It sends audio and/or video fingerprints (not frames, for privacy and bandwidth reasons), which are matched against a fingerprint database. Whatever people see on TV is usually 10 to 60 seconds behind the real live stream at the broadcaster (which is where the reference fingerprinting happens). GeoIP data can be used to roughly deduce where the TV is located, in order to better filter out false positives out of multiple matches (e.g. in the US where lots of programming on east/west side is just shifted by ~3 hours due to time difference).
are you saying that hypothetically, if the MPAA comes knocking on Roku's door with enough money and a fingerprint database of torrented movies/songs, Roku could then tell them they have people matching those fingerprints? After which I'm assuming they'd have enough justification to get a court order to get the contact info from Roku for matching users?
Possession, use, and downloading of copyrighted content is legal,* or no legal streaming services could exist. Copyright law is only concerned with licensing the transfer.
* in theory, as a civil matter, they could make you destroy any unlicensed copies, but they would have a hard time getting criminal charges pressed, as well as proving damages from watching a TV show from an unlicensed provider vs a licensed one
Not for attribution. It’s for exposure. If Pepsi buys $1M in ads on NBC, it only knows the DMA and time slot/programs it bought the ads on. It doesn’t know the households it bought the ads on. With ACR data, it will know that you were exposed. From there, they can do a few different things. Audience studies (like they reached 2000 households with a certain income etc). Or they can run attribution studies. A company called Data+Math looks at exposure of these kinds of ads, understands which households weren’t exposed (as a control) and gives statistically significance calculations on linear TV ads to understand lift of sales (one example).
Inscape, an ACR company, have this revealing paragraph on their blog. Note the "following your IP from the exposure to the ad, to the sales funnel" part:
"Advertisers like ACR data because it provides second-by-second feedback on how their ads are performing. Nielsen provides its data in 15-minute blocks, so if viewers tuned out after the first ad in a pod, the advertiser has no way of knowing. And since IP addresses are included, companies like iSpot.tv and Data + Math are able to use that information to create multi-touch attribution ratings that help advertisers understand how certain ads and placements helped move viewers through the sales funnel, from seeing the ad, to googling the product to actually buying it. It’s a lengthy process that requires a lot of data and a lot of rigor, but it’s an excellent way to prove to marketers that TV advertising actually works."
"""
What's funny about this is that I think this is a legitimate and relatively non-evil use case.
"""
- parent is saying that fingerprinting so the advertisers know who saw the ads is legitimate and relatively non-evil.
It all comes down to lack of transparency/oversight and the option to exercise control as an individual.
"""
- parent acknowledges that not telling the user and not making it configurable can be problematic.
If you consider tracking an anonymous identifier for the purposes of better marketing "spying" then I think that's a stretch. Calling out TV in particular for it is a bit silly - it's simply everywhere.
"...without their consent and without telling them about it."
Yes they are. You opt in or out when you buy the TV. They tell you about it then. You can be like most people and not read the fine print, but then don't be all surprised when someone's pulling the wool over your eyes.
I can't fathom the math and scale involved here making sense in the long term.
Eventually the marginal increase in profit is less than the marginal increase in adtech cost. I wouldn't be surprised if many industries passed that point years ago. There's probably a lot of hype and hubris disguising that fact, but someone's going to make a successful business case out of cheap, low-creepiness spray-and-pray advertising.
Depends on the manufacturer. Some use it to get you to use their other services. Some use it for second screen apps. Others for various on-screen info. Not sure of all use cases. I don't think the data was ever used for targeted tracking.
What is the video fingerprinting method used? Is it a publicly known algo? I was using a combination of "dhash" for individual frames and "simhash" to generate shingles for a bunch of videos and it worked "ok" but not as efficient as I wanted.
Smart TV interfaces are almost uniformly worse than set top boxes (one or more of: bad UI, slow CPU, weird quirks, few updates) so you should avoid it anyway.
The current Apple TV (which I cite only because of familiarity) has a great UI, every major app, and robust HDMI-CEC support so you might never have to touch your TV’s remote again.
I was actually really pissed a while back because my in-laws were over and when I came home they told me "For some reason you hadn't connected your TV to the internet. We gave it your wifi password, and now it works!" Thanks. Now I have to change wifi passwords, and the power light on the TV constantly blinks because it thinks it should be connected to the internet, but isn't.
Pretty much, yes. Because respecting my privacy fits their business model.
Consider that even the most trivial thing that makes Apple look bad gets leaked. If Apple was selling your private information, it would have leaked long before now. Also their financial reports show no indication of revenues that could be associated with private information marketing.
Nobody sells data, like pay and get hdd with data. They "analyze" it and sell results, or "allow access" for "optimization" of whatever. Or they have "partnership" and "exchange". Or they slightly obscure data (of course insufficiently) and then sell whatever resulted claiming that they don't sell "data". And so on, whole departments work full time on the ways to bullshit regulatory authorities into thinking that they don't sell personal data. (And they here I mean corporations in general).
And regarding Apple - I hear this "not their business model" argument often but I see zero real life reasons why it couldn't be but we wouldn't know it. It is like saying that "John only trades tomatoes, it is impossible to him to sell cucumbers, it is not his business model". How is even related, monster corporations have multiple divisions with multiple business models, one doesn't exclude another.
PS: this is for the sake of discussion. Personally I also tend to think that Apple collects much less data than FAGM, and there were experiments that indirectly support this theory. I'm thinking about moving to Apple ecosystem but it is rather costly and will cause vendorlock. Not an easy choice.
Some smart TVs will join open networks if you don't give them one. And I expect that if 5G works as advertised you'll see surveillance capitalism adding 5G connectivity so you no longer have control over connectivity.
A website that catalogued the misbehaviours of the various smart TV operating systems (and the easiest methods of defeat) would be handy here.
E.g. Some TVs will honor wifi off setting. Or alternatively setting the TV to use the Ethernet port.
Or if it needs something on the other end, set up old underclocked Raspberry Pi as a basic router/DHCP server that connects to nothing; power it with TV's USB port.
If you've got a fancy router, connect it to your network with a fixed IP and firewall deny all packets from/to its IP.
If you've got a fancy AP, set up an alternative SSID that connects to an unused VLAN or otherwise routes to nowhere.
You can combine approaches of course. My main in-home DNS, per the DHCP settings on the wi-fi, is a Pi-Hole. Secondary DNS is the pfSense firewall, so nothing's dead in the water if the Raspberry Pi falls over for some reason.
The firewall has the same DNS block-lists as the Pi-Hole, but also has subscription lists of IPs to avoid. Most of those are spammers or malware, but can include whatever other category of malfeasance you desire.
This will depend on the jurisdiction. In GDPR land neither of this will fly as you obviously don't have consent. I own an Aldi TV which hasn't set up for internet connection. When I first started it I was greeted with a consent form which I declined. I am pretty sure that the setting I did (no internet) is honored both for PR and GDPR reasons.
With 5G, you will have the same problem. And I'd be very reluctant to buy anything stationary which has 5G connectivity.
If there is an unwanted and wide-open AP within range of an antenna-less smart TV, you have an unusual problem with countless fun and creative solutions.
Who knows? This could make a nice little experiment.
1. Leave the antenna connected
2. Unplug the antenna, leave the connector unterminated.
3. Terminate the connector with ball of tinfoil.
4. Use a proper impedance matched termination.
5. Terminate with a proper impedance as close to the wifi chip as possible
5./b Also cut the antenna trace on the PCB as close to the chip as possible
Measure signal strength in all scenarios.
In the past I would have agreed with you on the poor quality of smart TVs. My Roku TV shatters all those expectations however, its fantastic. Great UI, plenty fast, no quirks I have found, and updates regularly.
I specifically bought a smart TV with Roku instead of whatever software Samsung/Sony is doing for these reasons.
We just provided the technology for major TV manufacturers. Most TVs allow you to disable it, although the feature may be called something unintuitive such as "Live Plus".
Create a fake username, setup a proxy with logger and connect your TV to internet via proxy. After couple of days/weeks just analyze all traffic and block strange hosts via /etc/hosts or Pi-hole.
AFAICT Roku sends logs to two separate endpoints, so blocking those visa pihole can give you some protection, however, it's hard to tell if any data is being sent to raw IP addresses.
It is not enabled by default. For the first time when you use a TV input, it asks you whether you want to enable it.
If you have enabled it, you can opt out from settings later on.
It sends audio and/or video fingerprints (not frames, for privacy and bandwidth reasons), which are matched against a fingerprint database. Whatever people see on TV is usually 10 to 60 seconds behind the real live stream at the broadcaster (which is where the reference fingerprinting happens). GeoIP data can be used to roughly deduce where the TV is located, in order to better filter out false positives out of multiple matches (e.g. in the US where lots of programming on east/west side is just shifted by ~3 hours due to time difference).