By Jeremy Hsu on September 24, 2024
Popular smart TV models made by Samsung and LG can take multiple snapshots of what you are watching every second – even when they are being used as external displays for your laptop or video game console.
Smart TV manufacturers use these frequent screenshots, as well as audio recordings, in their automatic content recognition systems, which track viewing habits in order to target people with specific advertising. But researchers showed this tracking by some of the world’s most popular smart TV brands – Samsung TVs can take screenshots every 500 milliseconds and LG TVs every 10 milliseconds – can occur when people least expect it.
“When a user connects their laptop via HDMI just to browse stuff on their laptop on a bigger screen by using the TV as a ‘dumb’ display, they are unsuspecting of their activity being screenshotted,” says Yash Vekaria at the University of California, Davis. Samsung and LG did not respond to a request for comment.
Vekaria and his colleagues connected smart TVs from Samsung and LG to their own computer server. Their server, which was equipped with software for analysing network traffic, acted as a middleman to see what visual snapshots or audio data the TVs were uploading.
They found the smart TVs did not appear to upload any screenshots or audio data when streaming from Netflix or other third-party apps, mirroring YouTube content streamed on a separate phone or laptop or when sitting idle. But the smart TVs did upload snapshots when showing broadcasts from the TV antenna or content from an HDMI-connected device.
The researchers also discovered country-specific differences when users streamed the free ad-supported TV channel provided by Samsung or LG platforms. Such user activities were uploaded when the TV was operating in the US but not in the UK.
By recording user activity even when it’s coming from connected laptops, smart TVs might capture sensitive data, says Vekaria. For example, it might record if people are browsing for baby products or other personal items.
Customers can opt out of such tracking for Samsung and LG TVs. But the process requires customers to either enable or disable between six and 11 different options in the TV settings.
“This is the sort of privacy-intrusive technology that should require people to opt into sharing their data with clear language explaining exactly what they’re agreeing to, not baked into initial setup agreements that people tend to speed through,” says Thorin Klosowski at the Electronic Frontier Foundation, a digital privacy non-profit based in California.
Something doesn’t add up. How can a TV take 100 Screenshots of 4k content per second? No wifi has that bandwidth. No embedded processor has that capacity.
It doesn’t need a 4K screenshot. It needs enough data/metrics from any given single frame to run it through analytics and an algorithm to tailor ads. Backend surveillance like this isn’t interested in fidelity to the human viewing experience. It needs identifying data. That can be had through a combination of low quality data scrapes done numerous times.
“Screenshot” is more like a metaphor here. Sort of like how your Apple or Google photos are “private,” but the data and analytics taken from them you’ve given away. It’s like if you told me I could look at all the photos on your phone and take as many notes and subject them to as much analysis as I wanted, but I promised not to actually physically keep your phone/photos. Probably makes you feel like your photos are securely still in your possession, but I got what I wanted. Your data is technically private, but my data about your data is mine.
Totally agree. It sounds like something was lost in translation here by the final edit of potentially some run though a llm for proof reading to dumb it down enough to either just make it more consumable, more clickbait or realistic both.
My guess is the actual research reported that it was 100s of packets per second (not screenshots) which is still a lot more than you would expect even for spyware. Either way it’s been well known that smart tvs are spyware ridden, I don’t need a paywalled service to tell me that.
I’m the OP, but not the author of this article posted.
After I dove deep into the study, the study said it records data at 500ms. And then it batches the data together, and only sent data once per minute back to Samsung. Between 8kB and 9kB of data per minute. So definitely not 4K screenshots.
I’m with you, I think it’s probably BS. But I suppose it could be taking highly compressed low resolution snapshots.
I agree. I’m the OP, but not the author of this article. I do believe this author doesn’t know what he is talking about. After looking at the study, it seems it does record data at 500ms interval. However, only in intervals of 1 time per minute 8kB of data is sent back, meaning its only some kind of meta data.
-
it doesn’t necessarily take full resolution images
-
just because it can capture images a few hundred milliseconds apart doesn’t mean it’s continuously capturing images. It could be several in short bursts with a delay between groups of images.
You know when people say “I’ve only talked about this once, never searched for it, and then I got ads a few days later”?
What if it hasn’t been phones that were listening (despite Siri/Google Assistant/Alexa mis-identifying something as a wake-word being the most sensible explanation), but TVs?
I’m pretty familiar with how one particular brand of TV works, and you’re right, it’s absolutely not screenshots. It’s a handful of single pixels across the screen. By matching these pixels against known content it’s possible to identify what was being watched. Not too different than how Shazam can identify a song.
That’s not to say all TV manufacturers work that way.
If you have a smart device, someone is doing this with it. Best options to reduce their ability to access your devices: smart TV’s - don’t connect them to the internet unless you’re updating the firmware. Use a streaming stick for streaming services, and then your privacy violations are minimized to the streaming stick that doesn’t have a mic, or camera. Some controllers do have a mic, it’s only a problem with who is making the tech. Other smart devices like fridge, microwave, oven, washer, etc, just never connect them to the internet, they likely will work fine their entire life without a network connection. Personal smart devices such as smart phones, remove google, and apple. Neither can truly be trusted, however apple does have a track record of keeping their snooping to themselves for what that’s worth. For robots, they will likely need a network connection, I recommend supporting home automation projects that will allow us to replace the OS on our robot vacuums, and food delivery devices with one that connects to a home based server that doesn’t need an internet connection. But never, ever, trust a smart device that is within hearing, seeing, or is touching you. It is a monitoring device, and it is being used that way by anyone with enough power.
Friendly reminder that gaming console monitors, computer monitors, projectors, dumb TVs, and commercial displays exist.
Yes, I could hack a smart TV to disable its networking capabilities. (Merely withholding my wifi password is not reliable.) But that would still be showing the manufacturers that I find spyware TVs acceptable, and supporting the production of those models.
Also, this would be a good time to pressure our legislators into criminalizing this nonsense.
Not putting your WiFi password in would absolutely be reliable. I’d love to hear your ideas on how they’d remotely break into your WiFi Network
Not putting your WiFi password in would absolutely be reliable.
No, it would not.
I’d love to hear your ideas on how they’d remotely break into your WiFi Network
They wouldn’t, of course, nor did I say they would.
(But since you brought it up, we have already seen internet providers quietly using their CPE to create special-purpose wireless networks surrounding customers’ homes. These could obviously be made available to any company that paid the ISP for access, just as cellular networks have been made available to companies like OnStar. So a TV could do this with a business deal rather than breaking in to your normal WiFi.)
However, your network is not the only network in the world, and WiFi is not the only kind of link. Neighbors exist. Open guest networks exist. Drive-by and fly-by networks exist. Mesh networks exist (and are already created by devices like Amazon Echo). Power line networking exists. Bluetooth, LoRa, cellular, etc. etc. etc. Maybe you live on an isolated mountain top where these things are unlikely to reach you (at least until satellite links become a little smaller and cheaper) but even that is not absolute, and most of us don’t.
Unless you disassemble your TV and examine all the components within, and know what they do, it could have any number of these capabilities.
Also, partly due to how prevalent multi-network support is becoming in electronics integration, it is not unusual for related functionality to be dormant at first yet possible to activate later.
I’d love for you not to be adversarial, and to learn more about a topic before making bold claims about it in absolute terms.
To add to this, often, even if you turn off Bluetooth, your devices can still communicate via Bluetooth Low Energy, something that’s separate from classic Bluetooth and typically (to my knowledge) cannot be turned off. As an example, I’ve heard that Google uses it to send ad targeting info between devices.
dumb TVs
Only one company makes Dumb TVs anymore, Sceptre, and the quality is very hit or miss due to the way they acquire their screens.
Plenty of companies make display TVs that only display commercial content. You see them all the time displaying menus in fast food restaurants.
These can also have all smart tech turned off because some companies also use them as digital whiteboards to display proprietary or confidential information.
It’s also harder to find them in larger sizes any more, even for the few for which sell them at all, so if you want a larger one, you may not have much by way of options.
https://assetbasedlife.com/dumb-tvs-are-a-dying-breed/
This lists Insignia, which is a Best Buy store brand.
This has a couple, at least as of last year:
https://www.tomsguide.com/features/dumb-tvs-heres-why-you-cant-find-them-anymore
Your best bet of grabbing one is to head over to Best Buy and look out for the Insignia brand of TVs. There you can find a 43-inch dumb TV for around $169 or a 32-inch model for $69 . (Links to Best Buy.)
On Amazon, you can simply search for dumb TV and you should be able to find a few options from manufacturers like Westinghouse, RCA or Sceptre. (Links to Amazon.)
It’s also possible to buy a used TV, but obviously, as with getting used cars to avoid monitoring stuff in newer cars, the pool of those will only be around for so long, and you can’t take advantage of any technological advances subsequent to them.
Why is withholding the WiFi password not enough? Could they somehow piggyback off a different device or something?
Yes. It could talk to another smart device and ask it to send its packages. You could be careful and connect none of the smart crap in your house to your network, but the smart fridge in your upstairs neighbor’s kitchen could still be helping with smuggling your data out. Or your devices could be connected to some unsecured network around.
In any case, the only surefire way to stop your data from getting smuggled out is to physically kill all the wireless connectivity capabilities of the device. Disconnect antennae, desolder chips, scrape out pcb traces. Otherwise you’re just hoping the firmware is not doing anything funny. Fortunately I think these are all hypotheticals that have not (yet) been observed in real smart home products.
but the smart fridge in your upstairs neighbor’s kitchen could still be helping with smuggling your data out
I can understand that if you have a Samsung TV and a Samsung fridge, they can talk with each other. But will it work if you have a fridge from a different OEM? (I’m assuming the OEMs haven’t formed a cartel for illegal data smuggling)
Do not connect your Smart TVs to network people, seriously. Just a bad idea. Use a media center PC or some other device that allows you to stream content, and make sure the TV itself is just a big monitor, nothing more.
Okay. So how do we turn it off!? I’ve read nothing in my Samsung manuals about this “feature” and here no instructions for turning it off.
Okay. So how do we turn it off!?
This is probably not the reply you want, but as someone who (in the past 40+ years) has never owned a TV, I simply can’t refrain from asking: Have you considered simply not owning a TV?
“I keep overcooking my steak, any advice?”
“I haven’t had meat in 40 years, have you considered simply going vegetarian?”
Edit: FYI the key to cooking a good steak is salt, butter, and to flip it every 30 secs, until you’ve reached your preferred level of doneness. If you’re really trying to impress, and don’t care about a heart attack, you can also baste with butter in between each flip.
Now, learning how much time it takes for each different type of cut and the variations within, that mostly comes with experience.
Just don’t hook it up to your wifi. Don’t use any of its included apps. If you must stream get a separate device to do it.
This is the correct answer. I actually disabled LG’s version of it when I first heard about it. A few months later it had been reactivated in an update, so I just factory reset it and connected an old laptop.
You can’t trust anyone — corporation or government — to protect or respect your privacy. Ever. If it’s not open source and E2EE, assume that a criminal is going to view and process it for profit.
No it is not the correct answer! The correct answer is to put the CEOs who perpetrate this criminal shit in prison for millions of counts of hacking and stalking!
Merely shrugging and implementing a technological workaround is not an appropriate response to someone perpetrating a felony against you!
I have a Samsung smart TV that is not connected to any networks, and every few days it will display a ‘detecting device’ loading screen when switching to my input that fails after 30 seconds or until I cancel it (canceling does not seem to impact its functioning)
I have no evidence but I strongly suspect this to be related to attempting to record and send device data to a remote server.
Question, what separate device is best and most privacy focused? I just imagine getting a firestick, google Chromecast, etc would also give away data?
There are some open-source systems for media PCs.
Kodi seems to me to be popular, though I don’t use a media PC myself.
You’ll need to have the technical knowledge to install it yourself.
It still can connect to untrusted wifi access point (without password protection). So also try to go to: Settings Menu -> General & Privacy -> Terms & Privacy -> And there is a whole list of privacy setting. Try to find the option to: Do not agree with all. Or you need to manually disallow each privacy option… Good luck!
I love my Samsung because I never gave it the wifi credentials.
Dumb TV is better. My PS5 can do everything I want and I already give all my metrics to them just playing it
Hello 8th person I’ve had to explain this to: they still connect to stuff. Even if you disable WiFi on the Samsung TV they can mesh network with other TVs in your neighborhood or with your phone (Samsung is particularly pushy about wanting you to install and connect your phone).
You know that part of the manual that tells you to connect the TV to the Internet?
Don’t do that.
That sadly doesn’t work well enough. They will connect to things on their own.
You’ll have to insulate your home from any outside unsecured wifi and compatible devices to stop some of them from networking.
If there are open wifi networks near your TV that you can’t lockdown, you’ll want to confirm it your make/model is known to automatically connect to those, and then take whatever mitigation steps are justified for your own use case.
For example, if you have multiple TVs, maybe you can swap models around based on their capabilities and location, or look up the schematic for the TV and see if it’s easy to block it’s internal antennas.
Or maybe that seems like too much of a hassle and you just say fuck it, and don’t worry about it. Which is always an option, because given how much data already gets sucked up by surveillance capitalism, my evening TV viewing habits have to be some of the lowest value data points, as I already block ads and avoid all ad supported services.
I got an LG because despite how it looks, you can just refuse to agree to a bunch of their privacy agreements and be fine. It’s not perfect, but it’s a hell of a lot better than it would be otherwise, and miles ahead of Samsung’s lack of options.
I have come to realize this and have declined all the T&Cs except for like 3 that you just have to accept to make it function.
https://blocklistproject.github.io/Lists/ the Smart TV list under their beta lists.
They’re getting smart to that and are starting to hard code server IPs, circumventing any DNS you have in place.
You can go to Settings Menu -> General & Privacy -> Terms & Privacy -> And there is a whole list of privacy setting you automatically agreed with (which you didn’t). However, you should find an option for: Do not agree with all. Or you need to manually disallow each privacy option… Good luck!