Comments

wiredog August 27, 2024 8:56 AM

“Some TVs remove basic features like Internet connectivity if you don’t let them track you.”

At least for now, my TV works fine as a TV without being connected to the internet.

Steve Friedl August 27, 2024 11:19 AM

We have a nice smart TV but have never connected it to our network: it gets its signal strictly from the cable box, or from attached HDMI doodads (Amazon Fire stick, etc.), and in this respect we can keep our television from spying on us to the extent we’re not watching Amazon.

I guess the next step in the arms race are televisions that will simply not function without an internet connection, which will require more shenanigans to get around.

b tyson August 27, 2024 11:44 AM

what’s happening in the world of television surveillance

This is specifically about televisions surveilling their users—bad, but only the tip of the iceberg. Also, avoidable by using computer monitors and digital signage displays. Yeah, I know they cost more and are not as easy to get, particularly in large sizes, but it’s up to you to decide how much your privacy is worth. I grew up with a 20-inch television as my main set, and later a 27-incher—often using smaller ones when the main one was occupied—so I don’t quite get why people think it’s crazy to have anything less than 40 or 50.

(I don’t put much stock in the common advice of “just don’t connect it to your wi-fi”. It may work for now, but the data’s probably still accumulating on the device with no way to wipe it, set to be leaked when you get rid of it or when a kid or guest connects it to be “helpful” because your Netflix button wasn’t working. Eventually, manufacturers may just make the devices scan for open wi-fi, or make deals to use Xfinity and the like. Also, data-only cellular devices and plans are so cheap—like 7 USD each in bulk for chips, and a similar amount for 10 years of service—that it’s hard to believe the manufacturers haven’t considered them.)

20-25 years ago, nobody knew what you were watching. Well, sometimes I did, when I saw 4 dark apartments flashing in the same way and flicked through the channels to match it, or when someone simply left their curtains open. But a broadcaster wouldn’t know what channel you were tuned to (unless you chosen by Neilson, kept an accurate log, and sent it in); a cable company wouldn’t know. Nobody was collecting bulk data without consent.

That changed with digital cable. Now, not only does a subscriber have to wait hundreds or thousands of milliseconds to tune a channel, their box has to request the channel from the provider. So, assuming the cable-network has stopped running analog signals, they know exactly what everyone’s watching. Do you think they’re passing up that income? Internet-based streaming makes that even more obvious: everything’s by specific request only, and for shows rather than channels. Netflix was already suspected to be in violation of the Video Privacy Protection Act in 2009, and the law was amended and I guess Netflix changed some things, but there are new providers all the time—often located in other countries than their users. I expect the illegal-data-sharing wrist-slap cycle to continue.

Paranoid? August 27, 2024 11:47 AM

The article just states the obvious.

What i seldom see connected is the Orwellian Telescreen concept of joining smartphone under-screen camera technology and smart TVs.

Clive Robinson August 28, 2024 3:57 AM

@ b tyson, ALL,

Re : You don’t need eyes to see.

For quire sometime now I’ve been warning about “Smart-meters” and their ability by “power signature” to know what you are doing.

Your,

“20-25 years ago, nobody knew what you were watching. Well, sometimes I did, when I saw 4 dark apartments flashing in the same way and flicked through the channels to match it”

Can be done by any smart-meter in any home and “signal it back” to the Power Grid utility monitoring center (or elsewhere with GSM modems built in).

The reason it can be done, is the more “power efficient” a flat screen TV or even computer is the more information it conveys through the Switch Mode PSU to the wiring in your home.

Thus the “low frequency” of screen background changes –at frame rate– gets easily seen. The only question is how many seconds does it need to identify which channel you are watching of “live broadcast” or “broadcast streaming” or identify the film from “on demand” or even DVD/BlueRay?

The answer is surprisingly little where there is for instance dialogue and the camera switches from face to face and the backgrounds change with it, or there is a slow pan or street scene with vehicles moving.

And because it’s “low frequency data” –integrated over ten frames or so– the amount of storage required for the signature for a two hour move is really quite small (say 72,000 bytes).

This data can be further compressed in ways that assist rapid sync/match.

ResearcherZero August 28, 2024 5:08 AM

“LG, for example, started sharing data gathered from its TVs with Nielsen, giving the data and market measurement firm “the largest ACR data footprint in the industry,” according to an October announcement.”

The real power of surveillance lays in the ability to understand relationships between inputs. The ability to recognise text and images and the relationships between them.

The automated ability to decipher meaning from large data sets using models.

Below are instructions for turning off ACR in the major smart TV platforms:

https://www.consumerreports.org/electronics/privacy/how-to-turn-off-smart-tv-snooping-features-a4840102036/

Bob Paddock August 28, 2024 8:38 AM

“I guess the next step in the arms race are televisions that will simply not function without an internet connection…”

We’ve already lost that part of the arms race.

I needed a small HDMI monitor. Bought a small Samsung TV at Big Box store.
I returned it because it would not get past the first power up screen without being connected to Internet.

b tyson August 28, 2024 10:05 PM

Clive, how theoretical is that? It sound a bit like the “television detection vans” in the U.K., which seem to be considered maybe possible in theory, but a bogus intimidation tactic—akin to “lie detectors”—in practice.

I believe you that the hardware could in principle do it. But would power companies, or those who illicitly hack them, actually have sufficient low-level access to the meters to add that code? Has any company shown any interest in such things? Usually these bad ideas are preceded by patents, and once actually implemented we’d learn of data-buyers and sellers. Has anyone even done a proof-of-concept demonstration that worked in anything approximating real-world conditions?

I’m much more worried about denial-of-service attacks with such meters. The ability to shut off someone’s power for non-payment seems much too tempting to have been excluded as a feature. Which is to say that the feature probably exists, even if dormant. Ransomware is an obvious threat: the only alternative to paying would be to send techs to every meter in a dark city, which could take weeks. And what would happen to the grid if millions of homes could be shut off at exactly the same time? It’d be nice to see a power-meter-network set up for penetration testing at a hacker conference; some people claim to have tested them, but with authorization and I guess non-disclosure agreements—so the published material lacks detail.

Thinking along those lines: if a television is sending data to “the cloud”, it’s almost certainly receiving data too. I doubt they’re using UDP packets and just hoping they end up at the proper place. Even if it’s receiving just enough to negotiate TLS, that’s a non-negligible attack surface. And the article notes that people don’t tend to replace these things very often, which means it’s an attack surface on dated software. I’m surprised we haven’t already seen a major group of televisions subverted with ransomware, Viagra ads, or the like.

(By the way, I’m in Ontario, Canada, where the smart meter situation is quite silly. The government “upgraded” everyone to those meters about 15 years ago—getting rid of millions of perfectly good mechanical meters—and moved us all to time-of-use billing. And then a few years ago, a different government decided that any subscriber could choose move to non-time-of-use “tiered” billing; effectively what we had before, but with a higher rate after using X kilowatt-hours in a billing period. Which technically requires a meter that can group usage by month—except, many people never exceed that “X”, in which case it doesn’t matter at all.

Anyway, it’s nearly impossible to save money with time-of-use billing—it only works if one’s using something like 80% of one’s power overnight, like to charge an electric car or maybe a full-home battery. I did an experiment across one billing period, where I sat cold and hungry every day till the off-peak hours came and I could heat my home and cook; time-of-use was still about a dollar more. I suspect the smart-meter program was just a ruse, to fire the meter-readers under the guise of environmentalism.)

Winter August 29, 2024 9:30 AM

Think this is “bad”, now there is this:

Cox Brags It Spies On Users With Device Microphones To Sell Targeted Ads, But It’s Not Clear They Actually Can
‘https://www.techdirt.com/2024/08/29/cox-caught-again-bragging-it-spies-on-users-with-embedded-device-microphones-to-sell-ads/

Last December, internal documents obtained by 404 Media indicated that cable giant Cox Communications claimed to have finally achieved this longstanding vision: it was now able to monitor consumers via microphones embedded in phones, smart TVs, and cable boxes, leverage the audio data, then exploit it to target those users with tailored advertising.


Shortly after the 404 Media story appeared, Cox deleted the website in question and issued a statement denying they were doing anything out of the ordinary:

Eight months later and 404 Media has obtained another pitch deck being used by Cox, crowing about its ability to listen in on consumers in order to sell them targeted ads under the company’s “Active Listening” program. This pitch deck advertises the company’s partnerships with Google, Amazon, Microsoft. Google says it removed CMG from its Partners Program after an “investigation” prompted by 404 Media.

Clive Robinson August 29, 2024 11:24 AM

@ b tyson

Re : You can do similar yourself.

You ask,

… how theoretical is that? It sound a bit like the “television detection vans” in the U.K., which seem to be considered maybe possible in theory, but a bogus intimidation tactic—akin to “lie detectors”—in practice.

You actually cover two separate issues that have the same root cause.

The root cause is high efficiency “switch mode power supplies”(SMPSUs)

In a way they act like AM transmitters in that they modulate an underlying carrier with information.

In this case the underlying carrier is the AC mains power be it 50 or 60 Hertz 240 or 110 volts.

And the modulating information in this case being the “brightness” of the video signal which is usually in fractions of a Hertz around 1/3 to 1/30 seconds.

If you know what you are doing you can safely make up a “ferrite clamp” current transformer that goes around the power cable outside it’s insulation, which then feeds a moderately high load impedance. The resulting low frequency signal can be seen on a storage scope or similar like a computer data logger, and sometimes it can be seen on the screen of a “clamp meter” that electricians use.

Which is exactly what “Smart-Meters” do so they can fake your power usage by incorrect usage of phase etc (see power factor correction which the high efficiency SMPSUS are supposed to do but don’t with low frequencies).

Which brings us around to “TV Detection” it is known that there have been two methods developed by private companies in a bid to sell into the BBC or more correctly the “outsourced” “TV licencing Authority” in the UK and the technology was demonstrated to a UK Cabinet Minister.

One way is to work almost like an AM receiver that gets close to the utility meter that in newer homes are on the outside of the building or other easily accessable place[1].

It kind of works like those old “land line phone” devices you would plug into a tape recorder “mic input”.

Another way is to “read the smart-meter”… Many smart meters use a GSM mobile unit to send readings back. Part of the GSM standard is the old Rockwell AT Command codes to turn the mobile device from audio use to data use just like those 1990’s modems… Thus all the detector unit has to do is “log in”.

Either way you get the low frequency modulation on the mains power wiring. Which then only requires “Signal Processing” against what is currently being “broadcast” or “streamed”. This is not always in “real time” thus one failing is the playing of DVDs of movies and TV programs at the same or similar time as a broadcaster generates false positives. Not that the authority cares because they can then “auto-warrant”.

The so called “West London Court” is there purely to fully automate the application and granting of warrants to “search peoples homes” or “gain access” for other reasons such as “disconnecting services”. There is effectively no checking of “attestation” and it’s easy to parallel construct by simple saying an inspector visited the premisses and “saw through the window” or “heard through the letter box” or similar nonsense…

But as I understand it this “technology” was not acquired not because it was expensive, not because it was unreliable, but the fact it produced data that could be brought into court and stand against the licencing authority and the tricks it pulls, which are many, mostly unlawful and currently difficult at best to challenge in court.

I have a friend that “went in under cover” in the way some “investigative journalists” do to gather “evidence” to fight a case. On being challenged the Licencing Authority suddenly found a “paperwork error” in the transcribing of an agents handwriting…

The simple fact is you can tell the system is rigged and barristers not only know it they can show it is so and some are rather more than openly talking about it.

Because what underlies this is the fact that not paying the TV licence is not a criminal offense you can not be jailed for (but you can be jailed for not paying the fine).

Thus the licencing authority can use “The single justice procedure” system,

‘https://www.gov.uk/single-justice-procedure-notices

To see what one legal professional thinks and explains it quite nicely see,

“How could the Single Justice Procedure get it so wrong? And should we be surprised that it did?”

https://m.youtube.com/watch?v=8i2UkOcPZ94

[1] To facilitate quick and easy “disconnection” to force people onto the way way more expensive “PrePayment Meters” that are highly profitable and tariffs can be changed in seconds to make the profit even higher. The companies deny this but they have been “caught out”. One company “Scottish Power” did it so badly with “Smart Meters” that people were told they had used tens of thousands of units of electricity in a single day… Which was not possible as the mains in fuse would have exploded…

jelo 117 August 31, 2024 6:32 AM

And what about similar and wider scoped surveillance by “your” recreational drone ?

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.