In 21st-century tech dystopia, smart TV watches you, warns Princeton privacy prof

You make de-legitimising targeted advertising as a business model sound easy

"TVs are going down the same road that turned the web & smartphone apps into a cesspit of surveillance."

So said computer scientist Arvind Narayana, associate professor at Princeton and leader of its Web Transparency and Accountability Project, in a recent lengthy Twitter thread.

Narayanan pointed to three recently published reports. The first, which he co-authored, looks at "over-the-top" TV streaming devices, in particular Roku TV and Amazon Fire TV.

"Traffic to known trackers present on 69 per cent of Roku channels and 89 per cent of Amazon Fire TV channels. We also observed that certain OTT channels contact more than 60 tracking domains and the data shared with the trackers include video titles, Wi-Fi SSIDs, MAC addresses and device serial numbers," the paper reads.

The researchers also looked at Pi-hole, a free network-level blocker for trackers and advertisers, but discovered that it is only partially effective. "Simulating Pi-hole's blocking of the information leaks we find that 26.7 per cent of the AD ID leaks and 44.6 per cent of the serial number leaks are missed by Pi-hole," the paper says. It concludes: "Our analysis of the available privacy countermeasures showed that they are ineffective at preventing tracking."

The second paper (PDF), Information Exposure from Consumer IoT Devices, is co-authored by researchers at Northeastern University, Boston, and Imperial College London. Devices include cameras, video doorbells, home automation devices, TVs, smart speakers and appliances.

The paper reports: "TVs (i.e. Samsung TV, LG TV, Roku, Fire TV) contact the largest number of third parties among all device categories." Another notable fact is that "nearly all" TV devices in the study's testbeds contacted Netflix, "even though we never configured any TV with a Netflix account". The paper also notes that "57.45 per cent (50.27 per cent) of the overall destinations contacted by the US (UK) IoT devices are third or support parties, and 56 per cent of the US devices and the 83.8 per cent of the UK devices contact destinations outside their region."

The third research document (PDF) – another from Princeton – looks at statistics from the university's IoT Inspector, a tool that runs on Mac or Linux to analyse IoT network traffic.

The researchers found that smart TVs contacted 350 advertising or tracking domains. The top two were Google's DoubleClick and GoogleSyndication. 41 per cent of the TVs contacted domains that would be blocked by the Firefox Disconnect tool, though one of the issues is that smart TVs lack this kind of privacy control. The researchers noted that Roku now makes more from "platform", which is mostly advertising, than player revenue.

Narayanan said: "It is unfortunate that TV platforms are turning to targeted ads as the main way to make money. To maximize revenue, they will likely turn to data mining and algorithmic personalization/persuasion to keep people glued to the screen as long as possible."

He voiced worries about potential developments such as cross-device tracking, for example, using an ultrasonic beacon from TV to smartphone in order to link the two. "Unlike web tracking, our ability to control tracking on TVs is also limited, because TVs are closed platforms and there is no analog of browser extensions," he wrote.

In an era where algorithmic advertising is being used to sway voters and personalised content reduces an individual's exposure to balanced viewpoints, the implications of extending this to television content is troubling.

"I see only one way: let's de-legitimize targeted advertising as a business model," said Narayanan.

That sounds like a forlorn hope, though one slight mitigating factor is the improvement in tools to monitor and even block the trackers, as referenced by these papers. But even if they get much better, that does not mean they will be widely used. ®

Keep Reading

Google gives Gmail's collab chops a good buffing to make it the 'home for work' while we're working from home

Chat and Meet rolled into the inbox along with other bells and whistles

Dear makers of smart home things. Yeah, you with that bright idea of an IoT Candle. Here's an SDK from Amazon

Updated Management software for smart devices to ease entry into ecosystem

The IoT wars are over, maybe? Amazon, Apple, Google give up on smart-home domination dreams, agree to develop common standards

The bad news: You may have to buy all new kit if you want things to work

Facebook defers $3bn of infrastructure spend because it's hard to build bit barns when you're working from home

The Social Network™ is predictably busy but says that won't last

Alarming news: ADT to flog Nest smart home kit after Google ploughs $450m into corporate security dinosaur

Resell agreement set up amid plans to build next gen of home automation and security gear

Keeping them for a rainy day? Arm decides against spinning off cloudy IoT businesses to parent Softbank – report

Right as the Japanese mega-corp seeks to flog the Brit CPU design house

Google's home security package flies the Nest, Chocolate Factory pledges software support – for now

In brief Plus: Immigration lawyers for Mountain View breached, SonarQube hack worse than thought, and more

At historic Apple, Amazon, Facebook, Google CEOs hearing, congressmen ramble, congresswomen home in on tech market abuse

Analysis We watched six hours of congressional hearings so you didn’t have to

Biting the hand that feeds IT © 1998–2020