By Jeremy Hsu on September 24, 2024
Popular smart TV models made by Samsung and LG can take multiple snapshots of what you are watching every second – even when they are being used as external displays for your laptop or video game console.
Smart TV manufacturers use these frequent screenshots, as well as audio recordings, in their automatic content recognition systems, which track viewing habits in order to target people with specific advertising. But researchers showed this tracking by some of the world’s most popular smart TV brands – Samsung TVs can take screenshots every 500 milliseconds and LG TVs every 10 milliseconds – can occur when people least expect it.
“When a user connects their laptop via HDMI just to browse stuff on their laptop on a bigger screen by using the TV as a ‘dumb’ display, they are unsuspecting of their activity being screenshotted,” says Yash Vekaria at the University of California, Davis. Samsung and LG did not respond to a request for comment.
Vekaria and his colleagues connected smart TVs from Samsung and LG to their own computer server. Their server, which was equipped with software for analysing network traffic, acted as a middleman to see what visual snapshots or audio data the TVs were uploading.
They found the smart TVs did not appear to upload any screenshots or audio data when streaming from Netflix or other third-party apps, mirroring YouTube content streamed on a separate phone or laptop or when sitting idle. But the smart TVs did upload snapshots when showing broadcasts from the TV antenna or content from an HDMI-connected device.
The researchers also discovered country-specific differences when users streamed the free ad-supported TV channel provided by Samsung or LG platforms. Such user activities were uploaded when the TV was operating in the US but not in the UK.
By recording user activity even when it’s coming from connected laptops, smart TVs might capture sensitive data, says Vekaria. For example, it might record if people are browsing for baby products or other personal items.
Customers can opt out of such tracking for Samsung and LG TVs. But the process requires customers to either enable or disable between six and 11 different options in the TV settings.
“This is the sort of privacy-intrusive technology that should require people to opt into sharing their data with clear language explaining exactly what they’re agreeing to, not baked into initial setup agreements that people tend to speed through,” says Thorin Klosowski at the Electronic Frontier Foundation, a digital privacy non-profit based in California.
Actual paper here.
https://arxiv.org/html/2409.06203v1
It is not sending full screenshots as anybody technical would already have guessed. It's a few KB over an hour, so it's content recognition hashes.
Opt out anyway. Their study shows the opt out option does indeed opt you out of it.
This kinda stuff should be opt-IN, not opt-OUT. Just think of how many people don't even know this is happening, or that there even is an opt-out.
This shouldn't be opt-out. This is the digital equivalent of some fucking pervert showing up at your window and taking pictures of your TV and then letting a bunch of other perverts pay to find out what you were watching so they can use that info to manipulate you, multiplied by however many millions of TVs they've sold. Even if the punishment for that crime was just a single week in jail, the people responsible should be facing several ~~hundred~~thousand years behind bars when you add it all up.
It shouldn't be opt in or out tbh. This shit should just be illegal.
The whole adverspying industry needs to be reined the fuck in and slowly turned to mulch.
The first step to that is letting us see what the advertiser has in our hidden "profiles" and let us modify and/or wipe them out.
So the data is still captured every 500ms. But it batches the data together and indeed only send data of around 8kb every minute back to the centralized server. But 8kb can not be full screenshots of MBs of course, so this is some kind of meta / fingerprint data. The original author (Jeremy Hsu) is misleading here with the term "screenshot every 500ms".
Yeah, it'll grab a few frame, crunch them up, post back something like "ac8c986ffcb770d460151b20c1cfe628612247ac2d284c780761af3b544bfea7" to the servers and from there it likely gets binned as "not recognised" but might match a segment from Star Wars 4K77.
It sounds like the sort of thing that should be off by default (and it probably is, I haven't bought a new one for years), but what we've learnt since GDPR is that if a big box comes up over what you're trying to do and it has an "Accept" button, people will generally click it and read nothing just to get back to another riveting episode of America's Deadliest Home Shootouts or something.
Does that come on before or after "Ow! My Balls!"?
Go away. Baitin!!
Right after "People Falling Down And Suffering Serious Injuries: Oops! All slide Whistles Edition!"
But before Merica's Deadliest School Shootings
Is that from the Idiocracy movie? 😀
"meta tags every 500ms" might be more accurate, but the end result is the same. The device is monitoring what you consume in order to aggregate data on your household.
How can I turn this input into an intrusion vector and exfiltrate all their IP to public social media and then corrupt all their servers and backups and make their IT Dept autodefenestrate ?