Three new studies say smart TVs are the smart home's biggest privacy invader
First it was our smart speakers, now it’s our smart TVs. Well, to be fair, it’s probably been our television for a while, we just didn’t realize it.
As nearly 70% of US households embrace cord-cutting, shedding the expensive monthly bills for cable in favor of more customized, curated, on-demand content offered by “over the top” internet connected TVs and set-top boxes, it’s emerging that these devices are sucking up our data and monetizing it literally right in front of our eyes.
While there has been much handwringing and concern about what could happen to the data connected devices such as thermostats, fridges, and smart plugs devour – it turns out smart TVs and their ilk are already ahead of the game.
According to three recent studies conducted by researchers at Princeton, Northeastern University, and Imperial College London, “over the top” (OTT) TV services make a considerable amount of their revenue from tracking what you watch and serving it up to advertisers.
We observed that certain OTT channels contact more than 60 tracking domains
In fact, Roku now makes more than half its revenue from ads – and reportedly “held its own” among the traditional TV networks during Upfronts, the annual event where the big television networks such as ABC, CBS, and FOX gather to shill their shows to advertisers in the hopes of making more money.
One of the Princeton papers focused on Roku devices and Amazon Fire TV gadgets, finding that each channel (the apps you download to watch content) is loaded with ad-trackers, which use content recognition technology to track everything you watch, in order to target you with ads.
This type of advertising – known as connected TV advertising – now accounts for about half of all digital ads. The researchers found that some channels had more than 50 trackers associated with them, many much higher, some of which even leaked video titles – so your viewing history is essentially exposed.
“Our measurements showed that tracking is prevalent on the OTT platforms we studied, with traffic to known trackers present on 69% of Roku channels and 89% of Amazon Fire TV channels,” reads the report. “We also observed that certain OTT channels contact more than 60 tracking domains and the data shared with the trackers include video titles, WiFi SSIDs, MAC addresses, and device serial numbers”
Roku now makes more than half its revenue from ads
On top of sending data from the channels you watch, connected TV devices also send data to companies the test “users” in the Northeastern study hadn’t interacted with at all. “Nearly all TV devices in our testbeds contacts Netflix even though we never configured any TV with a Netflix account,” wrote the researchers.
Most alarming in terms of privacy however, is the use of “Automatic Content Recognition” services on many of the smart TVs the Princeton study examined, including sets from Samsung, LG, and Fire TVs. The study speculates that these devices transmit pixel information from your TV screen to gather data on your viewing habits – essentially taking screenshots of what you’re watching to feed to advertisers.
‘Do your research’
When you think about it, smart TVs are the pinnacle of potential privacy invaders. They have built-in microphones, a wealth of sensitive data, and copious account information – much of which they make available to the third-party developers who build your apps. It makes the undisclosed microphone in Google Nest’s security system look like a small-time concern.
If you’re mad about this, the chances are you agreed to it. After TV manufacturer Vizio was dinged by the Federal Trade Commission in 2017 for its deceptive tracking of customers’ screens, the entire industry was warned to be upfront and make tracking something customers have to opt in to.
So, you probably did opt in – when you hurriedly click through the terms and conditions that appeared when you set up the TV.
Is there anything you can do about it? Maybe.
Arvind Narayanan, lead researcher on the Princeton study, said in an epic twitter thread: “There are steps we can take. Stay away from vendors whose business model is targeted ads. Every device is a potential tracker; do your research before buying. Install tools that give you control, such as Pi-hole, even if imperfect. Install a monitoring tool on your home network.”
While valuable advice, ultimately what we need for all smart home devices is legislation that restricts how and for what purpose technology companies can use our data. Right now it’s a free-for-all, and the dense legalese in Terms and Conditions that you can’t opt out off, simply can’t be a blanket hall pass for the exploitation of our most private space.
Read the reports in full here:
Princeton University: Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices
Northeastern University, and Imperial College London: Information Exposure From Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach
Princeton University: IoT Inspector: Crowdsourcing Labeled Network Traffic from Smart Home Devices at Scale