10

I am looking to buy a new TV, but all of them these days are Smart TVs with creepy Orwellian features. Namely the microphone and webcam, which pretty much makes a Telescreen, as manufacturers admit they collect data remotely.

I'd like to know if some things I've heard are true, and what are the best practices for allowing the Smart TV internet access securely?

The standard advice I've come across is to put a sticker over the webcam and not let the TV on the internet. I've also heard that allowing the TV to connect to the internet through a middle man, like a games console or Chomecast, is better. Is this any more secure?

Are there any security apps one can download to help protect the TV? Is there a hacky way to fudge the system? Like corrupting the microphone/webcam drivers, or an app which always runs using those devices and thus blocks all other users out? I'm looking at a Sony Bravia TV, which uses Android. And I'm aware that is far from secure generally.

There's also the question about the microphone. If the TV connects to the internet, the webcam can have a sticker over to stop Big Brother watching, but is there a way to disable the microphone short of opening up the TV... which is probably a bad idea. I assume that simply switching off these features in the OS isn't secure since it could conceivably be switched on again by a hack?

Anders
  • 64,406
  • 24
  • 178
  • 215
  • If you didn't put the TV itself on the network, but did net requiring stuff through a Chromecast or similar, wouldn't even need the sticker - unless both Google and the TV manufacturer really messed up, shouldn't be a way to activate functions like camera via HDMI. Personally, though, I'd be more wary of the manufacturers data collection at the moment - some very dubious T&Cs around – Matthew Oct 26 '16 at 08:15
  • You could install a firewall (for example on a raspberry pi) and control all outgoing traffic on the network layer. – Lukas Oct 26 '16 at 09:04
  • 2
    Not all of them are smart TVs yet, just the "premium brands". I'd suggest either getting a dumb monitor or getting the TV, leaving it unconnected, and driving it from your own tuner/PVR/HTPC system. – pjc50 Oct 26 '16 at 10:18
  • 1
    Sort of a frame challenge but: just get a projector, as far as I know these are all still *dumb* devices. Bonus: you get a way bigger picture. :) – fgysin Oct 26 '16 at 11:57
  • Just get a modern TV that isn't 'smart'. LG still makes them last time I checked. If you want smart functionality later buy a chromecast, functionality when you need it (if you want privacy) unplug it :) – Digital Shiba Oct 29 '16 at 10:30
  • As fgysin said, get a good HD projector (study a bit about thing as 3lcd vs dlp) plus a Chromecast - you`ll never look back. – Caterpillaraoz Nov 02 '16 at 09:31

2 Answers2

1

It is difficult to provide a single complete answer because there are too many variables and what may work for one model/brand may not work for another. The term 'Smart TV' is also poorly defined and not all of them 'call home' - many don't even have a built in webcam or microphone.

The first question you need to ask is "What do you want/expect" from your Smart TV? This will help determine what features you need and that will help determine what options you have available. The other question you need to ask is what is the threat you are concerned about? Are you concerned about the neighbours or passes by who may overhear your conversation through that open window? What is your real concern should it be true that the vendor is recording your conversations through the microphone on the TV? Likewise with the camera.

This isn't to say you may not have real things to be concerned about, but it probably needs to be a little more than just an abstract concern. Some people, such as celebrities, politicians, secret agents and crime bosses probably have more real concern than most of us. Knowing what the individual risk is determines what level of protection/concern you need to have.

It is also important to consider the other side of the coin. Consider the perspective from the vendor. Lets say you produce a smart TV and it collects lots of data, such as recording the sound and vision in the room. Now consider they have sold 2 million of those TVs, so have data coming in from 2 million users. That is a hell of a lot of data. However, having data and being able to make use of it are two vary different things. That is a lot of processing. How you use/process the data is also worth considering. Processing a lot of audio streams to improve algorithms used in natural language processing and voice recognition is one thing, processing the streams to extract real meaning and then using that information effectively is another. All of this also comes at a high financial cost, so there has to be some real financial benefit.

All of this isn't to say there are not real concerns. As the NSA has demonstrated, processing and extracting meaningful data from large data sets is vary possible and there are some real concerns regarding what some of these vendors are doing and how they are using or even securing the data they collect. However, to what extent this is a real threat to an average individual right now is uncertain, but likely low.

We also need to balance all of this with the real potential for benefit from this data collection. Most of us would really like devices which have reliable and accurate speech recognition or smart devices which are able to work out what we want to watch, what products we are really interested in etc. What most people hate about advertising is that most of it is junk we are not interested in. If all the ads you were shown were for things you are interested in, you wouldn't mind as much. To achieve this sort of benefit, the manufacturers need data to drive the research. If we want devices which improve, we need to let the manufacturers have more data about how we use the device, where the device fails, has errors, crashes etc and we want the manufacturers to send us updates and improvements.

So, what do we do?

  • Select a device from the manufacturer which has the best terms and conditions. Look for one that actually has privacy statements, tells you what data they will collect, how long they will keep it, what they will use it for and how they will store it. Yes, we are trusting they are being honest, but why should we assume they won't be? What is the benefit in them being dishonest? If they have a privacy statement and reasonable terms and conditions, at least we know they have thought about it. Most of the problems with IoT devices is that the vendor simply has not considered these issues.

  • Depending on your setup, you will normally configure your router/modem to have a firewall which blocks all incoming connections. These are connections which are initiated from outside your network and try to connect into devices within your network. Most of the services you are likely to want have connections initiated from inside your network going out. Exceptions are things like an audio chat service which allows your friends to contact you. Connecting to things like TV streaming services are typically initiated by you and don't need to be initiated from external sources.

  • Look for a device which has the option to enable or disable data collection. These days, many software and operating systems have this sort of feature. You can decide to opt in or opt out. Go for a vendor who lets you make this decision.

  • If you are still uncomfortable, just don't connect the device to the network. I've looked at a number of 'Smart TVs' and in fact have 3 of them. However, none of them are connected to the network. This isn't because Im paranoid. The main reason is that so far, I've found the quality, reliability and usability of all of these smart tv apps to be far inferior to the equivalent functionality provided by my PVR, xbox, ps4 or chromecast. Right now, smart tvs seem to be more hype than benefit. This will change, but I can't see the quality reaching the same level as other devices for a couple of generations yet and lets face it, you tend to replace your TV less frequently than other devices, such as laptops or tablets.

We all need to be more concerned about data collection and privacy. However, we also need to be wary of becoming too paranoid. What we really want is informed consent and some guarantees about how the data will be sued, stored and eventually destroyed. The only way to get this is through our choices. Be willing to pay more for better, secure and informed choice. Be prepared to not purchase the device if we are not happy about the company's practices or the way it may use our data. Be willing to forgo convenience to ensure we have privacy and control.

Tim X
  • 3,242
  • 13
  • 13
  • In case you're wondering how much data they're willing to collect, take a look at this report by the FTC: https://web.archive.org/web/20170207195029/https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen – John Deters Feb 08 '17 at 05:33
  • Yes, that is an interesting case. However, I think the point to note is that the company was able to sell on marketing data because it could match the TV data with lots of other data (demographic data, such as age, sex etc) which it obtained via other means - probably through 'registration' of the device with the vendor. Irony is we are concerned about smart TVs, but many will freely give away details on a web page without asking "Why do they need to know my sex, age, etc?". – Tim X Feb 08 '17 at 18:54
  • I mentioned the Vizio case because of the paragraph about "having data and being able to make use of it are two vary different things. That is a lot of processing" and "All of this also comes at a high financial cost, so there has to be some real financial benefit". The way it was written made me think you were dismissive of the likelihood that companies wouldn't engage in the massive capture of data because it wouldn't be worth it. Clearly, Vizio believes it's worth it. It would not surprise me to find other companies doing similar data harvesting. So the likelihood is definitely non-zero. – John Deters Feb 08 '17 at 19:43
  • Fair enough. It is important to always recognise what was unfeasible yesterday is feasible today simply because of the improvements in technology and decreases in costs. However, we need to also recognise the trade-offs - much of the functionality people enjoy with google is because of the personal data they have harvested. To be smart, you need data. If you want smart, you need to allow access to varying levels of data. The bad aspect of Vizio is how they used the data without telling users. I do wonder if their data mining was scaleable and am pleased they were called out on it. – Tim X Feb 09 '17 at 04:07
0

My suggestion would be to get a large computer monitor instead; you'll often get a higher resolution that way, it will be good for gaming, and it (likely) won't be able to access the internet on its own.

kaoudis
  • 1
  • 2