By Jeremy Hsu on September 24, 2024
Popular smart TV models made by Samsung and LG can take multiple snapshots of what you are watching every second – even when they are being used as external displays for your laptop or video game console.
Smart TV manufacturers use these frequent screenshots, as well as audio recordings, in their automatic content recognition systems, which track viewing habits in order to target people with specific advertising. But researchers showed this tracking by some of the world’s most popular smart TV brands – Samsung TVs can take screenshots every 500 milliseconds and LG TVs every 10 milliseconds – can occur when people least expect it.
“When a user connects their laptop via HDMI just to browse stuff on their laptop on a bigger screen by using the TV as a ‘dumb’ display, they are unsuspecting of their activity being screenshotted,” says Yash Vekaria at the University of California, Davis. Samsung and LG did not respond to a request for comment.
Vekaria and his colleagues connected smart TVs from Samsung and LG to their own computer server. Their server, which was equipped with software for analysing network traffic, acted as a middleman to see what visual snapshots or audio data the TVs were uploading.
They found the smart TVs did not appear to upload any screenshots or audio data when streaming from Netflix or other third-party apps, mirroring YouTube content streamed on a separate phone or laptop or when sitting idle. But the smart TVs did upload snapshots when showing broadcasts from the TV antenna or content from an HDMI-connected device.
The researchers also discovered country-specific differences when users streamed the free ad-supported TV channel provided by Samsung or LG platforms. Such user activities were uploaded when the TV was operating in the US but not in the UK.
By recording user activity even when it’s coming from connected laptops, smart TVs might capture sensitive data, says Vekaria. For example, it might record if people are browsing for baby products or other personal items.
Customers can opt out of such tracking for Samsung and LG TVs. But the process requires customers to either enable or disable between six and 11 different options in the TV settings.
“This is the sort of privacy-intrusive technology that should require people to opt into sharing their data with clear language explaining exactly what they’re agreeing to, not baked into initial setup agreements that people tend to speed through,” says Thorin Klosowski at the Electronic Frontier Foundation, a digital privacy non-profit based in California.
THIS is piracy. Along with all the other personal data selling.
LOL “if it was opt-in, no one would do it!”
no fucking shit. there is nothing worth watching that i would buy a smart tv for
if it was opt-in, no one would do it!
Which should be telling them that not only does no one want it, but maybe just maybe we already paid for your fucking TV. Either raise the price or stop being so fucking goddamn greedy to the point that you force us to make the government force you to stop.
Of course the bought and paid for US government won’t, but hopefully EU governments will.
One issue that has come up recently in discussions on here is that it’s hard to get dumb TVs or computer monitors in large format in 2024.
Not impossible, but surprisingly difficult. I went looking for a large computer monitor for some user who wanted a large one. I eventually found an older one on Amazon still for sale, but it’s not that easy to get large computer monitors, which I think is part of what drives people to use smart TVs as computer monitors.
You can get projectors, but that’s not what everyone’s after.
A smart tv without an internet connection is usually close enough to a dumb TV. It’s not like your TV needs regular security updates so leaving it off your home network is fine.
I do not know how true it is, but I’ve heard that some of them will create a mesh network if your neighbor has the same brand and it’s connected to the internet.
I’ve always meant to look into it but I have big dumb TVs that work for now.
Open the tv and rip out the antenna. Y’all already forgot the classic secret agent trope of checking the hotel room for bugs? Now we all get to play that game!
Nowadays the antenna is often embedded into the pcb, so no way to rip it out other than scraping off the traces
Google part numbers (if they aren’t scratched off/lasered off/ epoxied). Once you’ve found the ethernet controller, you can short out the pins, or yeet it off the board.
“mechanical malfunction, please contact support” as a big red warning that you cannot dismiss
These are criminal violations of the Computer Fraud and Abuse Act. Jail the motherfucking felon CEOs!
So LG and Samsung likely have tons of illegal (copyright) content on their servers then? Ownership is 9/10ths of the law so they say. That’s gotta be exabytes
But the supreme court ruled to save the conviction for the election.
Worse than that, they
havegave free speech to corporations, and now that includes doing nearly anything involving communication or spending money.You know what’s really fucked up? The concept of “corporate personhood” that Citizens United depends upon was invented wholesale by a goddamn clerk! The Santa Clara County v. Southern Pacific Railroad Co. decision itself didn’t actually address the issue; the clerk just wrote a headnote “assuming” that the Equal Protection Clause of the 14th Amendment applied to corporations for ~reasons~ and subsequent courts treated as if it were gospel.
I’ll believe corporations are people the moment Texas executes ones.
Imagine the amount of bandwidth and energy saved, if they didn’t do any of this bullshit.
They are essentially using someone else’s money to get themselves more money. Fuck these people!
I complained about shit like this more than a decade ago and everyone just laughed and said ‘Oh they’ll never do anything like that’
You get what you fucking deserve
And the rest of us get what that guy deserves too!
Yep, every one of you
For one people don’t actually have much choice if you want to buy a television. Most TVs are smart TVs now, so you are pretending we have a choice here. I have managed to avoid buying one, but only because I don’t buy televisions.
Would you like it if I blamed you for getting spied on by Microsoft because you use Windows? Switching to Linux is easier than finding a TV that isn’t smart and actually has decent specifications.
Removed by mod
Would be nice if we could have some technological privacy laws written in this century.
We need all the boomers in Capitol Senior Care Home to vacate first
You have it backwards. You have to EVICT them.
They already tried Jan 6 ! The old geezers won’t go.
They already tried Jan 6 !
Nope. Those bootlickers were on the side of the corporate/billionaire enshitifiers, trying to make the enshitification MUCH worse.
awful ethics aside what a disgusting waste of processing power. software already barely runs
now you know why
Screenshotting every 500ms is insane.
Even a 0.30$ ch32v003 could handle this tiny amount of data. It’s not a resource limit
I was curious enough to check and with 2KB SRAM that thing doesn’t have anywhere enough memory to process a 320x200 RGB image much less 1080p or 4K.
Further you definitelly don’t want to send 2 images per-second down to a server in uncompressed format (even 1080p RGB with an encoding that loses a bit of color fidelity to just use two bytes per pixel, adds up to 4MB uncompressed per image), so its either using something with hardware compression or its using processing cycles for that.
My expectation is that it’s not the snapshoting itself that would eat CPU cycles, it’s the compression.
That said, I think you make a good point, just with the wrong example - I would’ve gone with: a thing capable of handling video decoding at 50 fps - i.e. one frame per 20ms - (even if it’s actually using hardware video decoding) can probably handle compressing and sending over the network two frames per second, though performance might suffer if they’re using a chip without hardware compression support and are using complex compression methods like JPEG instead of something simpler like LZW or similar.
Why think of it as a compression problem? Isn’t the spy device already getting compressed video form some source? That makes it a filtering problem. You would set it to grab and ship key frames (or equivalent term) if you wanted a human to be able to see the intel. But for content matching, maybe count some interval of key frames and then grab the smallest difference frame between the next two key frames. Gives a nice, premade small data chunk. A few of those in sequence starts looking like a hash function (on a dark foggy night).
Would want some way to sync up the frames that the spy device grabs and the ones grabbed when building the db to match against. Maybe resetting the key frame interval counter when some set of simple frames come through would be enough. Like anything with a uniform color across the whole image or something similar.
Just spitballing here. I like your impulse to math this.
Installed pi-hole this week. Number one blocked domain with 1600 queries… Scribe.logs.roku.com.
Crazy!
I’m so tired
For example, it might record if people are browsing for baby products or other personal items.
Don’t mind baby products and dildos or whatever.
They could see bank activity and even login credentials when someone is temporarily displaying their own passwords.
This basically ignores all security measures regarding everything. Sensitive communication, company secrets and so on.
That’s fucking seriously huge. What the fuck?!
The only sensible way to operate these TVs is with no internet connection. We run our entertainment through an AppleTV. If that ever starts showing ads at rest, I’ll replace it with a Mac mini or a NUC. Fuck these companies and their race to the bottom.
“When a user connects their laptop via HDMI just to browse stuff on their laptop on a bigger screen by using the TV as a ‘dumb’ display, they are unsuspecting of their activity being screenshotted,”
But if you never connected the TV to the internet, it’s not able to upload anything right?
Correct
wtf?
Time should have stopped to 1999.
Something doesn’t add up. How can a TV take 100 Screenshots of 4k content per second? No wifi has that bandwidth. No embedded processor has that capacity.
Yea I don’t believe it, that’s some processor intensive streaming. My security camera feeds can’t even do that. 100fps is crazy for streaming. Are we sure these “screenshots” aren’t just anonymous metric gatherings like video codecs and resolution?
I’m with you, I think it’s probably BS. But I suppose it could be taking highly compressed low resolution snapshots.
I agree. I’m the OP, but not the author of this article. I do believe this author doesn’t know what he is talking about. After looking at the study, it seems it does record data at 500ms interval. However, only in intervals of 1 time per minute 8kB of data is sent back, meaning its only some kind of meta data.
Thanks for the followup!
Actual paper here.
https://arxiv.org/html/2409.06203v1
It is not sending full screenshots as anybody technical would already have guessed. It’s a few KB over an hour, so it’s content recognition hashes.
Opt out anyway. Their study shows the opt out option does indeed opt you out of it.
This shouldn’t be opt-out. This is the digital equivalent of some fucking pervert showing up at your window and taking pictures of your TV and then letting a bunch of other perverts pay to find out what you were watching so they can use that info to manipulate you, multiplied by however many millions of TVs they’ve sold. Even if the punishment for that crime was just a single week in jail, the people responsible should be facing several
hundredthousand years behind bars when you add it all up.It shouldn’t be opt in or out tbh. This shit should just be illegal.
The whole adverspying industry needs to be reined the fuck in and slowly turned to mulch.
The first step to that is letting us see what the advertiser has in our hidden “profiles” and let us modify and/or wipe them out.
This kinda stuff should be opt-IN, not opt-OUT. Just think of how many people don’t even know this is happening, or that there even is an opt-out.
So the data is still captured every 500ms. But it batches the data together and indeed only send data of around 8kb every minute back to the centralized server. But 8kb can not be full screenshots of MBs of course, so this is some kind of meta / fingerprint data. The original author (Jeremy Hsu) is misleading here with the term “screenshot every 500ms”.
the remaining scenarios exhibit consistent peak values occurring every minute, accompanied by additional smaller traffic one minute following each peak. Samsung’s official documentation (Canada, 2022a) mentions that its ACR captures the frames every 500ms, suggesting that Samsung batches the captures as well and sends the fingerprints every minute. The differences in ACR capture frequency explains the different network behavior across the two brands.
The original author (Jeremy Hsu) is misleading here with the term “screenshot every 500ms”.
“meta tags every 500ms” might be more accurate, but the end result is the same. The device is monitoring what you consume in order to aggregate data on your household.
