they will be as shitty as today's flip-phones. A few years ago I was in the market for a TV and was flabbergasted as to why I couldn't get a nice, big, 'dumb' TV.

Yeah I intentionally bought a dumb TV instead of a smart TV five years ago... recently started thinking about whether it might be interesting to upgrade to a 4k and/or OLED model before discovering that they’re ALL smart.

You can get dumb TV’s, they’re just called “digital signage”. For example: https://www.lg.com/us/business/digital-signage/lg-60UL3E

Amazon sells dumb 4K TVs.

I've looked in the past and could never seem to find one. Do you happen to have a link on hand? I'd be very interested, especially if it also supports HDR.

Amazon.com menu > Electronics, Computers & Office > TV & Video

Type in "4k -smart" without the quotes in the search box. Use the filters on the left to narrow it down to TVs (like selecting what size you want).

I somehow never realized that the Amazon search function allowed the use of operators like that, thank you!

When’re they going to stop making PC monitors though?

I started blocking the ad servers at the network level, and now my home screen on my Roku TV is very clean!

I ditched Samsung years ago after they stopped releasing updates and bug fixes for my TV, a year after it was purchased. There are a bunch of TVs out there running Java without updates.

In general, my last like, 5 Samsung products have been disappointing, mostly due to software, or lack there of.

I hear all these complaints about ads and it is very strange to me. I have a 2018 Samsung Smart TV (with buyilt in Netflix, Apple TV etc. apps), connected to the internet (no VPN, pihole etc.). I live in The Netherlands. On setup I agreed to all kinds of stuff, except the voice stuff (so I cannot speak to my TV).

I have never seen a single ad or anything remotely like it. The only thing is the remote has dedicated buttons for Amazon something and Rakuten (both not available in my country) and Netflix.

I wrote a guide on blocking them via DNS, but installing a Pi-Hole is a good alternative that will save your whole network.


Use adblock on your router.

I tried to never connect my Smart TV to anything, but I realized one day (when someone's stuff was playing on it without me accepting any request...) it connected an open network in my residence. The only trick that worked to prevent it from connecting was putting the wrong password, and let it loop forever, trying to connect. Ugly.

I have an extra SSID which has no internet access and logs all of the things for exactly this reason.

Pick up anything interesting off your IoT and smart devices

I would imagine. Otho g but a bunch of DNS queries? Maybe the occasional fall back hardcoded IP?

That's a very good idea! Thank you for sharing!

I’ve been wanting to set up something like this, but I’m too lazy. It probably wouldn’t even take that long to set up.

What's the simple setup for something like this?

Lots of consumer routers these days let you set parental controls. Disable access entirely, or put time limits on it, then remove all the allowed times.

Ubiqti makes it really simple

Basically create a new hidden ssid and make a new rout that goes nowhere

Then enter SSID and password into the tv

You can monitor that interface too

For bonus points, mirror the traffic off to a zeek to get even more than the ubiquiti DPI

I've heard about this before. Which manufacturer? Although I'm never buying a smart TV, it's interesting to maintain a mental blacklist of vendors.

I would also like to know this. This is absolutely unacceptable behavior and I would be fuming if my device pulled a stunt like that.

you can block any device by their mac on your router

Some TVs will connect to your neighbours' open wifi, so no, you can't, unfortunately.

No wonder why there are so many rogue IoT devices and botnets. This kind of behavior from the TV manufacturers needs to stop.

Stop making everything connected, or at least make it work properly without Internet access, and stop connecting devices at any cost.

an interesting take - it has been a while to see a non-password, no sign up network around.

But I can imagine it popular in apartment buildings. To be fair, if my TV connects to a network on its right own, I'd return it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact