New Studies Reveal How Smart TVs Spy on You
Lots of viewer tracking in smart TV world
Your TV viewing habits are being fed to marketers and advertisers by TV set-top boxes and by the TVs themselves, three different studies have concluded.
The researchers say that may be one reason the devices are relatively inexpensive -- the manufacturers seem to be selling your data at the same time they're selling you the hardware that collects it.
Researchers from Princeton and the University of Chicago looked at more than 2,000 "channels" in Amazon Fire TV and Roku set-top boxes and streaming devices and found that almost all of them sent tracking data to Google, Amazon, Facebook and other ad networks, just as a web browser or a smartphone app would.
In a broader study of Internet of Things and smart-home devices, a team from Northeastern University and Imperial College London found that nearly all of the TV-related devices studied -- Roku, Amazon Fire and Apple TV streaming devices, and Samsung and LG smart TVs -- sent data to Netflix even when the user had no Netflix account.
And The Washington Post's Geoffrey Fowler sniffed the network traffic coming from Samsung, Vizio, LG and TCL smart TVs (the latter of which runs Roku software). He found that each sent data to its manufacturer even when tuned to regular free broadcast TV channels. The sets seemed to be keeping track of what he watched.
"Ever wondered why TV sets are getting so cheap?" Fowler rhetorically asked in his piece, published yesterday (Sept. 18). "It's the data, stupid. TVs have joined the ranks of websites, apps and credit cards in the lucrative business of harvesting and sharing your information."
The TV makers have settings you can adjust to try to dial back the amount of data that these devices send upstream, but Fowler found that they were ineffective.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
In general, you agree to share all this data with these devices when you agree to the Terms and Conditions upon first activation. Your only recourse may be to never connect your TV to the internet, or to use a "dumb" TV if you can find any still being made.
MORE: The Best TVs You Can Buy Right Now
The Princeton and University of Chicago researchers reached a conclusion similar to Fowler's.
"Over-the-Top ('OTT') streaming devices such as Roku and Amazon Fire TV, which currently sell between for $30 to $100, are cheap alternatives to smart TVs for cord-cutters," states the team in its report, also posted online yesterday. "Instead of charging more for the hardware or the membership, Roku and Amazon Fire TV monetize their platforms through advertisements, which rely on tracking users' viewing habits."
Just a big smartphone
In a way, this shouldn't be surprising. You can look at a smart TV as essentially a big smartphone — it runs its own operating system, has a variety of pre-installed and downloadable apps, and is generally always online. Likewise, set-top boxes and streaming sticks have their own OS's, apps and constant internet connection.
And like the browsers and apps we use every day on our computers and smartphones, smart TVs and set-top boxes offer advertisers and marketers a huge amount of monetizable data about the device users. Browsers track where you go online, and the Roku and Amazon Fire TV "channels" -- really apps -- use the same tracking technology.
Automatic screenshots
Meanwhile, Fowler found that at least the Samsung and Vizio smart TVs he tested use a system called "automatic content recognition," or ACR. (He suspects that LG and TCL TVs use it too, but he couldn't get those companies to confirm it.)
Every second, the TVs sample a few dozen pixels on your screen and send the results up to servers that match the pixels with known video content to determine what you're watching at any given moment.
It's "like Shazam for video," Fowler wrote.
Netflix whether you want it or not
Interestingly, the Vizio TV doesn't use ACR when Netflix is streaming on the set, Fowler wrote. That's apparently at the request of Netflix, which of course knows exactly what you're watching on its own service.
But the Northeastern and Imperial College London researchers, whose white paper is available online, found that Netflix may have other ways of tracking what you watch.
"Nearly all TV devices in our test beds contacts Netflix even though we never configured any TV with a Netflix account," they wrote.
The joint U.S.-British team didn't specify which of the five TV devices they analyzed didn't contact Netflix, but the Apple TV was less chatty than the Roku and Amazon streaming devices.
Some other devices may be worse
Verbose as the Roku and Amazon Fire TV gadgets were, the entire TV category pumped out less information that the video doorbells and home security cameras the Northeastern/ICL researchers looked at. The Zmodo video doorbell and Wansview video camera sent the most information of any devices.
"We observe substantial outsourcing of computing resources to cloud providers, particularly for camera devices," states the researchers' white paper. "Further, we found TVs comprise the largest fraction of third-party communication (likely to customize content for users)."
Audio devices such as those equipped with Amazon Alexa or Google Home voice assistants were just behind the TV devices in chattiness, while home-automation devices like smart light bulbs and smart-home hubs were further behind.
In general, however, all smart-home and Internet of Things devices provide opportunities for tracking user behavior and activities.
"Several non-first-party destinations (in particular Amazon, Google and Akamai) receive information from many of our IoT devices, thus allowing them to potentially profile consumers," the paper added. "For example, these companies not only can learn the types of devices in a household, but also how/when they are used, simply by analyzing the network traffic from IoT devices to their cloud services."
If you'd like to get an idea of how much your smart-home devices communicate with internet servers, you can download and use the free Princeton IoT Inspector software, which runs on Macs and Linux boxes and also in the Linux subsystem in Windows 10.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.