Slashdot Mirror

← Back to Stories (view on slashdot.org)

TiVo Usage Info Collected For Sale

Posted by timothy on from the more-coneheads-and-daria-please dept.

therevan writes: "Headline News reports here that TiVo, the digital television recording technology, has been accused by privacy groups of selling user usage info to advertising agencies. Now you're not even safe with your computer unplugged." Though no specific sale is talked about, the article says that TiVO has acknowleged creating an (anonymized) database of viewing information for that purpose. It's not the first time that privacy concerns about TiVO viewing habits have been raised, but the company insist that all such information is separated from personally identifying information.

7 of 276 comments (clear)

  1. Re:800# opt-out by stripes · · Score: 5
    According to the article on MSNBC concerning this, TiVo claims that there is an 800# subscribers can call to have all data, even anonymous data, removed from their database and have no further data taken. Anyone know what this # is?

    Chapter 7 "Privacy and Service" starts on page 71 of my manual, page 73 lists the "1-877-FOR-TIVO (1-877-367-8486)" number as the one to call to review the data TiVo has sent, or to have it all deleted and your TiVo to not send more.

    It defanalty isn't hidden. The print isn't even any smaller then the rest of the plain text in the manual.

  2. The Problem with Tivo Selling Data by Caballero · · Score: 5

    The biggest problem with Tivo selling the data is that the television networks are going to figure out that Tivo users never watch commercials! I watch almost nothing in real-time and always skip the commercials. It's great, but not what television executives want to hear. There was a piece on 60 minutes recently about PVRs. This was one of their main points, if people don't watch ads then they lose the revenue to sustain the shows. They suggested in-program product placements (the hero holds up a pepsi) and pay-per-view for normal TV as alternatives. They are expecting PVRs to be the biggest commercial electonics product launch in history. (faster then CDs, DVDs, etc) We're already seeing the problems web sites are having with being advertiser driven. The only thing stopping people from doing that with TV was that it was difficult. Now PVRs make it really easy. It'l be interesting to see how it works out.

  3. So what? by Scutter · · Score: 5

    We (the TiVo using community) knew they were collecting anonymous information. What did you *think* they were going to use it for? TiVo has also gone out of their way to make sure you can opt out as well.

    If it makes my television viewing better, then I'm all for *anonymous* tracking.

    FP

    --

    "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
  4. This is NOTHING ground breaking... by Controlio · · Score: 5
    This information is not secret, and in fact is well documented. It is even freely discussed in the AVS TiVo Forums. As a matter of fact, here is exactly what is sent out to TiVo headquarters, as reported by moderator Otto:

    For the record, the Tivo sends back two files.

    The first one is a debug logfile for the software. It contains the serial number, a bunch of good identifying info, but no viewing data or remote keypresses or anything like that.

    The second file contains *only* viewing info and remote keypresses. It is time-stamped, but it has no serial number.

    They are both sent back to an FTP server (in 1.3) or an HTTP server (in 2.0). The command to send them back in 2.0 includes the serial in the debug file send request, but not in the anonymous viewing data request. While it would be possible to sync them via http logfiles, it's not worth the trouble.

    Face it, your individual viewing data is WORTHLESS. You're just not that important of a person. Viewing data is only worthwhile as an aggregate, despite what everyone seems to think.

    Your viewing data combined with 150,000 other people's viewing data, sorted by region (zipcode is included), might have some value to it after all. Nobody cares that you watch ER, but they might care that Everybody in your zipcode watches ER. Or that everybody in your zipcode doesn't watch ER. They might try to increase advertising in that region because it does so poorly there. Or some other such thing. This is not an invasion of your privacy.

    ...

    One more thing, while the data was sent unencrypted in 1.3, it definitely is encrypted in 2.0. Ever notice that the lights on the front of the tivo blink a few times just before the call? That's the Tivo accessing the crypto chip to encrypt the anonymous information and the debugging log.


    So you need not worry about the dark black circle in the middle of your TiVo glowing red or the machine referring to you as "Dave". It's all just anonymous viewing data harvested by area, and has no ties with you whatsoever. For more info on this sort of thing, go do a search over at the AVS TiVo Forum.

    Oh yeah, and STOP BEING SO PARANOID!!! :)
  5. it IS anonymous by dwbryson · · Score: 5

    My professor works for a privacy center at my school and one of the things he has looked into was a tivo. In my security class he explained to us how he went about figuring out what kind of information the tivo uploaded to it's servers. The thing calls home in the early morning and usualy transfers about 5 megs of data. He ended up setting up around $500 worth of equipment to get this stuff to work. The tivo was setup so that it's outgoing phone system was hooked up to his laptop, in one modem, and in another modem his laptop was hooked up to the phone jack. With a couple more peices of equipment and some simple programming he did a man-in-the-middle attack with the connection. When the tivo dialed it's home server the laptop listened to the number and then built a PPP connection to the server using the other modem. As the traffic flowed through each of the connections it was logged in a file. Afterwards, with a few unix tools, we converted the PPP data into tcp output, then the TCP output into raw data with time logs. As it turns out the tivo really does send *anonymous* data. In their privacy statement they say that they seperate your "personally identifiable data" from the "anonymous" data. The logs just showed when you changed the channel and when you started and stopped recording. The system also checked for updates for it's system, and downloaded a channel listing. However, it did tell the server it's serial number, and the ISP it used to login to the server was a local one. So if they REALLY needed to i bet they could track you down and match your records to your viewing habits. But really people, they are telling the truth they don't track you.

    --
    - "Never let a computer tell me shit." - DelTron Zero
  6. MegaDittos! MetaDittos! Wah wah wah! by StoryMan · · Score: 5

    Well, here's a newsflash: it's not surprising because TIVO has said for the past two years that they've been doing this.

    It's no mystery, never has been a mystery, and is only a mystery to those odd privacy foundation folks who -- after two years of TIVO -- suddenly cracked open their TIVO manual and read that, yes indeed, TIVO collects and aggregates usage statistics.

    I love it when "foundations" underwrite studies in order to garner publicity. Their so-called "studies" -- or press releases, whatever you want to call them -- always ride the crest of this week's current "hysterical trend."

    The question we should be asking -- and no, I haven't checked their web page yet -- is who, exactly, is this foundation? What corporation has them in their pocket? (They wouldn't be involved with Microsoft, would they? I mean, MS would love to indirectly spread TIVO FUD -- indirectly, you'll notice I say -- because their oft-delayed Ultimate TV will very shortly make its way into pipelines.)

    Maybe they aren't affiliated with MS at all, but it wouldn't surprise me one bit. Likewise, it wouldn't surprise me if this place gets funding from the core foundations of the American "right" -- the NRA, the various Christian fundamentalist groups, or whatever non-profit "moral authority" is the flavor of the day.

    ("Hey, video games are what causes the school shootings! And, TIVO, by god, it's on a video screen -- and it sorta plays like a game -- so you bet, we don't like TIVO either. It's just proof that the private button presses of our gun-carrying members are used to further the left's 'liberal' agenda!" "MegaDittos, Rush! MegaDitto's to you from Spokane!" "MegaDittos from Newport News! MetaDittos from New Mexico!" "All hail Mom, Apple Pie, shotguns, and Rush Limbaugh! Because, as you know, this country was founded on freedom: the freedom to carry guns, blow shit up, and read the bible!")

    1. Re:MegaDittos! MetaDittos! Wah wah wah! by StoryMan · · Score: 5
      Aha! Here's the link: Peter Barton, head of this wonky privacy foundation, was the former head of Liberty Media in which *GemStar* had a 21% stake. (Liberty Media also has their hands on a multitude of cable channels most of which, I'd bet, would *love* to see TIVO take a crash dive.) But Gemstar: that's the kicker. Gemstar, you'll remember, claimed that they have the patents on *all* onscreen guides and for the past few years has sued nearly everyone who implemented an "on-screen" guide in one form or another. They have a long-running suit with TIVO which does not look it will be settled quietly. All you patent-busters: GEMSTAR ought to be a target on the radar.)

      Anyway, here's the link (as provided by one of the stories below):

      http://www.thestandard.com/article/display/0,1151, 18919,00.html

      And here's the link to Liberty Media:

      http://www.thestandard.com/companies/display/0,206 3,51395,00.html

      And, yes, I see that Barton's foundation "shills for no corporate interest," but if you believe that, I've got a bridge I'll sell ya, real cheap. It's not possible these days to claim that you "shill for no corporate interest." Take away the corporations and what's left? Well, America's Christian right, of course. :) (LOL -- just kidding. Well, not really. The fundamentalists are as manipulative as the corporate stooges.)

      Now, maybe Barton is really good guy and grew to, ya know (wink wink), "despise the role of corporations in the current media" and that's why he "had to go it alone and start up the privacy foundation." (I'm making these quotes up, but they sound like something a former corporate talking head might say in order to funnel donations and startup capital into his new -- and, of course! -- morally "just" enterprise. "Dammit, Jim, privacy is key! All our children will be destroyed! I must do something about it! I must take my, er, platinum parachute from this evil corporation and, um, do something for the common good! Now, um, where is that common good? Who do I talk to?")

      I'm no journalist. Just an angry critic of media -- and corporate -- manipulation.