This is all horrific, but I was especially shocked by 6 so I read that. This seems to be only someone asking if this may happen, and no one answering that it would.
Of course this is the point of Amazon Sidewalk, so in due time, it probably will.
Also two other observations. First, there is means: unsecured and public groups like xfinity, sidewalk, fios via some business deal maybe. Also in the means column is a full linux machine, totally possible (not saying it's happening but possible) to run Kismet all day in the background to look for auth. There's all kinds of pocket doodads at Defcon doing this. Second is motive: your data as revenue is the these things are getting so cheap. Why would they leave free cash on the table?
Audio beacons aren't plausible to me as a mobile app developer. Mobile OSes have been tightening their privacy controls for quite some time. At this point you can't run an Android app in the background without the user knowing. You have to explicitly request access to the microphone. In recent Android and iOS versions, the user will be notified about which apps used the microphone when. Besides, constantly recording and analyzing an audio stream would have a noticeable effect on battery life.
How about apps that already have permission, like Shazam, Siri, and GA?
As for battery, they would only need to sample a second every few minutes, to see if there was a beacon afoot, quick DFFT, and they wouldn't need to analyze much.
Not saying it's happening, just that it's easily possible. Look how many apps have location permissions that don't need it.
Most of the examples you link don't prove what you claim.
1. Same issues as any voice assistant. It only uploads things when voice recognition is actually active, and puts a big icon on the screen to show this.
2. Not screenshots, it uses fingerprints to recognise content.
3. That TV is an older special model advertised with built-in camera for skype. The linked video raises a minor security issue that web pages you navigate to (on your smart TV, how many people actually do that?) can enable the webcam without you knowing.
Most TVs don't have a hidden front facing camera.
4. Audio beacons are hard-coded into the tv content, your smart TV doesn't add them. It's more of a privacy issue with smart phone apps using them, and the studios who add them.
5. Actually true
6. You link to a thread of someone asking if TVs might do this. Nobody has provided any evidence of TVs actually doing it, it's 100% theoretical.
IMO, the fingerprinting and advertising are bad enough. No need to invent extra FUD about what smart tvs can do.
Obviously there's a front facing camera, they're not hiding it. It's even a GOOD webcam, to disable it you push it into the bezel and that physically blocks the camera. Great design.
Beyond that, the criticisms are just "This is a proprietary OS by a company that makes hardware, it's not trustworthy." So why the focus on the camera? It's almost like you're trying to imply that Samsung is integrating hidden cameras just to covertly surveil their customers.
That crap forced me to finally pi-hole my entire home. I'm never buying a Samsung TV ever again, or other Samsung stuff.
My dryer broke yesterday. I specifically bought an AEG because it was a dumb dryer, not some smart appliance with an app and all that junk. Don't get me wrong, I love smart stuff. In fact, I plugged my new dryer into a Shelly S plug so my home assistant can send me a notification on my phone when it's finished. But I trust my HA. I can never trust Samsung again.
Pi-hole your network for a week and take a look at the logs to see all the crap it has blocked. You'll be surprised.
I added PiHole on a RBP and it turns out up to half the rejected requests come from my various Samsung TVs. It's staggering how much traffic comes out of them. And that's in a home with two work from home adults in laptops all day.
What are other people's experiences with other brands of TV?
Loewe[0] make really nice, simple, high-end TVs with great picture and sound, which really don't have intrusive 'smart' features. I use mine purely as a 'monitor' for AppleTV (and Nintendo Switch).
The problem is distribution: they're difficult to source even within Europe.
(UK here) I have had a Loewe for about two years now. I hadn't heard of them myself but came across them when buying a Linn [0] audio system - the audio shop I went to offered Loewe as one of the options for an integrated sound+vision package. My overall system uses Linn as the sound output for the TV instead of a Loewe sound bar.
The TV is fairly excellent and the hosted apps are fine and not in your face - the TV comes on directly showing its current input (e.g. in my case from a BT smart box) rather than apps or a start screen or similar. I can also immediately cast media to it by a right click from my PC.
I initially had problems with the overall system integration: I have poor wifi coverage in my house and the TV (Loewe) and sound systems (Linn) wouldn't always work reliably together until I had ethernet wired into my house. Also, and this is not a big problem for me, an Alexa can recognise the Loeve as a device but appears unable to use it for sound output. In the bin for you, Alexa.
I had never heard of loewe, but after 10 minutes of searching, I still know nothing more about them - there is no pricing available, no idea where to buy them and no list of models. The one model I could find I also can't find tech specs for because the download link is broken.
My problem is, that I essentially want a dumb TV, but with gaming features, I guess the mix of my requirements is what makes it impossible.
If someone knows a dumb, 120hz, GSync and OLED TV, let me know :)
There are a couple OLED computer monitors that are just TVs with the TV parts removed and the monitor parts thrown in. For example, the Gigabyte FO48U.
I recently bought a simple TV from SwedX [0]. Pretty happy with it so far. Seems to be simple enough. No "apps", no network connectivity, simple remote and simple menus. Quite quick to turn on.
I didn't go for an extremely high-end display, but I wouldn't have done that anyway. They seem to be out of stock of a lot of their "4K" models, but they are priced at 600-1000€.
Ships from Sweden, so should be possible for a lot of Europe.
I am glad we are moving in that direction ( as in, there are options for people, who are ok with paying more for not intrusive versions ). Sadly, no US option.
For some reason I'm unable to reply to maccard - apologies for this misplaced response
> I had never heard of loewe, but after 10 minutes of searching, I still know nothing more about them - there is no pricing available, no idea where to buy them and no list of models. The one model I could find I also can't find tech specs for because the download link is broken.
Loewe are indeed wonderful TVs totally letdown by their marketing and distribution.
FWIW their website (which I linked to above) does have model and spec information, but it's fair to say that they've fallen off the radar for most consumer-TV review sites, and even their user-base forum[0] is predominantly German-language (although any questions asked in English do receive a response).
I think the problem is that the TV-market is saturated by the major brands, and they achieve market-dominance by stealing and selling their users' data, instead of pricing their TVs realistically. Most people don't care.
Yeah I looked at those when I learned of them. They often come with serious quality (and price) trade offs if you’re able to source them at all.
If you’re looking for a generic LCD it’s probably fine, but if you’re comparing to an LG OLED you won’t find an ad free option in the commercial market. At least I couldn’t back when I tried.
Giving the TV no network access and using an Apple TV seemed to be the best option.
> If you’re looking for a generic LCD it’s probably fine, but if you’re comparing to an LG OLED you won’t find an ad free option in the commercial market. At least I couldn’t back when I tried.
They don't update the commercial line annually of course, so it's equivalent to a consumer model from a few years ago, but the panels are all the same until the 2021 models anyways.
TCL ran through my mobile hotspot data allowance (150MB) while off; i enabled the hotspot so it could get and update (the UI was jank out of the box). I use my hotspot with my console, i was using my projector in another room with the console and i got the alert about hotspot data.
I changed the hotspot password and now the TCL blinks its status light while it's turned on, to chastise me for disabling its internet.
There needs to be some regulation on this - because a boycott will never work, people don't think about boycotts or this sort of thing when they "need a TV today"; they either are shopping for a specific feature or going on price per square inch of screen or cheapest overall. These TVs blowing through 100MB/hr of internet data even while 'off' has to potential to lock people out of their internet connections, or get a large bill for overages. I only have 15GB of hotspot data, and i "need" that for the console, my fixed wireless home internet only has 150GB of data included in the plan, and even if i 'cheat' and use pdanet or something to use my cellphone without the hotspot data in the plan i only have 75GB of data there, as well.
So, in summary, smart TVs need to be regulated. And I really need to sniff that traffic while it's off because what could it possibly be doing? how much storage is on these things?
did you mean Spectre? are they a walmart brand now? They were one of the first producers of retail LCD screens that consumers in the US could buy. I had two of them, and they were quite good compared to other offerings back then. This is the same era as 802.11b dongles. I even had one in my SUV to replace a 14" CRT that finally had enough of driving on california freeway overpasses, large amounts of magnetism would wobble the entire display on the crt.
I recently bought a 1080p spectre for my youngest kid, wall mounted it, put an indoor antenna on it and a raspberry Pi running openElec with a wifi dongle.
Yes, I meant Sceptre. I mentioned Walmart because that's the place I know of where you can buy them, I don't think Walmart owns them. Yes it's a dumb TV. But I don't think the screen quality is considered very good.
I've had Samsung on "boycott and complain" list, anytime someone asks me for a recommendation and samsung is an option i say "avoid samsung"; I started boycotting them after they told me to pound sand when i had an issue with my $800 4k monitor a couple months after i bought it. I had also bought a new samsung refrigerator around that time as well, and among other issues, it leaked water from the ice machine starting about 1 year after i bought it. I've had to replace the mainboard in it, as well.
So no phones, appliances, laptops, TVs, memory sticks, SD cards, and whatever else they make. Even if they magically got a better reputation for customer service, the shenanigans with the smart TVs is enough to keep the boycott up.
"I'm never buying a Samsung TV ever again, or other Samsung stuff."
I swore off buying Samsung stuff after the Galaxy S3. I eventually gave them another chance and bought one of their TVs since the reviews were great. Huge mistake. I hated that thing so much, and recently replaced it with an LG which has been fantastic.
Same. Spent an ungodly amount on the Samsung “frame”. After two RMAs because it randomly rebooted, the interface froze, etc. I’m looking for another tv that we can pretend is art when it is “off”.
Pi-hole does not solve the problem completely unfortunately; it's fairly trivial to bypass network DNS. In theory any software could manually call one of the public DNS ip's or just have a fallback hardcoded list of IPs.
Nothing solves the problem completely. Redirecting DNS at the router to a blocking DNS server goes a long way, but DNS over HTTPS is a tougher nut to crack.
I block all dns outbound on my home network. My resolver uses DNS over https to Cloudflare. I consider any DNS / udp 53 traffic outbound unauthorized or a leak that should be prevented. If I see a beacon to a particular DNS server externally, I’ll create a NAT to point to my resolver so I can manipulate the answers, if I deem it necessary.
They do a lot more than that. In particular, they take a screenshot of what you’re currently watching at regular intervals and send it to a content recognition server. That way they’re able to tell what every single Samsung owner is watching at any given time and even if you’re watching a show you downloaded or something that’s not on the air. They then sell this data to broadcasters for measuring audience but also to show you ads related to what you’re watching (if you watched ice age, maybe they’ll advertise another animation movie to you). And they also use that data to target you on other devices you own because they’re able to use your tv as a Trojan horse and figure out what other devices are on your network and thus belong to the same person. IIRC they also scan and extract what devices are connected to hdmi ports so they know what consoles etc you’re using to further complete your advertising profile. That was several years ago, I can’t imagine they’ve gotten anything but even more data greedy over time.
A good Samsung tv is an offline Samsung tv. A better Samsung tv is one you don’t own.
> That way they’re able to tell what every single Samsung owner is watching at any given time and even if you’re watching a show you downloaded or something that’s not on the air.
Wait a second, what if I use my TV as a monitor for my PC?
...And doing all kinds of business confidential work for my employer or government ... and also looking at PII,financial,medical data of my own including SSNs and whatnot.
They take I think 30 pixels across known positions on the screen and that’s apparently enough to recognize content without being able to look at your confidential data.
it's not a screenshot, they sample pixels and get essentially a CSV of the pixel values at several locations. There's then a content database with frame by frame values for those pixels for all the content in the database.
Sending a screenshot would use too much bandwidth/data on Samsung's side, but a couple dozen bytes every few minutes would not.
> This is gonna be some hefty GDPR fines in Europe.
I keep hoping this is gonna be the case, but the years roll on, I'm still clicking some stupid consent-popup on every single website I ever visit, and in the meantime TV manufacturers continuously spy on their users, sell their user-data, and push unwanted ads into their interface and even in programs being watched, and apparently no-one (apart from a few of us on HN) seems to care.
>noyb uses best practices from consumer rights groups, privacy activists, hackers, and legal tech initiatives and merges them into a stable European enforcement platform. Together with the many enforcement possibilities under the European data protection regulation (GDPR), noyb is able to submit privacy cases in a much more effective way than before. Additionally, noyb follows the idea of targeted and strategic litigation in order to strengthen your right to privacy. We will also make use of PR and media initiatives to emphasize and ensure your right to privacy without having to go before court. Ultimately, noyb is designed to join forces with existing organizations, resources and structures to maximize the impact of GDPR, while avoiding parallel structures.
For what it's worth, at least on my Swedish model, this seems to be gated behind an opt-in (default off!) consent toggle. It was buried in several layers of menus, and not even mentioned during the setup process.
So I would assume that this is mostly an issue in non-GDPR regions (or they're doing some really ugly legal shenanigans to ignore the denied consent?).
> Legitimate interests is most appropriate as a lawful basis where companies use personal data in a way that individuals can reasonably expect. If it impacts individuals, it can still apply if the controller company can justify there is a compelling reason for the impact the processing will have.
> Companies can rely on legitimate interests for marketing purposes if they can prove that the data usage is proportionate and fair to the user. It must have a minimal impact on the user in privacy terms and be for a reason that people would not be surprised at.
Sadly I would reasonably expect Samsung to sell the data and I would not be surprised by it.
It depends. For that to be on the radar, in most countries you have to contact Samsung and come to a solution with them (or try to) first. Then you have to argue with them about whether or not their anonymisation (which they will surely claim to do) is sufficient. Then when you forward the request to the gdpr institution of your country, you must make reasonable for them why you feel that your request for them to fix it has not been honoured.
Naturally this is a process most people do not feel like going through, and as such most companies continue flying under the radar :)
IIRC it doesn't actually send the content, just a hash of it that can be checked against popular channels or on-demand content. So text contained within a screen wouldn't be identifiable.
If we are talking about what aboutisms what about if they didn't send screenshots and then they were hacked and an attacker deployed a new update that spied on everyone.
Also true, which is why they shouldn't be allowed to join any old wifi network and not try to workaround firewall policies on the network the user wants them on.
That's an entirely different issue, but yes, automatic updates are an attack vector. But that's another step that would need to be performed by an attacker, rather than already having the images available without designing custom firmware.
My point is that making up theoretical situations is not useful. You can make up theoretical situations where it's bad with it and I can make up theoretical situations where it's bad without it.
> Data ceases to be personal when it is made anonymous, and an individual is no longer identifiable. But for data to be truly anonymized, the anonymization must be irreversible.
Examples of PII:
A cookie ID.
Internet Protocol (IP) address
Location data (for example, the location data from a mobile phone).
The advertising identifier of your phone.
> (30) Natural persons may be associated with *online identifiers provided by their devices*, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
Device Identifiers explicitly covered as a definition of GDPR. Further, IPs are also shared if you are behind an ipv4 gateway and these are also covered.
The difference is that the TV manufacturer has to clue who owns a specific tvid. The whole point of personable identifiable information is that you can use it to find the identity of someone. There is no registry somewhere that keeps track of this.
Samsung boasts about having Automatic Content Recognition[1] on their website.
There was a discussion on HN some time ago, many/all major tv manufacturers suck in your viewing data via HDMI fingerprinting (IIRC) in order to serve up unblockable ads and sell your viewing profile to ad networks. Many tv makers send data to Chinese based servers too, from memory. It’s nuts.
Warranty doesn't mean much to me. I'm an outlier who enjoys repairing their own devices. I recently repaired a week old laptop that arrived faulty (trackpad was messed up) instead of mailing it back.
I'd only cut the antennas in a last case scenario. It's more likely they'd have a connector or I'd try to de-solder them first.
Disable Samsung TV Plus - https://factory-reset.com/wiki/Samsung_TV_Plus - and you'll be most of the way there to removing a lot of the intrusive advertising that currently shows on the Samsung homescreen.
> And for what? A couple of dollars of side revenue. And whole lot of customer hatred.
Don't forget that the HN crowd is not your average consumer. Most people don't care, or don't seem to have issues with the ads. They just want the best TV they can afford in terms of size and picture quality.
With companies this big, who have been in the consumer electronics market for decades, you can be sure that every decision (like putting ads in a menu) is tested over and over. Obviously Samsung knows that they will loose a tiny percentage of the enthusiast market by placing ads. But the margin on the sale of a TV is pretty slim anyways, and multiple years of ad income for every sold unit is probably worth losing a small fraction of your audience.
So funny story. I have two wifis in our house ( one piholed, one not ). One day my wife comes up to me asks me why there are ads on her game now ( she was using pihole all this time ). Edit: Turns out cable was pulled.
People notice, but you have to re-condition them. I know adless hulu and netflix did their part in that fight.
> Most people don't care, or don't seem to have issues with the ads.
There's a difference between enjoying the current state and accepting the current state. A few years ago, while helping my grandmother find something online, I asked if she would want an adblocker installed. After explaining what it was, and what the effect was, she was over the moon for it.
Ads are noticed by everyone, and are pretty universally despised. The difference is that you and I know that there are options, while less techy relatives assume that nothing can be changed.
The link also hosts the last (obsolete now?) SamyGo. So there is something at least, from where one could start, instead of reinventing the wheel from scratch.
Don't know if it could be applied to current models at all. Not following that stuff, since not using TVs since 1996.
And for what? A couple of dollars of side revenue. And whole lot of customer hatred.