Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wouldn't that only be a problem if they stored personal data? They could just associate it with a TV id.


What? The content of your screen is personal data. There could be anything on that - name, address, passwords, photos of your living room, nudes...


IIRC it doesn't actually send the content, just a hash of it that can be checked against popular channels or on-demand content. So text contained within a screen wouldn't be identifiable.


They are just feeding image through an alogrithm. Saving it would incur legal problems like copyright and have storage costs.

Most people don't use their TV to look at that kind of thing anyways.


Why are you making excuses for them? They're bad excuses anyway:

>They are just feeding image through an alogrithm [sic]

You don't know that.

>Saving it would incur legal problems like copyright

That's not how copyright works.

>and have storage costs

Negligible.

>Most people don't use their TV to look at that kind of thing anyways.

Irrelevant.


What about when they are hacked/compromised and now an attacker has access to the actual images? Seems way too risky.


If we are talking about what aboutisms what about if they didn't send screenshots and then they were hacked and an attacker deployed a new update that spied on everyone.


Also true, which is why they shouldn't be allowed to join any old wifi network and not try to workaround firewall policies on the network the user wants them on.


That's an entirely different issue, but yes, automatic updates are an attack vector. But that's another step that would need to be performed by an attacker, rather than already having the images available without designing custom firmware.


My point is that making up theoretical situations is not useful. You can make up theoretical situations where it's bad with it and I can make up theoretical situations where it's bad without it.


https://www.gdpreu.org/the-regulation/key-concepts/personal-...

> Data ceases to be personal when it is made anonymous, and an individual is no longer identifiable. But for data to be truly anonymized, the anonymization must be irreversible.

Examples of PII:

A cookie ID. Internet Protocol (IP) address Location data (for example, the location data from a mobile phone). The advertising identifier of your phone.

A tvid is personally identifiable.


No, a TVID identifies a TV, not a person. Multiple people can use a TV. You can sell that TV to others. The TVID will be the same.


This is the official EU legislation explaining what constitutes PII:

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...

> (30) Natural persons may be associated with *online identifiers provided by their devices*, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

Device Identifiers explicitly covered as a definition of GDPR. Further, IPs are also shared if you are behind an ipv4 gateway and these are also covered.


The difference is that the TV manufacturer has to clue who owns a specific tvid. The whole point of personable identifiable information is that you can use it to find the identity of someone. There is no registry somewhere that keeps track of this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: