Hacker News new | past | comments | ask | show | jobs | submit login
Smart TVs like Samsung, LG and Roku are tracking everything (washingtonpost.com)
481 points by lsh 14 days ago | hide | past | web | favorite | 310 comments

In my opinion you should not use ANY of the smart features of a "smart" TV. Don't give it your wifi key and don't put it on your LAN.

I have about 400% more trust of Microsoft and Sony than I do of random smart tv manufacturers. I also have a fairly high degree of confidence that the xbox one and PS4 software will remain up to date with security patches, and address critical issues quickly. I have no confidence for TVs.

Microsoft and Sony have teams of lawyers who've drafted the data collection/data sharing/opt-out policies for what their current generation game consoles track and phone home about. I've seen entirely too many reports of "smart" TVs that start reporting your entire viewing habits, and/or displaying unwanted ads.

Use the TV as a dumb display and hook it up to a PS4, Xbox One, and/or home theatre PC.

> I have about 400% more trust of Microsoft and Sony than I do of random smart tv manufacturers.

It should be noted Sony's TVs are different than their game consoles in what they collect and do. They run a relatively clean version of Android TV except for "Samba TV", which is yet another piece of show-recognizing (known as ACR) analytics. However, you can apparently decline its privacy policy on initial setup and even disable the APK entirely in settings[1]. (Some people also succeeded in ripping it and other bundled video apps out via ADB)

Even given all that, Sony TVs are probably still the tamest smart TVs out there.

> Don't give it your wifi key and don't put it on your LAN.

It entirely depends on manufacturer but I've heard of some actually seeking out open networks for internet access if you don't configure their Wi-Fi. Some people reported an unconnected TV suddenly prompted to update because the neighbour's wifi was unsecured. If you can, I'd set up a specific SSID with no LAN or WAN access just in case.

[1] https://www.consumerreports.org/privacy/how-to-turn-off-smar...

My Sony Smart TV is crap and I will never buy another Sony TV. Yes it runs android. It's slow to respond to input. Sometimes when I'm guessing it needs to page out code it can take 5-30 seconds before u can actually use it. It's crashed in the middle of watching shows and I mean the TV is being used as a dumb tv with input from an external source and suddenly android reboots. It also covers the home screen with ads for shows/games/movies. If possible my next TV will just be a 60inch monitor

I bought a Panasonic 1080P dumb TV a few years ago. Turns on instantly, no apps, no ads, no updates, no tracking. I have no idea what I'll do when it finally dies.

For streaming and playing media from my NAS I use an Nvidia SHIELD TV. It's based on the Tegra X1 so performance is on par with the Nintendo Switch. Really great bit of kit, and of course I can just chuck it out (or repurpose it as an emulator box) if it gets too annoying.

I own a Sony smart TV - it’s awful. Far and away the worst piece of consumer electronics I’ve ever owned. It’s ruined Sony for me as a brand. I always take the opportunity to tell people how much I hate it whenever the opportunity comes up.

Have you tried installing pi-hole on your network?

I recently did it and was stunned at the amount of phoning home from Roku, both telemetry and ads to serve.

After blocking the calls home with PiHole my Roku's performance also improved considerably

Our Samsung smart tv is super slow as well. It seems just smart tvs in general are awful.

My Panasonic runs Firefox os. I use it for Netflix cos every android box I’ve tried is slow and laggy.

I'm not sure creating a network without no internet access is going to be a long term solution. It's entirely likely that they will create future functionality in these devices to cycle through open networks and networks to which they have credentials for until they find one with internet access.

HDMI will share its connection through the cable as well. So if you want to use a Chromecast or a BluRay player, etc, then your TV can get internet through that.

Can you please point to any consumer product that has implemented the Ethernet channel of HDMI?

I hear this speculated a lot; is there any proof of this being done in the wild? Not trying to discredit, I think it's perfectly plausible, I'm just curious if any companies have been caught doing it

Apparently we now need HDMI condoms. Do such things exist?

Most probably there will be a market for HDMI cables with Ethernet specifically disabled - so, IMHO, there'll be sellers for it :)

Pretty useless. The number of devices that actually use Ethernet over HDMI is appromiately zero.

If you’re using a chromecast and also trying to keep your tv from phoning home what are you even doing? I mean I guess one fewer place having your info is good, but...

VLC supports casting to a local network Chromecast. It works fantastic.

And Plex!

There's also Cast All The Things (catt)[0], which makes any of the hundreds of websites supported by youtube-dl[1] cast-able.

[0] https://github.com/skorokithakis/catt/

[1] https://ytdl-org.github.io/youtube-dl/supportedsites.html

I’d like to think that would be a CFAA violation, but I’m probably overly optimistic.

Wouldn't that be trying to circumvent security measures, and therefore very illegal in some jurisdictions?

One person's "security measure circumvention" is another person's "security measure".

I guess you could then add some user-important content to the walled-off network, like a basic SMB share. Maybe it will avoid disconnecting from the user-set network if it has user content. But yes, this isn't a very stable solution.

No vendor will use SMB to check for connectivity. They would check for relevant internet paths.

Though I doubt the companies would be ballsy enough to connect to unsecured networks, if that breaches laws in a country that the tv is sold it may have legal ramifications for the company.

Edit: then again my argument is based on logic and risk, not two factors marketing and sales teams consider very often..

> It entirely depends on manufacturer but I've heard of some actually seeking out open networks for internet access if you don't configure their Wi-Fi. Some people reported an unconnected TV suddenly prompted to update because the neighbour's wifi was unsecured. If you can, I'd set up a specific SSID with no LAN or WAN access just in case.

They probably will use 5G cellphone service eventually...

Many cars are similar nowadays too, except with cell phone service. It's very aggravating. Even if you don't pay for the 'safety' features and never turn it on. It used to be only on star but now even toyotas have it.

Assuming you don't pay a monthly fee for that, this means that there's a SIM with a free cellular data subscription somewhere in your car? :)

>Even given all that, Sony TVs are probably still the tamest smart TVs out there.

The article seems to say Vizio TVs are better for your privacy than other TVs. The article says Vizio TVs describe ARC in 100 words and people must select accept or decline.

That page you linked to says

>However, you can accept or decline Sony's Bravia privacy policy, as well as one for Samba TV, the ACR technology Sony uses. You have to scroll through the entire Bravia policy before you'll see the options for turning off various data-gathering features, including Sony Smart TV Services, Program Recommendations, Product Improvements, and Advertisements, as well as Samba TV.

This sounds like a harder process.

Vizio was the only company willing to have an employee be interviewed by The Washington Post. Samba didn't even reply to their emails.

Vizio is doing those things because the FTC is making them. (See @sologoub's comment) Before that they didn't even ask or tell you about it.

I doubt they're doing the interview because the FTC made them.

I was referring to the disclosure, simple privacy policy, and option to decline. I'm fairly certain the interview is one of many PR moves to restore their reputation.

Perhaps it is time to wrap our TVs and other consumer electronics in faraday tape.

I can't wait until my microwave tells the manufacturer how often I'm reheating my pizza.

The more likely course of action is your microwave refusing to work without internet connection, so that it can verify the DRM on your pizza, make sure you are using only the approved, overpriced pizzas.

Also, it will be sold to the public as "verifying that you are using the fresh and genuine product".

You joke, but we already have this type of mess with Keurig, Nespresso Vertuo and that Silicon Valley juicer whose name I forgot.


I don't joke. I am a frequent reader of /r/shittykickstarters and it's a popular business model amongst these startup hardware products.

Oh... thats where you are going wrong, when reheating pizza it is best to use a pan, although the base may get crispy. The oven works quite well too. Sure they take longer but tastes so much better!

I can't wait for my iot pan and stove respectively tell their manufacturers how often i'm reheating pizzas. Maybe my iot stove fan will get there first. All way after my iot fridge ofc called home to tell me to buy more pizza.

I can totally imagine a future iot fan to have chemical sensors so that it can send a "fingerprint" of the food you're cooking ...

An air fryer works wonderfully to reheat pizza or anything else involving bread. If it's something thick like a sandwich, I'll give it a low power preheat in the microwave first.

I can see a future where it will be necessary to start opening up new consumer electronics and using small wire cutters, precision screwdrivers and needle nose pliers to physically rip out the Wi-Fi functionality.

Why would this be more likely to happen in the future? Is the future steampunk? Let’s try ripping WiFi chip off present day pcb and see what happens.

Why do you trust Microsoft more? They have the most egregious and base level of data collection compared to any other company. Their collection from the OS is pervasive and deep. The inability to truly disable Cortana is evidence that we don't own our purchased software anymore, merely borrow it from the big tech companies.

In terms of undermining user ownership, MS has done more than most with help from Apple. I can get a different webmail provider and use a different search engine. Changing operating systems to Linux from one that actively fights you to run your computer for you is something else entirely.

I should clarify that I do not trust Microsoft more in terms of data collection, rather that security patches will be automatically pushed to an Xbox one. And that it has a relatively low likelihood of becoming part of a botnet, or compromised by a persistent form of Trojan.

Good luck getting a software update for a four-year-old smart TV running some obsolete version of Android. Or WebOS.

Xbox 360s are 12+ years old now and are still generally considered something that is safe to have on your home network, and not vulnerable to any known in the wild remote code execution.

Xbox one or PlayStation 4 has considerably lower chances of becoming a malicious, virus-infected device on my home network.

I trust them in the sense that they're going to _mostly_ keep the data they steal to themselves and are capable of doing so.

Yeah I can agree with that. Samsung's apps on the older tvs need updating and in my experience they do not deliver the firmware updates they promise might happen at sale.

>I have about 400% more trust of Microsoft and Sony than I do of random smart tv manufacturers

This is a really weak trust based argument. Sony put rootkits on cds (different division of sony, but still). MS has been fighting their users forever now. Ultimately, none of these trust based arguments work. If you care about privacy, use kodi, new pipe etc. Don't try to pick overlords. That's a losing battle.

I trust them to keep their products relatively secure from hackers, not to not use my data.

When i got my samsung smart tv 4 years ago i actually read the EULA and was so disgusted i refused to agree. It lives its life as a computer monitor, and a buggy one at that. I doubt there is a way to update the firmware without agreeing. Moral of the story: dont buy smart TVs.

If you want a TV, is there any alternative? We got a new TV last year and I (joe shmoe average user) didn't see any that weren't smart.

Buy the best TV that fits your needs. Do not configure the Smart TV features at all. If it requires Internet access for initial configuration, setup your phone as a hotspot with a temporary password. Once configured, change your phone hotspot password and disable it.

I have many Smart TVs, all working great as dumb monitors for my AppleTVs. I wouldn’t change a thing.

Anecdotal: was setting up some Hisense TVs at work the other day and the unit came up with a message that "all Network features" would be disabled if you declined the EULA.

Immediately thought "works for me".

I wonder if any other manufacturer offers that choice.

Edit: commercial signage panels are about as close as you get to dumb TVs these days. Rarely include any smart features, can get in quite large sizes. Not OLED or anything but if you just want a decent display...

FWIW - I discovered recently that Hisense is actually owned by the Chinese state government, if that kind of thing matters to you.

There is, but since they're not able to sell your data they cost a lot. I bought a 55" LG OLED 1080p commercial signage display for $5000. The power and control hardware is in a separate box so the display panel is just 6 mm thick, and it has no "smart TV" features at all, just basic firmware for configuration.


There are some still out there (in Australia - YMMV). I just bought this on Wednesday: http://www.bauhn.com.au/product-listing/58-4k-ultra-hd-tv-AT...

Aldi has very very questionable quality though. I've had multiple DOAs, and multiple of their things die within months.

They're good with warranty returns, but usually can't give you a replacement product due to how they do batch/bulk sales and don't keep recurring stock, so you generally end up with a refund and have to start shopping around again for an equivalent product.

NEC sell 4K resolution large displays on their store [1] (not affiliated but someone in a HN topic noted them). Should be said that while they appear to not feature smart TV capabilities (they're intended more for retail/enterprise use) they lack HDR local dimming which is something to consider.

As for not connecting smart TVs to Wi-Fi I read in a recent HN comment [2] that theirs connected without consent automatically to the first available unsecured Wi-Fi it found, sometime later. Seems some TVs are being extra sneaky with this.

[1] https://www.necdisplay.com/category?category=displays

[2] https://news.ycombinator.com/item?id=21010777

In Europe I buy dumb panels from https://www.swedx.se/index.php?cPath=133

They are mainly aimed corporate buyers, I have one 42 inch TV and one small video wall (4x42 inch) from them.

I might have to get a projector

I bought a cheap TV from Argos, a UK catalogue store. No smart features. Still working well after a year.

Were you not able to return it?

I have a cheap, Chinese make 'smart' TV... (Le Eco).. e the company has gone under quite some time ago... It runs in it's own vlan with only access to the DNS (pihole).

It's consistently the top blocked client on my home network! Ott. Nielsenccdata.tv

>PS4, Xbox One

which are almost certainly also tracking everything.

In general i agree with your advice, and would rather keep smart TVs off my network. but if your goal is to not be tracked, plugging in an additional piece of hardware from another big tech co isn't going to accomplish that goal.

Agreed. My Samsung TV is not connected to Ethernet/WiFi and I have a quadcore Pentium NUC as a 4k HTPC for interacting with it. I have a full control of what I run on NUC (Ubuntu + Kodi) and TV is just a display.

My Marantz is connected to Internet though (used for AirPlay) as it needs updates to its firmware, so there might be some audiophile listening...

Marantz doesn’t report home if you disable reports. I also have never upgraded my marantz receivers

Pretty sure my 1970’s Sansui isn’t phoning home!

> I have [...] trust of Microsoft and Sony

Stop trusting companies. That's what got us in today's horror show of privacy invasion. Verify what you get and buy accordingly. Trust in corporations is something that's not required and is actively detrimental to society as a whole.

I trust cableco providers even less than random smartTV manufacturers.

And those TV boxes are 2-way obligate devices...

Some will still try to connect to any open wifi and phone home.

I’ve seen that behavior only on the one model that I was analyzing. Still, I assume it’s industry wide and even applicable to every/any IOT device.

I have an LG smart TV I got when I got an LG G5. I do exactly this. I dont connect it to the internet. I did at first but then I changed the wifi password / reset the damn thing. It is just a dumb TV for my MiBox (Android TV) which I prefer since if that component dies I can replace it. Though I am likely going to buy an Apple TV instead in the future if I see any decent offers on one.

> Microsoft and Sony have teams of lawyers who've drafted the data collection/data sharing/opt-out policies for what their current generation game consoles track and phone home about.

Those lawyers are looking out for MS and Sony, not you. Their job is to make sure everything is legal, not ethical.

Roku scares me when I'm watching movies on my Rapsberry Pi. They are .mp4 files. I'm not using their software at all... and about 2 minutes in I get a pop-up "You can view this move elsewhere at XYZ." How do they know what movie I'm watching? They are analyzing the feed. Scary.

I can't fathom what possible conversion rate that ad would have.

Even assuming the underlying premise is something like "we suspect this is pirated and here's a legitimate option", you're suggesting I leave a task I'm in the middle of... to perform the same task elsewhere?

I could see if they had the set turn on to a Wii-style menu and they had a box that said "Since you enjoyed watching Show XYZ, you may enjoy Service EFG, featuring XYZ and more", that could possibly convert, but the timing there is completely tone-deaf.

By recording and matching soundbites on their servers, similar to what the app Shazam does.

I would also never connect smart TV to the internet. Years ago we purchased dumb plasma TV and set up a Linux box on older PC. The main part is Kodi (XBMC) which has addons for various online services + we have Tvheadend on another box for satelite and DVB-T2 recording. All two DVB-T2 muxes we are receiving are also sent multicast on the LAN using dvblast. Kodi can be controlled via an app on the smartphone or it's web interface. This has been working for years, some maintenance was needed but I am happy with it and don't plan changing it. This TV box is also a Kubernetes worker node for light workloads :D but that's another story.

I concur on leveraging console's(Xbox One/PS4) for smart TV functions due to better security and hardware; But the power consumption in using console as smartTV equivalent should be higher.

Xbox One X has excellent power efficiency, it is my preferred way to gaming as I'm extremely conscious about the power consumption of my devices; but Smart TVs do consume lesser power for what they do.

LG and Samsung both use Linux for their Smart OS and there are a few Android TVs.

Also, fun fact, my cable boxes from Verizon also run Linux :P

I had a very nice Sharp Aquos TV for a long time. One of the first reasonably priced 1080p 65" TVs. It had absolutely no "smart" features, which was perfectly fine with me. I have my TV hooked up to a home theatre system and have my devices (PS4/AppleTV/XB1/Nvidia Shield) hooked up to that.

I recently upgraded to a LG 4K OLED TV. It's an absolutely gorgeous TV, but, I absolutely lament the "smart" features of this TV. I get software update prompts on a regular basis for software I don't use (I'm sure there would be some for the base system anyway, but, an order of magnitude less). The prompts when setting up the TV to accept myriad EULAs are obnoxious. Pop-ups advertising "features" on my TV which I don't want? Ugh.

I really want either a manufacturer who resells these panels with 0 features, or a mode from LG which disables all of this. "Lock to HDMI1 and disable everything but color management features".

More on-topic with the article: I'm a pretty tech and legally-savvy guy, but, even I'm not sure I've toggled the correct order of knobs and declined the correct EULAs to disable that tracking. Moreover, I'm exactly 0% sure that someone else didn't try to watch Netflix (via the TV and not the AppleTV/Shield/PS4/etc) and wasn't prompted to accept EULAs to do that. My point is, if I can't even do this properly, normal people have a near 0% chance of disabling tracking.

That said, it's a fantastically gorgeous panel. I've had a lot of fun re-watching older favorite movies in 4K.

What you are looking for are called "Commercial Displays" or "Digital Signage" Expect to pay a premium, but they are generally simple panels built to endure a very heavy duty cycle and harsher-than-a-living-room environment

I looked in to this and at least for large sizes as of earlier this year, commercial displays aren't practical. The premium isn't 10% or 20% (which I'd gladly pay to omit "features" that disclose data to third parties), it's $2000-$5000 (60%-150%).

Also, for that massive premium, commercial displays often don't include HDR, HDMI features (CEC, ARC), and sometimes even 4k. They aren't a realistic solution.

The panels aren't nearly as nice as the ones you can get on consumer TVs. LG C9 OLED is a thing to behold.

I recently bought an LG OLED as well.

I never connected it to my network and never will.

  It was a dark pattern during setup.  The options were to connect via LAN or WIFI, and only by scrolling into "nothing" did a skip option appear.
This ImO is the only option and even then I bet it's trying to exhilarate data by like trying to connect to a phone or high frequency audio or something.

I've got an LG OLED and have had regular LG 'smart' sets before that. I turned off the LG IP channels and other similar settings. The only installed apps are for Amazon Prime, YoutubeTV and their web browser. I have it on its own wifi ap.

I get very few notifications. Obviously, when app or firmware updates are available. I also get a small and brief notification when they add a new ip channel to their lineup. I get no ads or anything like that.

I've not run a sniffer to see what it phones home with beyond info for version checks.

"exhilarate" > "exfiltrate"

Autocorrect got me :(

How do you install firmware updates??

I bought a dumb tv in 2013 that I still use just fine without any firmware updates. It's a screen, it needs no updates.

I plugged in my pre-all-devices-spy 10 year old dumb tv to the network for the first time and now it hounds me for firmware updates.... I always reject because I don’t want it to learn how to spy on me.

Pretty sure my firetv phones my hdmi content home

Can't you set the onboard clock back a few years to fool it?

If it's not on the network why would you need firmware updates? (serious question)

Bugs affecting its base functionality?

It's not that hard to display whatever is coming in on HDMI-1. They usually get that working correctly in whatever firmware version the TV is shipped with, and I don't need more than that. They can even fuck up audio, as that goes through a proper receiver and external speakers anyway and the TV is thus constantly set to zero volume.

If it has serious bugs out of the box, just return the damn thing and get a different version.

Well maybe you don't discover them until a year later when you connected some new peripheral on a previously unused input to discover it's unusable but there's a fix for the known problem.

Is it really all that difficult to envision a legitimate need for bugfixes on a "smart tv" containing so much software? These things are as much a computer as they are a display. And modern software development practices have veered far into the direction of "ship yesterday, finish tomorrow with updates."

Hdmi-cec is a classic. The implementation on many TVs is riddled with bugs.

Gets disabled by me immediately. I use a well-configured Logitech Harmony remote to orchestrate the various devices, hence no need for HDMI-CEC, which it's implemented differently by anyone anyway (and they mostly don't even consider that "bugs").

You should give it a shot again now, I also ignored it for years but with my most recent upgrades I tried it out and in some simpler cases, it works well!

Most of them let you download the firmware updates on a computer and load them on a USB flash drive. That's how I've updated my Samsung that I never connect to the network.

> My point is, if I can't even do this properly, normal people have a near 0% chance of disabling tracking.

The other point is that all these features are advertised on the box (Netflix, Alexa integration, etc) but you can't even use them unless you accept those EULA prompts.

If you don’t accept you can return for a refund. Something tells me lots of ppl accept tho

I think we've reached the point where the only safe way of buying a TV is to buy a business conference room display or large screen monitor instead. Seems to be the only way to get something without all the dystopian crap.

Luckily we’re living in the era where people are offloading their old last-gen dumb TVs for next to nothing in order to replace it with a smart one.

I got my current TV off the side of the road. It’s a 42” LCD Samsung, and that’s good enough for me.

Projectors are also an option.

But then you're losing all of the goodies for movies and games, such as proper color space or contrast. Usually the business TVs are anything but good for movies.

I will counter with the Iiyama prolite x4071uhsu-b1, the highest-contrast (5000:1 typ) LCD I have ever seen with such a competitive sticker price. 500~600$ 4k 40". Up to 75Hz @24bit color or 60Hz @40bit color.

It has zero smart stuff, and comes with an RS232 input for which documentation exists to control _everything_ remotely. I think the latter is due to it's brother being a 24/7 rated digital signage device, which typically implies remote management.

I'm passively looking for a newer model for a potential secondary setup on a different desk/location, but haven't stumbled on anything I'd prefer.

But consumer TVs nowadays come with absolutely hideous defaults, with color, contrast and sharpness adjusted to first and foremost compete for attention against other manufacturers on store shelves. It's gotten bad enough that stores now offer adjustment services — for a price, obviously — just to get the picture to look the way it should in the first place!

You’re absolutely right. Commonly referred to as “scorch” mode.

The factory tint setting is always too high!

Just unplug it from the network. That should get rid of most of it. I have an LG smart TV that has never seen the network. I get no ads, no popups, no features, no EULA, nothing. It behaves like a dumb TV.

It was the LG 65UH series from Costco.

HDMI cables can double as Ethernet cables. In the future "just unplug it from the network" will mean "just unplug all HDMI devices".

Please stop repeating this. Yes, it's in the spec, but can you find anything that actually implements it? Manufacturers can barely get HDMI CEC working, let alone Ethernet.

Plus it's 100Mbit Ethernet. Too bad you can't use the full bandwidth of HDMI as a network interface.

Doesn't that depend on the cable? I thought you had to pay extra for Ethernet support.

Yes, it does depend on the cable. Not all HDMI cables support it. I think it's cheap enough to add that many or most HDMI cables will support it in the future, if they do not already.

This requires both ends (source and receiver) to be configured for Ethernet over HDMI.

that's not the point, block it at the router.

What am I missing that makes HDMI cables doubling as ethernet cables a problem for blocking it from accessing the network?

> What am I missing that makes HDMI cables doubling as ethernet cables a problem for blocking it from accessing the network?

You block the TV from accessing the network.

You connect the TV to a device that will let you stream Netflix, via HDMI.

The TV requests internet connectivity over HDMI through that device automatically.

Blocking the network access to the TV has now been worked around and no longer matters.

I wonder if one day they’ll connect to other TVs that are online to get around the WiFi.

They'll ship with a sim card and connect to mobile.

This is one of the reasons I’m not excited about 5g.

Yeah saw that mentioned in another thread, that’s much more straightforward and reliable.

I've read about TVs that already did that. The owner purposefully didn't configure WiFi or Ethernet, and months later the TV suddenly prompted to install an update because it found a neighbour's open WiFi.

Or have a GPS and realize that it’s been 12 months since their last mandatory update and lock you out.

Changing your computer’s time to the past used to be a great way to prolong 30 day trials or pay-by-the-year software in the 386 and 486 days.

Why would you need a GPS for that?

GPS provides high quality RTC signals. So the TV could update its time with high accuracy via GPS and countdown a timer.

Thankfully the majority of people use their TV indoors.

All you need is to glimpse 1 satellite for a short while if you're looking for a roughly accurate time. You need 3 to get a position fix, but fewer will still give you the time.

I agree, Could use WWVW or whatever it’s called.

That's the entire point of the 5G rush.


Yeah even when toggling options to stop tracking, I don’t trust it. I will usually find what it calls out to and block it on my home network with Pi-Hole. I also am moving to projector which may have less “smart” bs crammed in there. But, I haven’t researched that yet to see if that’s true or not.

I don't think the options are blatantly false, the legal teams at these respective companies would never allow them to be demonstrably false. I do think they are as confusing as possible and designed to be as difficult as possible to place in "max privacy" mode and as easy as possible to place in "max tracking" mode.

> block it on my home network with Pi-Hole

That's a really good idea. I just configured my firewall (Palo Alto) to block the TV, I'm not sure why I didn't think of that.

Look through this, they seem to connect to open WiFi networks.

[1] https://www.reddit.com/r/privacy/comments/bpr6xs/if_you_choo...

I've been arguing for a long time that the "don't connect it to your network" defence was insufficient because sooner or later these devices will simply start including their own connectivity as well. Various other categories of device, notably cars, already do, and frequently abuse it for tracking purposes.

My take on this is that we should impose the kind of draconian restrictions we have here in the UK on products like cigarettes. You can buy them, age restrictions permitting, but they are legally required to cover a large part of their packaging with prominent disclosures of the harm they cause. If devices with consumer-hostile measures like phone home functionality were similarly required to disclose it, and exactly what it is doing, on their packaging and other promotional materials, average consumers might start asking more questions instead of just the relatively small and so usually insignificant class of techie consumers. If that still didn't produce meaningful competition, outright prohibition by law might be the only solution.

"We collect viewing data when you use our TV in order to recommend other content you might like" will probably not really move the needle for most consumers.

And if it doesn't and they accept that by genuine choice, that's fine, it's an informed decision.

But equally, maybe some people wouldn't be comfortable with, "This device contains a camera and microphone that are always on and an independent Internet connection that you cannot block. We cannot guarantee that the software in this device is 100% secure and we only guarantee to update that software for 12 months after the date of purchase. We do not control some online services used by this device and Internet-connected features of this device might break at any time with no way to fix them. There is a {regulator-imposed description/statistic} chance that someone will be able to hack your device, watch and listen to the area around it including other nearby rooms, and provide hackers with access to any other devices and activity on your home network. This device will upload information about what you watch and when to {names of business(es)}, which will use the data to profile you including guessing your family make-up, wealth, interests and vulnerability to advertising, and this information will be sold to {list of recipients} who may use it to {purposes}."

It seems to me like everything already comes with a license agreement and/or other mandated disclosures that are at least as bad as that, and it's too much text to put in large print in a prominent place.

That is part of the reason I like this approach. If it's too complicated to fit on the outside of the box, maybe the device is doing more shady stuff than it should be and needs to turn it down!

Hard to imagine how you can write a law that will express this viewpoint without a ton of unintended consequences. "if you can't exhaustively describe the drawbacks of using your service from every possible perspective in two sentences, it is illegal" will probably hit a lot of things you like as well as what you don't.

I think it's much more practical to simply ban fine print contracts that are not negotiated in favor of standard regulations that apply to everyone. You can't expect businesses to foresee everything that will go wrong, but you can force them to shoulder the risk of the unknown.

The point is that you don't try to cover all bases, just certain broad categories. Any product manufacturer that wants to avoid hassle can just not do shady things in those ways at all and then they don't need to worry about it at all.

The experience with GDPR in the EU so far seems to have been that the clear elements were generally felt to be reasonable, and businesses that weren't doing shady things would already have been in compliance with most of them anyway. The problems with GDPR have more been around ambiguity and the unnecessary and sometimes disproportionate red tape imposed even on "good actors". It was a similar story with the slightly earlier update to EU consumer protection rules.

I don't see why we couldn't learn from experiences like those and develop a reasonable regulatory regime for devices with embedded sensors and/or connectivity.

No external connectivity? Nothing to disclose. External connectivity? Do you use a customer-defined network connection or establish your own (and if so, how)? What's your policy on providing security updates? What guaranteed minimum support period are you offering, and what will happen to the device past the end of that period? Maybe if you or any of your business's officers or controlling interests have been responsible for a serious breach in the past, you also have to disclose that with prominence that reflects the recency and severity of the failure, so being careless about security becomes a sticky and toxic label rather than just a lawsuit that is a cost of doing business.

Not depending on outside services? No need to disclose. Depending on outside services? You need to state a minimum period where you guarantee your device/functionality will keep working, whether each outside service is under your control, what identifiable data is changing hands, what will happen to the device if each external service is changed or discontinued, etc.

Not including any sensors of defined categories (camera, microphone, location, etc.)? No need to disclose. Including sensors? You need to state how to tell whether they are in use, whether you provide a physical switch to disable them that software can't override, what they are used for, whether any data they collect could be transferred off the device, etc.

I don't see anything unreasonable about this, because anyone making such devices is going to be spending considerable time and money to include those sensors, that connectivity, or that use of outside services, so there's no credible claim that they don't (or shouldn't) know exactly what is going on. Requiring a few lines of specific details to be provided in a standardised format under the sorts of specific conditions I mentioned above doesn't seem either unrealistic or disproportionate as we move into a world where more and more devices do come with some or all of these three liabilities.

>the legal teams at these respective companies would never allow them to be demonstrably false

Why? It's not like there are any real consequences for these companies when they screw up and either the data gets leaked or they're found to be lying.

Just one humble non-lawyer's opinion but I'd love to see merchantability and fitness laws updated to explicitly bar reduced functionality without the forced exchange of consumer data, which is what's happening here. Manufacturers claim they are subsidizing the TVs via data collection, assuming that's true then banning the reduction of features unless the consumer opts in then raises the bar on every manufacturer. If TVs go back up in price so be it.

Yeah, I'd really like slightly better support for plugging in something smart into a dumb TV.

In the UK, if my shield would show freeview TV channels I'd probably never need to leave the interface, and thus I'd be happy to lock a TV into a shield slave.

Unfortunately it just doesn't work like that for us over here though.

I have a HD Homerun and the channels app for that.

I’m using the shield exclusively for smart features and the OLED as a dumb display.

That's interesting. Thanks of making me aware.

I just bought a LG OLED as well. This screen is amazingly good !

I connected it to the network in order to watch netflix, and unchecked all tracking and advertising related EULAs. I'm also running a pihole on my network, so most third party ads will be denied from reaching the TV.

Which model is it?

The smarter a TV is, the stupider it breaks too.

My parents had a TV with a built-in Skype app, and at some point the TV maker stopped supporting it. After that, every single time the TV was turned on the TV popped up a vague modal error message (that didn’t even mention Skype, just “an app” or something). I verified that it is impossible to turn off this message or do anything about it. Think about the stupidity.

I bought a Vizio tv a couple years ago that came with a very simple remote. The remote had power, volume, channel, and input buttons and nothing else. It seemed like they intended you to pair it with a smart phone to change any real settings. At some point about 8 months after I bought it turning on the screen caused a message to be displayed informing me that there was a new more fully-featured remote available and that they'd send one to me for free if I registered at the displayed url. The message could only be dismissed using a button that did not exist on the included remote. I literally could not use the television for two weeks while I waited for the new remote to arrive in the mail.

I wish that if they are going to insist on making their TVs smart, they would take the time to think about what people who use some of the apps would want.

For example, my Samsung has apps that can stream radio, and apps for Spotify and other music services.

But it evidently failed to occur to anyone at Samsung that since these are audio apps and do not need to use the screen while playing, I might want to blank the screen once I start the stream.

I'm particularly irked at Samsung because when I searched online to see how to blank the screen (I assumed it was obvious that they would include such a feature, and I was just being dimwitted when it came to finding it), I found that they used to have that feature, and they dropped it starting with the model year of my TV!

I mean, how are you going to see the ads if the screen is blanked? It's not that they didn't think about it, they did, they just went for the "feature" that benefitted them the most.

Earlier this year my company pitched anonymization solution for smart TV and smart home appliances to LG and Samsung representatives in Korea.

Their reaction to a proposal was, to put it kindly, terrifying and highly defensive. They said they are doing nothing wrong, no data has been leaked snd that there is no future for our solution, sensing huge discomfort.

Quite evident they have zero interest to gamble status quo on current situation.

You pitched them a way to make less money?

I stopped connecting my TVs to the internet when Samsung started pushing notification ads for GameFly on a (at the time) 3k dollar first gen 4K tv - and they lied and said no they’d never do that. They’ve all lost my trust.

In addition to push notifications, they kept pushing their TV+ app to the first position of my apps selector. I kept removing it. Then I just switched off internet access. Smart TVs are dumb.

I disabled autoupdates on everything after a smart TV whose dashboard I'd laid out to suit me, auto-updated and insisted on dashboard apps that I never wanted and couldn't delete or hide. Got an Apple TV and have not touched the smart TV features since.

Sounds like Vizio. Five years now and I still re-delete the Yahoo Finance app every couple months.

I once connected my vizio tv to the wifi. ended up having to change the wifi password, since there was no way to forget the network on the vizio.

haven't had an update since, and not upset about that.

This might be of use. However I don't blame you for not using it altogether.


Wow, I didn't know it was that bad! I've never connected my tv's to the internet. I normally run a full PC behind them to access our media and for apps.

I use the PCWRT router, and it allows me to block the spying by blacklisting the relevant domains.


At some point I wonder if we might not just start whitelisting domains instead. I think that it could be possible to design a UX that wouldn't be much of a hindrance to using your computer and phone on the same network. Eg any websites you deliberately visit get added to the whitelist, same with the other services you choose to use.

The amount of mostly unintentional (by the user) data transfers is out of hand.

At some point, a combination of manual/explicit reputation tagging and a web-of-trust system might become a plausible defence against a lot of these user-hostile connections.

If your corporate site, where you advertise your new high-end TVs and laptops, starts triggering warnings in all your visitors' browsers that it might be associated with malware and falling off all the SERPs for similar reasons, you're going to stop loading it with junk pretty quickly (and its trust score will improve pretty quickly as a direct result). Likewise, if your smart device tries to phone home and home has acquired negative rep, maybe that connection gets blocked automatically at the firewall.

We'd need a system that was guided by interested/aware participants who are unlikely to be successfully gamed and that mostly "just worked" for average users, but we've managed to build those in other contexts before so it doesn't seem completely out of the question.

Actually, white listing is a better idea. You can white list with the PCWRT router too.

And then everybody starts collecting data via AWS or whatever.

Even then, can't you tailor the whitelisting in a way where it only whitelists specific services on AWS? You could even make it timed so that other IOT devices can't exploit it.

How long till the embedded devices us DNS over HTTPS to bypass this? The consumer is under attack

I assume not long. And there’s no good way to stop that.

And there’s no good way to stop that.

As long as they rely on your own network for their external connectivity, you can always firewall them (at the expense of any connected features you do want to use, perhaps, but then I suspect most of us would agree that 99% of those are junk in most smart TVs anyway and be OK with that limitation).

The problem comes when they can form their own connections, but in that case they're not under your control anyway, DoH or not.

But that breaks the streaming functionality.

Only if you stream via your TV and not a separate box. Obviously that's part of what they're banking on, but I don't know anyone technically knowledgeable who does that (not least because TVs are notoriously bad at updates and incompatibility often breaks those functions soon after purchase anyway). John and Jane Viewer used to manage just fine with separate set-top boxes for their satellite or cable or whatever, so I don't personally see any problem with having separate (and therefore separately upgradable or replaceable) boxes for connecting to online services, while it does have clear advantages.

Just stream using a separate box connected over HDMI.

And then that device will do the same tracking/spying as the TV

They might try, but any such device will likely be much more interchangeable than the TV itself, with more competition. One significant problem with the TV industry at the moment is that competition has failed and essentially they're all at it.

Any way to build something like this myself, e.g. using Raspberry Pi or DD-WRT supported router?

We have three TCL Roku TV’s, and while they’re all blocked now, they were responsible for about 98% of the requests on our network according to Pi Hole. Now they’re blocked at the router level as well because it’s hard to trust them at all. Pi Hole doesn’t block them by default, but the endless requests to Roku domains are easy to blacklist.

Google Pi Hole, it's mostly for ads and trackers, but someone probably has a list of "call home" domains, or you can add your own domains/hostnames that you want blocked

I believe the blocker just uses a dns server that returns a local IP address for bad domains that serve up a single pixel transparent in place of the ad, so there's a solution on pretty much every platform.

Pi-Hole has a nice GUI, but if you already have openwrt, dd-wrt or pfsense, you can likely just install packages.

DD-WRT would probably let you block domains. Pi-hole might be useful too. To be effective, you need your black or white listing to be device specific, so that you can block your smart TV in whatever way you want to without affecting other devices.

Another good alternative (for those of us who home-brewed their own router) is pfBlockerNG, which is an optional module for pfSense. It can do everything that Pi-hole can do, and more.

Can I flash my own router with pcWRT or do I have to purchase one on Amazon? Is this similar to DDWRT? Or a fork of some open source project?

Does a pi-hole or the like not already take care of this?

Roku scares me when I'm watching movies on my Rapsberry Pi. They are .mp4 files. I'm not using their software at all... and about 2 minutes in I get a pop-up "You can view this move elsewhere at XYZ." How do they know what movie I'm watching? They are analyzing the feed. Scary.

This is the ACR technology in Roku TV devices. It works on the TVs inputs and fingerprints the video several times a minute, sending thumbnails to a server to get visual matches. To disable, go to Settings/Privacy/Smart TV experience and turn off the "use my TV inputs" option.

> They are analyzing the feed. Scary.

More likely just looking at the title of the file and matching that against themoviedb.

My guess would be the distribution companies provide them a hash table of MD5s that maps popular torrents to places where they can be purchased. The company that makes the TV sells this services to the distribution company and/or gets a cut of the sales. Furthermore, it probably logs the IP of the person watching the pirated file and sells that data also.

All the device is seeing in this case is audio+video over the HDMI connection, no way it can md5sum the source file.

I think they are just fingerprinting the video and audio. They shouldn't have access to the actual file that is being played if you are just connecting the TV to the raspberry pi. I think I saw another thread where someone from Roku confirmed this (I had the same thing happen and it annoyed me so I looked it up).

The paywall JavaScript still kicks in after reading the article for a while via archive.org.

This should not suffer from the same issue: http://archive.is/8Cm3Q

Unfortunately, I need to consent to tracking by the WaPo to find out how much my Smart TV might be tracking me.

I’ve found disabling JavaScript on their site also disabled their subscription / paywall API which is all JavaScript.

It also happens to disable quite a bit of tracking. Yay for selectively whitelisting JS!

You are discussing here how to isolate the TV into a separate firewalled network, but for an average consumer this is too difficult. What an average consumer wants is to watch Youtube and Netflix and not bother about settings. If I was a TV manufacturer I would install a video camera and microphone and record everything and people would still buy my TVs.

We need legislation which deals with the reality of the PII loophole. While the ACR data on its own may not identify me/my household, it absolutely does once it's combined with the rest of my fingerprint in the cloud.

A “Dumb TV” is something I’m exploring developing. There is a gap in the market for a TV with a great panel, no internet connection, and only the processing strictly required for various types of signal processing and format conversion. The closest available solutions are large commercial monitors that cost an arm and a leg.

Dumb TV's are more expensive so you wouldn't be able to find enough people willing to pay that premium I think.

What would be great and much easier technically would be an (open, non-google) Chromecast clone that you can plug into a smart TV and then just not give the smart TV an internet connection.

My hypothesis is that dumb TVs don’t need to be more expensive, and that the savings of not needing a beefy SoC and more DRAM and Flash offsets what would otherwise be coming in from advertising.

Yeah I also don’t know why that’s some sort of established truth but it’s been going around for years now. It especially took off a couple of years back when a manufacturer exec (Bravia? Can’t find link now) said as much. I assume the info they can sell must be worth quite a lot of money if they can throw $50 or $100 worth of stuff in it “for free”, where many of the TVs probably never even get an internet connection!

That leads me to another guess: manufacturers can’t have people not connect their TVs. So they’ll start offering rebates that you only get if you plug your tv to the internet.

> It especially took off a couple of years back when a manufacturer exec (Bravia? Can’t find link now) said as much

The Visio CTO has been open about it


I would be interested in this device.

The commercial monitors cost more because the price isn't subsidized by user data collection.

The data on your viewing habits isn’t worth that sum (making it even sadder that TV OEMs are selling you out). The price deltas are driven by what the market will bear. As expensive as the commercial monitors are, they are a small fraction of the other costs of fitting out the conference rooms and facilities that use them.

It's not just data on viewing habits but they also make money though selling shows in the built-in apps, probably also get affiliate payments for people who signed up for Netflix etc through the TV.

From the mouth of the CTO of Visio:

> So look, it’s not just about data collection. It’s about post-purchase monetization of the TV.

> This is a cutthroat industry. It’s a 6-percent margin industry, right? I mean, you know it’s pretty ruthless. You could say it’s self-inflicted, or you could say there’s a greater strategy going on here, and there is. The greater strategy is I really don’t need to make money off of the TV. I need to cover my cost.

> And then I need to make money off those TVs. They live in households for 6.9 years — the average lifetime of a Vizio TV is 6.9 years. You would probably be amazed at the number of people come up to me saying, “I love Vizio TVs, I have one” and it’s 11 years old. I’m like, “Dude, that’s not even full HD, that’s 720p.”

> But they do last a long time and our strategy — you’ve seen this with all of our software upgrades including AirPlay 2 and HomeKit — is that we want to make things backward compatible to those TVs. So we’re continuing to invest in those older TVs to bring them up to feature level comparison with the new TVs when there’s no hardware limitation that would otherwise prevent that.

> And the reason why we do that is there are ways to monetize that TV and data is one, but not only the only one. It’s sort of like a business of singles and doubles, it’s not home runs, right? You make a little money here, a little money there. You sell some movies, you sell some TV shows, you sell some ads, you know. It’s not really that different than The Verge website.

> Q: One sort of Verge-nerd meme that I hear in our comments or on Twitter is “I just want a dumb TV. I just want a panel with no smarts and I’ll figure it out on my own.” But it sounds like that lifetime monetization problem would prevent you from just making a dumb panel that you can sell to somebody.

> A: Well, it wouldn’t prevent us, to be honest with you. What it would do is, we’d collect a little bit more margin at retail to offset it. Again, it may be an aspirational goal to not have high margins on our TV business because I can make it up downstream. On the other hand, I’m actually aggregating that monetization across a large number of users, some of which opt out.

> It’s a blended revenue model where, in the end, Vizio succeeds, but you know, it’s not wholly dependent on things like data collection.

Did you do any market research? You can very easily go to any store and still buy dumb TVs. I don’t know where people get the idea that 100% of tvs are smart tvs, but that is false.

Rtings pretty comprehensively catalogs and reviews mid and high end TVs. The only TV released in the last two years without WiFi or associated smart functionality is a pretty mediocre 49" TCL. While you can certainly still get smaller 1080p TVs without smarts, you shouldn't have to choose between getting a decent size and panel quality or not having a beefy OS built in.

So you're saying he didn't do his market research? :D

I did. I went to Walmart for their pre-Black Friday sales that start at 6pm, and couldn't find any. Sample size: Easily 500 people in and out of that store per hour, I was there 2 hours.

Walmart represents a store that is easy to go to for much of the US population. That means a good percentage of people in the US are buying TVs at places that don't offer non-smart TVs for sale.

Would be interested as well.

TVs used to be on and showing you a picture before you took your thumb off the channel button on your remote. Good times.

The old CRTs I grew up with need a good 15-20 seconds to warm up first, but you did have the audio pretty instantly.

Run a Pi-Hole, use it as the DNS server for your "Smart" TV.

Too lazy? Shameless self promotion: https://windscribe.com/features/robert

Wait wait wait. Windscribe, which looks like a heckuva VPN, where does it run? Because we are talking about filtering or blocking the data flow between the TV and the local router, i.e. the connection between the TV and my Comcast router. How does Windscribe get involved in that stream?

I'm guessing it's just a DNS server blackholing/NXDOMAIN-ing certain domains and the connections aren't actually proxied, like the old OpenDNS home.

Surely this is a non-issue if you don’t connect the TV itself to the internet?

Also worth noting that with a lot of TVs, you can download firmware updates to a USB stick, then install them directly to the TV.

Occasionally the out-of-the-box firmware on TVs can perform poorly on certain input modes, so it's nice to have an option to get the latest patches without opening yourself up to tracking and ads.

That said, the idea of a TV needing patches is thoroughly unappealing.

I have heard reports that some smart TV's (and other "smart" devices?) will sometimes connect to any open wifi within range without user consent or knowledge.

Not if you use a box like Roku, etc.

Won’t the roku only needs to be connected to internet and not tv itself? Right ?

Doesn't HDMI share internet connection? So if you connect any HDMI device with an internet connection then your TV will have one too?

HDMI optionally does support that, but almost no devices actually do.

In the future, won't it become increasingly difficult to keep your TV disconnected? Anything you connect to it will provide it with an internet connection.

Don't see any evidence of that actually happening as of yet. Would more expect that they'll just make them stop working entirely without a connection, instead of adding fancier ways of connecting them.

Maybe we'll have "HDMI condoms" that connect two cables and drop all packets relating to internet sharing.

They could create an HDMI condom so you can't have network connectivity over HDMI. Similar to USB condoms.

Also... what if they put a 5G SIM card inside the telly? Now that would suck.

That does seem inevitable. Time to build a faraday cage for our TV's.

I kinda have a felling that in a future not to far, iots devices collecting our data will be mandatory... and if you want a device that do not collect your data you'll probably end it up having to pay 3-5x more for that product. Its kind of an addiction and companies need rehab already.

This is most certainly what will happen if there is not a massive push back from consumers soon.

And I don't see it coming. Older people don't even seem to care that Imo is secretly recording them as longs as they can videochat with their grandchildren. Younger people are just happy for their new shiny toys.

Just a quick note... hotel/hospitality versions don't have these requirements. Look for them on Alibaba and overstock.

That's a really smart tip. Thanks for sharing!

Which is the reason why Apple should enter the TV market. The argument against it from the likes of Benedict Evans to Horace Dediu has been TV is a low margin business, but so are all the Android Phones in the bottom 60% of the market. I still dont get it.

And since Apple TV sort of means 5 to 6 different things [1], they might as well make an actual Apple TV set to make it even more complicated.

If there are two things that I think Apple should really do, are Wireless Router and TV. I dont want a Google Nest WiFi or Amazon Eero.

[1] https://news.ycombinator.com/item?id=21438152

Has anyone successfully hacked any of these TVs to disable the smart features? I would pay some money for this kind of firmware patch on a future purchase. It seems crazy that the software is so terrible and yet nobody has found a way to disable it.

There are projects to replace/root/modify the OS, unfortunately they tend to be about older models and the manufacturers continue changing things and making access more difficult.




LG and Samsung use Linux. Might be some fun to had analyzing any source code releases.

This would be great! Ifixit should show us how to remove or isolate the 5g/WiFi chip. Makes me wonder- is there a transparent faraday gage solution?

It would be quite nice if there were a single model out there that could be easily hacked and replaced with a speedy interface that does two things, switches HDMI inputs fast and volume control. (And turns off motion blur obviously.) Then maybe you could start throwing other stuff on there.

Once again, a problem that could easily be solved by requiring a right to root as part of the right to repair. I hate how so many of these are running linux on the underside but you can't do anything with it. I had a friend who got a Samsung smarttv and when I looked up rooting it, the chances were high of bricking it, so we decided not to do it.

I've said it before, and I'll say it again, the way we prevent this is in right to repair legislation that includes the right to root.

Just get a Sceptre TV. Up to 4K resolution, no smart features.

It also is extremely hard to fix a smart TV once it gets infected with a virus.

Just don't buy smart TVs. Buy a dumb TV, attach a RaspberryPi or an Intel NUC, install Kodi and enjoy.

Would love to. Who is currently making these dumb TVs? I’m in the market and can’t find anything.

Iiyama is one if them. Don't consider branding, look for tech specs/price.

They appear to specialize in PC monitors? I see a few commercial-looking LED screens they make but they're super expensive for what they are

They make zero-fuss LCD screens, many of them with standard VESA mounting and HDMI input(s).

Some of them are low-duty digital signage, or have a less-beefy desktop brother with the same/similar software and just mechanical/(power) electronics differentiating them between 8/5 and 24/7 usage to keep their warranty.

You are looking wrong when you make the price argument. Either your price source is weird, or you're looking at the "wrong" model. Just keep in mind that these are not your generic high-gloss consumer electronics flashy devices, but what a value-oriented engineering office might well use. I have yet to find a better LCD than their x4071uhsu-b1 ... Seriously, if you know of something comparable in contrast ratio: I dread the day mine breaks and I need to find a replacement.

I got mine at Costco, but suspect my price range must be way lower than all these hacker news users.

Buy a used one. Or even better - buy a projector.

Not too interested in an old used TV, or a projector really

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact