2

The FTC has just settled a case with Vizio, saying that the company has been quietly capturing pixels from their smart TVs, matching those pixels to databases of content, and selling that information (and corresponding IP addresses) to advertisers. It appears to be possible to turn off this "feature", but I'm still not really confident that my information isn't leaking out and being used in ways that I don't want.

I want my TV to communicate with other devices on my network. For example, I like to use Chromecast to cast from my laptop to the TV. But I suspect that the TV doesn't need to directly communicate with anything off my network (except for the occasional system update, which I don't mind opening up for). Would it be effective, and generally reasonable, to simply set my firewall to block outgoing requests from the TV's MAC address, for example? Should I generally be doing this (or something like it) with other devices that I need on my network but don't want communicating with the outside world, like my TV's tablet remote? Are there any other steps that I should take to ensure I'm not broadcasting personal data in such obvious ways?

Mike
  • 123
  • 1
  • 5
  • If you want to use Chromecast, your TV needs to access the internet most likely. When using Chromecast, your phone/PC only works as remote control, telling your TV to stream a video from some URL. The TV needs access to that URL. (Unless you stream files from your PC) – Josef Feb 08 '17 at 12:25
  • 1
    @Josef I think it is the chromecast network connection that is used to stream, not the tv's. Otherwise it wouldn't work on "dumb" tv sets. – Mindwin Feb 08 '17 at 13:39
  • @Mindwin yes, but it sounds like OP doesn't use the separate Chromecast hardware but a chromecast function of the TV. – Josef Feb 08 '17 at 13:47
  • @Josef is right, I usually do use the built-in chromecast feature. And I believe that, e.g., youtube and facebook videos do indeed work via this remote-control style interface. On the other hand, I am able to cast my browser window, which I can only imagine goes straight from my laptop to my router and back to the TV, with no need for outside network. I'd be content with that. Though maybe youtube, etc., try to be clever and steal the connection in fullscreen mode. I could also use my blu-ray player's chromecast function, but I'm also gonna have to check how that's leaking my info... – Mike Feb 08 '17 at 13:57
  • 1
    Ironically, I asked about Vizio's privacy policy a couple of years ago. I could not even find it online. The question was deemed too narrow and it was decided it would not benefit the larger audience. The question was closed as off-topic and deleted... –  Feb 08 '17 at 16:46
  • @jww I specifically bought the Vizio because it had very little of its own processing, and so I thought that meant it wouldn't be a big privacy leak. I'm taking this as an object lesson in skepticism of all connected devices I bring into my home. It looks like it will also turn into a practicum on Wireshark, but that should be generally useful in sniffing out any other suspicious activity. – Mike Feb 08 '17 at 18:18
  • To the gentleman who says there is no firmware for his Linksys router. Check the openwrt site. They have firm ware for hundreds of devices. Yours just might be one of them It's a fantastic firm ware. I have been using for years. You might start with deny all outbound as default. Then, white list services you need. – Pissed Off Veteran Dec 06 '19 at 14:48
  • I had checked that already, and found no support. Checking again now shows no support from OpenWrt or DD-WRT. I did, however, find a message from Linksys suggesting they specifically put hurdles in the way of using open-source firmware for this device. – Mike Dec 06 '19 at 15:11

2 Answers2

2

If you can set your firewall to block a particular MAC from exiting your network, yes, that would be the best strategy. However, ordinary consumer grade routers may not have the capability.

Instead, what you may need to do is discover the external address (or addresses) that the TV is attempting to connect to, and find a way to block data from reaching their servers. One way is to add a static routing entry for that destination's IP address and route it to 0.0.0.0 to ensure the connection attempt doesn't leave your premises.

John Deters
  • 33,650
  • 3
  • 57
  • 110
  • 1
    Unfortunately, there doesn't seem to be any nicer firmware for my router (Linksys EA7500), so it's an all-or-nothing proposition when blocking by MAC address. Your routing suggestion sounds good, though. Thanks! – Mike Feb 08 '17 at 16:13
  • Yep. Note that it's not going to be all that easy, either. You'll probably need to WireShark the DNS request coming from the TV, resolve it into all the different IP addresses, and add static routes for each. Or you could statically configure the TV's network settings with a fake gateway and a non-existent DNS resolver - that should stop it from phoning home (or anywhere else not on the same subnet) ever again. – John Deters Feb 08 '17 at 16:57
2

If you have a network, all the devices should be connected to a router. Nearly all home routers today support the capability to deny internet access to connected clients, either by IP address or by MAC address or a combination of them. So it should be pretty simple to accomplish. If you want further help, tell your your router model and we can tell you what specific setting it has for this, but usually they are easy to find.

Overmind
  • 8,779
  • 3
  • 19
  • 28