Hacker News new | past | comments | ask | show | jobs | submit login
FBI warns that connected televisions can provide hackers a window into homes (dailymail.co.uk)
218 points by MEGMOL 50 days ago | hide | past | web | favorite | 273 comments

1. I refuse to say "smart TV". It is a "sly TV"

2. Sly TVs never get Internet access in my house. I don't plug Ethernet into them, and I don't set configure their wifi. If I must give one access because it needs a firmware update to fix a bug or something, I temporarily set my guest wifi network's password to something random, configure the TV to use that, apply the fix, then reset the guest wifi password back to the old value.

3. I trust literally any other video device in my house more than a sly TV. While we use Apple TVs, there are plenty of excellent alternatives that have reputations for being decent about privacy. Apple hasn't been sued for spying on my TV watching; Vizio has. The FBI hasn't warned me about Apple.

4. All sly TV OSes are junk with terrible apps. Seriously, slap an Apple TV (or Roku or Fire Stick or ...) in the HDMI jack and your viewing experience will be better in every way. I'm not suggesting you make your TV worse, but to make it much, much nicer.

I don't want to come across as paranoid, but sly TVs have a history of one headline after another of reporting your viewing habits, injecting advertising, and otherwise bringing spyware into your living room. This isn't some big new explosive revelation, it's a normal Tuesday in the news. Don't put up with it! There are much better alternatives.

> I refuse to say "smart TV". It is a "sly TV"

I call them telescreens, comrade.

Although I agree with you on points 1-3, point 4 is no longer the case as of this last year or two. Most people are only interested in the main apps such as YouTube, Netflix, Disney+ etc. My 2019 Samsung TV OS is not only fast and smooth but those apps are as good, if not better than the same ones found on an Apple TV. Compared to a crappy Android box the experience is far better.

Why have a seperate device and two remotes when you don't have to? I'm convinced that the marketshare for these external media devices will flatline and steadily decline. In the case of Apple, the only way they can try to compete in the future is releasing their own standalone TV panel. I suppose they saw the writing on the wall which is why AirPlay and Apple TV are now available on Samsungs TV OS

This might be true for some apps, from the biggest developers. But even there, it only holds for a given point in time.

It's been shown time and again that developer support of past products is atrocious. You just can't count on getting your apps updated through the whole lifecycle of the device. This is partly understandable, as older hardware just isn't going to be able to handle some things (say, H.265). But even so, the developers seem to be doing little more than paying lip service.

The best strategy is to have a dumb monitor, and a device like Roku that you can upgrade very cheaply every year or two.

> Although I agree with you on points 1-3, point 4 is no longer the case as of this last year or two. Most people are only interested in the main apps such as YouTube, Netflix, Disney+ etc. My 2019 Samsung TV OS is not only fast and smooth but those apps are as good, if not better than the same ones found on an Apple TV. Compared to a crappy Android box the experience is far better.

That's more a criticism of "crappy Android boxes" rather than a praise of builtin TV applications. The latter are still barely usable and quickly become obsolete (with updates stopping 1-2 years down the line), compare that to a good Android box like Nvidia Shield.

> Why have a seperate device and two remotes when you don't have to? I'm convinced that the marketshare for these external media devices will flatline and steadily decline.

You may be right long term but it's been years since we've had "Smart TVs" and they are still far from being as good as decent media boxes. That to me means there's an underlying reason, probably a misalignment of incentives.

And btw, depending on your needs you can use a single remote just fine (I use an Fire TV stick bluetooth remote, connected to the Nvidia Shield, for controlling the Shield, the Sony TV and the Yamaha amplifier through HDMI-CEC). With such a combination of different parts from different manufacturers I'm surprised how well it all works.

> That's more a criticism of "crappy Android boxes" rather than a praise of builtin TV applications. The latter are still barely usable and quickly become obsolete (with updates stopping 1-2 years down the line), compare that to a good Android box like Nvidia Shield.

Sorry, but this is just no longer the case. Even my neighbour doesn't turn on his Nvidia shield anymore because his Samsung TV OS is good enough and the Youtube/Netflix apps are fantastic. Samsungs OS is where the dominant marketshare is so the apps are great.

I have a 2014 Bravia TV, and I would still much rather use the Netflix app on that than the one in the PS4. I press one button on the remote, the app starts within seconds, it's smooth and it works. Why would I need anything else? And it's a 5 year old TV at this point!

I'm surprised to hear that. The LG we bought earlier this year has a Netflix app that can barely keep up with the display. It looks much better streamed from the Apple TV than from the TV's own app.

I think it'll be a long time before any TV has a native app store as decent as Apple's (and probably Amazon's, but I don't have personal experience with that so can't vouch for it).

In my case i've got a flagship panel, the Samsung Q90R (which cost me about $2500) which has a quad core Qualcomm chip with almost instant responsiveness. My Apple TV now sits in a drawer. From the reviews i've seen all the flagship brands like the LG, Sony are all super fast and quite good. I suppose for people buying entry level panels they aren't going to be springing an extra $200 on an Apple TV so they'll put up with a slower experience because it comes included - and that's what consumers appear to be doing.

Was this a LG C9 OLED tv? Just curious in how much better and in what way is the Apple TV to the native app. I haven't had any issues afaik. But I haven't used the Apple TV 4k before either, so I guess I wouldn't know if I'm experiencing subpar quality.

It's at home and I'm at work so I can't look at it right now, but it's one of their newer 4K UHD TVs with webOS. I tried it on the guest wifi for a couple of days to see what it would be like, and while it wasn't bad (like I couldn't look you in the eye and say "this sucks, don't use it!"), it just wasn't as good as an external video source. There's no reason it couldn't have a perfectly fine hardware video decoder that's as nice as one you'd find in an external player. Still, its SoC and other support hardware just isn't going to be as nice as what you'd find in a dedicated box. Maybe the network stack isn't as optimized because the CPU has to handle a lot of stuff in software. Or maybe its OS's memory allocator isn't as quick. Or insert a thousand other things that might make a TV's dirt-cheap-as-possible SoC handle all the housekeeping around keeping the decoder fed with data as efficient and smooth as possible.

And as others have pointed out, you're pretty much stuck with what it ships with. If my Apple TV breaks or gets old and unsupported, I can trivially switch to a Roku. If the SoC in my TV gets old and unsupported, there isn't jack I can reasonably do about it other than throw out the whole TV and get a new one.

> If I must give one access because it needs a firmware update to fix a bug or something, I temporarily set my guest wifi network's password to something random, configure the TV to use that, apply the fix, then reset the guest wifi password back to the old value.

I use USB based updating for the TV to avoid ever having to give it Internet access. Since it's never connected to the Internet I don't need to care much if it's running the latest version or not, for all I care it could be running the same version until it stops working as long as the current version is good enough.

Regarding point 4:

My TV runs RokuOS. I've recommended it to everyone I know in the TV market and none have been disappointed so far. They treat the 'smart tv' aspects as first class rather than a buggy afterthought. I'm much more optimistic about it being updated for a long time as well.

Wasn't there an article on here the other day saying that you literally can't use a RokuOS-equipped TV without creating an account first? Or have I imagined this?

> 2. Sly TVs never get Internet access in my house. I don't plug Ethernet into them, and I don't set configure their wifi. If I must give one access because it needs a firmware update to fix a bug or something, I temporarily set my guest wifi network's password to something random, configure the TV to use that, apply the fix, then reset the guest wifi password back to the old value.

Are there any negatives to doing this? I'm running into issues with a Vizio soundbar working with a Vizio V Series tv and was contemplating connecting to the internet to see if there's any updates but was holding out on finding a fix. I may have to try your method though.

> 2. Sly TVs never get Internet access in my house ....

I'm with you. The challenge is or is going to be when (unless they already do) TVs start embedding 4G/5G SIM cards into the TV to bypass such requirements.

My only hope is that enough people use the Smart TVs as designed, with Internet configured, that TV manufacturers never see ROI in going the SIM card route. fingers crossed

>The challenge is or is going to be when (unless they already do) TVs start embedding 4G/5G SIM cards into the TV to bypass such requirements.

Are the cellular providers going to give free cellular access to these manufacturers or something? Consumers aren't going to pay for that. No one's going to buy a TV that requires an additional $30/month for a data plan.

Consumers won't have to pay, just like consumers today don't pay for various web based services such as email, search, social media and others. It is subsidized by the revenue the TV companies make from selling your data.

Today that revenue subsidizes the cost of the TV itself, the additional cost of 4G/5G based service for small bits of data is not much. Other options can be LoRaWAN, NB-IoT or other such services since the data transferred is going to be small, primarily analytics. All of these are pretty cheap both to embed in the TV as well as the service, especially at scale.

I guess I'm assuming here that the amount of data needing to be passed over-the-air will be quite large, since people are talking about these devices listening to your conversations and such. Some simple analytics data like what channel you're watching doesn't require any bandwidth, but sending microphone stream to a server to be analyzed and run through a voice-recognition program will add up.

> Are the cellular providers going to give free cellular access to these manufacturers or something? Consumers aren't going to pay for that. No one's going to buy a TV that requires an additional $30/month for a data plan.

I actually wouldn't be surprised in the least if this became commonplace down the road. Just open up your new telescreen and bam it seemlessly connects to the 5G/wireless network without issue. You'll get every update, ad, tracking, software automatically pushed to the machine without the need for the user to intervene.

My problem with this idea is that there's limited data bandwidth on the cellular network, even with 5G (5G has especially poor range, as I understand, so you have to have a tower very close by). If the TV makers can keep the overall data usage very low, it could work, but the stuff you're talking about seems like it'll require a pretty large data budget, and I just don't see how all this surveillance is going to be so profitable that it would pay for the cellular service and still net a handsome profit for the TV maker.

I mean, I have a TomTom satnav that has a built-in sim to download latest traffic updates and sync with my TomTom account. The device was about £250 when I got it 5 years ago and there is no subscription to pay at all, it has "lifetime"* always-on connection. So I can't be that expensive, or TomTom would be losing money by now.

*lifetime - defined as "lifetime of the device", whatever that means. 5 years in and it still works fine.

The mfgr must have negotiated something with one of the cellular carriers to give them unlimited access for a fee, with the stipulation that it's only used for these occasional OTA updates which really don't use much data.

However, I must point out that a satnav device's occasional updates, as I said, don't use much data: just a multi-megabyte download every few months at most. But streaming constant surveillance data from a TV to the "mother ship" is going to require far more data than that. Multiply this by an average of 1-3 TVs per household, and this seems like a big load on the cellular system.

I hope you're right. I'm also fortunately in a position to have access to radio gear that would let me sniff that out and apply copper foil tape until it's fixed.

Care to share more on the copper foil tape thing?

Did you mean wrap the antenna or something like that? I don't have radio equipment but would love to know more.

It's used a lot in ham radio for grounding and such, but it's also great for making an impromptu Faraday cage around an antenna. For example: https://www.amazon.com/Bertech-Copper-Conductive-Yards-Thick...

Note: that's expensive AF. I probably wouldn't literally use it to block the signal when a thin steel piece would probably work just as well. But it's an example of something you absolutely could do: find out where the antenna is, then severely interrupt its signal.

#2 now they piggyback on any open network they find

I mean how common is an open network anymore? I live in a relatively suburban area and each of my neighbors networks are password protected. Unless I'm in an office park, doctors office, mall I rarely encounter an open network. Maybe apart from something like a Optimum/Verizon/Comcast wifi hotspot.

Are we sure that "FBI" and "hackers" weren't swapped around when writing the title?

Isn't this the same FBI that is trying to make encryption illegal and who insists that backdoors are safe?

The own backdoors are always doubleplusgood. Other's backdoors are bad. Doesn't matter which side you're asking.

Never mind that all backdoors work more or less the same.

*Other's backdoors are ungood

I wonder if there's a market for some company to resell smart TVs that they've lobotomized.

I.e., they have a list of TV models that they know how to disable network connectivity without causing any other problems. You order from them, and for some reasonable fee they'll make the change, verify everything is okay, and ship you the unit.

Personally, I'd be willing to pay a $100-200 premium for that, especially for a TV that (pre-lobotomy) sells for over $600.

Why companies don't just continue to manufacture screen-only TV's baffles me. I'd love to see some existing privacy-oriented company that already has to deal with screen manufactures start selling "privacy-oriented TVs".

Ultimately, few people understand that this is a problem or that they should want a dumb TV. The manufacturers make money from the smart features by selling the data and by getting a cut of subscription revenue, so smart TVs can be sold cheaper than dumb TVs.

The FBI issuing a warning about this is helpful. It may help create a market for dumb TVs that cost more than smart TVs.

so is the fbi just reporting on the cia now? I mean, Project Weeping Angel is pretty well-known by now, right?

ref: https://wikileaks.org/ciav7p1/cms/page_12353643.html

>The manufacturers make money from the smart features by selling the data and by getting a cut of subscription revenue, so smart TVs can be sold cheaper than dumb TVs.

Yeah, this is like how a laptop can be sold cheaper with Windows OS than with Linux: the Windows version is preloaded with a ton of crapware that the mfgr gets paid to preload, so even with the enormous (as a fraction of BOM) price of the Windows license, the laptop comes out cheaper.

Make a deal to bundle Roku sticks with the TV to reduce the cost maybe?

I understand, but recall seeing literally zero "dumb" TV options at Best Buy at the size I was looking for.

Because who is going to buy a more expensive dumb TV? I just buy the smart TV and don't connect it to wifi.

That works if your TV allows that. I'm pretty sure I've read that some models simply won't work if they don't have internet access.

I opened a more modern cheap smart TV. Inside were three boards: Power supply & backlight inverter, LCD/LVDS(?) interface board, CPU & video IO board. I'm not sure if the screen interface was actual LVDS but it sure looked like it.

So a smart TV is nothing more than an LCD with Arm SoC. Of course that SoC it's completely locked down and there are no specs outside of NDA's.

It got me thinking, how hard would it be to go to a big manufacturer that makes these smart TV's for chains like best buy and contract them to make the same set without the proprietary garbage hardware board? Instead a board built around an open SoC and software ecosystem is installed so the ethernet and USB ports do what they're supposed to do. That or pick a very common TV model, figure out the LCD interface and build a retrofit board. All of this is easier said than done.

Then imagine how fun it would be to hack your TV to do whatever because it's a regular computer? Of course the big issue that stands in the way is the HDMI and DRM burdens.

(cue someone replying with: just don't connect the smart TV to the internet and hook up a raspberry pi.)

>I opened a more modern cheap smart TV. Inside were three boards: Power supply & backlight inverter,

How "modern" was this TV? Don't they all use LED backlights now? Backlight inverters should be obsolete now.

It was about 3 years old at the time. And I believe it was an LED backlight so I should have said regulator or perhaps driver instead of inverter but close enough.

If you're a manufacturer are you going to go after the 95-99% of the market that wants a set that's cheaper due to the bundled spyware or the 1-5% that are willing to pay a premium not to include it? Granted, I'm guessing as to the percentages... but I doubt I'm that far off.

They exist, they're called "commercial displays", and they're quite expensive.

What explains the large price premium of commercial displays?

Is it just that they're low-volume SKUs? Or are the somewhat more ruggedized than consumer models?

Partly construction, partly that the target market simply is willing to pay more, and partly that the cost of consumer sets are subsidized by some of the third-part analytics software that comes preinstalled in order to collect and sell information on what people are watching.

I imagine part of it would be that the displays are assumed to be run almost nonstop.

The fact that the cost isn't subsidized by the tracking and advertising provided by the smart tv

(I have no evidence for this but I've seen this comment posted many times before)

Here's the evidence for it, by the way. Straight from an interview with the CTO of Vizio: https://www.theverge.com/2019/1/7/18172397/airplay-2-homekit...

It goes into how running content recognizition software against whatever's on the TV display lets them collect and aggregate data to sell, which helps them sell the TV for very low prices without having to worry about being profitable on the initial sale thanks to data and other monetization streams. Sony, Samsung, and the other major TV players all run very similar Automatic Content Recognition systems.

Bingo! Those Roku / FireTV / Netflix / Amazon/ Etc logos on the boxes don't pay for themselves.

Although what's insulting is when the super premium tvs that STILL include all the same tracking junk. A 3k dollar+ tv shouldn't need any subsidizing at all, yet here we are.

Because they're designed for 24 hour, 7 days a week use. Components like power supplies will be far higher quality.

Many of them have integrated signage software too like MagicInfo and have video wall capabilities etc.

Commercial displays are the first class airplane tickets of the display/TV market.

Are there any drawbacks to using one for home use?

Dramatically more expensive.

When I looked a larger high end 4K consumer TV was cheaper than a smaller 1080P commercial display.

I bought a cheap 42" 4k dumb tv made by an off brand which is no longer available anywhere, one of the only ones that I could find without network connectivity, but it's by no means a great TV in other respects. I think if I used it heavily it'd have burnt out a capacitor by now or something. Reviews indicate they are not too reliable.

My dad just bought a cheap "Sceptre" brand TV that's 4k and as dumb as can be

screen-only TVs are undesirable because content providers like Netflix gate their content to locked-down devices that present a lower risk of piracy.

Unless you run Netflix in MS Edge (or the netflix windows store app, which wraps MS Edge) and use a Skylake or newer CPU with a secure enclave / AMD PSP, Netflix won't stream you their highest-quality content.

Or they will happily deliver it to whatever Android device or smart TV that you like.

(also, PC support for HDR content is... "lacking", shall we say)

Because TVs are commodity hardware that makes exactly $0 the second after it's sold. We now live in a business hellscape where "recurring revenue" is everything. Since TVs still last for 5 years or more, they might as well start selling off your viewing data to make the quarterly numbers look better.

They can make more money off smart tvs by selling advertising profile info from things like the TV shows watched. Thats why.

And that makes TVs cheaper a little bit than lobotomized not monetised alternatives. Users don't see the hidden cost when looking at two TVs with same specs but slightly different prices.

I suspect that the advertising industry is offering the TV manufacturers incentives to add tracking "smarts". The dream of tracking TV ad views and even personalized TV ads is worth billions.

Cut the Wifi antennas and shield connection points in the module.

TVs are only as cheap as they are because the cost is subsidized by the data they collect. A dumb TV would be more expensive to buy, and most people would balk at that.

> I'd love to see some existing privacy-oriented company that already has to deal with screen manufactures start selling "privacy-oriented TVs".

Apple TV?

Not a TV. And what makes Apple privacy oriented? Because their marketing department says they are? Unless a company's business model is actually privacy, I won't believe for a second they value privacy. Even then I would still be skeptical. Companies can always increase profit by secretly getting rid of privacy.

> And what makes Apple privacy oriented?

The fact that they're not an advertising company? That their business model doesn't depend on monetizing your personal data? That being privacy-oriented is a distinguishing factor compared with their competition?

Apple doesn't make TV's the previous post was referring to dumb TV's

Besides the nefarious reasons they might not want to make dumb TVs, there are some decent reasons.

Most TVs include speakers. Even the non-smart ones. By adding networking and apps, that TV can be used stand-alone.

For people starting out with their first home theater setup, they can get started with just the TV. With a dumb TV, they'd need the TV, and a receiver/speakers setup or a soundbar, and something to provide content like a Blu-ray player or cable box or Roku.

By making the TV smart, the TV maker has a better chance of having people start out with a higher end stand-alone TV and then adding other components later. I presume that the TV maker would rather have the consumer spend all of their initial budget on the TV, instead of splitting it between TV, receiver, and Blu-ray player.

For people with existing home theater setups, a similar thing goes on with upgrades. For example, I have a Denon AVR-1913 receiver, a Comcast X1 DVR, and a Sony Blu-ray player, and a Samsung TV.

It was a smart TV but I never used it as anything other than a dumb monitor. I used apps, not but on the TV. The Blu-ray player had a full set of streaming apps, and so does the X1. The Denon receiver has an internet radio app, and also supports Spotify Connect, and supports Airplay. So there was never any need to use an app on the TV. (Also, when I tried it once out of curiosity I could not get ARC to work to send sound back to the Denon receiver).

But then the TV died. I ended up getting another Samsung, but this new one is 4K UHD.

None of my other components are 4K. I didn't want to upgrade the rest to 4K at that time, so for things I wanted to watch in 4K I used apps on the TV [1].

With dumb TVs, I probably would not have bought a 4K TV. I would have waited until my other components were 4K, and that could have taken quite a while. I tend to keep receivers until they die.

In summary, with smart TVs, the TV can meet the needs of a wider class of consumer. As long as they don't make it so you have to give the TV network access or use its smart features, it can meet the needs of almost every class of consumer. That's attractive to the manufacturers.

[1] ...which meant that I did need to figure out ARC. As with the old Samsung, it just did not seem to want to work. Then I noticed something in the Denon manual:

> When the ARC function is used, connect a device with a "Standard HDMI cable with Ethernet" or "High Speed HDMI cable with Ethernet" for HDMI.

I made sure to use such a cable...and it worked, which makes no sense. It would make sense if we were talking eARC, but with plain ARC--which is all my 6 or 7 years old Denon supports--it should work with any regular old HDMI cable.

Back in the old days dumb TVs had speakers so you could just connect a box directly with HDMI.

How about you don’t connect your TV to the internet? Here’s a consumer reports article that tells you how to turn off most tracking if you must connect it to the internet.[1]

Get a decent set of network hardware so you can monitor everything that’s going on. I can recommended UniFi by Ubiquiti, despite the recent blow back about crash reports being sent to them.

[1] https://www.consumerreports.org/privacy/how-to-turn-off-smar...

> How about you don’t connect your TV to the internet?

Then we'll see the manufacturers include SIM cards, at least in countries where it's affordable.

Twilio is making this pretty easy. I just ordered three SIM cards from them that I can provision, to see how it works. Their aim is for these SIMs to be utilized in IoT devices.


That's the future of all internet connected appliances. We're already seeing it with cars, at some point it will be affordable enough to include in TVs, fridges, ovens, anything that might want to phone home.

Hope you're not connecting it to any internet-connected device (PC, console, etc) either because most HDMI cables nowadays have pins to carry an ethernet signal as well.

My Sony TV and Apple TV do not support it. According to stack exchange nobody really supports it, although I can’t attest to the commenters credibility.[1]

A quick google search doesn’t show any Sony TV with this capability.

Can you give me an example of any consumer TV that supports Ethernet over HDMI?

[1] https://apple.stackexchange.com/questions/325215/appletv-eth...

That means the PC, console, etc would have to voluntarily act as a network gateway for the TV. I've never heard of a device configured that way by default. Even if I wanted to do that, I don't know how I'd begin to enable it on anything other than a Linux box.

I had been wondering if the comcast boxes would be providing this as a side door. (hdmi from tv going to cable box, cable box has net access )

When I asked about data sharing with these dvr boxes and the new streaming stick option, only thing they could tell me is that 'virtually all video decoding and streaming devices are sharing data with multiple third parties'

I returned the dvr box, and have not chosen to use their new streaming stick.

You're not suggesting some grand conspiracy of smart TV and computer/console manufacturers, I hope? As far as I know, PC GPUs don't support this anyway.

You could also sabotage the wifi chip or antenna if you wanted to make 100% sure the tv doesn't connect. Good luck trying to connect to wifi without an antenna connected.

I'm probably missing something here but why not just disconnect the TV from the ethernet/wifi? Are these things connecting themselves to the network?

In theory, that's not enough to keep them offline, if coded deviously enough.

If your neighbor, for example, has a syndicated WIFI like Fios or Xfinity, your TV can try those. Also, it has 24/7 free time to sit there and break passwords, if needed. Even a slow CPU would score some eventually. And finally, the room is probably full of other devices which themselves may have connections; a TV can communicate ultrasonically with those to exfiltrate your data.




I don’t see a TV doing 24/7 password cracking. Most WiFi passwords are now relatively complex out of the box and a TV would never have a realistic chance of cracking one. And while collecting data is maybe immoral, hacking passwords is as illegal as it gets.

It would be orders of magnitude cheaper and safer to build in 4G connectivity and use it to upload the relatively small payloads.

Wouldn't even really need 4G, 3G or even lower would work if you're just sending text analytics of shows watched. Even the more nefarious spying efforts could go out through text if they bundled a speech to text converter on board.

4G was more of a catch all for mobile connectivity. But actually some networks are turning off their 2G and 4G might have a better chance of working for years to come, since a TV is not really replaced that often.

The TV wouldn't need to crack a password if it's an XFinity wifi router next door, for example. Those are typically open to all Comcast customers by default, if I remember correctly.

How is your TV going to get onto a wifi connection that needs an Xfinity customer login(yes there are open to all customers as in they can use the wifi connection but not without supplying a login)?

By striking a deal with Xfinity?

> build in 4G

I wonder how many already have.

Are we going to need a spectrum analyzer to watch this junk?

In the 5G era, probably. TVs will come with 5G connectivity built in and always on. At initial power-up, you'll have to log in with your "television provider". Like the way CBS online works now.

We need laws to prevent this kind of shit. However, we have some laws already. If the TV is cracking passwords, who goes to jail? Oh, wait, I forgot laws like the CFAA and other shit like that are only enforced when regular people break them, not when companies break them to make money.

Many of them throw continuous error messages and warnings about connectivity, and some features just plain don't work without it.

I believe you. That's part of the value proposition: the company would know the impact of their changes to various TV models, and you could factor that into your buying decision.

I'd imagine a big part of this is because people like watching Netflix or Prime Video via the nifty apps built right into their TVs. To many owners, disabling those would be like disabling the cellular and WiFi radios on a smartphone.

A big selling point (for better or worse) is not requiring you to buy more boxes or hook up wires. Just as you see with cheap IP cameras which neglect to steer users toward secure setup and only tout the "easy wireless setup! Just point to the picture on your iPhone screen!" It's the flip side of the ubiquitous marketing bullet points: Easy! No wires! Apps!

> people like watching Netflix or Prime Video via the nifty apps built right into their TVs

I fall into this camp - I really like using the physical remote w/physical buttons to play/pause/rewind, change volume, etc. I used to be a heavy chromecast user but switched for these reasons.

Can't you just not connect it to wifi?

I give it five years before TVs with built-in 5G are mainstream. In addition, some TVs automatically connect to open WiFi.

Yeah, people keep saying 5G is important for the internet of things. This is surely what they mean.

The internet of things with ads


I'm fine with that. If its using 5G then it's not on my LAN and the concern in the featured article is no longer a problem.

Furthermore, if its using 5G then its not tied to the IP address that my other traffic comes from and so they can't use the TV to target me with ads online either. (Provided I don't use any of the same accounts on both the TV and my other devices.)

I think you are ignoring the use of location-based tracking and other correlation techniques. A bunch of different 5G appliances can all figure out their positions quite accurately from 5G signals and decide they belong to the same household.

And, that's before you consider that they can also scan local wifi and bluetooth spectra to glean even more information about their local environments. With participation of vendor applications on phones, they could also use ultrasonics or crazier things like modulated LED lighting.

Finally, if one of those devices is compromised, it can then be used to launch local attacks via wifi and bluetooth, or even potentially those other covert channels if they can exploit sloppy code in those other dark apps...

You are right, I didn't think about those things.

Taking those things into account as well as the things paulmd pointed out in a sibling comment, I am no longer fine with the idea of 5G in my TV.

TVs can emit ultrasonic tracking tones which your phone can pick up and link your TV identity to your phone identity (facebook, google, whatever apps have microphone access to listen).




Also, virtually any device with cell connectivity includes a GPS on the same chipset so it's pretty trivial to connect that with google location data. So if it has 5G it has your location it has your identity.

It might not even be that hard. The TV could just broadcast a Bluetooth beacon and your phone will automatically send the details to Google/Apple where your locations can be tied.

> I'm fine with that. If its using 5G then it's not on my LAN and the concern in the featured article is no longer a problem.

Not on your LAN but still harvesting your usage data (a feature!), and still hackable (smile for the camera!).

> and still hackable (smile for the camera!)

I don't know of any TVs that come with a camera built into them, and if there are any I certainly wouldn't buy one of those.

I will wrap the entire bezel in Faraday tape. Will probably look pretty cool.

My TCL TV blinked an annoying light when I didn't connect it to wifi

That was because it was setup in connected mode and was trying to tell you of a connection loss. If you factory reset the TV and choose not to connect it, you won't have the blink.

Many of them connect to 3G automatically.

Edit: I guess I was mistaken. They were not caught doing that yet.

I haven't seen that anywhere, do you have a link or source?

What? Can you provide any evidence of this?

Source please.

Most of the TVs provide a software update functionality, maybe custom firmware that disables networking hardware could become a thing.

This is fairly trivial for packet nerds using bro/zeek, pihole and iptables.

Zeek (or wireshark) can revel what domains and ip addresses are being accessed. Pihole and iptables can block those addresses. Pihole needs to be the only DNS allowed and iptables needs to be running in between the TV and its path to the internet.

Easily bypassed with Wifi or 4G.

Yes, this! I asked in another thread if there was a faraday cage we could use for the tv or at least tamper with the wifi antenna. I know CRTs have dangerous levels of voltage, so I hope it's not the case for lcd/led TVs

You could wrap the TV in aluminum foil.

>Perhaps the best April Fools’ joke of the (Youth) Journal [a Dutch news program] came in 1969. Special cars would drive around with scanners to track down television owners who hadn’t paid the license fee [it’s like in the UK, where you have to pay a fee to the BBC]. But if you wrapped the TV in aluminum foil, you could fool the scanners. Before long there was no foil to be found in stores. http://business.time.com/2007/08/21/why_dutch_people_wrapped...

That’s why we use projectors in our home :)

Also, side benefit of no large black rectangle :)

Can you comment on the image quality of that vs. a modern LCD TV?

I'm looking to add a TV, large computer monitor, or similar to our living room for PC gaming, XBox gaming, and movies.

I assumed that a projector would be washed out whenever the room's lights were on. Which would be a hassle for people who wanted to be in the living room at the time but were doing other activities.

It's apples to oranges in my opinion, since it's a comparison between 50" and 150" at the same resolution. What advantage the TV may have in pixel sharpness a good projector more than makes up for in size and field of view.

I went with an Epson 1060 (which is a fairly budget option) and it's freaking awesome. I was afraid it would be dim in full sunlight, but it's not a problem at all. My screen is next to two windows and even in full daylight with the lights on it is super bright and visible even while in eco mode (which is dimmer than regular mode). Fully replaced my TV and at a much much lower price point than the biggest possible LCD. Also, replacement bulbs are ~$60 bucks and I have yet to replace one after ~2 years.

Added bonus is the option to install a powered retractable screen, which make the TV all but disappear from the room when not in use.

Last year I picked up a projector to put in our bedroom for movie viewing and gaming. One thing you want to consider if gaming is important to you is the latency of the projector. I ended up going with an Optoma GT1080[0] because I wanted something that was short throw for my layout and the latency (16ms) is quite good. Modern TV's are typically around 10ms to put that in perspective.

When the room is dark it's absolutely amazing, like being at the movies. When lights are on it is quite washed out. Still usable but not as enjoyable. Since the projector sits in my bedroom it's not much of an issue to always have the lights off but in a living room I can see that being a hassle.

Once you get the projector and screen (they do make a difference) I could have gotten several (cheaper) modern TV's but the experience of the projector is what I love. One thing as a new buyer I wish I knew was how much heat projectors can generate. My bedroom is fairly small and this thing can really heat the room up to sometimes an uncomfortable level after long viewing sessions.

[0] https://www.optoma.com/us/product/gt1080darbee/#

I'd recommend this route instead. Holy hell these things looked good. Could still suffer from glare, but they were really rich in tone.


That thing used to be 7000+ CAD. Even more when they first came out. In between legs at school I sold them in Calgary.

I’ve been using a projector as my only tv for years, and even during the daytime it’s still usable. It definitely is better in the dark, but usually I don’t even close my blinds during the day.

I’ve had to replace the bulb once in about 4 years. Or rather the timer went off to warn me and I replaced it — bulb was still working though. New lamp was fairly cheap too IIRC, $40, maybe less?

And I can take it with me, or outside in my backyard for a movie night. I probably won’t ever go back to smart or dumb tvs

I’m not at the stage where our family has a nice one. Kids don’t care if quality is bad :)

It is fun having a >100” screen with a laser projector. I haven’t seen any of the new ones in person, but plan to get one some day.

Use retroreflective projection screens and they are ridiculously bright... (May have to turn down the laser projector brightness...)

The heat emission of projectors makes using them as a TV replacement pretty much DOA for me.

I throw cult movie nights and recently ditched the projector for a 42” screen - by the time there were 15-20 people in my living room, the heat of the projector made us keep windows open in Canadian winter.

Not to mention the usability issues during daylight, which make a projector (there’s a lot of light in my living room) mostly useless 50% of the time.

The large black rectangle has its own use - it clearly defines where the screen is occupying space, something you’ve gotta configure for a projector.

Unless you are privileged af enough to have a room you can dedicate to a home theatre setup - (in which case, good for you, housing/rent prices here in Toronto make that out of reach for me even as a low triple digit salary individual, four times higher than most of my similarly aged friends) - a projector’s disadvantages far outweigh its benefits.

Even if visibility wasn’t a glaring issue, the heat is practically unbearable. Worst idea I’d had was to try it in my bedroom as a TV replacement. :P

I went through several models of projectors in an attempt to see if any of them would be tolerable, but no.

Large TV’s emit heat as it is; but it’s really like a small heater in a room on low, instead of an industrial scale heater.

Laser projectors generate much less heat, is that what you use?

even w LED bulbs?

I'm guessing lawyers would get involved to shut that type of service down. Right to repair laws might help, but this sounds like the model for people selling modified PlayStations. There are companies that will re-house a photography lens to be cinema friendly. The lens manufactures don't stop this, because it doesn't really affect their bottom line. TV manufactures would lose the money they made agreements with 3rd party people, so you know they would be more litigious to protect that income.

> The FBI advocates installing security updates and customising privacy options

That doesn't work when the manufacturer of the smart TV you got 3 years ago stopped providing updates 4 years ago. Then your nephew found a list of all the vulnerabilities it has.

As someone who works in software I have been advising all my friends and anyone who cares to listen NOT to buy a smart tv but rather buy a Fire TV Stick or any another Android TV box or stick. Apart from smart TVs being ridiculously overpriced, my reasoning has been you can always upgrade your TV box for less than you upgrade your Smart TV once software on smart TV no longer being updated.

I think you have it backwards--the 'dumb TVs' are the ones that are expensive now. Presumably smart TVs are subsidized by the manufacturer selling the data they collect on you.

For now, I've settled for buying a smart TV and not connecting it to the Internet. Until they come up with a way to phone home without my Wi-Fi, I think I should be safe from spying and vulnerabilities..

> Presumably smart TVs are subsidized by the manufacturer selling the data they collect on you.

There's no presumption, this is known.


> Until they come up with a way to phone home without my Wi-Fi

I've seen several reports that some TVs will find and connect to an open Wi-Fi if you don't set them up, and then phone home that way.

Probably better to connect it to your Wi-Fi, but block its access to WAN. Or open the TV and remove the module entirely.

Perhaps pricing is location based. In South Africa only a small population have broadband to full utilize the "smart" features. IMHO for many it is more of a status symbol having a smart TV but that's just my opinion. Smart TVs definitely cost more.

Dumb TVs are only offered as budget models, so they're not really that expensive. I wish there were high end dumb TVs offered.

I'd also argue that the built-in apps on "smart" TVs increase the manufacturer's profit margins rather than reduce costs for consumers. Sure there are some brands/models that compete on affordability, but others don't need to. After all, did the price of the iPhone go down as Apple scaled up and reduced the cost of manufacturing? No. They just started making more money off of it.

All the Smart TVs I've bought have been like, ~$300 for 50"-55" on Black Friday sales. How are they overpriced?

Even without considering price, I am pretty sure smart features are standard in almost every TV now. I started looking for a new TV last week, and I can count the amount of non-smart TVs I saw on one hand.

Dumb TVs simply do not exist anymore for all practical purposes. The common advice is to get a commercial or hospitality panel but that advice is outdated, those all have smart features now, too.

At the same time, folks all over the internet like to mention finding dumb TVs but never provide links, model names, or even just brand names. Why? I've looked pretty hard and can't find any actual verified dumb TVs that are actually for sale anywhere. The top comment in this post at the time of this writing directly mentions finding a buying a smart TV, but provides no further details.

I've heard the "buy commercial dumb panels", but also have never seen links.

For the one smart tv I do have, I just don't have it connected to the internet. Even then, I have no way of knowing if it's connecting to any open wifi networks near me.

Just search for "commercial displays" and they should show up.

https://www.samsung.com/us/business/products/displays/ under "4K UHD Displays"


Vizio still sells dumb TVs at 30 inches and smaller, and not 4k

I am in South Africa. Smart TVs cost by my calculations at least 10 percent to as much as 30 percent more for same size screen and resolution. Perhaps it's the in thing right now to get a smart tv hence the difference in price.

Can you share some links to these cheap "dumb TVs" available to you in South Africa? Which brand/model?

The best I can do is send you link our biggest online shopping site called Takealot[0].


It also doesn't work when you have to accept advertising to update your device.

This is the advantage of RokuTV. They don't treat their platform as abandonware to force you into buying a new TV. They can't afford to piss off their userbase who will just migrate to an alternative.

The actual warning came from Oregon:


They do provide some solid advice, like checking settings and making sure it gets updated. It's probably good that they send out warnings like these, most people probably don't get any thought to any IoT stuff at all. I don't know how big a target TVs are in reality, but it can't hurt to get people thinking about these things.

This should be the HN link instead of the trashy ad-laden daily mail page

When i got a new TV last year, the kid at Best Buy thought it was funny i wanted a non smart TV. I managed to get a 55" with no networking or applications. I know i am the minority, but i just want the TV to turn on and display a picture. i have a blu-ray player that is like 8 years old. It has netflix and vudu and MLB and about 4 more apps. None can work anymore, they stop updating devices after a year or so. I would rather have a roku or something that gets updated.

Remember when Samsung warned about having conversations around TV sets...


I was quite pleased to find that my LG webOS TV doesn't even associate to the Wi-Fi unless it's switched on. Will be interesting to see how well it works in 5-10 years of course, but it does work as a non-smart TV even if I don't connect it to the Internet, so at least that functionality should last.

I just opt for not connecting them to the internet.

I'm guessing it's just a small matter of time before they start adding cell connectivity.

I'd imagine Verizon or ATT wouldn't charge too much since they'd be sending logs, voice snippets, and maybe a few images. If the TV companies offered to share the data, they could probably get cell companies to do it for free.

At which point I'd only buy TVs without them, or just buy projectors instead. That'd be too ridiculous.

Until they start shipping cellular modems or connecting to open and unsecured networks.

> I managed to get a 55" with no networking or applications

I'm surprised you managed to find one. They seem quite rare these days outside of some budget brands that don't bother due to cost.

It is an Insignia from Best Buy, so it is a budget brand.

My 5 year old Roku TV has stopped updating, and the extremely buggy apps are slowing stopping working one by one. I may get a 2019 Roku stick and use it on my once smart, but now pretty dumb, TV.

The first Roku TV platform was launched in Fall 2014 with TVs by TCL and Hisense; those TVs are still getting software updates -- 9.1 was released earlier this year, and Roku OS 9.2 is in the process of being pushed to all models now. Releases often occur in stages, with Roku monitoring a release to see if there are blocking issues that need to be fixed before doing a wider push. Also, Roku OS releases do usually arrive for set-top boxes before they arrive on TVs due to the complexity of the TV feature sets and validation on all the models.

You can see a hardware comparison chart at https://developer.roku.com/docs/specs/hardware.md -- Liberty was the platform name of that first generation of Roku TVs.

I had a similar experience. Hard if not impossible to find a non-smart tv. Like you said we are probably the minority but I think there is a market for dumb, large screens.

My TV is blocked from communicating outside my network by a MAC-based IPTABLES rule on my router.

I would just entirely disable WiFi on the thing, but guess what? Once you set the wireless up, there's no way to erase that data from the TV again. But allowing the TV to be on the network but not on the internet allows me to use some IoT features locally, so it's an alright compromise by me for now.

I would buy a dumb TV in a heartbeat, next time I upgrade. If there's one available.

What local IoT features are you referring to?

>I would buy a dumb TV in a heartbeat, next time I upgrade. If there's one available.

There are none that I could find when I bought my TV some months ago. I hope that eventually some anonymous heroes start flashing open source OSs to their smart TVs and make us owners of our hardware again.

One such feature is the ability to play from local network storage. Possibly also ambient lighting control.

I guess if we were talking about possible features rather than actual one's: the ability to use the tv's tuner to stream to other devices would be another intranet feature that could be on someone's wishlist.

I agree the equivalent of cyongenmod/LineageOS for smart tv's would be great.

That would be nice... all the TVs with nicer displays seem to have the integrated internet crap.

They exist, in 4K too! I bought mine through Amazon.

If you just change the WiFi password, the TV should probably become something like a dumb TV, shouldn't it ?

Yes, assuming there's not an open wifi around.

I had that problem with a stupid alarm clock. I wanted to change it to winter time and accidentally pressed the wrong button for a view seconds and voila now it wants to setup all it's IoT features and constantly blinks... Disconnecting power and removing internally battery didn't help. I guess I need a new alarm clock with "sunrise feature" (Or maybe build it myself).

"If there's one available."

Just don't connect the network - use only HDMI. This will turn a "smart TV" into a "dump TV".

Smart TVs have been seen connecting to any open network automatically, like a neighbors.

This is disgusting, if true. That should clearly be illegal. (Though every wifi network should have a password at this point...)

Why ? I would give open Internet access, if there wasn't a law that caused me to be liable for what other people that connected through it did...

Trying to subvert the TV owner's wishes and exfiltrate the owner's private data even when they avoided connecting the TV to a network is what should be illegal. Not simply using an open wifi network.

You'd have to bridge whatever you're connecting the hdmi to make that a problem not? I generally don't have that kind of a setup for network clients. Least I've never seen a network device that was originating off the hdmi port in my life.

Can you provide more context?

The context is that there are many more ways network access might happen and that "just don't connect it" is short-sighted, naive, and missing the point. You personally might not have that kind of setup, but I can imagine there are home theater receivers out there with 8P8C ports that could by default act as an ethernet switch for HDMI-connected devices. There's also nothing preventing the TV firmware from being programmed to scan for and connect to any open Wi-Fi network if it has no network association, or network hopping if it has an association but still can't phone home. I'm not thinking in the context of you, me, and the other supernerds here on HN. I'm thinking of the generic Walmart consumer, probably using an ISP-provided Wi-Fi router or some other extremely uncomplicated network setup, who just wants to buy a TV and doesn't realize how many ways it can spy on them.

Sure, but just pointing out that the ability to carry an ethernet signal does not impart the ability to talk on the network the hdmi might somehow be plugged into.

If you can provide an example of a receiver that does this that would help. I'd like to see actual usage of this feature before I start worrying about attack vectors. From what I can find nobody has implemented it.

We're fighting the wrong battle if we are waiting to see which ways evil devices try to operate and block them instead of demanding evil devices not exist in the first place.

Change your router's password. If you're really attached to your current password then switch the TV to the new password, and then change it back. Either way your TV won't have your WiFi information anymore.

Thank you for reminding me I need to treat my old bricked smart tvs like computers and destroy their data storage in a shredder rather than dumping them in the monitor graveyard at the transfer station.

I don't have the technical capability to do it, but it would be great to know how to cover the wifi transmitter on the TV (like we do cameras on our laptops), but with an electrical barrier tape (Yes, i'm trying to avoid saying "tinfoil.")

Maybe someone could even put together a repository of diagrams to show which areas need to be covered.

Would be a fun to see for us paranoid people.

I don't think that would be likely to work very well - besides being somewhat impractical, most RF electronics are already covered by metal 'cans' to prevent excessive EMI from escaping. You might be able to find the antenna and wrap foil around it, but that just sounds like a recipe for shorting something out once the foil gets unwedged/unstuck.

Plus, tin foil hats can actually improve signal reception around the 2.5GHz range used by WiFi :P


All this talk of TVs using your neighbor’s unencrypted wifi, am open hotspot, default ISP network credentials, or onboard 2G transmitters is making me seriously start to think it’s not a bad idea to build a huge faraday cage into the insulation/structure of a home with access-controlled, hardwired points of ingress/egress for your own traffic.

Hypothetically, this could also serve to vastly improve the WiFi performance within your home as well. All of your neighbors' 2.4/5 GHz noise would be substantially attenuated at your walls.

The only real annoyance (aside from installing a huge faraday cage throughout your home) would be the need for a way to relay cell communications via your hardwired ingress/egress paths. Or, you simply designate your home a cell-free zone and walk outside when you wish to receive your SMS payloads or make a phone call. WiFi calling is probably a good solution for a lot of people too.

Yep, I am leaning towards this as well. I talked about this sort of thing so much my non tech mom build a faraday cage electronics box. In the future these are going to be much more common topics.

I managed to buy a dumb TV in 2018. The model itself was a 2017 model, and it was literally the only dumb TV I could find on Amazon. Now, my only hope is that it works long enough that the smart TV craze dies.

It won't. As a manufacturer, you can sell the same display cheaper as a Smart than a Dumb TV due to existing preinstallation and tracking agreements with third parties. Just don't connect it to the net — as long as that still works. Also considering the Fitbit disaster (I own a device), I think we'll eventually need new legislation on devices that get worthless without a connection.

>Also considering the Fitbit disaster

I'm assuming the disaster is being bought by Google. What is needed is some sort of regulation that prevents the new owner to use the newly acquired data in a way that the user did not originally agree to. If the original agreement stated that the data would not be sold, then the new owner just can't go off and sell the data. This is what the regulation needs to protect, as well as the new company cannot retrospectively remove the option either.

Do do know you don't have to connect your Smart TV to the Internet and could use it as a dumb tv?

I don't understand why you were down-voted. I agree with you. That's what I did, I just don't allow my "Smart TV" to connect to the internet, and now it's "dumb". Am I missing something? Who cares if it's smart or not, if it has no connection to the internet, it's always "dumb."

There's another comment above that states that you have no idea if the TV isn't trying to connect to open WiFis, or even use acoustic channels to talk to an app on your phone or smart speaker.

Sounds paranoid, but so did everything else until now.

HDMI v1.4 includes Ethernet, so it is theoretically possible for a smart TV to connect to an internet-connected HDMI device and still get out to the internet, or vice versa. But nobody has ever implemented it commercially, so this will probably never be a real attack.

What brand/model TV?

"TCL 49D100 49-Inch 1080p LED TV (2017 Model)"

It's an "ok" TV. The picture is pretty decent, but not great. The sound is fine. The refresh rate is usually ok, but isn't suitable for fast paced games.

In my hosehold TVs are only used as large monitors connected to computers by HDMI/DisplayPort . Any other connectivity is disabled. We've stopped using the actual television whether over the air or IP based years ago.

Of course computers can be broken into as well but at least those are the beasts I know how to maintain.

Same set up here. You turn on the TV and are greeted by the Ubuntu desktop. From there you can launch Firefox and sign into Jellyfin or whatever streaming service you prefer.

Or... don't connect TV into any network. Have external devices as the only source of TV signal. Be it PC (like me), consoles, chromecast/fire/roku etc.

Was there actually ever a TV update that changed anything significant for the better in the mode I describe above? Its an honest question, since I never did it.

I prefer to put the smart TV in a dedicated VLAN. There could be useful "apps" (say, Netflix or other online channels) there might be worth having inside the smart TV itself.

I had to connect mine to the network in order to change lighting/contrast settings, as it has very few physical controls.

Not even a remote control to handle basic settings, or were the settings locked until connected to a network?

Networked remote control, to help you control the TV from the opposite side of the world.

I often put tape over my laptop cameras for on location business meetings etc but you can't do this with my HCL smart TV at home as it is hidden behind the screen, hard to know where the microphone is located too. I'd like to know and think this sort of information should be legally enforced in personal digital rights legislation and the right to disable all outbound connectivity

previously on internet : hackers warns that connected televisions can provide FBI a window into homes

Not disagreeing with the FBI, but do _that_ many smart TVs actually have cameras in them? Most (if not all) of Samsung's current product lineup, for example. don't.

A number of unpatched TVs could already be part of a botnet: https://www.trendmicro.com/vinfo/us/security/news/internet-o...

While not literally taking video and recordings of you, it's still problematic.

Tried to look for one recently without much luck. The crux of their death seems to be Skype ending support for their smart TV software. They definitely existed, though. And it was also possible to add a camera via USB in some cases.

I have a Samsung and didn't normally have it connected to the network. One day I got curious to see what apps it had and set it up on my wireless network thinking I can just restore the tv to it's factory settings. Nope. A factory restore keeps your network info stored. It doesn't connect, mind you, but it doesn't wipe it.

I didn't even know tvs had cameras. I just got A new 4k tv and it was hard to find a dumb one. All the higher quality one's in the store are smart. This one was cheap but the refresh rate is low and the picture stutters.

It's getting harder to escape the surveillance. Quality of life will increasingly diverge from the main stream.

Please don't post links from The Daily Mail, it's a tabloid with no integrity at all.

I understand the terrible breach in privacy that comes with smart appliances (Looking at you Alexa), it could be argued that through a standard we could make this appliances "safer" or more secure to breaches.

The reality is that as long as there is any profit to be made from selling them, corners will be cut and people by trying to save will end up with smart appliances that end up being windows to unknown actors.

In this scenario I find it way more comforting for big corporations and governments to have access over individuals who could target specific people. Abstinence seems like the only solution from an individuals POV.

Customers are powerless even if the FBI warns them. Real change will come when manufacturers will be forced to deliver security updates for their devices in a timely manner for at least 5 years.

Not even new devices are kept secure, high-end Sony TVs manufactured in 2019 are still on the Android security patch level of June 1, 2019. No new updates are available from Sony, despite multiple high-severity security issues being publicly documented and ready to exploit.

And more importantly, nobody is liable when security updates are not delivered and customers are exploited using public CVEs.

This is relevant to me. I just hooked up a TCL (Chinese state owned TV company) to the internet yesterday for firmware updates. Even though I reset the internet connection afterwards, I have no idea what type of nefarious thing it can do, or if it truly forgot my WiFi password.

To rest easier, I actually banned it’s MAC from accessing my network. Even that is probably not sufficient.

All of my viewing is through my Apple TV, which in my opinion is the most privacy-centered company in silicone valley.

> To rest easier, I actually banned it’s MAC from accessing my network. Even that is probably not sufficient.

I'm curious why that is (possibly) not sufficient? Anyone?

it can easily use a different source MAC if there is some network enumeration / scanning / vuln test happening. it could even keep the same MAC you set for the normal traffic and use a hidden second MAC for its nefarious traffic.

you beat this by setting a MAC and then doing macsec ( swithcport security by MAC address ) on that switch port the TV is connected to.

MACs can be changed.

If you're really paranoid, maybe you could remove the wifi card.

I don’t want to go through the hassle of installing it again in a few months to do a firmware upgrade.

Why would you need a firmware upgrade for a non-smart TV? If it accepts HDMI up to 4K now what kind of an update would it need?

On my TV they improved motion handling.

I've realized that I can still buy dumb TVs (for now), but their resolution will top out at 1080p. And that's fine as it's still Blu-ray resolution. Despite having a Chinese brand 4K TV since 2014, I haven't come across a single piece of video content that I felt I "must have" in 4K.

For video games, you can still buy 4K monitors and play them on that.

I setup a Pi Hole this weekend in preparation for a black friday deal on a Roku and because I heard my smart TV was chatty. This wont protect you from a TV that will connect to open wifi around you (or one that uses a hardcoded DNS), but it was an easy project (20mins) that is already providing me with a wealth of data points about my home network.

By the way, for anyone wanting just a plain dumbtv/monitor, there are options. Mostly more expensive and/or better than a lot of TV options, depending on your needs.


But if we don't connect our TVs to the internet, how can we stream Netflix, YouTube, and Amazon video?

I am skeptical that an attachment from Google, Amazon, Roku, or the like would be any less chatty than the integrated processing in a smart TV. So you need a TV that connects by HDMI to an HTPC with software you trust running on it, if you're going to distrust stuff.

Given connected home appliances are about the only things with worse update schedules and practices than home routers/wifi, I frankly don't trust any of them... I'd rather use my NVidia Shield TV or a Fire TV device that at least gets regular updates.

Are there TV models which really connect to open Wifi? People keep mentioning this but it's a situation where it'd be more useful to have some facts.

Another option connect it to a dedicated subnet which cannot route to the internet or another device.

> connected televisions can provide hackers a window into homes

Yes! Like almost all other connected devices we are using. (Computers, Phones, Routers, DSL Modems, WiFi Access Points, Smart speakers, Cars, Modern cameras, ...)

Recent and related (but different): https://news.ycombinator.com/item?id=21657930

This is why I monitor what my pihole is and isn't blocking. I've blocked all the domains my TV uses to send tracking data.

This certainly feels underhanded - if par for the course for US data privacy - but what is the fundamental risk here?

Replace "connected televisions" with "Internet of Things" and yes exactly

It's unfortunate that most consumers want a smart tv and don't want to deal with the hassle of a box. At least when there were dumb tvs with a box set you could vote with your money as to what was important ie channels or security/privacy.

Maybe they enjoy upgrading tvs as often as smartphones?

I've always wondered why more people don't go for projectors. It's not (or less) prone to bloatware, tracking scripts, and unsavory things of the sort.

Plus, you can get bigger screensizes. Is there something I'm missing apart from the bulb hours?

> Hackers warn that connected televisions can provide FBI a window into homes


it isn’t just connected TVs. it’s those with a camera as well. not all smart TVs have a camera. i have a relatively high-end smart TV that doesn’t have a camera.

Sorry, I've been out of the loop here for the best part of 20 years. Why on earth would any TV have a camera? What's it used for?

Gesture control

video chat (many models had Skype a while back, as far as I remember that was shut down though)

I'm feeling a sudden overpowering urge to throw clogs into things.


I just find the idea that people would pay money to have an insecure network-attached camera pointed at them at home, because picking up a remote control was just too much like hard work, utterly horrifying. This is not how I envisaged the future panning out.

Well the video chat thing actually makes a lot of sense, and was definitely predicted by a lot of sci-fi many decades ago, even in "2001: A Space Odyssey" in 1967. I'm actually surprised that of all the things sci-fi predicted, that that one didn't pan out much. It turns out that, in the future, people prefer exchanging extremely short text messages with each other than seeing each others' faces, or even spending time in each others' presence. Futurists from a half-century ago would be shocked and disappointed.

mostly for video chatting. it felt like a fad a few years ago. with the ubiquity or phones, tablets, and laptops, it seems like a pointless feature anyway.

Sad to see a daily mail link on hacker news

vlan, vlan it all! serious note glad i went ubiquiti setup when i moved into new home.

Tl;dr to all of this: unplug your “smart” TV and use an Apple TV or other privacy-focused box.

Please don't post stuff from The Daily Mail. It's a tabloid with no journalistic integrity.

Are they factually wrong or providing a slanted view in this article?

In the Amanda Knox case they wrote two stories, one to run if she lost and one if she won. The in case she lost story included quotes in reaction to her losing and a description of her reaction to hearing the verdict. The story was written before the quotes it includes were (it claimed) said. They accidentally ran it when she won demonstrating that they completely invent quotes. This is not the only instance they've been caught completely manufacturing quotes.

Everyone knows that news articles can be selective in how they choose to report, and that therefore they should rely on multiple sources. This is bad but not a fatal error. If a news agency completely invents quotes that destroys the fundamental trust that makes it possible to build on flawed sourcing.

> The Press Complaints Commission has upheld a complaint against the Daily Mail

> The [incorrect] article ...was live for 90 seconds

> [The incorrect article] included quotes attributed to the prosecutors apparently reacting to the guilty verdict, and the description of the reaction in the courtroom to the news, stating that Knox "sank into her chair sobbing uncontrollably while her family and friends hugged each other in tears"

> It further stated that the family of Meredith Kercher "remained expressionless, staring straight ahead, glancing over just once at the distraught Knox family".

> The newspaper apologised for the mistake. It said that it was standard practice in such high-profile cases for two alternative stories (plus supporting quotes) to be prepared in advance

> It had published an online apology and explanation to readers; published the correct verdict in print the following day; launched an immediate internal inquiry (and subsequently changed its practices regarding such 'set and hold' stories); and also disciplined the person responsible for the error.

> Although the PCC recognised that the newspaper had acted swiftly and proportionately to correct the breach of the editors' code - and acknowledged that the story had only been live for a short period of time - it nonetheless remained "particularly concerned" about other aspects of the report, most particularly the fictitious account of what had happened in the courtroom.

> The attempt to present contemporaneous reporting of events in such a manner was "clearly not acceptable".


I'm no fan of the Daily Mail in particular or their political leanings in general, but I don't think you're being fair here. It was live for 90 whole seconds and you wrote almost 400 words about how it's the worst thing ever? I agree that they should use Lorem Ipsum style filler text until they have real quotes, but preparing two versions of stories is extremely common. Most news outlets have a stack of "in case of death" stories on file for every possible celebrity or public figure. They even wrote one in case the Apollo 1 astronauts died.

"IN EVENT OF MOON DISASTER": https://www.archives.gov/files/presidential-libraries/events...

The issue isn't that they wrote two stories. The issue isn't that people may have been deceived by the wrong story being up for a few seconds.

The issue is that people have accused them of completely fabricating quotes for decades, and this was conclusive proof of the practice because the quotes in it could never have been said. This would be if the in case of moon disaster speech included a statement from the widow of one of the astronauts saying it was all worth it for science.

How is it not fair? This episode shows that any quotes in a Daily Mail story are probably completely fabricated, and that you can't trust anything in there to be the truth and not complete fiction.

> that you can't trust anything in there to be the truth and not complete fiction

Yeah, I'd agree with that. I'd say the same about literally any news outlet on the planet, though.

I completely disagree: lots of other news outlets have not ruined their reputation by printing outright falsehoods intentionally. There's a huge difference between some bias (which is completely unavoidable, everything is "biased" because someone has to choose what to print and what not to), and fabricating total lies.

Lots of other news outlets have not ruined their reputation by _getting caught_ printing outright falsehoods intentionally. Trust no one.

None of that has anything to do with this article though.

My entire argument is that The Daily Mail is so uniquely bad in a specific way that they shouldn't be used as sourcing for anything.

Probably. I'm not going to waste my time reading or fact checking something from them.

If it's an interesting topic find a trustworthy source to post.

On HN we go by article quality, not site quality. Many bad sites produce the occasional good article.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact