Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Should I Allow A 'Smart TV' To Connect To The Internet?

Posted by EditorDavid on from the Internet-of-TVs dept.

Slashdot reader GovCheese has a question: I use Roku and also the client apps on my gaming consoles for Amazon and Netflix. But it seems less prudent to allow my television, a Samsung, to connect to the internet. My Phillips Blu-ray wants to connect also. But I'd rather not. Is it illogical to allow Roku and a console to connect to streaming services but prevent a "smart" television from doing so?
Slashdot reader gurps_npc argues there's a distinction between devices that need internet access and devices that want it, adding "Smart TVs overcharge in privacy invasion for the minimal advantages they offer."

Leave your own best answers in the comments. Should you let a smart TV connect to the internet?

49 of 299 comments (clear)

  1. Firmware updates by mdsharpe · · Score: 5, Interesting

    Pretty much the only reason I let my "smart" TV connect to the Internet is for firmware updates. Don't think I've had one in a while though now so assuming they've stopped being developed I may disconnect it soon.

    1. Re:Firmware updates by ReneR · · Score: 5, Interesting

      yeah, well, unless it is like a Samsung "smart" tv were they constantly break things with the updates. my farther's one now even reboots every 25 minutes since one of the last updates, and it does not look like there will be another update coming. 2017 - when firmware updates are part of planned obsolescence, on the iOS side, likewise,

    2. Re:Firmware updates by Anonymous Coward · · Score: 2

      My parents have a like a first generation LG smart TV. None of the apps work anymore. Yet it still occasionally sends messages to the TV.

      On the other hand, the kodi box they have requires internet access, and is far more useful than anything the SmartTV ever had.

      So you would be better off killing the "smarttv" features and using a nVidia Shield for a Kodi box, or an AppleTV, or just a regular Chromecast, and unplug those when you're not going to use it for an extensive amount of time.

      The kinds of SmartTV's that worry me are the ones that have microphones and cameras in them. The hot trendy thing is Google Home, Alexia, Siri doing shit for you, and thus they have microphones running 100% of the time. This to me is a very bad idea and the feature should be turned off without some physical interaction.

      eg

      You open and close the front door, this triggers an event for Siri to turn on the lights, and set the room temperature if you are INSIDE the house. By which the microphones inside the house listen for 5 minutes to see if you are inside or outside. If you're not inside, it will assume nobody is home and turn the lights off and set the temperature lower once your smartphone telemetry says you're a block away. If more than one person lives there, everyone would need a smartwatch, ipod or iphone for it to be able to do this.

      Or it could simply turn on the microphone and go "Is anyone home?"

      And this is the thing, nobody wants to standardize on IoT device communication, thus every brand has it's own app, every brand has it's own bridge device, and every brand doesn't talk to each other.

      So until these devices learn to talk to each other, or everyone adopts one standardized means of being aware of each other (reminds me of SNMP) we're going to have endless privacy concerns by way of the analog path (the microphone)

    3. Re:Firmware updates by nukenerd · · Score: 4, Insightful

      Pretty much the only reason I let my "smart" TV connect to the Internet is for firmware updates.

      What makes you assume that firmware updates are a good thing? very often they downgrade performance and insert official malware.

    4. Re:Firmware updates by Anonymous Coward · · Score: 5, Interesting

      It is not so much whether to connect your tv or not. Sooner or later the answer to that is likely yes, as features get added, though if you don't need those features now, I'd temporarily connect via a wire during the initial setup for updates, that way it never had your wifi password.

      Long term I'd like to see consumer level gigabit switches/wifi with these options or similar.

      1. Is device an IoT device? (As opposed to a general purpose pc/tablet)
      2. Select device type from drop down. Allowed connections will be limited based on device types.
      3. Is device allowed to communicate with other devices on your network?
      4. Alert me when traffic exceeds X bytes per day.
      5. Alert me of suspicious usage patterns.
      6. Is the device connected to a compatible power monitoring outlet? Data will be used to analyze usage patterns.
      7. Are there any times when you expect the device to actually be fully powered down?

      Again, most of these you want auto selected from a device type. The idea is you have a hopefully trusted switch that helps to spy on your own devices to see if they are being bad...

      Of course you have to trust your switch, but at least it is one device rather than the whole set of them.

    5. Re:Firmware updates by WaffleMonster · · Score: 4, Informative

      Pretty much the only reason I let my "smart" TV connect to the Internet is for firmware updates. Don't think I've had one in a while though now so assuming they've stopped being developed I may disconnect it soon.

      All are updatable via USB stick.

    6. Re:Firmware updates by HalAtWork · · Score: 4, Informative

      Why even get firmware updates? My TV worked fine out of the box so I've never updated it. I've heard some that did got bricked TVs, and some had ransomware. F that S.

      --
      Twinstiq, game news
    7. Re:Firmware updates by DCFusor · · Score: 5, Interesting

      The last update my LG got was DRM that made it stop working with my Raspberry Pi and other computer inputs. Can't roll it back. Not quite as bad as Sony, but hey.

      --
      Why guess when you can know? Measure!
    8. Re:Firmware updates by amiga3D · · Score: 4, Insightful

      I take the attitude that if it's working fine then I don't need an update. If it's not broken, don't fix it. Now if you've got an issue with the TV research the problem and if there is a fix you would certainly want to download it. Other than that though, why bother?

    9. Re: Firmware updates by ShanghaiBill · · Score: 2

      Or we could just NOT BUY THIS CRAP.
      That is still an option snoflake..

      No, not an option. Go to Walmart and look at the TVs. Every single one is "smart".

    10. Re:Firmware updates by Dutch+Gun · · Score: 4, Insightful

      I don't even bother with firmware updates. My TV needs only display an HDMI signal, and *nothing more*. If it can't do that properly out of the box, then WTF. I'm more worried about updates breaking something that's currently working, or adding some crapware or spyware that I can't remove. It's kind of a sad state.

      I have videogame consoles that work well as media players. I know they'll be kept up to date for a reasonable lifetime, at least, and they seem far less likely to have hidden spyware or security vulnerabilities.

      I know a lot of people say "put them on a separate network", but that's not really practical if you want to allow them access to your media server, for instance. I'd have to end up buying a lot of duplicate hardware to make that work. So, for the moment, I'm simply very judicious about which devices I give my wifi password to. Thank goodness that's still a way to easily control my devices network access.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    11. Re: Firmware updates by jms1 · · Score: 2

      I was able to find a TV without any network connectivity at Wal-Mart a few months ago, but it wasn't easy. The employee seemed confused as to why anybody would want such a thing in the first place, but when I started to walk away, she walked me over to the one set of TVs down at the very end which didn't have any connectivity at all. The biggest of these was a 55-inch (Sanyo FW55D25F-B), which is about as big as I was looking for, so that's what I have in the living room now.

      Somebody else in the store at the time overheard the conversation, and told me about an article he had read about TVs which were so "smart" that they would jump on any non-secured wifi they could find, when they didn't have (or couldn't connect to) a configured network.

      I wish I could say that my friendly neighborhood Wal-Mart employee got a bit of an education from us that evening, but it was fairly obvious she didn't really care one way or the other...

  2. Blu-Ray yes, Smart TV no by drinkypoo · · Score: 4, Informative

    The Blu-Ray player needs to connect to the internet for updates to be able to play the latest discs. The Smart TV does not, unless you are actually using its "smart" features.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    1. Re:Blu-Ray yes, Smart TV no by StormReaver · · Score: 5, Insightful

      The Blu-Ray player needs to connect to the internet for updates to be able to play the latest discs.

      That's a good argument for not having a Blu-Ray player, and for using your game console as your player. Frankly, Blu-Ray's hype far exceeds its delivery. Having compared DVD and Blu-Ray side by side, Blu-Ray's improvements are merely marginal at the best of times, and completely insignificant the rest of the time.

    2. Re:Blu-Ray yes, Smart TV no by drinkypoo · · Score: 4, Insightful

      That's a good argument for not having a Blu-Ray player, and for using your game console as your player.

      Except the game consoles spy on you even more than the Blu-Ray player, and are both developed, produced and sold by sleazy corporations with the morals of bedbugs who have been known to distribute malware. (Microsoft is still distributing spyware, disguised as an Operating System.)

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:Blu-Ray yes, Smart TV no by Anonymous Coward · · Score: 3, Informative

      Funny, my parents BD player hasn't once updated and it plays all BD's.

    4. Re:Blu-Ray yes, Smart TV no by techdolphin · · Score: 4, Funny

      Please do not insult bedbugs. They are at least honest about what they are doing.

    5. Re:Blu-Ray yes, Smart TV no by DaTrueDave · · Score: 2

      Having compared DVD and Blu-Ray side by side, Blu-Ray's improvements are merely marginal at the best of times, and completely insignificant the rest of the time.

      I'm not sure what you were comparing, but, honestly, there's no practical way that a DVD compares to a BluRay. If you had specified HD-DVD, I might have found you a bit credible.

      If, for some strange reason, you actually wanted standard definition video and didn't want DTS 7.1 surround sound, then I guess you might be right.

  3. Spying? by Gaygirlie · · Score: 4, Informative

    Didn't Samsung get caught for their TVs always listening to everything around them, with no permission asked? LG was caught snooping on all files and filenames on the network, if my memory serves. Then there were a couple of others whose names I've already forgotten..Heck, pretty much every TV-manufacturer has gotten caught with their pants down by this point. A Roku is somewhat of a different beasts, because it needs Internet for streaming. I would hazard a guess that they track whatever you do on the Roku-box itself, but may not go to the same lengths as TV-manufacturers do, when it comes to overall spying in general.

    Personally, I would rather give the TV a middle finger than any connectivity, whatsoever.

    1. Re:Spying? by Anonymous Coward · · Score: 2

      > Didn't Samsung get caught for their TVs always listening to everything around them, with no permission asked?

      No. In fact, they even publicly warned that such thing might occur and they were not able to prevent it. This is the best attitude one can expect from a hardware/software maker. Many points for them in my ranking.

      That said, smart TVs are a way to make your equipment obsolete faster. It's dumb and -- in a long term view -- a bad idea even for makers.

      I wonder if Chinese TVs will have less of that (owing to state controls) -- if true, I might become interested in Chinese TVs.

    2. Re:Spying? by Drakonblayde · · Score: 3, Informative

      The Roku's do like to send data back to Roku's log servers.

      However, that's easily preventable. I use PiHole to blacklist their telemetry domains and it doesn't interfere with the normal operation of the box

    3. Re:Spying? by Suki+I · · Score: 5, Insightful

      I wonder if Chinese TVs will have less of that (owing to state controls) -- if true, I might become interested in Chinese TVs.

      ROFL! Chinese TVs with LESS monitoring because of their government? Funniest comment on the intertubez!

      --
      Home of The Suki Series
    4. Re:Spying? by mikael · · Score: 2

      They have been doing this for decades. RealPlayer (A Windows media player) got caught sending usernames, and the names of video files back to their servers). Windows 10 uses telemetry (to provide users with tips on how to use faster keyboard shortcuts). I caught a webcam streaming data back to Amazon Web Services back in Austin, when I hadn't given out any user account details and had set up a security password. Smartphones seem to be able to stream screen video from a PC as well as to/from a smart TV.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
    5. Re:Spying? by viperidaenz · · Score: 2

      You don't have to worry about firmware updates bricking your Chinese products. You never get updates to begin with, regardless of how many bugs and vulnerabilities it has. You'll also get random outgoing connections to random Chinese IP addresses.

  4. Re:Nope. by YukariHirai · · Score: 2

    To expand on this: hell no. God no. Fuck no.

  5. Re:stupidest reason.ever. by Calydor · · Score: 2

    That seems to be ... pretty stupid and short-sighted. If you're not paying monthly, but get the updates free of charge as included in the original purchase price for the TV (or phone, or IoT Fridge or whatever), then it's still a real product.

    --
    -=This sig has nothing to do with my comment. Move along now=-
  6. Depends on which features you want by Epsillon · · Score: 5, Interesting

    My LG is hardwired. I use its DLNA features but I also block it by MAC from sending any traffic out of the local RFC1918. This obviously isn't going to work if you use the TV's streaming features but for locally hosted content it's ideal.

    As for firmware updates, Samsung's recent brick debacle where it took a technician physically opening the case to get them back pretty much answers that question. The general rule for stuff held in programmable ROM is "if it ain't broke, don't fix it." I understand many will want KRACK fixes for WiFi as soon as they're available, yet I also wouldn't be holding my breath thinking this is a priority for vendors; they have your money, you're on your own. However, if there's a flaw in the monetisation of your viewing habits they'll be jamming those bytes down your digital throat before you can blink.

    --
    Resistance is futile. Reactance buggers it up.
  7. Re:stupidest reason.ever. by Z00L00K · · Score: 5, Insightful

    However with the holes in the firmware that you can find today it might be a good idea to put your entertainment system on a separate subnet at home compared to the other devices - and only open that net when you really need.

    Segmentation of networks is a good security measure these days.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  8. If you need to by GuB-42 · · Score: 5, Insightful

    Does connecting your TV to the internet brings you something?
    - Yes : connect it
    - No : don't
    It's that simple.

    And the fact that you connect a device to the internet (because it is useful for you to do so) doesn't mean you have to connect everything. It is not all or nothing. From a security/privacy perspective you want to keep your attack surface as small as possible, but it doesn't mean you need to completely wall yourself in unless you have more to hide than normal people.

  9. Software updates only by Drakonblayde · · Score: 4, Interesting

    I just recently bought a pair of 55in Samsung Smart TVs

    They each connected to the internet once for firmware updates, and were immediately disconnected afterwards. Unless there's a problem that requires me to update their firmware again, they won't ever be connected again.

    All of the apps that the TV offers are already present on my Roku's and quite franky, the Roku's do it better

    1. Re:Software updates only by DontBeAMoran · · Score: 2

      What if your TVs ran fine when you bought them, and that single firmware update was the beginning of a series of problems that are never going to be fixed?

      --
      #DeleteFacebook
  10. What kind of question is this? by Ecuador · · Score: 3, Insightful

    What kind of retarded question is this? If you use any features that require the internet, connect it to the internet. I watch Amazon Video on my Smart TV, so it is online. If you don't need anything like that you might as well not connect it.
    If you are worried about the top-secret national security level stuff you have on your local network, well, ask you security team, not slashdot... And in any case from a security/privacy perspective you should probably be even more worried about other devices (starting with your mobile phone).

    --
    Violence is the last refuge of the incompetent. Polar Scope Align for iOS
    1. Re:What kind of question is this? by AHuxley · · Score: 2

      People recall "Smart TV ... phones home with user’s viewing habits, USB file names" (11/20/2013)
      https://arstechnica.com/inform...

      --
      Domestic spying is now "Benign Information Gathering"
  11. Do you know your device? by Dystopian+Rebel · · Score: 5, Insightful

    Do you know your device?

    Do not let anything connect to the Internet if you don't know why it should.

    --
    Rich And Stupid is not so bad as Working For Rich And Stupid.
  12. Have two networks at home. by upuv · · Score: 4, Interesting

    In my home I implement two different networks. Each with it's own gate way. Now this requires more than your average level of IT skills in the home.

    One network is for what I will call class one devices. These are devices that I specifically add to the it. These will be things like computers, tablets, gaming and phones. The second network and the default network is for every other device. Now this requires me actually promote devices the class one network. Typically be mac address.

    Thus all those pesky iot devices end up in the default network. The default network is blocked from the internet.

    Note a device that runs something like pfsense will do the job. There are lots of alternative setups.

    Now. I can also tailor each device in each network to have slightly different network privileges than the each networks default. Example would be a security camera uploading data to my private cloud storage. But I also block all DNS resolution of add servers and malware end points etc in my class one network.

    This is not something a regular I know how to turn on my laptop kinda person can do. This requires a reasonable amount of automated scripting, network monitoring and pro-active tuning as situations change. However it can all be done rather cheaply with couple hundred dollar pfsense box installed between the internet modem->pfsense->router(wifi).

    So yeah I block everything. I only enable access when required and even then I can make it temporary. The more IOT crap that ends up in the house the more this setup is saving my backside.

    ( Note: I don't use pfsense I implemented all the services I need from pfsense myself in VM's. But it's basically the same thing. )

  13. Get rid of your TV by Anonymous Coward · · Score: 2, Interesting

    We actually got rid of our TVs. All of them. We are now a TV-free household. It just got to be too much of a pain to watch what we wanted to watch.

    Our family life has gotten immeasurably better since now we do things together as a family instead of sitting around watching TV. Having made this transition, I am fully convinced that TV is the major culprit behind the destruction of the family and the decline of our society.

    1. Re:Get rid of your TV by PPH · · Score: 2

      Oblig. xkcd.

      --
      Have gnu, will travel.
  14. Re:stupidest reason.ever. by AmiMoJo · · Score: 5, Interesting

    Came here to say the same thing. Create a separate, isolated network for your TVs. Avoid ones with cameras and microphones. Job done.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  15. Re: stupidest reason.ever. by Anonymous Coward · · Score: 3, Funny

    I lock all of my smart devices in a faraday cage.

  16. Re:Nope. by nukenerd · · Score: 2

    Is convenience of watching YouTube cat videos worth your privacy?

    That's a silly comment. I use Youtube a lot but have never watched a cat video. I watch it for car and camera repair techniques, for which it is invaluable.

  17. Re:No it shouldn't by nukenerd · · Score: 2

    Connect devices which need updates periodically and then disconnect them.

    But do they "need" it/

  18. Re:Use the computer by PPH · · Score: 3, Funny

    Should you allow a Windows computer to connect to the Internet?

    --
    Have gnu, will travel.
  19. Re:Why not? Explain the harm to me. by PPH · · Score: 5, Insightful

    Botnets.

    --
    Have gnu, will travel.
  20. Re:what is the reason you own Smart TV? by mrun4982 · · Score: 3, Insightful

    Try buying a TV that isn't "smart" these days. Even cheap, low end TVs have some sort of smarts built in. As much as I'd like to, you can't buy a "dumb" TV anymore.

  21. No. (But with reason, so read on) by Opportunist · · Score: 2

    Time and again various IoT crapware has proven that it is insecure. The reason for this is simple. Companies making TVs have experience making TVs. And even if the corporation behind it (like with, say, Sony) should have some experience with computers and securing them (ok, I admit, Sony is a bad example...), that doesn't mean that they talk with each other. Or that securing computers applies equally to securing IoT devices. If anything, IoT has more in common with cellphones, and even here you can easily see (with Samsun, no less) that experience in one area does not translate to the other.

    Embedded devices and developing them has fundamentally different rules than developing "real" computers or cellphones. Unlike with computers and cellphones, you're not only responsible for the hardware, you're developing the software, and you either even have to develop your own OS or at the very least tailor a Linux distribution to your needs. If you're lucky, you have someone in your team (or you buy one) that can actually tailor Linux.

    Your chances of this person also being a security expert is slim to zero.

    What you're dealing here is a very newly developed piece of software, a veritable "v1.0" (which, as anyone in IT knows is more akin to a "v0.9beta"). And you pit that against people who have literally decades of experience hacking machines on the internet who know all the old tricks and the new 0days. This is a pitched battle if there has ever been one.

    And all the old tricks that every security conscious developer of internet facing computer software knows by now work again. Because the people developing the IoT-Software, i.e. people developing embedded software, have no experience with security issues. They developed for closed systems, with a focus on small code and optimal use of resources rather than sanity checking and input testing.

    If you throw someone into a job where he suddenly should react to a threat he cannot even assess because he doesn't even KNOW what the threat is, the result is the IoT crap we have today.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  22. Re:what is the reason you own Smart TV? by Golden_Rider · · Score: 2

    What was the reason you purchased Smart TV in the first place?

    Try buying a 55" TV today which isn't "smart". You won't find one, at least where I live. I would gladly buy a non-smart TV because I only use it as a screen for whatever devices are connected to it, but that is simply not an option.

  23. Re:stupidest reason.ever. by chainsaw1 · · Score: 2

    I tried this and had issues when certain devices couldn't connect to the TV. The better solution was rather than putting the TV on the "untrusted / less trusted" network segment to lock down the trusted segment to only allow very specific items (my & wife's computers) to go out. This also contains the traffic of other objects to the trusted network (printers, hdhomerun, future IoT items, NAS media server, UbiFi's extra chatty wifi devices, etc.).

    All cell phones, windows computers, and visiting family & friends devices all sit on the untrusted network segment, including a separate wifi AP for the untrusted network. They can't see the trusted side (just the internet)

    --
    - Sig
  24. Re:stupidest reason.ever. by HermMunster · · Score: 5, Interesting

    I run the pihole software on an early raspberry pi.

    This allowed me to watch dns activity. With what I saw, which was the tv constantly accessing certain addresses, I blocked those addresses with the blacklist feature of the pihole.

    This allows me to use things like netflix, etc while keeping the data collection to a minimum. This allows me to get updates to the tv's firmware while terminating the tracking and spying on my daily activity.

    The pihole can be used for a lot of other reasons too.

    --
    You can lead a man with reason but you can't make him think.
  25. Re:Why not? Explain the harm to me. by freeze128 · · Score: 2

    Some smart TV's have been known to IDENTIFY the CONTENT that you are watching on it, and report that back to a server. It does this by fingerprinting various pixels around the screen. Now, you may not actually use your TV to watch hot latino donkey porn, but your content may be misinterpreted as that.

    Worried yet?