Watching TV feels like a benign pastime, but as all TVs become “smart” – connected to the internet via your router – they are gaining the ability to watch you too. As soon as you switch them on, smart TVs made by the likes of LG, Samsung and Sony are gathering data from the TV itself, as well as from the operating system and apps. Then there are the devices you plug into your TV, such as Google’s Chromecast, Apple TV and Amazon’s Fire Stick.
A TV is no longer just a device for showing you content – it has become a two-way mirror allowing you to be observed in real time by a network of advertisers and data brokers, says Rowenna Fielding, director of data protection consultancy Miss IG Geek. “The purpose of this is to gather as much information as possible about your behaviour, interests, preferences and demographics so it can be monetized, mainly through targeted advertising.”
Smart TV spying is difficult to avoid. A study by researchers at Northeastern University and Imperial College London found data from TVs and smart devices was sent to Google’s ad business and to Netflix, even if people didn’t have Netflix.
What does your smart TV know about you?
The data collected by your smart TV depends on its manufacturer, brand and version. In theory, most smart TVs are capable of collecting audio, video and TV usage data, says Toby Lewis, global head of threat analysis at cybersecurity company Darktrace.
Voice activation is one feature with the potential to gather large amounts of data. Microphones and software are listening for instructions and they can capture conversations and other sounds within range. These recordings might be sent to third parties to be analysed.
Cross-device tracking is another issue to consider. Data collected via your smart TV is more valuable when combined with information from other smart devices such as mobile phones, laptops and home automation gear, according to Fielding. “This allows individuals to be profiled in detail: geo-location history, web browsing activity and social media information can be added to TV data.”
Then there are the cookies and trackers. Apps and browsers on smart TVs use cookie- and pixel-tracking technologies just like websites do to track, recognise and identify devices for user-profiling. “Most apps installed on your smart TV will be snitching to a large network of advertisers and data brokers,” Fielding warns.
What does your TV do with the data?
There is no clear-cut answer. What exactly is done with the data is complex and “highly opaque”, says Lewis. “When looking at what a smart TV does on the network, it is often unclear why certain data is being harvested and where it is being sent.”
There is not much difference between TV brands. Manufacturers claim to use your information for “personalisation” and quality of content, but it is common to sell this type of data, anonymised or semi-anonymised, to third parties, advertising companies or streaming services. “After the data has been sold, it is out of the manufacturer’s control,” Lewis says. “It is often unclear what data exactly is being sent back, depending on the T&Cs and privacy settings, and it can be very difficult to change default settings once you have agreed to them.”
How streaming services are also gathering data
Using streaming services on a smart TV is another surefire way to hand over lots of your personal data. Apps such as Netflix, Amazon Prime and Now TV tend to claim they only use data for necessary services such as recommendations or credit checks. But this can include data such as device identifiers, geo-location, browser type, email address and payment information.
Netflix’s powerful recommendations algorithm fuels the quality of its service by helping you choose which shows to watch. If you log on to Netflix via your browser, you can tweak the privacy settings to limit the data that’s collected and shared. Yet most of the data Netflix gathers, such as the shows you watched and when, is so core to its service that you can’t opt out of it.
What is automatic content recognition or ACR?
Back to the smart TV itself. One scary feature to look out for is automated content recognition (ACR). Often turned on by default, this uses analytical techniques to identify video and audio running on the TV, matching it against a big database to identify what’s being played. It’s pretty creepy stuff – ACR works on anything played on the TV including DVDs and Blu-rays, CDs and games.
Viewing data and habits are shared with manufacturers and ultimately sold to advertisers in order to target you with ads, says Jake Moore, global cybersecurity adviser at security company ESET. When your TV is connected to your home router, data will include your IP address and location too, he adds.
And in theory, ACR could be used for even more unsettling profiling, says Lewis. “With the analytical technologies available, data from facial recognition, sentiment analysis, speech-to-text and content analysis could be gathered to build an in-depth picture of an individual user.”
Instead of matching content against a list of known movies, ACR could in theory be analysed for political position, ethnicity, socioeconomic position and other things that could be abused in the wrong hands, Lewis says.
Should you use your TV as a browser or your smartphone as a TV remote?
Using the browser on your TV might be convenient, but it’s a major attack target for hackers. This is because your smart TV browser lacks the antivirus and additional security settings built into your smartphone or PC.
“Cyber-attackers can eavesdrop on the browser’s traffic and compromise the cookies that manage authentication to online services, such as social media accounts or online banking, and impersonate people,” says Dr Francisco Navarro, a senior lecturer at De Montfort University’s Cyber Security Centre in Leicester.
But in contrast, experts say using your smartphone as a TV remote is fine. Just be mindful that connecting to a smart TV with a mobile will be done via Bluetooth or across the network, says James Griffiths, cofounder and technical director at security consultancy Cyber Security Associates. “If the smart TV was hacked, it might be used to attack your mobile device, but the risk of this happening is low.”
Protect yourself from smart TV spying
As long as they are connected to the internet, smart TVs will collect data and you can’t stop this from happening altogether. In many instances it’s not in your interests to do so as it will affect your viewing experience – take Netflix’s useful recommendations features as an example.
Yet there are some basic measures you can take to protect yourself from smart TV spying. Turn off ACR in the settings, disable personalisation, opt out of all advertising features and cover or disable cameras and microphones.
It’s also important to make sure your router is protected by changing the password and setting up a guest network. You can improve security by opting out of web tracking when it’s offered and applying software updates as soon as they’re available.
The article originally appeared in
The Guardian, 29 Jan 2022