By Jeremy Hsu on September 24, 2024
Popular smart TV models made by Samsung and LG can take multiple snapshots of what you are watching every second – even when they are being used as external displays for your laptop or video game console.
Smart TV manufacturers use these frequent screenshots, as well as audio recordings, in their automatic content recognition systems, which track viewing habits in order to target people with specific advertising. But researchers showed this tracking by some of the world’s most popular smart TV brands – Samsung TVs can take screenshots every 500 milliseconds and LG TVs every 10 milliseconds – can occur when people least expect it.
“When a user connects their laptop via HDMI just to browse stuff on their laptop on a bigger screen by using the TV as a ‘dumb’ display, they are unsuspecting of their activity being screenshotted,” says Yash Vekaria at the University of California, Davis. Samsung and LG did not respond to a request for comment.
Vekaria and his colleagues connected smart TVs from Samsung and LG to their own computer server. Their server, which was equipped with software for analysing network traffic, acted as a middleman to see what visual snapshots or audio data the TVs were uploading.
They found the smart TVs did not appear to upload any screenshots or audio data when streaming from Netflix or other third-party apps, mirroring YouTube content streamed on a separate phone or laptop or when sitting idle. But the smart TVs did upload snapshots when showing broadcasts from the TV antenna or content from an HDMI-connected device.
The researchers also discovered country-specific differences when users streamed the free ad-supported TV channel provided by Samsung or LG platforms. Such user activities were uploaded when the TV was operating in the US but not in the UK.
By recording user activity even when it’s coming from connected laptops, smart TVs might capture sensitive data, says Vekaria. For example, it might record if people are browsing for baby products or other personal items.
Customers can opt out of such tracking for Samsung and LG TVs. But the process requires customers to either enable or disable between six and 11 different options in the TV settings.
“This is the sort of privacy-intrusive technology that should require people to opt into sharing their data with clear language explaining exactly what they’re agreeing to, not baked into initial setup agreements that people tend to speed through,” says Thorin Klosowski at the Electronic Frontier Foundation, a digital privacy non-profit based in California.
I never own a smart tv, but can you flash custom firmwares into it?
/song note emoji/I always feel like/end song note emoji/
this is why you get a separate apple tv/android box and not connect your tv to the internet
Connect it to a Linux PC for optimal privacy.
Like those things aren’t capable of the same shit?
anythings capable of it, but the companies behind the (premium) boxes have less of an incentive. While theyre all capable, its a matter if you have trust in them. At least for the Shield TV for example, go download a shield tv rom if you really don’t trust Nvidia. If you are paranoid that they all can do it, than any smart device can do it because its connected to the internet.
mine would be getting only choppy static more than anything. where i live there is only sattelite available and it costs more than cable
I got a nice LG C3 on an open box deal, I connected it to run updates and fiddle for a few, then deleted the apps and took it offline.
You hear that? It’s a whisper… It’s a multinational multibillion dollar class action lawsuit coming after Samsung and LG. WTF!
Smart devices stupid people.
deleted by creator
Did you go beyond the headline?
They found the smart TVs did not appear to upload any screenshots or audio data when streaming from Netflix or other third-party apps, mirroring YouTube content streamed on a separate phone or laptop or when sitting idle. But the smart TVs did upload snapshots when showing broadcasts from the TV antenna or content from an HDMI-connected device.
Does it means that it broadcast my chrome browser if connected through HDMI? If I check for a password in the password manager in chrome, it fucking sends my password to Samsung?
Yes and no. Supposedly the resolution is not in 4K or even 1080p, but something much lower that is still enough to identify content, like shows, movies and ads, but not enough to make out minute detail.
Because your laptop cannot have Netflix, or a DRM enabled browser?
It may be them either not trespassing their territory (as a part of a deal or as a precaution) or TV apps sharing\telegraphing that info without the need of screen cap analysis as they work on TV itself and may as well be special modified apks. At least, they differed
Laptop sends only it’s video and audio outputs, apps’ code executes at it’s hardware, so TV needs a workaround to know what you are watching. And as it’s incapable of such analysis itself, it channels that data to it’s real owner.
No, the point here is that if you use the “smart” features, which includes running apps from their appstore, like Netflix or Disney+, it will not send the data. But if you connect your laptop via HDMI and then play Netflix in your browser, it will, because it’s not smart enough to recognize and differentiafe video and audio data coming in through that port. I don’t think it matters if it’s a DRM enabled browser or not. It should be acting as a second monitor only in those cases, nothing more.
so? we aren’t allowed to take netflix screenshots at all
Says who?
You are allowed to take screenshots of Netflix, even under the DMCA on DRM protected material. You are not allowed to use it commercially though. Personal use only.
So an HDMI connected device that is streaming Netflix is getting screenshot?
I mean, even if it wasn’t a streaming service, but let’s say, video game content, or a blu ray, that is still a violation, and of course, if I’m playing content I made, then it’s violating my copyright.
Don’t buy them, they are excessively expensive and tt’s a better idea to separate the smart functionality into an HDMI device of your choice anyway.
Most new tv’s are smart tv’s by default, yo uave to pay extra for dumbness
Installed pi-hole this week. Number one blocked domain with 1600 queries… Scribe.logs.roku.com.
Crazy!
Okay. So how do we turn it off!? I’ve read nothing in my Samsung manuals about this “feature” and here no instructions for turning it off.
No Internet for the device
They have been known to connect automatically to nearby compatible devices or unsecured wifi.
I love my Samsung because I never gave it the wifi credentials.
Dumb TV is better. My PS5 can do everything I want and I already give all my metrics to them just playing it
Hello 8th person I’ve had to explain this to: they still connect to stuff. Even if you disable WiFi on the Samsung TV they can mesh network with other TVs in your neighborhood or with your phone (Samsung is particularly pushy about wanting you to install and connect your phone).
Disable internet.
You’ll have to insulate your home from any outside unsecured wifi and compatible devices to stop some of them from networking.
You know that part of the manual that tells you to connect the TV to the Internet?
Don’t do that.
That sadly doesn’t work well enough. They will connect to things on their own.
If there are open wifi networks near your TV that you can’t lockdown, you’ll want to confirm it your make/model is known to automatically connect to those, and then take whatever mitigation steps are justified for your own use case.
For example, if you have multiple TVs, maybe you can swap models around based on their capabilities and location, or look up the schematic for the TV and see if it’s easy to block it’s internal antennas.
Or maybe that seems like too much of a hassle and you just say fuck it, and don’t worry about it. Which is always an option, because given how much data already gets sucked up by surveillance capitalism, my evening TV viewing habits have to be some of the lowest value data points, as I already block ads and avoid all ad supported services.
Its real tricky to get into and overwrite some of the SoC processors and ARM chipsets, but pretty earlyon the hacker crowd was turning Samsungs Smart TVs dumb.
They’ve acrually got some great resistance to screen burn.
Use Pi-hole and block their domains
They’re getting smart to that and are starting to hard code server IPs, circumventing any DNS you have in place.
Joke’s on them. Their telemetry server is in another
castleVLAN.
Do you know where I can source the domains?
https://blocklistproject.github.io/Lists/ the Smart TV list under their beta lists.
I use nextdns on my network and there’s a filter there for smart tvs. Samsung seems to want to call home the most.
Pihole will log DNS requests. The requests come.from the TV. So when it pops up, Block it.
Just don’t hook it up to your wifi. Don’t use any of its included apps. If you must stream get a separate device to do it.
I have a Samsung smart TV that is not connected to any networks, and every few days it will display a ‘detecting device’ loading screen when switching to my input that fails after 30 seconds or until I cancel it (canceling does not seem to impact its functioning)
I have no evidence but I strongly suspect this to be related to attempting to record and send device data to a remote server.
I have noticed this too, I have to press the ‘back’ button on the remote to get the computer output.
Question, what separate device is best and most privacy focused? I just imagine getting a firestick, google Chromecast, etc would also give away data?
There are some open-source systems for media PCs.
Kodi seems to me to be popular, though I don’t use a media PC myself.
You’ll need to have the technical knowledge to install it yourself.
Again your media PC (or HTPC) is still connected to a smart TV. And the problem is with the TV recording HDMI data. In fact, if you read correctly, the Smart TV does no record data from the built-in apps like Netflix.
This is the correct answer. I actually disabled LG’s version of it when I first heard about it. A few months later it had been reactivated in an update, so I just factory reset it and connected an old laptop.
You can’t trust anyone — corporation or government — to protect or respect your privacy. Ever. If it’s not open source and E2EE, assume that a criminal is going to view and process it for profit.
No it is not the correct answer! The correct answer is to put the CEOs who perpetrate this criminal shit in prison for millions of counts of hacking and stalking!
Merely shrugging and implementing a technological workaround is not an appropriate response to someone perpetrating a felony against you!
The downvotes are because your “solution” is not based in the reality that the rest of us live in.
There are no downvotes, so I’m not sure what point you think you’re making.
Okay. So how do we turn it off!?
This is probably not the reply you want, but as someone who (in the past 40+ years) has never owned a TV, I simply can’t refrain from asking: Have you considered simply not owning a TV?
“I keep overcooking my steak, any advice?”
“I haven’t had meat in 40 years, have you considered simply going vegetarian?”
Movies and television shows can be an excellent form of entertainment and a great source of educational materials. And this is the golden age of television. Sorry you’ve been missing out on that
I got an LG because despite how it looks, you can just refuse to agree to a bunch of their privacy agreements and be fine. It’s not perfect, but it’s a hell of a lot better than it would be otherwise, and miles ahead of Samsung’s lack of options.
I have come to realize this and have declined all the T&Cs except for like 3 that you just have to accept to make it function.
Yep, same. Works fine for me, I never wanted the features that disables.
LG by now will have several weeks of footage of me scrolling through streaming services and failing to find anything to watch.
This is why our “smart” TV is not allowed to be connected to the internet.
A smart TV is not allowed on my property.
I am a bit puzzled about the “even when your laptop is connected” part.
I have a small android box connected to it and am not using apps on the TV so it should have no chance of sending screenshot out even if it takes them.
The TV itself is not connected
what kind of Android box do you have? anything you recommend? (looking to have some sort of streaming client)
It’s a Chinese one that I used at first for retro gaming with emuelec. Now it is dual boot and I have kodi and newpipe on it too.
Nvidia Shield. The bigger one.
Yes, it’s a couple of years old at this point, but it’s still the best device of its kind.
Not to mention the remote is FANTASTIC.
the google tv with chromecast dongle is quite decent, good price/performance ratio
But can you really be sure that it doesn’t connect to another network? i have to check again but if i recall correctly there are TVs that try to connect to other open networks or even look for other TVs from the same manufacturer and connect through those to the internet. I have to double check this again, so take this with a grain of salt
There is such a thing called HDMI Ethernet. If you connect some sort of Android box to your TV it might establish an Ethernet connection with it and thus connect to the internet.
If you use an Android TV system you don’t get to complain about your video output device tracking.
deleted by creator
deleted by creator
deleted by creator
No matter how much they ask
If I just use a projector, do i still have to worry about the maker of the tablet that connects to the projector doing the same thing?
Yes, but for different reasons. They are much less popular, and have way lower market share as a result.
Lots of lower-end chinese projectors are also running Android (linux), with multi-core CPUs…
