Slashdot Mirror
Viewing Data Harvested From Smart TVs Used To Push Ads To Other Screens? (securityledger.com)
chicksdaddy writes: In the latest episode of EULA overreach, electronics maker Vizio Holdings has been called out by the non profit investigative reporting outfit ProPublica for an on-by-default feature on its smart TVs called "Smart Interactivity" that analyzes both broadcast and streamed content viewed using the device. ProPublica noted that the company's privacy policy failed to clearly describe the tracking behavior, which included the collection of information such as the date, time, channel and whether the program was viewed live or recorded.
According to ProPublica, the monitoring of viewing information through IP addresses, while it does not identify individuals, can be combined with other data available in commercial databases from brokers such as Experian, creating a detailed picture of an individual or household. Vizio has since updated its privacy policy with a supplement that explains how "Smart Interactivity" works.
The bigger issue may be what that updated privacy policy reveals. As The Security Ledger notes, the updated Vizio privacy policy makes clear that the company will combine "your IP address and other Non-Personal Information in order to inform third party selection and delivery of targeted and re-targeted advertisements." Those advertisements "may be delivered to smartphones, tablets, PCs or other internet-connected devices that share an IP address or other identifier with your Smart TV."
In other words, TV viewing patterns will be used to serve ads to any device user who happens to be connected to the same network as the Vizio Smart TV — an obvious problem for households with a mix of say... adults and children?! Vizio does provide instructions for disabling the Smart Interactivity features and says that "connected" features of the device aren't contingent on monitoring. That's better than some other vendors. In 2014, for example, LG used a firmware update for its smart televisions to link the "smart" features of the device to viewer tracking and monitoring. Viewers who applied the update, but refused to consent to monitoring were not able to use services like Netflix and YouTube.
According to ProPublica, the monitoring of viewing information through IP addresses, while it does not identify individuals, can be combined with other data available in commercial databases from brokers such as Experian, creating a detailed picture of an individual or household. Vizio has since updated its privacy policy with a supplement that explains how "Smart Interactivity" works.
The bigger issue may be what that updated privacy policy reveals. As The Security Ledger notes, the updated Vizio privacy policy makes clear that the company will combine "your IP address and other Non-Personal Information in order to inform third party selection and delivery of targeted and re-targeted advertisements." Those advertisements "may be delivered to smartphones, tablets, PCs or other internet-connected devices that share an IP address or other identifier with your Smart TV."
In other words, TV viewing patterns will be used to serve ads to any device user who happens to be connected to the same network as the Vizio Smart TV — an obvious problem for households with a mix of say... adults and children?! Vizio does provide instructions for disabling the Smart Interactivity features and says that "connected" features of the device aren't contingent on monitoring. That's better than some other vendors. In 2014, for example, LG used a firmware update for its smart televisions to link the "smart" features of the device to viewer tracking and monitoring. Viewers who applied the update, but refused to consent to monitoring were not able to use services like Netflix and YouTube.
Wow, who wouldn't want to leave "Smart Interactivity" on? I don't know what it is or does, but if it's smart, and interactive, I had better leave it on, right? I want to get my money's worth out of this smart TV. I sure don't want to start disabling the smart features on my new smart TV.
Some marketing drone really earned their salary when they came up with that name.
"In other words, TV viewing patterns will be used to serve ads to any device user who happens to be connected to the same network as the Vizio Smart TV — an obvious problem for households with a mix of say... adults and children?"
How about a house with a mix of older and younger adults. My kids (23 and 21) watch all sorts of stuff that I don't and watch a lot more TV than me so my TV, laptop or whatever device on the same network would show ads that are dominated by the tastes of my children.
Similarly how about students or other similar groups who share a house, and thereby the same IP address. The advertising would be a mishmash of varying tastes or maybe dominated by the one guy who has the TV on all day to provide "white noise" in the background.
Why "smart" internet connected TV's are a bad idea. If a device (any device) can spy on you to gather information a marketer might want, you should probably assume it will.
Get a "dumb" TV (or a smart TV that you don't set up to connect to the internet), and use a dedicated device that you choose (and preferably an open one like XBMC that you explicitly control) to stream content to it. It's not much more expensive, and isolating components to only do the thing you expect them to do prevents this kind of attack on your privacy.
"may be delivered to smartphones, tablets, PCs or other internet-connected devices that share an IP address or other identifier with your Smart TV."
According to TFA , they somehow link the cookies they store on your browser when you visit their website to your TV. So I'm guessing they store the external IP address of the TV and if the same address suddenly starts querying their website they assume its a device behind NAT and feed it ads.
Solution - don't visit their website or delete your cookies. Quite why anyone needs a smart TV anyway is another matter. My TV is just a monitor - the smart stuff happens on my other devices.
"Viewers who applied the update, but refused to consent to monitoring were not able to use services like Netflix and YouTube."
Another reason to use torrents and VPNs instead of apple tv, chromecast, netflix, hulu and so on.
I have a 'smart' TV as well, but I just use it as a monitor, no network cable attached.
Smart tvs uses APPS for ads. Ads that are for COWS. Get adblock for your tv? That's now illegal.
I think there comes a point where people have to look to themselves. If we don't want all our devices to turn our lives into a panopticon of tracking, we need to stop participating in the tracking. Don't connect your damned TV, fridge, and washing machine to the internet! Stop loading tracking cookies in your web browser. Don't upload your thermostat data to anything but your own computer.
Every time you send your personal data to the marketeers, it is another brick in the wall that forms this world of monitoring and monitization. Stop adding bricks, people, if you don't want that wall to grow taller.
Other than an "enhanced advertising experience", and perhaps viewing some web content, what does a smart TV actually give as a service? Especially if one has a set top box from their provider, or something like a Roku, Chromecast, Apple TV, or a HTPC. At best, I can see the TV streaming Netflix as a feature... but with all the data sent back, it isn't worth the privacy invasion.
Of course, if the TV can't work unless it has Internet access, it will go back to the store -stat-.
We need another Max Headroom, the industry moved from blipverts to screw your privacy, we gotta advertise.
What's the difference between a TV and a computer monitor? They both have HDMI inputs and most people will be using external set-top boxes anyway. The real problem is finding a regular 1080p computer monitor bigger than 23~27".
Fight for your bitcoins!
The "smart" features of television are something you pay extra for. This is a long increasing trend. The original appeal of cable was a crystal clear picture of the local networks and lots of specialized content (the [noun] channel) with no advertisements. Nowadays? Hundreds of dollars a month for hundreds of channels with ads, many of them repeated three or more times in the same half hour block. I'm not sure if it is still this way, but the difference between Hulu and Hulu+ a few years back was just access to back content. You had to watch the same number of ads (with much greater repetition than the cable packages). Movies used to show a cartoon before the feature. Then previews snuck in, only one or two per show. Then they multiplied to 6 or more. Now there's ads AND previews. What has happened to ticket prices? They've gone up substantially! Why the hell are we paying for the privilege of being advertised to?
I haven't owned a TV in almost 15 years. I encourage everyone to do the same.
It's possible to render something like this pretty useless. Just like it's possible to put false information in online surveys, it's also possible to deliver false data. For example, my cable box is probably tracking me. If I want to reduce the effectiveness, I can record programming that doesn't interest me or put shows on that aren't interesting while I do other stuff. In the process, I can build up an inaccurate profile that reduces the effectiveness of their targeted advertising. If enough people did this, I think it would reduce the tracking.
Apart from the smartphone, "smart" is quickly becoming a quick way to identify dumb things the consumer neither wants nor needs. Everything from "smart" lightbulbs that need firmware updates (half hour per bulb where you can't TURN ON THE LIGHTS) to "smart" devices monitoring nearly every aspect of your life straight out of an NSA wet dream (all in the name of advertising, you know, the thing consumers always skip with DVRs and block with internet browsers.)
Unaffiliated, but how I feel: https://twitter.com/internetofshit
The stupid thing would randomly update itself - right in the middle of footballs games or other live events - going offline for15 minutes at a time. Changing channels was also extremely slow: about 2 seconds between stations. TWO WHOLE SECONDS.
There was no way to get rid of crapware on the TV. The main menu was 'polluted' with all sorts of junk trying to push the viewer to Samsung's corporate offerings.
I can't wait for an Android or Linux smart TV that will give the viewer ONE remote with one entirely user-configurable menu.
Wouldn't it be great to never have to switch between HDMI inputs? Just... click on genre or network or streaming service and watch.
Wouldn't it be even better to completely block all those crappy cable advertising channels?
*** Don't be dull.***
Must be getting boring in that cell.
i get all kinds of lingerie and bra ads on my chrome browser because my wife surfs this stuff at home on safari. sometimes big fredricks of hollywood ads at work
At our house it's only me, my wife and the cat. I'm seeing ads for something called "Ashley-Madison". Are they related to Dolly-Madison cupcakes?
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
royally screwed in the ass
Ha ha. The joke's on them. All my content comes through my cable/ISP DVR.
Wait... What?
I'm going to monitor my smart TV at the router and see what it connects to, then block those marketing addresses. This should be fun.
Because you'd have to be dumb to buy one.
Seriously, how could anyone NOT see this coming?
"Smart" means Spying on You. The price of all the features on any of these devices is your privacy.
But don't worry, they have mottos like "do no evil". Wait, now that they some marketable data they changed that. It's "do what's right" now. Tomorrow it will be "do what's right for the bottom line".
And stories like this is why I only have a dumb tv. I can control and provide the content to my display device just fine.
I have a nominally Smart TV, but have never put it on our network*. I see absolutely no reason to change that; it works just fine as a monitor to show movies, do video games, etc.
* Look for the likes of Samsung to install WEP and WAP password cracking software on these devices, so they can get on protected networks. They'll probably say it is a customer "protection" feature.
First off, pretend you're the average person going to Best Buy with $500 to spend on a new TV (approximately the median for a ~40" LED set). You're not super technical, but you know that you watch TV from your cable company, DVDs on occasion, and Netflix. You don't presently have a Roku or other set top box for streaming (that side of things is done on your tablet at the moment), so you have to factor that into your purchase.
You get to Best Buy, and there are a dozen TVs in your price range to choose from. You need to weed them out somehow. Start with the size - units that are too large to fit in the entertainment center are out, but if you're wall mounting, kill off the smallest ones available; no need to get a 40" when you can get 50" for the same price. That leaves you with half a dozen possibilities. Rule out the Insignia ones, because Best Buy's store brand doesn't instill confidence. You've got an LG unit, a Samsung unit, and a Sony unit left, all 46". Now, you need a differentiating factor to ultimately choose which you prefer. Now, one may well search the internet for reviews to see if there are any obvious standouts in either direction, but let's assume that that's not practical for whatever reason. If you get a TV with Netflix integrated, you save $70 by not buying a Roku, and another $70 by not buying an HDMI cable, and you won't need a separate Roku remote. On top of that, the integrated camera and microphone would make it really nice to be able to Skype with out of state family - not a purchase consideration initially, but it'd be really nice, especially with grandma's eyesight going - and Roku can't provide that sort of functionality, anyway.
So yeah, for those who don't read a EULA and "have nothing to hide", a lower initial purchase price over a TV + Roku + cable, a single remote for most functions, and fewer wires to run are all things that are deemed positive selling points for TVs, much more so than buying one that avoids a questionable practice on page 29 of a legal document that no one has ever read.
Router flashed with DD-WRT, go to Access Restrictions tab, add the TV/player MAC address to an Access Policy under WAN Access that denies WAN access to those devices. Network browsing features will still work, but no phoning home to big brother.
Each person will be issued an IP address at birth
My Panasonic bluray player offers Netflix support, but the traffic is proxied through some Panasonic server. Apart from the security & privacy aspects, this means that the feature can be discontinued by Panasonic at any time.
i get all kinds of lingerie and bra ads on my chrome browser because my wife surfs this stuff at home on safari. sometimes big fredricks of hollywood ads at work
At our house it's only me, my wife and the cat. I'm seeing ads for something called "Ashley-Madison". Are they related to Dolly-Madison cupcakes?
Don't worry that's just the pussy looking for someone to play with.
blindly antisocialist = antisocial
Just in case anyone was interested...
I'm working on a fix for this type of IP-based correlation. I've got alpha level software running on my router as I post this.
I use a VPN provider that provides unlimited VPN tunnels from a single end point. I pin up a different tunnel for every device on my home network and set the router to force all of the device's traffic through its dedicated tunnel so that every device gets a different public facing IP address. The next step is to automate discovery of new devices.
Longer term the plan is to put each device on its own VLAN to prevent them from spying on each other and to do port and address filtering to reduce the ability for remote exploits (like being co-opted by a bot-net) as well as outright blocking contact with 3rd party tracking servers. Maybe even some deep packet inspection and rewriting to strip out or pollute information like viewing data.
I hope to build a database of device profiles so that 99% of the time it will just automagically work.
I completely agree. The TV is just a monitor, and tying it to tie it with another device/service on a different upgrade cycle is silly bordering on stupid. An extreme case is the high-end iMac, where they've coupled a beautiful monitor that'll probably be usable for 15-20 years, with computer hardware which will be obsolete in 5-7.
But you have to remember the vast majority of people used to have VCRs endlessly flashing 12:00. They have a hard enough time just changing video input mode when they plug in a Roku or Chromecast. You start talking about Kodi (XBMC) and streaming, and their eyes will glaze over. Something that is integrated and works out the box offers value to them, despite the higher costs (purchase price, needing more frequent replacement, and loss of privacy). That's why those iMacs sell. That's why Smart TVs sell.
Don't worry. If it's Ashley Madison, it's not your wife doing it: there's a lawsuit about that.
the only IoT I have connected is my remote-control alarm system, because they have a surety bond.
if this is supposed to be a new economy, how come they still want my old fashioned money?
I'm seeing ads for something called "Ashley-Madison". Are they related to Dolly-Madison cupcakes?
Too much of the latter on the part of one can definitely lead to a craving for the former on the part of the other. ;)
The next time you go shopping for a TV ask the salesperson for a dumb TV. When they look at you and shrug walk away. The only way the bullshit stops is lost sales.
BZZZZZTTTT, I live alone and have static IP addresses, so I am very much identifiable.