By Jeremy Hsu on September 24, 2024
Popular smart TV models made by Samsung and LG can take multiple snapshots of what you are watching every second – even when they are being used as external displays for your laptop or video game console.
Smart TV manufacturers use these frequent screenshots, as well as audio recordings, in their automatic content recognition systems, which track viewing habits in order to target people with specific advertising. But researchers showed this tracking by some of the world’s most popular smart TV brands – Samsung TVs can take screenshots every 500 milliseconds and LG TVs every 10 milliseconds – can occur when people least expect it.
“When a user connects their laptop via HDMI just to browse stuff on their laptop on a bigger screen by using the TV as a ‘dumb’ display, they are unsuspecting of their activity being screenshotted,” says Yash Vekaria at the University of California, Davis. Samsung and LG did not respond to a request for comment.
Vekaria and his colleagues connected smart TVs from Samsung and LG to their own computer server. Their server, which was equipped with software for analysing network traffic, acted as a middleman to see what visual snapshots or audio data the TVs were uploading.
They found the smart TVs did not appear to upload any screenshots or audio data when streaming from Netflix or other third-party apps, mirroring YouTube content streamed on a separate phone or laptop or when sitting idle. But the smart TVs did upload snapshots when showing broadcasts from the TV antenna or content from an HDMI-connected device.
The researchers also discovered country-specific differences when users streamed the free ad-supported TV channel provided by Samsung or LG platforms. Such user activities were uploaded when the TV was operating in the US but not in the UK.
By recording user activity even when it’s coming from connected laptops, smart TVs might capture sensitive data, says Vekaria. For example, it might record if people are browsing for baby products or other personal items.
Customers can opt out of such tracking for Samsung and LG TVs. But the process requires customers to either enable or disable between six and 11 different options in the TV settings.
“This is the sort of privacy-intrusive technology that should require people to opt into sharing their data with clear language explaining exactly what they’re agreeing to, not baked into initial setup agreements that people tend to speed through,” says Thorin Klosowski at the Electronic Frontier Foundation, a digital privacy non-profit based in California.
Btw, is there a firmware hacking/flashing scene for smart TVs?
I would love to able to able to put a different OS that does nothing but what I actually tell it to so on my smart TV…
Do not connect your Smart TVs to network people, seriously. Just a bad idea. Use a media center PC or some other device that allows you to stream content, and make sure the TV itself is just a big monitor, nothing more.
The divide between the tech savvy and the tech illiterate grows deeper.
And wider?
Do they do that in EU too?
It says not UK - obvs not EU currently - but safe bet, no?
Use a pihole people, don’t go barebacking the internet
Doesn’t help if the device has a baked in DNS address and just ignores your settings tho. Amazon and Google devices seem prone to that. After blocking everything on the common DNS ports except the PiHole, some of my devices have been acting kinda sluggish.
Easy to block that - though not with pihole exclusively.
We use another tool at our network edge to block all 53/853 traffic and redirect all port 53 traffic to our internal DNS resolver (works much like pihole).
Then we also block all DoH.
Only two devices have failed using this strategy: Chromecast - which refuses to work if it can’t access googles DNS. And Philips Hue bridges. Both lie and say “internet offline”. Every other device - even some of the questionable ones on a special VLAN for devices we trust work just fine and fall back to the router-specified DNS.
That might not help…
For example, it might record if people are browsing for baby products or other personal items.
Don’t mind baby products and dildos or whatever.
They could see bank activity and even login credentials when someone is temporarily displaying their own passwords.
This basically ignores all security measures regarding everything. Sensitive communication, company secrets and so on.
That’s fucking seriously huge. What the fuck?!
I know right!?? I connected my htpc to my Samsung tv. Omg!
Right? But we’ve been convinced the Chinese government spying on us through Huawei is a problem.
LG by now will have several weeks of footage of me scrolling through streaming services and failing to find anything to watch.
Diagnosis: ADHD. Display ads for stimulants.
Probably won’t happen as I’m not in the US, however if it does start to show ads it will be very quickly disconnected from the internet and relegated to being solely a display for the PS5. It’s not far off that anyway.
prediction if this becomes widespread: soon they will have their own wireless internet connection just so they wont have to rely on your network to spy on you lel😎
The question now is, even if I don’t connect the TV to Internet, what TV brand should I buy? Currently I have LG, but no way I’m supporting that even without Internet connection.
Well thing is, they all track you to some point.
Specs wise, LG still makes some of the best TVs. You want 4k 120Hz, they’ve got you. But if you feel morally unable to support a company that has opt-out tracking like this, you’re a bit more limited. I thought maybe Sony’s better, but nope. There’s instructions on how to disable ACR on their TVs too. Philips comes with Roku or Google TV, both of which snoop on you, but I don’t know if they do the automatic content recognition thing.
Dumb TVs exist, but good luck finding one with a decent resolution AND price.
Many video projectors don’t. My Epson doesn’t.
that name invokes the old horror that is printers
Epsons were pretty chill printers. You could buy just the print head and you could use your own ink refills
hopfully they dont communicate locally with other lg or partnered devices
now or in the future
Fortunately these TVs are not yet sophisticated enough to communicate to the internet without your permission like Apple devices do now.
Like amazon ring devices? I think it’s called Sidewalk .
You hear that? It’s a whisper… It’s a multinational multibillion dollar class action lawsuit coming after Samsung and LG. WTF!
I never own a smart tv, but can you flash custom firmwares into it?
Well there are no non smart TVs anymore as far as I can tell, except the “monitor” version of TVs for 30% more money and maybe some antique 32" TVs with resolution of 1366x768
AFAIK there’s no custom firmware for these devices.
That would be sweet but I have never come across such a thing unfortunately!
Would be nice if we could have some technological privacy laws written in this century.
We need all the boomers in Capitol Senior Care Home to vacate first
You have it backwards. You have to EVICT them.
They already tried Jan 6 ! The old geezers won’t go.
This is why our “smart” TV is not allowed to be connected to the internet.
There is such a thing called HDMI Ethernet. If you connect some sort of Android box to your TV it might establish an Ethernet connection with it and thus connect to the internet.
Android has closed source Google spy framework, don’t use that.
Agreed. It’s not solving anything when you move to Android TV.
If you use an Android TV system you don’t get to complain about your video output device tracking.
I have searched for alternatives. There are none that I am aware of. I just want a streaming box that can run jellyfin with a simple remote. I really don’t want to use a keyboard in bed.
If anyone knows a simple setup that boots straight into jellyfin with a remote, I would love to hear about it.
But can you really be sure that it doesn’t connect to another network? i have to check again but if i recall correctly there are TVs that try to connect to other open networks or even look for other TVs from the same manufacturer and connect through those to the internet. I have to double check this again, so take this with a grain of salt
A smart TV is not allowed on my property.
I am a bit puzzled about the “even when your laptop is connected” part.
I have a small android box connected to it and am not using apps on the TV so it should have no chance of sending screenshot out even if it takes them.
The TV itself is not connected
Sorry for being paranoid but can the TV piggyback the connection used by the the streaming device/android box to send data back to the TV OEM?
The only connection the TV has is hdmi. I do not think that back and forth communication is possible there.
If the TV has wifi, it can do its thing but that would also be easy to disable.
Not yet but it is clear in the future most devices will be able to do that, we will have ubiquitous low grade internet access everywhere. Your neighbours devices will let your electronics snitch on you even if you seal up your own internet
But if you connect your phone to the android box then the TV could use the phone to send the screenshots.
TV->android box->phone->internet.
what kind of Android box do you have? anything you recommend? (looking to have some sort of streaming client)
the google tv with chromecast dongle is quite decent, good price/performance ratio
Nvidia Shield. The bigger one.
Yes, it’s a couple of years old at this point, but it’s still the best device of its kind.
Not to mention the remote is FANTASTIC.
It’s a Chinese one that I used at first for retro gaming with emuelec. Now it is dual boot and I have kodi and newpipe on it too.
awful ethics aside what a disgusting waste of processing power. software already barely runs
now you know why
Screenshotting every 500ms is insane.
Even a 0.30$ ch32v003 could handle this tiny amount of data. It’s not a resource limit
I was curious enough to check and with 2KB SRAM that thing doesn’t have anywhere enough memory to process a 320x200 RGB image much less 1080p or 4K.
Further you definitelly don’t want to send 2 images per-second down to a server in uncompressed format (even 1080p RGB with an encoding that loses a bit of color fidelity to just use two bytes per pixel, adds up to 4MB uncompressed per image), so its either using something with hardware compression or its using processing cycles for that.
My expectation is that it’s not the snapshoting itself that would eat CPU cycles, it’s the compression.
That said, I think you make a good point, just with the wrong example - I would’ve gone with: a thing capable of handling video decoding at 50 fps - i.e. one frame per 20ms - (even if it’s actually using hardware video decoding) can probably handle compressing and sending over the network two frames per second, though performance might suffer if they’re using a chip without hardware compression support and are using complex compression methods like JPEG instead of something simpler like LZW or similar.
The amount of effort i had to put into buying a dumb tv the last time it was new tv time is positively infuriating.
Yup. When we went to buy a TV I knew this was happening because the smart TVs with wifi and extra hardware and software were cheaper than the dumb TVs. Nothing is free, I knew they had to be doing this shit.
Cool. I’ve already got more books than I’ll be able to finish before I die. Might as well get back into reading. Fuck those bastards.
I couldn’t even find one last time
Yeah. My Samsung claws my firewall like a squirrel trapped in a box. It intensifies on certain hours of the day. I’m quite sure it also tries to send what devices are connected and filenames are in attached memory sticks. Maybe also some media file checksums.
Do your firewall rules allow you to block your tv’s telemetry, while allowing you to still use the internet on it? If so, would you mind sharing how you did it?
You should look into PiHole, if you’re half-savvy with computers. They should be able to block all the destinations smart TVs are trying to connect to
Pi hole won’t help.
Very easy to circumvent
Sinkholes can be negated by manufacturers using static, hardcoded dns addresses. Be careful and check traffic regularly.
And they do. My Philips TV didn’t even ask for DNS until hardcoded IPs for Netflix et al. timed out. And when it did, it asked Google, not my router.
This is why you need to do DNS hijacking to handle hardcoded DNS requests.
And those can be blocked and even redirected at the router level. Though not as simple as spinning up a pihole.
Actually simpler, if you have an Asus router. Just remember to disable its telemetry stuff…
… Sending telemetry to Asus about the TV sending telemetry to LG? Wtf is this timeline?
We are on the “let’s see how back corporate greed can get” simulation server.