Smart TVs are essentially televisions that can watch you. Their surge in popularity, along with smart speakers, means corporations (and anyone that can hack these devices) have another window through which they can view your private activity. The data collection that typifies the Internet is spilling over into your offline life — and invading your home.
This expansion of corporate surveillance to encompass your TV viewing undermines the effort to create a more private Internet. Your privacy is only as strong as your weakest link, which means your efforts to keep your browsing data private could be undone if corporations can accumulate similar data by monitoring your TV viewing habits.
We’ve prepared this article to help you understand how smart TVs spy on you and what steps you can take to stay private.
What is a smart TV?
Smart TVs are Internet-connected television sets that support a range of apps, from Amazon Prime Video to YouTube. Many smart TVs have also incorporated voice recognition and video cameras so that you can give vocal commands to your television or use it for video chatting.
Smart TVs monitor what you watch, similar to streaming services like Hulu, Netflix, and YouTube, but they take it a step further. They typically use a system called automatic content recognition (ACR), which captures a section of pixels on your screen every few seconds. It then sends these pixel “fingerprints” to a third party that acts somewhat like a Shazam for video. It can quickly identify whatever program you’re watching, whether it’s a personal DVD, live television show, or a YouTube video. In addition to this information, smart TVs add the date and time you watched this program, the channel the show was on, and whether you recorded it. This information is then used, just like your online history, to inform advertisers which ads would be most effective to target you with.
Privacy concerns
Your television viewing habits can reveal almost as much about you as your Internet browsing history. Advertisers can determine your political preferences, wealth, and location from this type of data. The FTC considers your TV viewing history sensitive data that requires your express consent before it can be collected, putting it in a protected category in the US, alongside personal health and financial data.
Another privacy issue arises with how smart TVs share this data. When they sell your TV viewing history to advertisers and third parties, they link it to your WiFi network’s IP address. With this information, advertisers can link your TV viewing history and your browsing history, meaning they have eyes on you throughout the majority of your leisure time. This also means they can follow you from device to device, ensuring you see the same ads over and over.
The business plan of smart TVs represents a dramatic expansion of corporate surveillance, which is why many smart TV providers have, time and again, tried to cut corners and obfuscate their data collection.
When corporations abuse smart TV data
Here are just a few of the privacy scandals involving smart TVs.
Hidden data collection
Vizio is one such company that never informed its users about data collection, and as a result, never gave them a choice. Between 2014 and 2017, it sold smart TVs (and updated older smart TV models) that automatically used ACR to monitor what its users were watching without their knowledge. In 2017, there were upwards of 11 million Vizio smart TVs tracking all their customers’ viewing histories.
Vizio was caught in 2017 when the Attorney General of New Jersey filed a complaint with the FTC, alleging that Vizio hid the details of its data collection from its users. There was no mention of data collection in its privacy policy. The only place where Vizio mentioned that any data would be collected was in a supplement that explained its “Smart Interactivity” feature. Even here, the language was vague, stating the feature “enables program offers and suggestions.” Vizio eventually settled out of court and had to pay a $2.2 million fine.
A microphone is always listening
Samsung built microphones into certain smart TV models to allow users to change the channel or turn the TV set on with vocal commands. But these microphones never turned themselves off. In fact, in 2015, The Daily Beast discovered that deep in the Samsung privacy policy was the phrase “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.” So basically, anything you said within the range of a Samsung smart TV was collected and transmitted to a third party.
Samsung later issued a clarification, stating most of the TVs require users to activate the microphone with the remote control. Concerned users that have a Samsung smart TV with a built-in microphone can deactivate their TV’s voice recognition system (Hi TV).
Poor technical privacy protections
In 2013, Jason Huntley, an IT consultant, made several shocking discoveries about LG smart TVs and how they were collecting and transmitting their users’ viewing data. First of all, the smart TVs would transmit data on its users even if the user opted out of data collection by turning the feature off. Second, the smart TV would scan any USB drive that was inserted into the TV and record all the file names it found. Third, the smart TV did not encrypt the data it transmitted. Sending data in plaintext means anyone between the smart TV set and LG’s servers could have easily accessed and read the data.
The publicity from Huntley’s post led LG to update its software so that users could opt out of this data collection, something that should have already been an option.
Secretly share data with Facebook, Google, and Netflix
A September 2019 report from Northeastern University and Imperial College London found that nearly all major smart TV providers and many streaming services, including Amazon’s FireTV and Roku, are sending private personal information to Netflix without informing users. According to the report, almost all the smart TVs they tested sent data to Netflix, “even though we never configured any TV with a Netflix account. This, at the very least, exposes information to Netflix about the model of [the] TV at a given location.” The researchers did not offer a hypothesis for why data is sent to Netflix.
A similar report from Princeton found that 89 percent of Amazon Fire TV channels and 69 percent of Roku channels contained trackers from Facebook and Google that collect information about users’ viewing history and preferences. The data shared also includes information that can uniquely identify and locate specific devices (like your advertiser ID, your WiFi network, and your device serial number). This information was also sometimes transmitted in plaintext (unencrypted).
Smart TVs and security
Transmitting sensitive data in plaintext is just one security vulnerability of many that hackers can exploit in smart TVs. In 2017, a Wikileak document dump exposed the “Weeping Angel” program, in which the CIA and MI5 hacked into Samsung smart TVs and used their built-in microphones to spy on people. While this is the most dramatic example of hackers accessing smart TVs, it is far from the only one.
Also in 2017, security consultants found over 40 zero-day (previously unknown) vulnerabilities in Samsung’s smart TV open source operating system, Tizen. Samsung also sent out (and then deleted) a tweet earlier this year that its smart TV users should run antivirus scans every few weeks.
While security has improved somewhat since South Korean IT security consultant security Seung-Jin Lee showed the many, many ways he could take over a smart TV, there is still a long way to go. The situation is so dire that the FBI sent out a warning on the week of Black Friday, informing customers that smart TVs are not secure.
What you can do to protect your privacy
US lawmakers are pushing for the FTC to further investigate smart TV manufacturers for violating their users’ privacy, but so far, little action has been taken. The GDPR also protects the data of smart TV users, but they have yet to levy and fines against a smart TV producer. For now, the best way to protect your data is to take matters into your own hands. If you have a smart TV or are considering buying one, here are some steps you can take to maintain your privacy and cybersecurity.
- Adjust privacy settings: The FTC requires smart TV makers to give you the option to turn this feature off. This can usually be done by navigating deep into your smart TV’s settings. CNET has a guide that covers how to do this for most smart TVs.
- Do not connect your smart TV to the Internet: Even if you activate the privacy settings on your smart TV, it will inevitably share some data. It will also still be an enticing target for hackers. By disconnecting your TV from the Internet, you effectively are turning it back into a “dumb” TV. If your TV does not give you the option to disconnect from your WiFi network, reset it to its factory default settings. Then, during the setup process, do not enter your WiFi password.
- Buy a “dumb” TV: While this is the most straightforward solution, it is becoming more difficult, as smart TVs made up 70 percent of television sales in 2018. To buy a TV that does not have any of the data collection tools a smart TV uses means you will have to buy an older model TV (most likely pre-2017).
Smart TVs may make it easier for you to watch Netflix on a big screen TV, but they represent another brick in the surveillance capitalism edifice. It should concern everyone that Amazon, Facebook, and Google’s insatiable hunger for your data is spreading to other companies. Samsung is also currently moving ahead with plans to use your TV viewing data to feed you targeted ads themselves, in an effort to become the Google of television. Soon, all corporations will be scrambling to secure as much of your data as possible.
This is the world that Proton Mail and Proton VPN are trying to prevent. We work on a subscription business model so that our interests align with our users. Our users trust us because we protect their privacy. If you would prefer to work with a company that gives you control over your data rather than collecting it, sign up for Proton VPN and Proton Mail today.
Best Regards,
The Proton VPN Team
Follow us on social media to stay up to date on the latest Proton VPN news:
Twitter | Facebook | Reddit | Instagram
To get a free Proton Mail encrypted email account, visit: proton.me/mail
Is there a way to use proton vpn on my lg smart tv? It didn’t even have google playstore just the LG store which sucks. I was about to get the plus version on proton vpn for 5 devices (my lg v40 cell, a fire stick that I use on my Samsung dumb TV, and I was also hoping to put it on my main LG smart television however I have just read that that may not be possible unless I connect an Ethernet cable from the laptop. Is that the only way to go about this? I do think on the LG TV I can get on Google but unsure if it’s chrome and if it is chrome is it possible to use the VPN from there on the television somehow? Thanks for any input as it will be greatly appreciated as I am not technology savvy at all but I’m not liking this surveillance state that has taken over especially with my views opposing many main narratives as well as things I prefer to watch. I worry about the possibility of the upcoming social credit system in which they would use your browsing history and whatnot to come up with your credit score and social credit score. I do not like that idea at all and if that’s a thing ever then I will probably end up having a very low score again due to the things that I like to watch and look at. Any help would be greatly appreciated. Thank you
Hi Steph. The easiest way to do this is buy an Android TV dongle (or a Amazon Fire TV Stick). You can then install our Android TV app on that.
Can a smart tv see you with a built-in camera, I have a older tv with a roku device does that help not get seen or listen to?
Most smart TVs do not have cameras, but as we mention in the article, many do have microphones that are often on. Depending on which Roku device you have and whether it has a built-in microphone, that is a more private alternative.
All of this information is well and good and I really enjoyed reading it and it opened my eyes up on a lot about smart tv’s but it is what it is but if you can hack into the pentagon what chance do we plain citizens have especially those that are not computer literature!! All programming comes off the internet anyway so one way or another if you’re not plugged in you’re back in the dinosaur ages again and no 1 wants that and I’m sure you don’t either!
Man I New tv was spying this bad I New that they use my data but thats scares me because I have a 4k Vizio tv
Hello,
I’ve just bought Grundig 49 GUB 7060 – Fire TV Edition. What do you recommend me regarding this product? Could your VPN service be applied to this device and if yes, how. I’d modestly let you know that I have just a general concept over VPN and security.
Thanks in advance for your advice!
Hi mate,
Wow, just checked it out and it really seems worth of buying. Nice price, nice panel (i hope, which it should be the really most important at a TV, for real), so you can connect a Raspberry Pi, a Mini-PC or whatever you want, to enjoy the content without having to care about the company that made the Smart TV, which would be taking care of spying you, obviously not privacy-friendly.
Thank you very much for sharing here mate :).
Bests ^^.
Hi there, great ProtonVPN community!!
This is pretty interesting, i’m totally agree with you, i really feel like a not Smart TV would be fine for me, just conecting it via HDMI a RasPi or another Mini-PC, to converting it a Smart TV, but without the bad sides of being one.
The problem i see in this, is like you explain on the post/article, there’re few offer of TVs, but thankfully to @Martin, who commented here, too, i saw something interesting on Kickstarter, good price, good design, seems like really really simple, and privacy-friendly, of course.
Thank you very much for the hard work and great efforts, fighting always for the privacy.
Bests ^^.
Will there be a FireTV app as well?
Yes, there will be. It is in our plans, although at this point, we do not have a target date.
On a related note, how about a protonvpn client for Android TV? The current situation is far from ideal.
You’re quite right. We plan on working on a client for Android TV this year. It will require a completely dedicated UI that is usable with a remote controller and a TV. Once this new client is ready, we’ll make an announcement on our blog so stay tuned!
Ironically, ProtonVPN doesn’t have an Android TV version while many of its competitors do :)
We will be working on it this year!
When is ProtonVPN going to offer their app on the Play Store for androidTV? Many VPN services have been offering androidTV apps for a long time now. If there are technical issues that are preventing you from doing so, please elaborate.
It is something we plan on developing this year. So hopefully soon!
There’s a new Danish company that’s doing us a favor and selling just a screen :)
https://www.kickstarter.com/projects/iron-cast-tv/your-next-tv-without-the-tv/description
I always do that. I mean those tvs lack in features and security updates anyway. So an android box running with Libre/Coreelec is def. the better solution. Does support more features and you have the control over what’s happening with your data.
But I did have the tv at least 2 times connected to the nw, once where I had to update the fw and no USB solution did exist. The other time I had to use miracast for personal reasons. I just hope it didn’t log things while not using smart features and/or send what it had during that short time. (I mean given that it’s 4 years old and takes some time to switch to mediacenter mode ..)