Slashdot Mirror
Your Tivo Is Watching You
photozz writes: "Salon is running this story about Tivo and their plans to track user viewing habits for targeted ads. It also explores their stance on the 'hacking' of the Tivo for more memory." According to their CEO Mike Ramsay, "We do that in a non-personal way, protecting everybody's privacy," but the details of the actual data aggregation aren't addressed here. That the data is gathered should come as no surprise to anyone who notes that Tivo features a "learning" program-suggestion feature, but the mechanism and how closely data is linked to the customer is something I wish they would explain in more detail.
Bold is mine. This is light years ahead of most privacy policies, and they seem to be upfront about what info they use and what they don't.
Truly anonymous targeted ads are a Good Thing, as long as they are (let's repeat that) truly anonymous. They bring revenue for the company and are perhaps even useful to the consumer. (How much revenue is another thing - he flat-out admits that 80% of people fast-forward the ads.)
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
If you don't like it, don't use the service. They don't have a right to your private (although anonymous, they say) information anymore than you have a right to TV.
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
I actually happen to like this idea if it done properly. I own a Tivo, and I find it does a pretty good job of picking shows to record that I might like.. and if I don't I just give it's selection a thumbs down on the remote, and it will gradually get better. So if Tivo the company can use the same intelligence to send me comercials that it uses to record me shows, perhaps I might actually watch them. Everyone seems to forget that advertising is not the devil incarnate. If company X is having 60 gig hard drives on sale for $100, you bet I wouldn't mind if they told me. Too many companies advertise fluff that I have absolutly no interest in that I'm just in the habit of fast forwarding through every commercial by now though, but that could change if they could send me commercials that concern products I am interested in. Of course the one thing that does concern me is that they would link my preferences to my name, but Tivo has said they don't do that numerous times.. of course they might be doing it anyway without telling us, but that kind of info has a way of getting out eventually, and then look out lawsuits. just my 2 cents :)
Through a few links, found this interesting discussion :
;) Also, I can see the following as a challenge don't you?
.sig --
Hacke rs don't upset TiVo--yet
Looks like the discussion started from this site :
The unofficial TiVo Hackers Site
And the fact that the CEO is _okay_ with it is pretty interesting. But what's kinda scary is this quote
"One of the reasons we've created the receiver the way we have is that the disk is sealed into the receiver; you cannot get access to the digital information. So we are somewhat concerned about the ability of people to hack in and get access to the copyrighted material because obviously our partners in the media industry are very concerned about this. "
What! A SEALED disk is what's protecting this information?! Okay, I'm sure this isn't the case (let's hope not!) but still, kind of a funny quote nevertheless
Q: So you're afraid that people will save a bunch of movies, then transfer them from TiVo to their computers and eventually the Net. How possible is this?
A: It's an incredibly difficult task. It's one thing to record what you see onto the TiVo drive, but the format on that drive and how you get access to that drive is totally proprietary to us. It would be very difficult for somebody to actually hack into that. And as far as we know, no one is doing that today.
--
From the article:
So you're afraid that people will save a bunch of movies, then transfer them from TiVo to their computers and eventually the Net. How possible is this?
It's an incredibly difficult task. It's one thing to record what you see onto the TiVo drive, but the format on that drive and how you get access to that drive is totally proprietary to us. It would be very difficult for somebody to actually hack into that. And as far as we know, no one is doing that today.
Security through obscurity... Yeah, that'll work. NOT!
Someone must have thought of this before, but how easy would it be to make one yourself? A capture card, a large hard disk, a cheap processor... Sure, it'd cost more than US$399, but then you'd be calling the shots. That's gotta be worth it.
Has anyone done anything on this?
day #1 :
.sig --
Daughter watches smurfs.
Dad watches porn.
day #3 :
Dad sees "My Little Pony" commercials.
Daugher sees "I'm So Horny" commercials.
--
Sounds like you can decide whether or not to participate.
You see, the nagative implications outweigh the positive ones. Yes, there are positive advantages to targeted adverts, like showing you something you might actually be interested in instead of something you're almost surely not.
However, what we rail against is the potential for abuse. To generate targeted ads, there must be a database of your preferences. This information about you could be used against you, to harm your character or reputation, or as evidence against you in a criminal proceeding.
For example, tracking information indicating that you frequent gay/lesbian/bisexual sites could be used to unwillingly "out" you, and even to destroy your career. One of the most notable cases is that of Tim McVeigh--not the bomber, though they share names--who was outed to the military by one of AOL's "guides" who handed over information about McVeigh's interest in gay chatrooms.
Also, databases of consumer buying patterns have already been used against people in criminal cases. The example which comes to mind immediately is that of a small-town marijuana dealer unfortunate enough to use a store discount card at the supermarket--police subpoenad his shopping records, to ascertain whether he bought an unusually large number of plastic baggies or other "drug paraphernalia." Let's not forget that, while he was a criminal, the legalization of marijuana is favored by an extraordinarily large percentage of Americans, and that the potential for such databases to be exploited in investigations goes far beyond this.
Do you want your TiVo records to indicate that you watch a lot of softcore Cinemax porn when you're falsely accused of rape? Believe it or not, conservative juries can look down on even softcore legal stuff, and some judges will let it in. Or, what if you watch a lot of The Disney Channel and Nickelodeon and you're falsely accused of child molestation? Such "evidence" would *definitely* be used against you since a psychiatrist would be called to testify as to how well you fit the profile of a pedophile--watching excessive amounts of kids' shows is common pedophiliac behaviour.
Even worse, corporations have total control over this data--they can merge it into vast databases, covering every aspect of your life. That's what several corporations are aiming to do. What if this data is made available to other corporations for a small fee? Well, then a prospective employer could do a background check which includes your TV viewing habits and shopping habits, and screen you out because you watch too much Cinemax porn or too many mindless sitcoms, or because you buy too many OTC medicines and must be a health risk. Right now, privacy policies aren't really legally binding and can be changed without notice, so all this information could be merged into a seamless database without any legal recourse to stop it.
It's quite clear that the benefits of seeing ads I might be more inclined to click through are far surpassed by the risks. It's all in the name of making human beings into blathering, mindless consumers instead of citizens anyway--do I really care what ads they throw at me? Fuck no, I ignore them, like a good *individual* should. The less I give to corporations or support their domination of every media outlet, the better.
"The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*
The thing is hackable, you know. It runs Linux. If you're worried about what it's sending back, did it occur to nobody to just look?
Three files are uploaded to TiVo daily: tivoLog.pub, tivoLog.prv, and a log for 'myworld', the program that runs the machine.
tivoLog.pub appears to contain info on internal errors that have occured, but is usually empty.
tivoLog.prv is the issue here, it contains a log of every program watched and every button pressed on the remote.
Now, looking at the dialup scripts (Yes! It's all scripted!) You can see how it RANDOMIZES the name of the file before uploading it. No identifying information at all is in the file itself, the serial number isn't there. The serial number is used as the filename for upload, after being randomized. It appears possible for TiVo to change a setting and have the serial as the file name not randomized, but this is not set. It seems to be for debug purposes.
Sheesh.
Now the kicker: why shouldn't they have this info? It says it's taken in the manual. It says so on the site. Call up customer service and ask, they won't deny that they get it. One thing they do claim is that it's totally anonymous (true) and if you still don't want it, you can tell them to turn it off and it's done (also true, there's a setting in the box for it).
One final word (to correct a bad assumption): The TiVo Suggestions are computed entirely on your personal TiVo. No TiVo servers are used to compile this info, none of your thumbs ratings for shows are sent back to TiVo for this purpose. It's all local.
From now, before you bash something, learn what's really happening. It's fine to argue in the abstract, but a computer is not abstract, it's a real physical device. It's simpler to actually hack the thing and find the real story.
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.