By Jeremy Hsu on September 24, 2024
Popular smart TV models made by Samsung and LG can take multiple snapshots of what you are watching every second – even when they are being used as external displays for your laptop or video game console.
Smart TV manufacturers use these frequent screenshots, as well as audio recordings, in their automatic content recognition systems, which track viewing habits in order to target people with specific advertising. But researchers showed this tracking by some of the world’s most popular smart TV brands – Samsung TVs can take screenshots every 500 milliseconds and LG TVs every 10 milliseconds – can occur when people least expect it.
“When a user connects their laptop via HDMI just to browse stuff on their laptop on a bigger screen by using the TV as a ‘dumb’ display, they are unsuspecting of their activity being screenshotted,” says Yash Vekaria at the University of California, Davis. Samsung and LG did not respond to a request for comment.
Vekaria and his colleagues connected smart TVs from Samsung and LG to their own computer server. Their server, which was equipped with software for analysing network traffic, acted as a middleman to see what visual snapshots or audio data the TVs were uploading.
They found the smart TVs did not appear to upload any screenshots or audio data when streaming from Netflix or other third-party apps, mirroring YouTube content streamed on a separate phone or laptop or when sitting idle. But the smart TVs did upload snapshots when showing broadcasts from the TV antenna or content from an HDMI-connected device.
The researchers also discovered country-specific differences when users streamed the free ad-supported TV channel provided by Samsung or LG platforms. Such user activities were uploaded when the TV was operating in the US but not in the UK.
By recording user activity even when it’s coming from connected laptops, smart TVs might capture sensitive data, says Vekaria. For example, it might record if people are browsing for baby products or other personal items.
Customers can opt out of such tracking for Samsung and LG TVs. But the process requires customers to either enable or disable between six and 11 different options in the TV settings.
“This is the sort of privacy-intrusive technology that should require people to opt into sharing their data with clear language explaining exactly what they’re agreeing to, not baked into initial setup agreements that people tend to speed through,” says Thorin Klosowski at the Electronic Frontier Foundation, a digital privacy non-profit based in California.
LOL “if it was opt-in, no one would do it!”
no fucking shit. there is nothing worth watching that i would buy a smart tv for
One issue that has come up recently in discussions on here is that it’s hard to get dumb TVs or computer monitors in large format in 2024.
Not impossible, but surprisingly difficult. I went looking for a large computer monitor for some user who wanted a large one. I eventually found an older one on Amazon still for sale, but it’s not that easy to get large computer monitors, which I think is part of what drives people to use smart TVs as computer monitors.
You can get projectors, but that’s not what everyone’s after.
A smart tv without an internet connection is usually close enough to a dumb TV. It’s not like your TV needs regular security updates so leaving it off your home network is fine.
I do not know how true it is, but I’ve heard that some of them will create a mesh network if your neighbor has the same brand and it’s connected to the internet.
I’ve always meant to look into it but I have big dumb TVs that work for now.
Open the tv and rip out the antenna. Y’all already forgot the classic secret agent trope of checking the hotel room for bugs? Now we all get to play that game!
Nowadays the antenna is often embedded into the pcb, so no way to rip it out other than scraping off the traces
Google part numbers (if they aren’t scratched off/lasered off/ epoxied). Once you’ve found the ethernet controller, you can short out the pins, or yeet it off the board.
“mechanical malfunction, please contact support” as a big red warning that you cannot dismiss
Would love to know how true this is as I wouldn’t put it past manufacturers
There’s another reply further down that goes into specifics. I ain’t the one because I didn’t come with receipts and I’m just a drunk.
It’s called wardriving, a practise Samsung TVs are infamous for.
I never put that together with wardriving but that’s exactly what it is. Thank you for that.
Unrelated story: ~20 years ago I was in the military and broke as hell. I went wardriving in my neighborhood looking for open wifi and found a business not too far away that had it. So I built an antenna out of a coffee can, mounted it up just outside my window, and got free wifi for months.
To me, Wardriving is back in the day when you used to drive around town with a laptop and a program that catalogues all the open wifi networks in range.
I will not give them the satisfaction.
Smart TVs are only smart when they are connected to the internet.
As mentioned by others, they sometimes network with nearby devices such as your neigbor’s TV or an unsecured wifi.
if it was opt-in, no one would do it!
Which should be telling them that not only does no one want it, but maybe just maybe we already paid for your fucking TV. Either raise the price or stop being so fucking goddamn greedy to the point that you force us to make the government force you to stop.
Of course the bought and paid for US government won’t, but hopefully EU governments will.
These are criminal violations of the Computer Fraud and Abuse Act. Jail the motherfucking felon CEOs!
But the supreme court ruled to save the conviction for the election.
Worse than that, they
havegave free speech to corporations, and now that includes doing nearly anything involving communication or spending money.I’ll believe corporations are people the moment Texas executes ones.
You know what’s really fucked up? The concept of “corporate personhood” that Citizens United depends upon was invented wholesale by a goddamn clerk! The Santa Clara County v. Southern Pacific Railroad Co. decision itself didn’t actually address the issue; the clerk just wrote a headnote “assuming” that the Equal Protection Clause of the 14th Amendment applied to corporations for ~reasons~ and subsequent courts treated as if it were gospel.
On politics itself no less.
So LG and Samsung likely have tons of illegal (copyright) content on their servers then? Ownership is 9/10ths of the law so they say. That’s gotta be exabytes
Most likely yes… And other privacy sensitive information like banking details, passwords and more.
Well, then you should sue them.
awful ethics aside what a disgusting waste of processing power. software already barely runs
now you know why
Screenshotting every 500ms is insane.
Even a 0.30$ ch32v003 could handle this tiny amount of data. It’s not a resource limit
I was curious enough to check and with 2KB SRAM that thing doesn’t have anywhere enough memory to process a 320x200 RGB image much less 1080p or 4K.
Further you definitelly don’t want to send 2 images per-second down to a server in uncompressed format (even 1080p RGB with an encoding that loses a bit of color fidelity to just use two bytes per pixel, adds up to 4MB uncompressed per image), so its either using something with hardware compression or its using processing cycles for that.
My expectation is that it’s not the snapshoting itself that would eat CPU cycles, it’s the compression.
That said, I think you make a good point, just with the wrong example - I would’ve gone with: a thing capable of handling video decoding at 50 fps - i.e. one frame per 20ms - (even if it’s actually using hardware video decoding) can probably handle compressing and sending over the network two frames per second, though performance might suffer if they’re using a chip without hardware compression support and are using complex compression methods like JPEG instead of something simpler like LZW or similar.
Why think of it as a compression problem? Isn’t the spy device already getting compressed video form some source? That makes it a filtering problem. You would set it to grab and ship key frames (or equivalent term) if you wanted a human to be able to see the intel. But for content matching, maybe count some interval of key frames and then grab the smallest difference frame between the next two key frames. Gives a nice, premade small data chunk. A few of those in sequence starts looking like a hash function (on a dark foggy night).
Would want some way to sync up the frames that the spy device grabs and the ones grabbed when building the db to match against. Maybe resetting the key frame interval counter when some set of simple frames come through would be enough. Like anything with a uniform color across the whole image or something similar.
Just spitballing here. I like your impulse to math this.
We’re talking about fingerprinting stuff coming in via HDMI, not stuff being played by the “smart” part of the TV itself from some source.
You would probably not need to actually sample images if it’s the TV’s processor that’s playing something from a source, because there are probably smarter approaches for most sources (for example, for a TV channel you probably just need to know the setting of the tuner, location and the local time and then get the data from available Program Guide info (called EPG, if I remember it correctly).
The problem is that anything might be coming over HDMI and it’s not compressed, so if they want to figure out what that is, it’s a much bigger problem.
Your approach does sound like it would work if the Smart TV was playing some compressed video file, though.
Mind you, I too am just “thinking out loud” rather that actually knowing what they do (or what I’m talking about ;))
I assumed HDMI had some form of encoding, thanks for the correction. Looks like v 2.1 does.
I think the syncing idea between the spy device and db is still useful. The video itself has stuff to use for reducing the search space by making sure they puck the same instants to fingerprint and exfiltrate.
I don’t think they will compress the screenshot and send them but run content in a tensorflow lite model or even just hash a few of the pixels to try for an ID match
Well that makes sense but might even be more processor intensive unless they’re using an SOC that includes an NFU or similar.
I doubt it’s a straight forward hash because a hash database for video which includes all manner of small clips and has to somehow be able to match something missing over 90% of frames (if indeed the thing is sampling it at 2 fps, then it only sees 2 frames out of every 25) would be huge.
A rough calculation for a system of hashes for groups of 13 frames in a row (so that at least one would be hit if sampling at 2 fps on a 25 fps system) storing just one block of 13 frame hashes per minute in a 5 byte value (so large enough to have 5 trillion distinctive values) would in 1GB store enough hashes for 136k 2h movies in hashes alone so it would be maybe feasible if the system had 2GB+ of main memory, though even then I’m not so sure the CPU speed would be enough to search it every 500ms (though if the hashes are ordered by value in a long array and there’s a matching array of clip IDs, it might be doable since there are some pretty good algorithms for that).
I would sample a few dozens equally space pixels out of the frame, then drop similar value frames, and send that with timestamp. In the cloud, you runs those few pixels in a content recognition model.
It doesn’t have to be especially accurate or know any niche content, the point is to make a psychomarketing profile of the customer like “car guy, watches tool reviews”.
TVs I’ve come across are such displeasure to use, it’s incredible
Would be nice if we could have some technological privacy laws written in this century.
We need all the boomers in Capitol Senior Care Home to vacate first
Until then just desolder the antennas good luck sending data with no way to connect to the internet.
For example, it might record if people are browsing for baby products or other personal items.
Don’t mind baby products and dildos or whatever.
They could see bank activity and even login credentials when someone is temporarily displaying their own passwords.
This basically ignores all security measures regarding everything. Sensitive communication, company secrets and so on.
That’s fucking seriously huge. What the fuck?!
I’m so tired
Moi aussi. I am le tired.
Well, have a nap
THEN FIRE ZE SAMSUNG & LG CEOS!
Bout that time eh chaps?
… right-o.
Zen have a nap
Ich auch
Actual paper here.
https://arxiv.org/html/2409.06203v1
It is not sending full screenshots as anybody technical would already have guessed. It’s a few KB over an hour, so it’s content recognition hashes.
Opt out anyway. Their study shows the opt out option does indeed opt you out of it.
THIS is piracy. Along with all the other personal data selling.
Imagine the amount of bandwidth and energy saved, if they didn’t do any of this bullshit.
They are essentially using someone else’s money to get themselves more money. Fuck these people!
You hear that? It’s a whisper… It’s a multinational multibillion dollar class action lawsuit coming after Samsung and LG. WTF!
Okay. So how do we turn it off!? I’ve read nothing in my Samsung manuals about this “feature” and here no instructions for turning it off.
Just don’t hook it up to your wifi. Don’t use any of its included apps. If you must stream get a separate device to do it.
This is the correct answer. I actually disabled LG’s version of it when I first heard about it. A few months later it had been reactivated in an update, so I just factory reset it and connected an old laptop.
You can’t trust anyone — corporation or government — to protect or respect your privacy. Ever. If it’s not open source and E2EE, assume that a criminal is going to view and process it for profit.
No it is not the correct answer! The correct answer is to put the CEOs who perpetrate this criminal shit in prison for millions of counts of hacking and stalking!
Merely shrugging and implementing a technological workaround is not an appropriate response to someone perpetrating a felony against you!
Okay… Though I agree the system is run by criminals, I’m gonna continue protecting my data as best I can, and recommending everyone do the same, while you live in a magical fantasy land where we don’t live in capitalist plutocracies and the rule of law applies to everyone, equally!
The downvotes are because your “solution” is not based in the reality that the rest of us live in.
There are no downvotes, so I’m not sure what point you think you’re making.
I have a Samsung smart TV that is not connected to any networks, and every few days it will display a ‘detecting device’ loading screen when switching to my input that fails after 30 seconds or until I cancel it (canceling does not seem to impact its functioning)
I have no evidence but I strongly suspect this to be related to attempting to record and send device data to a remote server.
I have noticed this too, I have to press the ‘back’ button on the remote to get the computer output.
Question, what separate device is best and most privacy focused? I just imagine getting a firestick, google Chromecast, etc would also give away data?
There are some open-source systems for media PCs.
Kodi seems to me to be popular, though I don’t use a media PC myself.
You’ll need to have the technical knowledge to install it yourself.
Again your media PC (or HTPC) is still connected to a smart TV. And the problem is with the TV recording HDMI data. In fact, if you read correctly, the Smart TV does no record data from the built-in apps like Netflix.
It still can connect to untrusted wifi access point (without password protection). So also try to go to: Settings Menu -> General & Privacy -> Terms & Privacy -> And there is a whole list of privacy setting. Try to find the option to: Do not agree with all. Or you need to manually disallow each privacy option… Good luck!
Sometimes it requires Wi-Fi for setup. In that case, change the Wi-Fi password after you set it up.
No Internet for the device
They have been known to connect automatically to nearby compatible devices or unsecured wifi.
Use Pi-hole and block their domains
They’re getting smart to that and are starting to hard code server IPs, circumventing any DNS you have in place.
Joke’s on them. Their telemetry server is in another
castleVLAN.TV: mamma mia!
Do you know where I can source the domains?
https://blocklistproject.github.io/Lists/ the Smart TV list under their beta lists.
I use nextdns on my network and there’s a filter there for smart tvs. Samsung seems to want to call home the most.
Disable internet.
You’ll have to insulate your home from any outside unsecured wifi and compatible devices to stop some of them from networking.
Since it can also connect to untrusted wifi access point (eg. without password). You need to live in a Faraday cage …
You know that part of the manual that tells you to connect the TV to the Internet?
Don’t do that.
That sadly doesn’t work well enough. They will connect to things on their own.
That’s some underhanded bs. I didn’t know they started doing that. Damn.
If there are open wifi networks near your TV that you can’t lockdown, you’ll want to confirm it your make/model is known to automatically connect to those, and then take whatever mitigation steps are justified for your own use case.
For example, if you have multiple TVs, maybe you can swap models around based on their capabilities and location, or look up the schematic for the TV and see if it’s easy to block it’s internal antennas.
Or maybe that seems like too much of a hassle and you just say fuck it, and don’t worry about it. Which is always an option, because given how much data already gets sucked up by surveillance capitalism, my evening TV viewing habits have to be some of the lowest value data points, as I already block ads and avoid all ad supported services.
I love my Samsung because I never gave it the wifi credentials.
Dumb TV is better. My PS5 can do everything I want and I already give all my metrics to them just playing it
Hello 8th person I’ve had to explain this to: they still connect to stuff. Even if you disable WiFi on the Samsung TV they can mesh network with other TVs in your neighborhood or with your phone (Samsung is particularly pushy about wanting you to install and connect your phone).
Ok I’ll look into this. I have not witnessed any evidence of this behavior. What frequency would this be meshed on? Any 2.4GHz and 5Ghz I would have already seen.
You can go to Settings Menu -> General & Privacy -> Terms & Privacy -> And there is a whole list of privacy setting you automatically agreed with (which you didn’t). However, you should find an option for: Do not agree with all. Or you need to manually disallow each privacy option… Good luck!
Its real tricky to get into and overwrite some of the SoC processors and ARM chipsets, but pretty earlyon the hacker crowd was turning Samsungs Smart TVs dumb.
They’ve acrually got some great resistance to screen burn.
Yeah. My Samsung claws my firewall like a squirrel trapped in a box. It intensifies on certain hours of the day. I’m quite sure it also tries to send what devices are connected and what filenames are in attached memory sticks. Maybe also some media file checksums.
Do your firewall rules allow you to block your tv’s telemetry, while allowing you to still use the internet on it? If so, would you mind sharing how you did it?
You should look into PiHole, if you’re half-savvy with computers. They should be able to block all the destinations smart TVs are trying to connect to
Sinkholes can be negated by manufacturers using static, hardcoded dns addresses. Be careful and check traffic regularly.
And they do. My Philips TV didn’t even ask for DNS until hardcoded IPs for Netflix et al. timed out. And when it did, it asked Google, not my router.
This is why you need to do DNS hijacking to handle hardcoded DNS requests.
Pi hole won’t help.
Very easy to circumvent
This is why our “smart” TV is not allowed to be connected to the internet.
But can you really be sure that it doesn’t connect to another network? i have to check again but if i recall correctly there are TVs that try to connect to other open networks or even look for other TVs from the same manufacturer and connect through those to the internet. I have to double check this again, so take this with a grain of salt
If that’s true - lan for your own content with network isolation and ripping out the WiFi antenna, I guess?? I hate this
There is such a thing called HDMI Ethernet. If you connect some sort of Android box to your TV it might establish an Ethernet connection with it and thus connect to the internet.
If you use an Android TV system you don’t get to complain about your video output device tracking.
I have searched for alternatives. There are none that I am aware of. I just want a streaming box that can run jellyfin with a simple remote. I really don’t want to use a keyboard in bed.
If anyone knows a simple setup that boots straight into jellyfin with a remote, I would love to hear about it.
Maybe put Lineage OS on a compatible Android TV box. These do have remotes and have almost no Google telemetry.
Android has closed source Google spy framework, don’t use that.
Agreed. It’s not solving anything when you move to Android TV.
A smart TV is not allowed on my property.
I am a bit puzzled about the “even when your laptop is connected” part.
I have a small android box connected to it and am not using apps on the TV so it should have no chance of sending screenshot out even if it takes them.
The TV itself is not connected
what kind of Android box do you have? anything you recommend? (looking to have some sort of streaming client)
Nvidia Shield. The bigger one.
Yes, it’s a couple of years old at this point, but it’s still the best device of its kind.
Not to mention the remote is FANTASTIC.
It’s a Chinese one that I used at first for retro gaming with emuelec. Now it is dual boot and I have kodi and newpipe on it too.
the google tv with chromecast dongle is quite decent, good price/performance ratio
Sorry for being paranoid but can the TV piggyback the connection used by the the streaming device/android box to send data back to the TV OEM?
The only connection the TV has is hdmi. I do not think that back and forth communication is possible there.
If the TV has wifi, it can do its thing but that would also be easy to disable.
I think for the TVs internal wifi, it’s better to create a honeypot Wi-Fi exclusively for it, or a VLAN. It will constantly try to send data and fail. If we don’t let it connect to anything, the TV might start sniffing for other open networks.
Not yet but it is clear in the future most devices will be able to do that, we will have ubiquitous low grade internet access everywhere. Your neighbours devices will let your electronics snitch on you even if you seal up your own internet
Good point. We can have a honeypot wifi. Check my other comment in the thread.
Okay, so for the new folks with networking, how do you set up a honeypot wifi? Have a (second) router powered on with no connection? Or is it something you can set up with one router?
Many routers have a functionality to create a guest wifi. These usually run on a separate VLAN so that it can’t access other devices on the network. After creating this guest wifi, you have manually disable internet access on this but keep the wifi on.
Unfortunately the process varies between router to router.
But if you connect your phone to the android box then the TV could use the phone to send the screenshots.
TV->android box->phone->internet.
yep, never allow them to connect to the internet
deleted by creator
A lot of shit makes a new, random MAC address for every new connection to an access point now
deleted by creator
I’ve jokingly said this before, but just wait until manufacturers start adding 4G/5G to TVs explicitly for ads and telemetry…
Just like modern cars… I wish there was some kind legislation that would limit phone-home telemetry to emergency service telecommunication frequencies, and be opt-in only. That way any OEM operating under commercial cellular frequencies would thus be unlicensed, and subject to FCC violations and import bans. Like what OnStar was originally pitched as; only auto dialing to 911, and 911 only, if you were unresponsive after airbags deployed. OEM couldn’t use the telecommunication frequencies for anything other than networking with emergency service endpoints on the same VLAN.
Anything recorded by the vehicle would be required to stay on the vehicle due privacy regulations, like the black box recorder for warranted forensic investigations. OTA updates could also be distributed offline for users to download and flash via USB, like any motherboard bios, so transactions would be write only.
No matter how much they ask
Do not connect your Smart TVs to network people, seriously. Just a bad idea. Use a media center PC or some other device that allows you to stream content, and make sure the TV itself is just a big monitor, nothing more.