Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samsung SmartTV Customers Warned Personal Conversations May Be Recorded

Posted by samzenpus on from the not-in-front-of-the-television dept.

An anonymous reader writes Samsung's privacy policy includes details that its Smart TV voice recognition feature may pick up on personal conversations and transmit private communications to third parties. Buried in the privacy policy related to the smart television, Samsung advises users to be aware that any snippets of conversation might be captured by the software which allows them to control their television sets with a series of commands. Questions have been raised about who these third parties could be, what the information is used for, and how the data is being transmitted – with potentially unencrypted voice clips left exposed to hackers.

31 of 309 comments (clear)

  1. But surely... by fruviad · · Score: 5, Insightful

    ...we can trust them not to abuse this. Right?

    1. Re:But surely... by thieh · · Score: 4, Insightful

      I would like them to explain why a recording function is needed in the first place. If it is about determining what the best content for you might be, wouldn't you be the best person to choose what you want to watch? Why then take your choices away from you? Or are we evolved to the point that choices have become obnoxious?

    2. Re:But surely... by greenfruitsalad · · Score: 4, Insightful

      not sure. that's why if i had a smartTV i'd dangle my man-bits and hairy behind in front its camera every time i walked past it. "you wanna watch? here you go, mr nsa. claw your eyes out."

      seriously, i want my TV to be as dumb as possible and fed content by an easily upgradeable computer.

    3. Re:But surely... by TWX · · Score: 4, Insightful

      It probably works like Siri or Cortana or any of a number of voice-process things, where they send the voice command data back to a more powerful computer to process what it actually meant.

      And if that's how it works as I expect, that's why I don't use it for anything that I'm not already sending over the Internet. As in, I'll use it for entering addresses in Google Maps because I'm already sending the address to Google anyway, but I'm not inclined to dictate text messages because the voice processor people have no business with that information.

      --
      Do not look into laser with remaining eye.
    4. Re:But surely... by dpidcoe · · Score: 4, Informative

      I would like them to explain why a recording function is needed in the first place.

      Probably for the voice recognition. The way smartphones have been doing it (and the way I'd suspect this TV works as well) is that they record your spoken commands, then send them out over the internet for a more powerful machine to crunch. After a few milliseconds of processing time, the interpretation is sent back to the phone and it performs the commands.

      The reality is that this is probably a tempest in a teapot and samsung isn't doing anything more nefarious than apple does with siri or google does with the "ok google" feature on android phones. That said, samsung deserves all the flak they get over this. They should have known better than to leave that kind of blanket statement in their license agreement as it clearly allows for abuse on the part of samsung or their 3rd parties.

    5. Re:But surely... by turp182 · · Score: 4, Insightful

      I believe it's considerably different from Siri or OK Google in that the TV is probably always listening (I'm assuming even when turned "off" so it can listen for the command to power up).

      --
      BlameBillCosby.com
    6. Re:But surely... by Jason+Levine · · Score: 4, Insightful

      When I got my newest phone, I tried out the voice recognition feature. I set it up and gave it a custom activation phrase that I figured wouldn't come up in normal conversation. What I didn't count on, though, was my phone apparently mishearing half of what I said. Several times a day, I'd hear the beeping noise it made when it recognized me ordering it to do something - but I hadn't said my activation phrase at all. My kids had a good laugh at the weird things that it mistook for an activation phrase. They'll still shout "she has a record" at my phone even though I've long turned off the voice recognition.

      Even if you don't get into the "recording everything around you and sending it to the parent company" issues, why not just use a button to begin voice commands? I can voice-search Google by pressing a microphone icon, I don't need my phone listening to me all the time just in case I utter something at the phone. Have smartphones made data-access so easy and have we gotten so lazy that "click this icon and get the weather" is too hard and we need to say "Phone, give me the weather"?!!!

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    7. Re:But surely... by afc_wimbledon · · Score: 3, Interesting

      Not so different...

      As I understand Siri, the phone only activates the voice command function (and thus sends what the phone hears to Apple HQ) when the home button is long pressed (unless "hey Siri" or the older "raise to talk" IIRC is activated). If you want voice commands on a Smart TV, it seems they are eavesdropping all the time. Together with what seems to me to be a bit of a luke-warm statement on privacy of this data from Samsung, this seems to be qualitatively different, IMO.

    8. Re:But surely... by aaron4801 · · Score: 3, Interesting

      I agree that the summary of this summary (and other stories about this today) make it sound like that, but the more I think of it, that premise seems suspect. Basically, it would be almost constantly streaming audio back to HQ. Now multiply that by 10s (100s?) of thousands of sets across the world, and getting any usable data to improve voice recognition, or parsing which words are intended to be voice control vs. just random talk would take far more computing power and bandwidth than it's worth.
      It seems more plausible to interpret the statement to say that while you are issuing voice commands, either via a keyword that can be recognized locally or by pressing a button, THEN any statements that may be unrelated to the functions of the set may be inadvertently picked up and sent to Samsung's (or partners') servers.
      Still, even with a favorable interpretation, it seems like an unnecessary, risky, costly "feature" that has only a marginal benefit to customers. Are we so lazy that even pressing a series of buttons takes too much effort? As an accessibility feature, fine, it makes some sense, but it should be turned off by default.

    9. Re:But surely... by Anonymous Coward · · Score: 3, Informative

      (I actually work on stuff about this, thus anon.)

      The idea is that the recognition of the "ok, google" or "siri" activator is simple enough that it runs on the device, without needing to send it to the cloud. Once the magic word wakes the device up, it starts sending audio up to the ASR remote service.

    10. Re:But surely... by CaptainLard · · Score: 5, Insightful

      I know right?? Star Trek proves that even after 400 (?) years of voice command optimization, the best activation method is still to physically press the communicator emblem thingy. If Picard isn't too busy for a quick gesture to get beamed out of a warp core explosion, you can push a button when you want to know where the closest chicken nuggets are.

    11. Re:But surely... by Anonymous Coward · · Score: 3, Insightful

      I have a Sony TV in my living room with a built-in camera so it can detect inactivity and turn off if there is nobody in the room, tune the sound to seat position, etc. - I disabled it in the setup but also put a piece of black electrical tape over it to block it so it can't see anything even if it was to be hacked and co-opted.

      Likewise, any TV that I buy that has a microphone for this kind of crap will get opened up and the wires disconnected from it to hardware disable it.

      I won't have that kind of crap in my house.

    12. Re:But surely... by Man+On+Pink+Corner · · Score: 4, Interesting

      The other day I discovered a new iOS feature I had no idea existed. While sending a text to a customer, I hit the microphone icon by mistake. Another person in the (parked, idling) car was muttering about how the customer was a moron, which, although true enough, wasn't something I intended to include as part of the text. Not hard to see where this story is going, right? Well, it's even dumber than you're thinking.

      I hit the 'Done' button to make the voice input UI go away, finished the text message, and hit 'Send.' As far as I knew, there was no danger that my friend's comment would be added to the text message. The car was too noisy and her voice was too low.for the speech recognition engine to understand, and in any event, the "moron" comment didn't appear in the outgoing text message. No problem.

      Except what did appear in the text message, visible only after I sent it, was a small attachment balloon with a waveform. Apparently, iOS now sends the captured audio file as a binary attachment if it can't extract any recognizable speech.

      So the obvious question is, what kind of drugs are these people taking? Is no one at a Fortune 500 company capable of thinking anything through these days? Do the programmers who think these features are "cool": and "awesome" not have managers with a three-digit IQ?

      Fortunately for me, my phone lost its signal right about then, and I was able to kill the text app while it was still displaying "Sending." I knew from experience that iOS's text app didn't attempt to provide guaranteed delivery, and sure enough, when I restarted it, it had forgotten all about the message it was trying to send. So in a sense, I was saved by the same dumbshit programmers at Apple who tried to ruin my day.

      It seems we have to adopt the same attitude around microphones that we normally apply to firearms. The gun is always loaded, and the mike is always live.

    13. Re:But surely... by Man+On+Pink+Corner · · Score: 3

      (Shrug) It wouldn't be unreasonable to ask my permission before transmitting an audio recording that I didn't even know was being made.

    14. Re:But surely... by Anonymous Coward · · Score: 4, Informative

      You didn't press the voice-to-text microphone icon. You hit the "Capture a sound" microphone icon, which is a new feature in the iOS 8 Message apps (https://www.apple.com/ios/whats-new/messages/ scroll to "Add your voice to the conversation").

      Now whether having two microphone icons with two different behaviors on a single screen is good UI design is whole other matter...

  2. In Soviet Russia TV watches you. Oh, wait... by Still+beliving+I+am+ · · Score: 5, Funny

    My phone is spying on me too, just like in Soviet Russia

  3. I recently bought a new lcd tv by TheGratefulNet · · Score: 3, Informative

    and I went out of my way to AVOID samsung. at costco, almost all the sets (in the store) were sammys. sucks! 2nd popular brand was vizio and I decided to give that one a try.

    anything over 39" was ONLY avail in 'smart' tv format.

    fortunately, I was not forced to accept an eula and I never enabled the smart mode. good, actually, since when you give it IP connectivity, it auto updates itself and the current version is bad (no one likes it).

    I hope that by continuing to deny it access, it won't ever decide on its own to go snooping for open wireless APs. that would be really bad.

    then again, at some point when the new firmware is worth getting, I'll have no choice but to enable IP ;( I don't think you can just carry the firmware over with usb; they don't give you firmware, they only update it 'live over the net'.

    its sad that you can only buy smart tv's at a certain size or bigger. I expect the only a few really low end models will be non-smart, as time goes on. nothing I hate more than paying for stuff that I don't want and refuse to even enable.

    my htpc does all the 'smarts' I want. my files have no drm and so I don't need or want anthing smarter than vlc on win7, for example.

    samsung is bad news, though. pretty evil as a company. they have the rep of building things that last 'the warranty period + 1 day'. its almost literally true, too; they try to use parts that will last a very short time (eg, electrolytic caps). samsung has no ethics at all. its sad that they have so much market share in so many things these days.

    --

    --
    "It is now safe to switch off your computer."
  4. Re:So... by Racemaniac · · Score: 3, Informative

    how is it remotely avoidable when your tv has voice recognition? like systems like siri it'll send it off to a remote server for analysis and to see what it has to do :). It will pick up random conversations and try to see if it's a command. I'm not endorsing things like this, i would never want a smart tv, i'll attach a htpc or raspberry pi or whatever to it if i want such features. But i can understand that things like that are pretty unavoidable with voice commands, and don't sound that much like a spying nightmare, just a logical result of voice recognition...

  5. This is hardly a surprise ... by gstoddart · · Score: 3, Interesting

    All of this crap which wants to be connected to the interwebs, and which wants to have voice control, and which wants to be a platform for ads ...

    This stuff has been created to benefit the company who made them.

    They want ad revenue, they want analytics, they want to share that with third parties.

    None of this stuff is trustworthy.

    The Interweb of Stuff is a marketing gimmick, which has been built to maximize corporate profits .. it isn't secure, it isn't private, and it's probably been hastily written and rushed out the door according to the weenies in marketing.

    Sorry, but a 'smart' TV, with voice recognition, hooked directly to the intertubes? If that isn't a recipe for violating your privacy I have no idea what is.

    Trusting the makers of consumer electronics to give a damn about your privacy, or your security ... well, that's just naive and stupid.

    My DVD player, my TV, my XBox, my toilet, my fridge, my thermostat .... I have zero interest in having ANY of these devices connected to the internet. And this is precisely why.

    --
    Lost at C:>. Found at C.
  6. Re: We are officially sliding down the slippery sl by Anonymous Coward · · Score: 3, Informative

    A TL;DR: Samsung TVs use voice commands and like most other voice command services they outsource voice recognition to their server park. Unlike other services, however, they continously listen and send this data, they don't wait for a button press or keyword.

  7. That's how today's voice recognition WORKS. by jeffb+(2.718) · · Score: 5, Insightful

    Competent natural-language voice recognition is still too hard for a handheld or embedded device. So, these devices digitize your voice (OMG recording!), ship it off to a server farm for interpretation, and receive the results. Because voice recognition is still a challenge, it's usually farmed out to one of a few firms (Nuance comes to mind) that do this as a third-party service. These firms can "retain" that information in the sense that it trains their voice-recognition algorithms, but they probably aren't building a huge dossier of your private conversations.

    I'd certainly like to know if Samsung retains the voice information it collects. I'd even more urgently like to know if they sell it to other "third parties" besides whoever's doing the voice recognition. The initial panic I'm seeing around this looks ill-informed, but Samsung definitely has to get out in front of it. If they can't -- if they can't provide a simple, clear explanation of what they are and aren't doing -- it's going to cost them.

    1. Re:That's how today's voice recognition WORKS. by MobyDisk · · Score: 4, Informative

      Competent natural-language voice recognition is still too hard for a handheld or embedded device.

      I disagree.

      First, doesn't the XBox One do it without internet access?

      But in general, we had competent natural-language voice recognition in 2002 on single-core x86 CPUs. Today's embedded ARMs are just as capable as those. I personally worked on a project where the software could recognize phrases such as "Patient presents with acute myocardial infarction caused by necrosis of myocardial tissue..." with very good accuracy. I know this is harder to do without context, so that same program might not get "Okay Google, show me pictures of Tom Cruise in his new car." But it sure as heck should be able to get "Samsung Play movie" and "Samsung volume up" every time.

      We even had "dumb" phones in the 1990s that could recognize "Call Kathy Smith" where it could recognize a name from your contact list. That's not so different from "Play Game of Thrones."

    2. Re:That's how today's voice recognition WORKS. by Anubis+IV · · Score: 3

      The issue here isn't simply that the audio is being sent off to be parsed. The bigger issue is that the audio is being sent off to be parsed without the user's awareness. In the case of Siri or Google, I have to press a button or use a keyphrase (e.g. "Ok Google" or "Hey Siri") before the device will start sending audio off to be parsed at remote servers. And having read through Apple's white paper over how they secure and use that data, a user can be reasonably confident that their audio isn't being used by third parties, whether via a business deal or via illicit capturing of the audio as it's en route. If Google has published a white paper over their technology, I haven't seen it yet, but I can at least be confident that they're taking steps to secure the data, given that data is their bread and butter, even if they might be looking for ways to monetize that data.

      Samsung though? We can't safely make any assumptions regarding their efforts or success at protecting me from third parties of any sort.

    3. Re:That's how today's voice recognition WORKS. by Dutch+Gun · · Score: 3

      The initial panic I'm seeing around this looks ill-informed

      Not really, I've seen a number of explanations (like yours) that state exactly why and how this is happening. What I'm also seeing is that, post Snowden, we can no longer trust that any of our personal data will not be collected and misused, period. I'd be surprised if Samsung even took the rudimentary step of encrypting this data, or if they did, probably used a fixed key burned into the firmware. Internet Of Things companies have been historically bad at security. If so, it would mean that data would be immediately available to anyone who wants to grab it. It would be trivial for the government to match up the data to known IP addresses pointed at by other metadata for a given date and time.

      Five years ago, I'm not sure how much I would have worried about this. This used to be tinfoil-hat sort of stuff. Nowadays, it's almost guaranteed that this data will be collected by the NSA and stored indefinitely. I'll bet they're training their own systems to listen in on key "phrases of interest" from these sorts of smart TVs. If I was in the NSA trying to figure out ways to snoop, I sure as hell would be looking into how to exploit an always-on microphone in every house. Seriously, with all we've learned about what's happening, is the worst case scenario all that implausible?

      Frankly, it doesn't matter what Samsung says. An always-on microphone that transmits your voice from the living room across the internet is a bad idea in today's world, I'm sorry to say. There's a reason the phone company is heavily regulated. As they say, "this is why we can't have nice things."

      --
      Irony: Agile development has too much intertia to be abandoned now.
  8. Re:Smart by bobbied · · Score: 3, Funny

    Have you seen "Smart Cars" ???

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  9. Re:So... by jordanjay29 · · Score: 5, Interesting

    Generally, voice commands on phones require an activator. Such as "Siri," or "Okay, Google," or "Hey, Cortana." These are phrases that probably don't seep into the average person's life too often, so they're fairly safe to use as activators. I don't have experience with iOS or WP's apps, but Google Now requires you to "train" it to the sound and cadence of your spoken phrase, "Okay, Google." This allows the phone to detect the activator phone-side, without sending information to the mothership. It's also easy to test this, simply turn off network data (perhaps by putting the phone on Airplane Mode) and activate Google Now by saying, "Okay, Google." The screen will pop up, allow you to speak, but it won't be able to contact Google to parse your question. So it's clear that Google Now handles its activation phrase offline, and although I'm not certain, I can guess that other phones do similarly.

  10. Re:What's wrong with this? by war4peace · · Score: 4, Insightful

    Oh, I'm not worried about the government finding something out. I'm worried about a criminal organization finding ways to hurt me and/or my family, be it directly or indirectly.
    Sure, one might argue the line between criminal organizations and governments has become very blurry nowadays and to that I say... I say... damn, I got nothin'.

    --
    ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  11. I just want a monitor by Fahrvergnuugen · · Score: 3, Interesting

    Where can one buy a 65" 1080P monitor? I don't want a tuner, speakers, wifi, voice control, quad core process or any other BS. All I want is a single HDMI or DVI in port and a RS232 or DC trigger for turning it on and off. Is this too much to ask for?

    --
    Kiteboarding Gear Mention slashdot and get 10% off!
  12. Re:Bye Bye Samsung Smart TVs by Jason+Levine · · Score: 4, Insightful

    Not to mention that Smart TVs have a bad record of having their interfaces/applications updated. If your Smart TV's interface is aging, you need to buy a new SmartTV. If the interface on your Roku (connected to your "dumb TV") is aging, you can buy a new Roku for much less. If another company overtakes Roku and makes something much superior, you can ditch your Roku and buy one of those. Smart TVs are today's equivalent of those TVs that had VCRs and/or DVD players built in instead of hooking up a separate VCR and/or DVD player.

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  13. Physically disable the microphone by kolbe · · Score: 3, Interesting

    If it bugs you enough, like it did with me and my H7150 Smart 60", you can open casing and disconnect the microphone. Took about an hour due to all the screws and the button panel, but the silly microphone can just be unplugged from its source board once you get to it. Smart View Voice Control just complains "it can't hear" now.

    Problem solved.

  14. What about the second party? by Anonymous+Brave+Guy · · Score: 4, Insightful

    The particular beef in this instance seems to be the "third party" bit, since while Apple and Google do exactly the same thing they process the audio themselves, instead of farming it out to a third party.

    You're assuming that most people realise the data is transmitted to any external party at all.

    I suspect if you did a random survey of people who had bought Smart TVs, knowing that they had voice and/or image recognition included, you would find a significant fraction of those people assumed it was done by the TV itself and had no idea that anyone else was going to see or hear anything.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.