1083
Smart TVs take snapshots of what you watch multiple times per second (kbin.melroy.org)
submitted 18 hours ago by [email protected] to c/[email protected]
308 comments fedilink hide all child comments

By Jeremy Hsu on September 24, 2024

Popular smart TV models made by Samsung and LG can take multiple snapshots of what you are watching every second – even when they are being used as external displays for your laptop or video game console.

Smart TV manufacturers use these frequent screenshots, as well as audio recordings, in their automatic content recognition systems, which track viewing habits in order to target people with specific advertising. But researchers showed this tracking by some of the world’s most popular smart TV brands – Samsung TVs can take screenshots every 500 milliseconds and LG TVs every 10 milliseconds – can occur when people least expect it.

“When a user connects their laptop via HDMI just to browse stuff on their laptop on a bigger screen by using the TV as a ‘dumb’ display, they are unsuspecting of their activity being screenshotted,” says Yash Vekaria at the University of California, Davis. Samsung and LG did not respond to a request for comment.

Vekaria and his colleagues connected smart TVs from Samsung and LG to their own computer server. Their server, which was equipped with software for analysing network traffic, acted as a middleman to see what visual snapshots or audio data the TVs were uploading.

They found the smart TVs did not appear to upload any screenshots or audio data when streaming from Netflix or other third-party apps, mirroring YouTube content streamed on a separate phone or laptop or when sitting idle. But the smart TVs did upload snapshots when showing broadcasts from the TV antenna or content from an HDMI-connected device.

The researchers also discovered country-specific differences when users streamed the free ad-supported TV channel provided by Samsung or LG platforms. Such user activities were uploaded when the TV was operating in the US but not in the UK.

By recording user activity even when it’s coming from connected laptops, smart TVs might capture sensitive data, says Vekaria. For example, it might record if people are browsing for baby products or other personal items.

Customers can opt out of such tracking for Samsung and LG TVs. But the process requires customers to either enable or disable between six and 11 different options in the TV settings.

“This is the sort of privacy-intrusive technology that should require people to opt into sharing their data with clear language explaining exactly what they’re agreeing to, not baked into initial setup agreements that people tend to speed through,” says Thorin Klosowski at the Electronic Frontier Foundation, a digital privacy non-profit based in California.

https://www.newscientist.com/article/2449198-smart-tvs-take-snapshots-of-what-you-watch-multiple-times-per-second/ (paywall!!)

top 50 comments
sorted by: hot top controversial new old
[-] [email protected] 5 points 28 minutes ago* (last edited 25 minutes ago)

Buy a computer monitor, a projector or a commercial display instead, they tend to be dumb.

Alternatively, don't connect your TV to the internet (bear in mind some are wireless). Unplug it from the wall when not in use.

As if Microsoft's Recall wasn't enough...

[-] [email protected] 1 points 2 minutes ago

Alternatively, don't connect your TV to the internet

Until the first use menu gauntlet requires an internet connection to complete setup and enable the device for normal usage.

[-] [email protected] 2 points 9 minutes ago* (last edited 8 minutes ago)

THIS is piracy. Along with all the other personal data selling.

[-] [email protected] 15 points 2 hours ago

So I guess they learned nothing from the last class action lawsuit https://topclassactions.com/lawsuit-settlements/lawsuit-news/lg-samsung-sony-class-action-alleges-smart-tv-privacy-violations/. Also reminded me of this past gem from LG: https://arstechnica.com/information-technology/2013/11/lg-smart-tv-snooping-extends-to-home-networks-second-blogger-says/.

[-] [email protected] 15 points 3 hours ago

They're eating the dogs. 😊

[-] [email protected] 57 points 5 hours ago

Actual paper here.

https://arxiv.org/html/2409.06203v1

It is not sending full screenshots as anybody technical would already have guessed. It's a few KB over an hour, so it's content recognition hashes.

Opt out anyway. Their study shows the opt out option does indeed opt you out of it.

[-] [email protected] 1 points 3 minutes ago* (last edited 2 minutes ago)

This shouldn't be opt-out. This is the digital equivalent of some fucking pervert showing up at your window and taking pictures of your TV and then letting a bunch of other perverts pay to find out what you were watching so they can use that info to manipulate you, multiplied by however many millions of TVs they've sold. Even if the punishment for that crime was just a single week in jail, the people responsible should be facing several ~~hundred~~thousand years behind bars when you add it all up.

[-] [email protected] 9 points 5 hours ago

So the data is still captured every 500ms. But it batches the data together and indeed only send data of around 8kb every minute back to the centralized server. But 8kb can not be full screenshots of MBs of course, so this is some kind of meta / fingerprint data. The original author (Jeremy Hsu) is misleading here with the term "screenshot every 500ms".

the remaining scenarios exhibit consistent peak values occurring every minute, accompanied by additional smaller traffic one minute following each peak. Samsung’s official documentation (Canada, 2022a) mentions that its ACR captures the frames every 500ms, suggesting that Samsung batches the captures as well and sends the fingerprints every minute. The differences in ACR capture frequency explains the different network behavior across the two brands.

[-] [email protected] 9 points 2 hours ago

The original author (Jeremy Hsu) is misleading here with the term “screenshot every 500ms”.

"meta tags every 500ms" might be more accurate, but the end result is the same. The device is monitoring what you consume in order to aggregate data on your household.

[-] [email protected] 11 points 5 hours ago

Yeah, it'll grab a few frame, crunch them up, post back something like "ac8c986ffcb770d460151b20c1cfe628612247ac2d284c780761af3b544bfea7" to the servers and from there it likely gets binned as "not recognised" but might match a segment from Star Wars 4K77.

It sounds like the sort of thing that should be off by default (and it probably is, I haven't bought a new one for years), but what we've learnt since GDPR is that if a big box comes up over what you're trying to do and it has an "Accept" button, people will generally click it and read nothing just to get back to another riveting episode of America's Deadliest Home Shootouts or something.

[-] [email protected] 5 points 3 hours ago

America’s Deadliest Home Shootouts

Does that come on before or after "Ow! My Balls!"?

[-] [email protected] 1 points 13 minutes ago

Is that from the Idiocracy movie? 😀

[-] [email protected] 4 points 3 hours ago* (last edited 3 hours ago)

Right after "People Falling Down And Suffering Serious Injuries: Oops! All slide Whistles Edition!"

[-] [email protected] 1 points 10 minutes ago

But before Merica's Deadliest School Shootings

[-] [email protected] 33 points 6 hours ago

Do not connect your Smart TVs to network people, seriously. Just a bad idea. Use a media center PC or some other device that allows you to stream content, and make sure the TV itself is just a big monitor, nothing more.

[-] [email protected] 1 points 40 minutes ago

Better yet, buy a big monitor.

[-] [email protected] 2 points 27 minutes ago

If there were big monitors with the same color quality and in the same price range I'd do it. But usually large monitors are for signage.

At least that's what I've found.

[-] [email protected] 16 points 5 hours ago

I hear but have not verified that they will connect to an open network without letting you know.

[-] [email protected] 9 points 5 hours ago

I have definitely had to forget networks, then have them connect to that network weeks later at random, then having to forget the network again. Don't know how that's legal.

[-] [email protected] 10 points 5 hours ago

Forgetting a network is only when your wifi is password protected. If the TV can find an open wifi access point, it could just automatically connect to the internet. "Forgetting" a network doesn't help here..! Since there is nothing to forget (there are wifi points without password). But it should be forbidden IMO to automatically connect to these kind of access points. But even your mobile phone might do the same thing.

[-] [email protected] 1 points 49 minutes ago

Yep, it was my personal, password-protected network. Either someone reconnected it (unlikely, I live with my gf who doesn't use the TV) or it just cached the password until it decided to spy on my again 🙃

[-] [email protected] 1 points 30 minutes ago

At least you should be able to block its mac address

load more comments (1 replies)
[-] [email protected] 16 points 5 hours ago

Sceptre still sells dumb TVs'. If you are in the US, Walmart sells them. I have one and it's pretty good. No frills.

[-] [email protected] 1 points 4 minutes ago

I actually like mine. 4k on clearance for $300 for a 55" 3 uears ago. HD version was more. Menus suck and remote on/off is IR only, but I can make do.

[-] [email protected] 36 points 6 hours ago

Btw, is there a firmware hacking/flashing scene for smart TVs?

[-] [email protected] 11 points 5 hours ago

Yes there is, believe it or not. It just depends on the kind of TV you have.

I setup my LG to be “jailbroken” so I could have it inject a python script into a PS4 to mod that.

https://youtu.be/zYoesrUsIj8?feature=shared

Interesting stuff.

The other option is to setup a PiHole and find the telemetry they are using to send the info off and blocking that.

[-] [email protected] 12 points 5 hours ago* (last edited 5 hours ago)

Unfortunately no.

The best option if you want a new tv without this stuff is buying a business display, such as here:

https://www.sharpnecdisplays.us/products/displays/m651-2

This one even comes with a Raspberry Pi compute module.

You have to specifically search display and not TV.

[-] [email protected] 2 points 26 minutes ago

The problem is that usually picture quality is not the same.

load more comments (2 replies)
[-] [email protected] 12 points 5 hours ago

i genuinely do not understand how TVs are so corrupt and greedy. You just display pixels, that's it! The entire purpose is to convert 1s and 0s to pretty color

[-] [email protected] 9 points 4 hours ago* (last edited 4 hours ago)

Imagine if your computer monitor just displayed ads on top of the hdmi signal

[-] [email protected] 4 points 3 hours ago

I believe that is patented

load more comments (1 replies)
[-] [email protected] 18 points 6 hours ago

The divide between the tech savvy and the tech illiterate grows deeper.

load more comments (1 replies)
[-] [email protected] 126 points 9 hours ago

For example, it might record if people are browsing for baby products or other personal items.

Don't mind baby products and dildos or whatever.

They could see bank activity and even login credentials when someone is temporarily displaying their own passwords.

This basically ignores all security measures regarding everything. Sensitive communication, company secrets and so on.

That's fucking seriously huge. What the fuck?!

load more comments (6 replies)
[-] [email protected] 28 points 7 hours ago

Use a pihole people, don't go barebacking the internet

[-] [email protected] 26 points 6 hours ago

Doesn't help if the device has a baked in DNS address and just ignores your settings tho. Amazon and Google devices seem prone to that. After blocking everything on the common DNS ports except the PiHole, some of my devices have been acting kinda sluggish.

[-] [email protected] 10 points 6 hours ago* (last edited 6 hours ago)

Easy to block that - though not with pihole exclusively.

We use another tool at our network edge to block all 53/853 traffic and redirect all port 53 traffic to our internal DNS resolver (works much like pihole).

Then we also block all DoH.

Only two devices have failed using this strategy: Chromecast - which refuses to work if it can’t access googles DNS. And Philips Hue bridges. Both lie and say “internet offline”. Every other device - even some of the questionable ones on a special VLAN for devices we trust work just fine and fall back to the router-specified DNS.

load more comments (1 replies)
load more comments (1 replies)
load more comments
view more: next ›
this post was submitted on 26 Sep 2024
1083 points (99.0% liked)

Technology

58278 readers
4744 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]