Hacker News new | past | comments | ask | show | jobs | submit login
Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices [pdf] (princeton.edu)
91 points by pwg 16 days ago | hide | past | web | favorite | 10 comments

Coauthor here. As it turns out, this is one of three papers released near-simultaneously that uncover the extent of tracking on TVs or IoT devices more generally. I've written up a survey of the three papers and what I thought were especially interesting findings, along with some thoughts on why targeted advertising as a business model for TV platforms is harmful to users: https://twitter.com/random_walker/status/1177570679232876544

Direct links to the other two papers:



Thank you.

Just curious, during your research did you face any issues due to the auto-update feature at the app/device level which would set you back. If so, how did you work around it other than disabling it ?

Thanks for your work.

I noticed you include gstatic.com and a subdomain of cloudfront.com in the tracker domains list. Are these really known to be used for tracking or are they included because they're controlled by Google & Amazon?

I saved the paper for reading later, so this may be already discussed in it, but enough information leaks through the Referer HTTP header when browsing the web in a traditional browser.

I've never inspected Recaptcha (on gstatic.com), but it does some degree of tracking, ostensibly to detect unusual usage patterns and pick who gets to help train Google's ML models with distorted street objects, and who's never shown the captcha window.

In a way, the world of 1984 was too humanistic - imagining a telescreen having a camera pointed back at the human viewer, ambiguously judged by another human viewer. In the current panopticon being built out, surveilling humans for their poorly-specified human behavior is actually not important. Rather it's only worth surveilling each human's effects in the technological realm. The system doesn't particularly care how you lash out, just about which ways you conform.

Our current world reminds me a lot more of Farenheit 451 than 1984. I always felt it was more insidious. It was a self induced, self policing (apart from the firemen) ignorance, fueled by drugs and technology that kept people stupid, entertained and complacent. Plus, every time i see someone with a pair of air pods i can't help but think of those earbud things they wear while staring at the giant screens.

Installed pi-hole recently and wasn't surprised to see all my devices making requests to check in constantly.

Considering setting up pi-hole. Do you think it’s pretty effective against this kind of tracking or would I just be wasting time?

It’s effective for _known_ domains, active analysis of your IoT device would eventually show all communications made.

I find it easier to just put the device in its own VLAN with zero internet access. Like the author has said, there’s no clear cut solution.

What are your thoughts about server-side ad insertion?

One of your captured urls in the paper looks like it might be part of a VAST request, which could lead to SSAI.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact