TV WATCHES YOU
Good introduction to the topic: The Hidden Cost of Cheap TVs by Justin Pot for The Atlantic. January 3, 2023. Quoting: "the story of cheap TVs is not entirely just market forces doing their thing. Perhaps the biggest reason TVs have gotten so much cheaper than other products is that your TV is watching you and profiting off the data it collects ... Smart TVs are just like search engines, social networks, and email providers that give us a free service in exchange for monitoring us and then selling that info to advertisers leveraging our data ... The companies that manufacture televisions call this 'post-purchase monetization,' and it means they can sell TVs almost at cost and still make money over the long term by sharing viewing data."
Background: Smart TV Makers Will Soon Make More Money Off Your Viewing Habits Than The TV Itself by Karl Bode (May 2021). We can not buy a "dumb" TV that's just a display with HDMI ports because consumer data is so profitable.
Things are bad: You watch TV. Your TV watches back by Geoffrey Fowler for the Washington Post September 2019. No defense offered. Discusses ACR (automatic content recognition) on Smart TVs. Quote: "some TVs record and send out everything that crosses the pixels on your screen. It doesn’t matter whether the source is cable, an app, your DVD player or streaming box." They watched the data a TV transmits using IoT Inspector software from Princeton University.
DEFENDING YOUR PRIVACY (IN GENERAL)
- The ultimate defense is not to connect a Smart TV to the Internet (other than maybe to update the firmware).
- Streaming boxes such as Roku, Apple TV and FireTV: Leave them powered off when not in use. Less spying and you save on electricity.
- Do not connect your Google or Facebook account to your Smart TV or to your streaming box (Roku, FireTV, etc).
- If your TV has a camera, cover it with tape. From the October 22, 2019 episode of the Hackable podcast.
- Advanced Defense: A profile is formed based on the public IP address of your home. One defense is to connect the TV to a router running VPN client software.
This will hide your public IP address and also let you change what appears to be your public IP address.
- Advanced Defense: a router that supports outbound firewall rules, such as the Pepwave Surf SOHO, can block the TV from phoning home. First, watch where it sends data, then block these transmissions one a time (in case some of them are necessary). Using a Raspberry Pi running Pi-Hole for DNS should also be able to block a TV from phoning home. Or, a free account at OpenDNS lets you audit the DNS on your home network and block some domains.
- Privacy of Streaming Apps and Devices: Watching TV That Watches Us from Common Sense Media (Aug 2021). There are two things here, a large report on extensive testing that they did and a short privacy rating for assorted streaming hardware boxes and streaming services.
- Defense: one type of attack comes from the LAN. Roku, and perhaps competing devices, can accept commands using HTTP from the LAN. To prevent this, isolate the streaming box. If using Wi-Fi, connect it to a Guest network. Some, not all, routers will isolate Guest network users from each other, blocking this type of attack. More advanced users can put the streaming box in a VLAN. The first suggested Roku setting above, should also block this, but it only applies to Roku and may change in the future.
DEFENDING YOUR PRIVACY ON ROKU
- Check these settings (as of OS version 11.5.0 Nov. 2023)
Privacy -> Advertising -> Advertising Preferences -> configure as desired
Privacy -> Advertising -> turn Personalize ads OFF
Privacy -> Advertising -> reset the Advertising ID every now and then
Privacy -> Voice -> Microphone access -> Channel microphone access -> set to Never allow
Privacy -> Voice -> turn off the Speech recognition checkbox
Privacy -> Smart TV Experience -> disable "Use info from TV inputs" (not on a standalone box)
System -> Screen Mirroring -> set Screen Mirroring Mode to either Prompt or Never Allow
System -> Advanced System Settings -> Control by Mobile Apps -> disable "Network Access"
Zip code -> Do not use your real one. Maybe none, maybe one in same time zone
- The Mozilla Privacy Not Included website has a page devoted to Roku Streaming Sticks dated Nov. 9, 2022. They offer 10 defensive steps.
- Roku TV: From How to Disable Interactive Pop-Up Ads on Your Roku TV by Chris Hoffman October 2019. As of Roku OS 9.2, the TVs display pop-up advertisements over commercials on live TV. If an advertiser has partnered with Roku, that advertiser can display an interactive pop-up ad over the normal commercial. This only applies to Roku TVs, not the external sticks or boxes. To disable it: Settings -> Privacy -> Smart TV Experience -> disable "Use info from TV inputs".
- There are many articles about blocking Roku monitoring by blocking access to assorted domains and sub-domains. For a long time now I have blocked all access from my LAN to scribe.logs.roku.com and cooper.logs.roku.com. My Roku box works just fine without these. I chose them because they were the most popular logs my Roku box was accessing.
- Roku networking: I have seen a Roku 2XS running firmware 9.1.0 make outbound requests to the Google DNS server at 126.96.36.199, port 53, using TCP. This is suspicious for multiple reasons, one being that the router assigns other DNS servers. Thus, the use of 188.8.131.52 is hard coded into either the Roku system or one of the channels. One reason to do this is to avoid DNS based restrictions in the router. Also, UDP is the norm for DNS, not TCP. I have not captured the actual packets.
- More Roku networking: I always see the same Roku 2XS box making outbound connections to IP address 172.29.243.255. This should never occur as this is a private IP address, one that can never exist on the Internet. These connections use UDP and both the source and destination port are always 1975. This seems to be part of the OS, I see it even when just powering on and not using any channels. I contacted Roku about this and they would not explain why this happens.
DEFENDING YOUR PRIVACY - NON ROKU
- Netflix: login to netflix.com with your userid/password. Click on the profile icon in the top right corner, then click Account. To see all the info Netflix has on you, click on
"Download your personal information". To remove something from your viewing history: start at Account info, then click on a profile, then Viewing History. To remove an item, click the circle on the far right.
- Hulu: Log in to Hulu.com and open the Account page. Go to Privacy and Settings. Select Manage Nielsen Measurement and opt out. Select California Privacy Rights. Under Right to Opt Out, click Change Status and opt out. To clear the watch history: Under Manage Activity, click Watch History, then Clear Selected.
- Fire TV: Go to Settings -> Preferences -> Advertising ID. Then, disable Interest based ads. This may be old (I don't have a Fire TV). If so, try: Settings -> Preferences -> Privacy Settings. From there, disable Interest-based Ads, Device Usage Data and Collect App Data Usage. Also do: Settings -> Preferences -> Data Monitoring and turn it off.
- Apple TV: Go to Settings -> General -> Privacy -> Tracking and turn it off
- Apple TV: Adjust privacy settings on Apple TV from Apple. Undated. Has instructions for multiple versions of tvOS
- Apple TV: From the Mozilla Privacy Not Included website, a report on Apple TV 4K November 1, 2023. Quoting: "All in all, yes, Apple is generally better than other Big Tech companies (cough, Meta, cough cough, Amazon, cough Samsung), when it comes to privacy. They seem to do a better job at collecting less data, probably because they aren’t trying to sell as many ads as Google and Facebook -- yet. So when we hear that more ads are coming, that does alert our privacy Spidey Sense a bit."
- Amazon Prime video suggested settings are in the Amazon section
- Turn it off: How to Turn Off Smart TV Snooping Features by James K. Willcox of Consumer Reports. This has been continually updated. This version was Published February 17, 2021 and last Updated October 14, 2022. When I first linked to this article, it was dated
September 2019. The article only covers TVs but includes Roku TVs.
- Turn it off: Your smart TV is spying on you. Here are step-by-step instructions to stop it by Jefferson Graham in USA TODAY (Jan 2020). Covers Fire TVs, LG, TCL/Roku, Samsung, Sony and Vizio.
- How to Stop Smart TVs From Snooping on You by Lance Whitney in PC Magazine (April 2020).
- Things are bad: From Lily Hay Newman in Wired (Sept 2019) On Roku and Amazon Fire TV, Channels Are Watching You. The article discusses academic research from Princeton University and the University of Chicago that found over 2,000 streaming apps doing tracking even when told not to (see the Settings at the top of this topic). 89 percent of Amazon Fire TV channels and 69 percent of Roku channels contained easily spottable trackers that collected information about a viewing habits and preferences, along with unique identifiers. No defenses offered. Here is an article by the researchers: Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices (Sept 2019) and their more formal research paper
Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices (PDF) by Hooman Mohajeri Moghaddam, Gunes Acar, Ben Burgess, Arunesh Mathur, Danny Yuxing Huang, Nick Feamster, Edward W. Felten, Prateek Mittal and Arvind Narayanan.
One of the companies watching you is incscape.tv. See their sample of live data.
Samsung can remotely disable their TVs worldwide using TV Block by Sergiu Gatlan of Bleeping Computer (August 2021)
Audio: For many reasons, the audio on TV sets is poor such that it makes it hard to understand what people are saying. Some TVs have a feature to boost the dialog or reduce loud noises. On Samsung look for the Amplify feature. On LG, look for Clear Voice II. On Roku TVs look for Dialog Enhancement or Speech Clarity. If you can afford to, connect the TV to a stereo system or a sound bar that has a center speaker.