By Jeremy Hsu on September 24, 2024


Popular smart TV models made by Samsung and LG can take multiple snapshots of what you are watching every second – even when they are being used as external displays for your laptop or video game console.

Smart TV manufacturers use these frequent screenshots, as well as audio recordings, in their automatic content recognition systems, which track viewing habits in order to target people with specific advertising. But researchers showed this tracking by some of the world’s most popular smart TV brands – Samsung TVs can take screenshots every 500 milliseconds and LG TVs every 10 milliseconds – can occur when people least expect it.

“When a user connects their laptop via HDMI just to browse stuff on their laptop on a bigger screen by using the TV as a ‘dumb’ display, they are unsuspecting of their activity being screenshotted,” says Yash Vekaria at the University of California, Davis. Samsung and LG did not respond to a request for comment.

Vekaria and his colleagues connected smart TVs from Samsung and LG to their own computer server. Their server, which was equipped with software for analysing network traffic, acted as a middleman to see what visual snapshots or audio data the TVs were uploading.

They found the smart TVs did not appear to upload any screenshots or audio data when streaming from Netflix or other third-party apps, mirroring YouTube content streamed on a separate phone or laptop or when sitting idle. But the smart TVs did upload snapshots when showing broadcasts from the TV antenna or content from an HDMI-connected device.

The researchers also discovered country-specific differences when users streamed the free ad-supported TV channel provided by Samsung or LG platforms. Such user activities were uploaded when the TV was operating in the US but not in the UK.

By recording user activity even when it’s coming from connected laptops, smart TVs might capture sensitive data, says Vekaria. For example, it might record if people are browsing for baby products or other personal items.

Customers can opt out of such tracking for Samsung and LG TVs. But the process requires customers to either enable or disable between six and 11 different options in the TV settings.

“This is the sort of privacy-intrusive technology that should require people to opt into sharing their data with clear language explaining exactly what they’re agreeing to, not baked into initial setup agreements that people tend to speed through,” says Thorin Klosowski at the Electronic Frontier Foundation, a digital privacy non-profit based in California.

https://www.newscientist.com/article/2449198-smart-tvs-take-snapshots-of-what-you-watch-multiple-times-per-second/ (paywall!!)

  • solsangraal@lemmy.zip
    link
    fedilink
    English
    arrow-up
    242
    arrow-down
    4
    ·
    3 months ago

    LOL “if it was opt-in, no one would do it!”

    no fucking shit. there is nothing worth watching that i would buy a smart tv for

    • tal@lemmy.today
      link
      fedilink
      English
      arrow-up
      84
      ·
      edit-2
      3 months ago

      One issue that has come up recently in discussions on here is that it’s hard to get dumb TVs or computer monitors in large format in 2024.

      Not impossible, but surprisingly difficult. I went looking for a large computer monitor for some user who wanted a large one. I eventually found an older one on Amazon still for sale, but it’s not that easy to get large computer monitors, which I think is part of what drives people to use smart TVs as computer monitors.

      You can get projectors, but that’s not what everyone’s after.

      • Fermion@feddit.nl
        link
        fedilink
        English
        arrow-up
        47
        ·
        3 months ago

        A smart tv without an internet connection is usually close enough to a dumb TV. It’s not like your TV needs regular security updates so leaving it off your home network is fine.

        • TexasDrunk@lemmy.world
          link
          fedilink
          English
          arrow-up
          37
          arrow-down
          1
          ·
          3 months ago

          I do not know how true it is, but I’ve heard that some of them will create a mesh network if your neighbor has the same brand and it’s connected to the internet.

          I’ve always meant to look into it but I have big dumb TVs that work for now.

          • SkyNTP@lemmy.ml
            link
            fedilink
            English
            arrow-up
            27
            arrow-down
            1
            ·
            3 months ago

            Open the tv and rip out the antenna. Y’all already forgot the classic secret agent trope of checking the hotel room for bugs? Now we all get to play that game!

            • Anivia@feddit.org
              link
              fedilink
              English
              arrow-up
              27
              ·
              3 months ago

              Nowadays the antenna is often embedded into the pcb, so no way to rip it out other than scraping off the traces

              • flappy@lemm.ee
                link
                fedilink
                English
                arrow-up
                8
                arrow-down
                1
                ·
                edit-2
                3 months ago

                Google part numbers (if they aren’t scratched off/lasered off/ epoxied). Once you’ve found the ethernet controller, you can short out the pins, or yeet it off the board.

            • TexasDrunk@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              3 months ago

              There’s another reply further down that goes into specifics. I ain’t the one because I didn’t come with receipts and I’m just a drunk.

          • flappy@lemm.ee
            link
            fedilink
            English
            arrow-up
            7
            arrow-down
            1
            ·
            3 months ago

            It’s called wardriving, a practise Samsung TVs are infamous for.

            • TexasDrunk@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              3 months ago

              I never put that together with wardriving but that’s exactly what it is. Thank you for that.

              Unrelated story: ~20 years ago I was in the military and broke as hell. I went wardriving in my neighborhood looking for open wifi and found a business not too far away that had it. So I built an antenna out of a coffee can, mounted it up just outside my window, and got free wifi for months.

            • Blaster M@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              3 months ago

              To me, Wardriving is back in the day when you used to drive around town with a laptop and a program that catalogues all the open wifi networks in range.

        • finitebanjo@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          edit-2
          3 months ago

          As mentioned by others, they sometimes network with nearby devices such as your neigbor’s TV or an unsecured wifi.

    • Asafum@feddit.nl
      link
      fedilink
      English
      arrow-up
      44
      ·
      3 months ago

      if it was opt-in, no one would do it!

      Which should be telling them that not only does no one want it, but maybe just maybe we already paid for your fucking TV. Either raise the price or stop being so fucking goddamn greedy to the point that you force us to make the government force you to stop.

      Of course the bought and paid for US government won’t, but hopefully EU governments will.

  • grue@lemmy.world
    link
    fedilink
    English
    arrow-up
    182
    arrow-down
    2
    ·
    3 months ago

    These are criminal violations of the Computer Fraud and Abuse Act. Jail the motherfucking felon CEOs!

      • nilloc@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        17
        ·
        edit-2
        3 months ago

        Worse than that, they have gave free speech to corporations, and now that includes doing nearly anything involving communication or spending money.

        • grue@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          3 months ago

          You know what’s really fucked up? The concept of “corporate personhood” that Citizens United depends upon was invented wholesale by a goddamn clerk! The Santa Clara County v. Southern Pacific Railroad Co. decision itself didn’t actually address the issue; the clerk just wrote a headnote “assuming” that the Equal Protection Clause of the 14th Amendment applied to corporations for ~reasons~ and subsequent courts treated as if it were gospel.

    • billbasher@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      2
      ·
      3 months ago

      So LG and Samsung likely have tons of illegal (copyright) content on their servers then? Ownership is 9/10ths of the law so they say. That’s gotta be exabytes

      • melroy@kbin.melroy.orgOP
        link
        fedilink
        arrow-up
        8
        ·
        3 months ago

        Most likely yes… And other privacy sensitive information like banking details, passwords and more.

  • _number8_@lemmy.world
    link
    fedilink
    English
    arrow-up
    159
    ·
    3 months ago

    awful ethics aside what a disgusting waste of processing power. software already barely runs

          • Aceticon@lemmy.world
            link
            fedilink
            English
            arrow-up
            14
            ·
            edit-2
            3 months ago

            I was curious enough to check and with 2KB SRAM that thing doesn’t have anywhere enough memory to process a 320x200 RGB image much less 1080p or 4K.

            Further you definitelly don’t want to send 2 images per-second down to a server in uncompressed format (even 1080p RGB with an encoding that loses a bit of color fidelity to just use two bytes per pixel, adds up to 4MB uncompressed per image), so its either using something with hardware compression or its using processing cycles for that.

            My expectation is that it’s not the snapshoting itself that would eat CPU cycles, it’s the compression.

            That said, I think you make a good point, just with the wrong example - I would’ve gone with: a thing capable of handling video decoding at 50 fps - i.e. one frame per 20ms - (even if it’s actually using hardware video decoding) can probably handle compressing and sending over the network two frames per second, though performance might suffer if they’re using a chip without hardware compression support and are using complex compression methods like JPEG instead of something simpler like LZW or similar.

            • Magnergy@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              3 months ago

              Why think of it as a compression problem? Isn’t the spy device already getting compressed video form some source? That makes it a filtering problem. You would set it to grab and ship key frames (or equivalent term) if you wanted a human to be able to see the intel. But for content matching, maybe count some interval of key frames and then grab the smallest difference frame between the next two key frames. Gives a nice, premade small data chunk. A few of those in sequence starts looking like a hash function (on a dark foggy night).

              Would want some way to sync up the frames that the spy device grabs and the ones grabbed when building the db to match against. Maybe resetting the key frame interval counter when some set of simple frames come through would be enough. Like anything with a uniform color across the whole image or something similar.

              Just spitballing here. I like your impulse to math this.

              • Aceticon@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                3 months ago

                We’re talking about fingerprinting stuff coming in via HDMI, not stuff being played by the “smart” part of the TV itself from some source.

                You would probably not need to actually sample images if it’s the TV’s processor that’s playing something from a source, because there are probably smarter approaches for most sources (for example, for a TV channel you probably just need to know the setting of the tuner, location and the local time and then get the data from available Program Guide info (called EPG, if I remember it correctly).

                The problem is that anything might be coming over HDMI and it’s not compressed, so if they want to figure out what that is, it’s a much bigger problem.

                Your approach does sound like it would work if the Smart TV was playing some compressed video file, though.

                Mind you, I too am just “thinking out loud” rather that actually knowing what they do (or what I’m talking about ;))

                • Magnergy@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  3 months ago

                  I assumed HDMI had some form of encoding, thanks for the correction. Looks like v 2.1 does.

                  I think the syncing idea between the spy device and db is still useful. The video itself has stuff to use for reducing the search space by making sure they puck the same instants to fingerprint and exfiltrate.

            • interdimensionalmeme@lemmy.ml
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              3 months ago

              I don’t think they will compress the screenshot and send them but run content in a tensorflow lite model or even just hash a few of the pixels to try for an ID match

              • Aceticon@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                3 months ago

                Well that makes sense but might even be more processor intensive unless they’re using an SOC that includes an NFU or similar.

                I doubt it’s a straight forward hash because a hash database for video which includes all manner of small clips and has to somehow be able to match something missing over 90% of frames (if indeed the thing is sampling it at 2 fps, then it only sees 2 frames out of every 25) would be huge.

                A rough calculation for a system of hashes for groups of 13 frames in a row (so that at least one would be hit if sampling at 2 fps on a 25 fps system) storing just one block of 13 frame hashes per minute in a 5 byte value (so large enough to have 5 trillion distinctive values) would in 1GB store enough hashes for 136k 2h movies in hashes alone so it would be maybe feasible if the system had 2GB+ of main memory, though even then I’m not so sure the CPU speed would be enough to search it every 500ms (though if the hashes are ordered by value in a long array and there’s a matching array of clip IDs, it might be doable since there are some pretty good algorithms for that).

                • interdimensionalmeme@lemmy.ml
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  2
                  ·
                  3 months ago

                  I would sample a few dozens equally space pixels out of the frame, then drop similar value frames, and send that with timestamp. In the cloud, you runs those few pixels in a content recognition model.

                  It doesn’t have to be especially accurate or know any niche content, the point is to make a psychomarketing profile of the customer like “car guy, watches tool reviews”.

    • filcuk@lemmy.zip
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 months ago

      TVs I’ve come across are such displeasure to use, it’s incredible

  • InternetPerson@lemmings.world
    link
    fedilink
    English
    arrow-up
    148
    ·
    3 months ago

    For example, it might record if people are browsing for baby products or other personal items.

    Don’t mind baby products and dildos or whatever.

    They could see bank activity and even login credentials when someone is temporarily displaying their own passwords.

    This basically ignores all security measures regarding everything. Sensitive communication, company secrets and so on.

    That’s fucking seriously huge. What the fuck?!

    • ruk_n_rul@monyet.cc
      link
      fedilink
      English
      arrow-up
      39
      arrow-down
      2
      ·
      edit-2
      3 months ago

      We need all the boomers in Capitol Senior Care Home to vacate first

          • btaf45@lemmy.world
            link
            fedilink
            English
            arrow-up
            12
            ·
            edit-2
            3 months ago

            They already tried Jan 6 !

            Nope. Those bootlickers were on the side of the corporate/billionaire enshitifiers, trying to make the enshitification MUCH worse.

            • interdimensionalmeme@lemmy.ml
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              2
              ·
              3 months ago

              Does it really matter who does the evicting ? After it’s done it’s anybody’s guess what will fill the power vacuum. All we know is they will wear black boots and carry guns.

              • nickwitha_k (he/him)@lemmy.sdf.org
                link
                fedilink
                English
                arrow-up
                3
                ·
                3 months ago

                Does it really matter who does the evicting ?

                Yes.

                After it’s done it’s anybody’s guess what will fill the power vacuum. All we know is they will wear black boots and carry guns.

                And this is exactly why. In order to effect lasting, positive changes, it’s important to have builders, not to mention critical mass with the populace. “Ends-justify-the-means” thinking and ascribing friendship the the enemy of one’s enemy don’t lend themselves to establishing resilient and non-despotic results.

    • mitchty@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      Until then just desolder the antennas good luck sending data with no way to connect to the internet.

  • Blackmist@feddit.uk
    link
    fedilink
    English
    arrow-up
    101
    ·
    3 months ago

    Actual paper here.

    https://arxiv.org/html/2409.06203v1

    It is not sending full screenshots as anybody technical would already have guessed. It’s a few KB over an hour, so it’s content recognition hashes.

    Opt out anyway. Their study shows the opt out option does indeed opt you out of it.

  • Slovene@feddit.nl
    link
    fedilink
    English
    arrow-up
    99
    arrow-down
    3
    ·
    edit-2
    3 months ago

    THIS is piracy. Along with all the other personal data selling.

  • Badland9085@lemm.ee
    link
    fedilink
    English
    arrow-up
    89
    ·
    3 months ago

    Imagine the amount of bandwidth and energy saved, if they didn’t do any of this bullshit.

    They are essentially using someone else’s money to get themselves more money. Fuck these people!

  • Ibaudia@lemmy.world
    link
    fedilink
    English
    arrow-up
    52
    arrow-down
    4
    ·
    3 months ago

    Do not connect your Smart TVs to network people, seriously. Just a bad idea. Use a media center PC or some other device that allows you to stream content, and make sure the TV itself is just a big monitor, nothing more.

  • Zement@feddit.nl
    link
    fedilink
    English
    arrow-up
    45
    ·
    3 months ago

    Theoretically I could display highly illegal stuff and they would distribute it making them complicit?

    Can the API be hacked to flood their servers with petabytes of cat pictures?

    What is happening with the data? Where are the data savers?

  • werefreeatlast@lemmy.world
    link
    fedilink
    English
    arrow-up
    42
    arrow-down
    1
    ·
    3 months ago

    You hear that? It’s a whisper… It’s a multinational multibillion dollar class action lawsuit coming after Samsung and LG. WTF!

  • Zip2@feddit.uk
    link
    fedilink
    English
    arrow-up
    40
    ·
    3 months ago

    LG by now will have several weeks of footage of me scrolling through streaming services and failing to find anything to watch.

      • KamikazeRusher@lemm.ee
        link
        fedilink
        English
        arrow-up
        6
        ·
        3 months ago

        I’ve jokingly said this before, but just wait until manufacturers start adding 4G/5G to TVs explicitly for ads and telemetry…

        • rustyredox@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          3 months ago

          Just like modern cars… I wish there was some kind legislation that would limit phone-home telemetry to emergency service telecommunication frequencies, and be opt-in only. That way any OEM operating under commercial cellular frequencies would thus be unlicensed, and subject to FCC violations and import bans. Like what OnStar was originally pitched as; only auto dialing to 911, and 911 only, if you were unresponsive after airbags deployed. OEM couldn’t use the telecommunication frequencies for anything other than networking with emergency service endpoints on the same VLAN.

          Anything recorded by the vehicle would be required to stay on the vehicle due privacy regulations, like the black box recorder for warranted forensic investigations. OTA updates could also be distributed offline for users to download and flash via USB, like any motherboard bios, so transactions would be write only.