Forgot your password?
typodupeerror
Privacy Television Entertainment

User Alleges LG TVs Phone Home With Your Viewing Habits 286

Posted by timothy
from the maybe-it's-just-coincidental-midget-porn dept.
psychonaut writes "Blogger DoctorBeet discovered that his new LG television was surreptitiously sending information about his TV viewing habits, as well as the names of the files he watched on removable media, to LG's servers. There is an undocumented setting in the TV configuration which supposedly disables this behaviour, but an inspection of the network traffic between the TV and the Internet showed that the TV continues to send the data whether or not the setting is disabled. DoctorBeet contacted LG, but they shrugged the matter off, saying that it's a matter between him and the retailer he bought the TV from."
This discussion has been archived. No new comments can be posted.

User Alleges LG TVs Phone Home With Your Viewing Habits

Comments Filter:
  • by mwvdlee (775178) on Tuesday November 19, 2013 @09:48AM (#45462567) Homepage

    it's a matter between him and the retailer he bought the TV from.

    So, according to their logic, if I came round and kicked their asses, then that's a matter between them and the shop I bought my shoes from?

    • by gstoddart (321705) on Tuesday November 19, 2013 @11:30AM (#45463585) Homepage

      So, according to their logic, if I came round and kicked their asses, then that's a matter between them and the shop I bought my shoes from?

      In this analogy, it depends on the EULA of the shoes you bought.

      What they're saying is "you bought this, and accepted the terms and conditions, if you didn't know that it's your problem and take it up with the retailer who didn't tell you about it".

      So, if the EULA for the shoes says you're not allowed to come around and kick their asses, then it was the retailer who was supposed to have told you that. And your desire to go around and kick their asses with said shoes is trumped by the fact that you agreed to it.

      To me it's a dodgy legal argument, but since courts keep upholding these licenses which in effect say "by using this device you give us the right to do anything we want to, and whatever we like with the data we collect" -- the legal bullshit says "but you consented to us tracking everything you do, it's not our fault".

      So, if in this case the shoes you bought had license terms which said you consent to being tracked, or accept that you're not allowed to kick their asses with said footwear ... then pretty much yes. Apparently it was up to the retailer to tell you what you've agreed to.

      • by fatphil (181876) on Tuesday November 19, 2013 @02:38PM (#45465715) Homepage
        If you refuse to give it, you can't use the product you shelled out money for. So it's consent *under duress*. Which is not real consent.

        Out of *policy*, I never read any EULA for any product ever. To read it would be giving it weight. I will just click on anything that makes the thing work, and the only reason I'm clicking on it is to make the thing work, not because of any consent.

        One of the nice things is that many websites are as dumb as fuck, and often ask me to agree to things before they let me have access to their pages - and these agreements are in a foreign language I don't understand. I cannot have consented, as I couldn't have even understood what I would be consenting to. That's not just plausible deniability, it's deniability-as-the-null-hypothesis. I just clicked on the button that then led me to where I was trying to go. If the websites don't like that, they are free to 403 me.
        • by almitydave (2452422) on Tuesday November 19, 2013 @03:22PM (#45466177)

          I do the same thing - when I buy a house, I never read the terms of the mortgage contract. I just sign on the "give me a house" line. So I'm not bound by the terms of the mortgage since I signed under a duress. It was just what I had to do to buy a house.

          • by RearNakedChoke (1102093) on Tuesday November 19, 2013 @04:01PM (#45466635)

            I do the same thing - when I buy a house, I never read the terms of the mortgage contract. I just sign on the "give me a house" line. So I'm not bound by the terms of the mortgage since I signed under a duress. It was just what I had to do to buy a house.

            Yes, I too buy houses where the purchase contract requires no signature, but merely a mouse click. Or even better, where the contract is INSIDE the house and by the mere fact of removing the key from a sealed envelope and opening the door, I've accepted the mysterious contract that is inside that I did not sign...my opening the door is signature enough.

            And if there is some clause in that contract that says the bank will install secret video cameras, too bad, take it up with the previous owner.

          • by Culture20 (968837) on Tuesday November 19, 2013 @04:26PM (#45466859)
            The difference of course being the timing of the contract agreement and the value of the object being withheld. With EULAs, they are often after the purchase is completed. It would be like the seller of the house refusing to vacate the house even after you've taken possession of it until you agree to terms that weren't mentioned before the sale or in the original contract. To get your property, you either have to agree to their demands (which would not be binding) or involve the police. Police would care about a trespasser. A EULA preventing you from using the software you bought, not so much.
    • Actually, I think that was just a fancy way of saying "We're not changing it, so return your product...if you can".

      • by Artraze (600366) on Tuesday November 19, 2013 @01:08PM (#45464655)

        No, he posted the full text of their response, the relevant part being:

        "The advice we have been given is that unfortunately as you accepted the Terms and Conditions on your TV, your concerns would be best directed to the retailer. We understand you feel you should have been made aware of these T's and C's at the point of sale, and for obvious reasons LG are unable to pass comment on their actions."

        What they're actually saying is that he agreed to the terms and conditions somehow, and it's the retailer's fault that he wasn't aware what they were / that he agreed to them. So really it's just a fancy way of saying 'our asses are covered beyond what legal action you can afford so go away'.

        • Re: (Score:3, Interesting)

          by BroadwayBlue (811404)
          Hrm. The "collection of watching info" setting wasn't there in version 5.x of the software but it's there now after an update to 6.00.01.
  • Retailer (Score:4, Funny)

    by lw54 (73409) <lance@wo[ ]on.com ['ods' in gap]> on Tuesday November 19, 2013 @09:48AM (#45462569)

    Who did he buy it from, Sony?

  • by benjfowler (239527) on Tuesday November 19, 2013 @09:54AM (#45462615)

    It's a wonder that so many people are using the built-in set top boxes in their so-called smart TVs.

    The user interfaces are invariably shit (especially so for any software designed in the far East). And you're stuck with whatever badly designed, misconceived bollocks they force upon you. It's the Sony shit-on-your-paying-customers way of doing things.

    Anyway, the whole world is (or should be) treating large displays like TVs as monitors, which screens media pushed from the internet via other devices in your house. DLNA and Chromecast are the way of the future, not built-in TV set top pox.

    • Actually, Chromecast is not the way of the future (I think you meant "wave"). That's yet another add on device to stick somewhere in the home theater setup, either the TV or the receiver. Those devices should have the innate ability to communicate (with sufficient security) with nearly any other device that may come knocking.
    • by hellsop (230981)

      I'm sure that if you read the fine print on the agreements for most (if not all) set top box services like TiVo, Hulu, Netflix, your cable agreements, you'll find that they grant permission to collect viewing data and resell it. It's pure gold to ratings organizations or anyone else wanting to prove how many people are watching one thing or another.

      • by g0bshiTe (596213)
        The crux though is you are using their services, I expect things like that. What I do not expect is watching say something from my Samsung BR player that is shared from my computer getting uploaded back to Samsung.
      • Good thing I do not use any of the above to get my TV. My active cable TV subscription ends at a turned off HD homerun. Sickbeard is just so much faster and less annoying, paired with xbmc.

      • by mwvdlee (775178)

        Agreements do not trump law.
        Especially forced and unsigned agreements.

      • by Anonymous Coward

        Sending the info over http is purely irresponsible.
        Not honoring the setting that disables the features is dishonest.

        Analytics can be valuable but trust also matters. A very massive backlash is quite possible (people refusing to buy new TVs or buying the low end ones that are not smart etc.).

      • by Anonymous Coward

        Actually, in the US it's a bit tricky for a Cable TV company to sell/give/distribute your viewing data. They can use it internally, but there's a specific law that prohibits disclosure of that data. The Cable TV Privacy Act of 1984 prohibits cable TV providers from disclosing personally identifiable information, and allows users to view and verify their information. This is somewhat unique. No such rules apply to other communications means. For instance if Verizon wants to publish my browsing habits, as

    • by mi (197448) <slashdot-2012@virtual-estates.net> on Tuesday November 19, 2013 @10:34AM (#45462997) Homepage

      DLNA and Chromecast are the way of the future, not built-in TV set top pox.

      Whatever your DLNA-client — whether it is the TV itself (LG have this capability), or some 3rd-party box — it can do the same sort of "calling home" reporting what you are watching.

      Worse! Whereas the documented spying reports only the currently-watched file and is limited to the listing of the currently-inserted USB-stick, with DLNA your entire collection can be POSTed facilitating not only research into your watching habits, but also aiding investigations of copyright-violations, for example.

      The only way to be sure is to disable Internet-access — or only allow it to the sites you trust (for whatever reason). (Like YouTube or Netflix — it is unlikely (though entirely possible) for them to do the same kind of snooping into your media-collection.) Unfortunately, doing that will also disable firmware updates...

  • by rebelwarlock (1319465) on Tuesday November 19, 2013 @09:55AM (#45462619)

    This file didn't really contain "midget porn" at all, I renamed it to make sure it had a unique filename that I could spot easily in the data and one that was unlikely to come from a broadcast source.

    Sure, whatever you say.

  • midget porn (Score:4, Funny)

    by hduff (570443) <hoytduff.gmail@com> on Tuesday November 19, 2013 @09:56AM (#45462633) Homepage Journal

    I can feel the outrage in his comments.

    They'll be prying his midget porn from his cold, dead, slightlt sticky hands

    • by Zanadou (1043400)

      They'll be prying his midget porn from his small, cold, dead, slightly sticky hands

      FTFY

  • by hessian (467078) on Tuesday November 19, 2013 @09:58AM (#45462641) Homepage Journal

    Now I realize that it's democratic: it comes from the people.

    Your average consumer doesn't care that their TV is phoning home, or Google is tracking them, or that their cell phones are reporting to Amazon.

    We used to be afraid of three-letter government agencies but really, the bigger story is that the average person doesn't care if they're spied on. To them it represents greater convenience in lifestyle as products are tailor-made to their kinks and purchasing habits.

    When fascism arrives, it will appear on a Harley with a cheeseburger and a credit card, not wrapped in a flag carrying a Bible.

    • by alexhs (877055)

      When fascism arrives, it will appear on a Harley with a cheeseburger and a credit card, not wrapped in a flag carrying a Bible.

      What about wrapped in a flag on a Harley, distributing Bibles, cheeseburgers and credit cards ? :)

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      No, it comes from corporations, by way of any method that might maximize profits. There should be rules against what LG is doing here if this pans out. Rules put in place by the government. And there might in fact be, however that's a matter for the courts since it was probably documented in the owners manual or when you agreed to view content online.

      That being said, this is disappointing to hear about LG. Thought they were the last reputable TV maker out there. If this does pan out, I hope there bottom lin

    • by hey! (33014) on Tuesday November 19, 2013 @10:24AM (#45462871) Homepage Journal

      You think totalitarianism doesn't come from above? Who do you think is higher on the political food chain, the consumer or corporations?

      You expect consumers to care about privacy, but what does it cost him to care? You almost can't buy a decent TV these days that's not "smart". So he has to put a packet analyzer on the network port and figure out if the thing is phoning home?

      No, this a place where the consumer reasonably feels he ought to be protected by government regulation.

      Back in 1972 the US Department of Health Education and Welfare developed a landmark report which anticipated a lot of the electronic privacy issues of the following 40 years. The report was prepared under squeaky clean Elliot Richardson, who was shifted from HEW to DoD shortly before the report came out. He was replaced by Caspar Weinberger (later Reagans' Sec'y of Defense, and mixed up with Iran Contra). If you read the report it is capped with a conclusion which doesn't seem to match: we can't really be sure about what's going to happen in the future, so we should avoid regulating any potential privacy abuses by the private sector until they become problems. That's the philosophy which controls the US approach to consumer data privacy to this day. Consumers have to figure out that their data is being abused, then win a political fight against companies who've invested money in the business of exploiting their data.

    • To them it represents greater convenience in lifestyle as products are tailor-made to their kinks and purchasing habits.

      So far, LG hasn't done a flash-bang home invasion / shooting / kidnapping based on its surreptitious data stealing. If they did, some significant segment of its customer base would go to the competition.

      The 'herds' actually have this security analysis fairly correct.

    • by jodido (1052890) on Tuesday November 19, 2013 @10:42AM (#45463085)
      Every public opinion poll says just the opposite. Too many to cite, but here's one: http://articles.washingtonpost.com/2013-07-23/politics/40862490_1_edward-snowden-nsa-programs-privacy [washingtonpost.com] It's easier to blame the victims than the people in power.
    • While I heartily dislike all of the tracking and spying being done to me, I will admit that I would be far more complacent about commercial companies spying on me to generate demographic data and provide more relevant content, i.e. a higher precision Nielsen, than TLAs doing so for the purpose of putting me in prison.

      However, with commercial entities specifically tracking an individual to target marketing to them, problems arise. Nothing like an 8 y.o. getting onto Mom's Amazon account to update their Xm
    • One of the most obnoxiously intrusive three-letter government agencies is the HOA. It's stunning what those petty little organizations think they have the right to dictate. You shall not have the right to paint your own house whatever color you please, let your lawn go unmowed, repair cars in your driveway, use a clothesline, or quite a few other things. Why? Because it might commit the grievous sin of Lowering the Neighbors' Property Values. Never know when a neighbor will notice something and make a

    • Your average consumer doesn't care that their TV is phoning home, or Google is tracking them, or that their cell phones are reporting to Amazon.

      We used to be afraid of three-letter government agencies but really, the bigger story is that the average person doesn't care if they're spied on. To them it represents greater convenience in lifestyle as products are tailor-made to their kinks and purchasing habits.

      Do you honestly think the average person knows about the spying or even understands exactly what is happening or how it ultimately affects them? If they knew and understood it as we do I think they'd be as pissed about it as we are. Probably even more so considering how easily riled up the average person is by the talking heads on tv.

  • by sunsurfandsand (1959680) on Tuesday November 19, 2013 @10:01AM (#45462661)
    All I watch are reruns of Law & Order. Guess that's why I keep getting targeted ads for handguns, anti-freeze, bleach, and no-contract cell phones.
    • How does anti freeze fit in there?


      • Anti-freeze, I've been told, has a slightly sweet taste. You can add it to someone's drink without them knowing it. Until they have kidney failure.
        • by The Moof (859402)
          Not anymore. According to my mechanic friends, they've started adding something to make the flavor bitter to avoid accidents (ie, pets drinking a small amount of leaked antifreeze and dying).
        • Anti-freeze, I've been told, has a slightly sweet taste

          Back in the mid eighties Austria got caught exporting wine sweetened with diethylene glycol which is what goes in anti-freeze. Pretty much destroyed their wine industry.

  • by DexterIsADog (2954149) on Tuesday November 19, 2013 @10:03AM (#45462671)
    This is part of the pitch to advertisers from the LG video: "Furthermore, LG Smart Ad offers useful and various advertising performance reports. That live broadcasting ads cannot. To accurately identify actual advertising effectiveness."

    LG staff apparently speak like robots. Or Michael Caine. Who can only say. A few words. At a time.

    That's pretty creepy.
    • by g0bshiTe (596213)
      Here's a thought, I ditched my cable provider and went with Netflix and sharing media on my computer with my tv to not have to be bombarded with ads. FULL STOP
      • by gstoddart (321705)

        Here's a thought, I ditched my cable provider and went with Netflix and sharing media on my computer with my tv to not have to be bombarded with ads.

        And your ISP, Netflix, and a half a dozen entities in the middle still know exactly what you're doing.

        You've avoided ads, but you've not gained any additional privacy.

        • Netflix is over HTTPS and the stream from the CDN is DRM'd up the wazoo. The ISP is handled by a $5pcm VPN connection, which incidentally might get you an endpoint in another country getting you access to their Netflix library *wink wink*. Between your box and the Netflix CDN it's all secured.

          What Netflix do with the data is between you, them, and the lawyers.
      • by Culture20 (968837)
        Funny, that's why a lot of people started paying for cable and satellite TV decades ago. Ads will creep in to Netflix too. All it takes is a demand from shareholders for ever increasing profit.
        • Probably, but at least Netflix is currently ad-free. That's about all you can hope for these days.

        • by locopuyo (1433631)
          I'm not too sure about that. Cable TV is controlled by monopolies but people can easily choose between competing streaming services.
          Netflix, Amazon, and others provide paid streaming services without any advertisements. If you don't like one you can easily switch to another.
          Youtube, Hulu, and networks' own sites like NBC.com stream content for free with advertisements. People aren't going to pay for something they can already get free.
    • Or Christopher Walken: "Yeah. I'm collecting data. On you. So you turned the setting. Off. What of it? Make a fuss and I'll stab you in the eye with a pencil."

  • by AndyKron (937105)
    So much for ever buying a TV set again.
  • No thanks.... (Score:3, Insightful)

    by theNetImp (190602) on Tuesday November 19, 2013 @10:24AM (#45462875)

    This is exactly why my TV though having an either port does NOT have internet access connected to it. I get monitored enough, there's enough risk from being hacked. Leave my TV alone!

  • by frostfreek (647009) on Tuesday November 19, 2013 @10:26AM (#45462901)

    For now, it's filenames. Next will be screenshots. After that, reverse-netflix?

    What we need is for the protocol to be reverse-engineered, and then just start posting all sorts of randomized information to the servers, effectively making it useless. Advertisers won't pay for garbage data.

    Of course, once LG notices, the protocol will be encrypted...

    • by Pulzar (81031)

      What we need is for the protocol to be reverse-engineered

      The "protocol" seems to be a simple POST with fields like "channel=32&antenna=no", etc.

      That better not take too long to reverse-engineer.

      • Re:What we need.... (Score:4, Interesting)

        by dbc (135354) on Tuesday November 19, 2013 @11:30AM (#45463593)

        If that's the case, it should be pretty easy to crap-flood them. Does it even need a be from a TV? I presume the TV reports it's identifcation with a serial number or such. So... make up a few valid serial numbers, and spin up a few AZW instances, and for pennies a day their database could be filled with so much invalid and malformed data that they never crawl out from under it. Also, why is the cheif of police watching so much porn?

  • No encryption? (Score:5, Interesting)

    by gameboyhippo (827141) on Tuesday November 19, 2013 @10:26AM (#45462909) Journal

    If I were to build a TV that spied on my customers, I would at least encrypt the traffic. By not encrypting the traffic, this opens up the possibility of a user getting revenge by posting misleading data or even something as evil as an XML bomb. Dumb move by LG.

  • Any Canadians here? (Score:5, Informative)

    by alexo (9335) on Tuesday November 19, 2013 @10:33AM (#45462977) Journal
  • Hardware Firewall (Score:3, Interesting)

    by musterion (305824) on Tuesday November 19, 2013 @10:33AM (#45462989)

    So, does his TV connect to the internet via a cable modem? Perhaps it's time for someone to market a hardware firewall that you can place between your cable modem and your router to monitor and filter all of your inbound and outbound traffic. I suppose that some routers let you do this. I have an Airport Extreme and it does not give you access to any logs (suggestions as hoe to do this would be welcome).

    • by DogDude (805747)
      What you're describing is generally the duty of the router in non-enterprise settings. You should invest $50 and get a good (non-Apple) router that can do what you want.
  • by gstoddart (321705) on Tuesday November 19, 2013 @10:47AM (#45463149) Homepage

    I think nobody should be surprised.

    Once a company gets a network connection to what you do, they're going to track it, analyze it, and try to figure out how to monetize it. And, if requested, they're going to hand it over to law enforcement.

    And this is precisely why I have no interest in having my TV connected to the internet.

    The easiest way to avoid stuff like this is to stop giving companies a window into everything you do. Because the reality is, they're going to exploit it whenever they can for their own benefit.

    • by mlts (1038732) *

      Eventually appliances that have an Internet connection will require one. Consoles come to mind, and the only thing one can do is not buy one. It would not be surprising for TV makers to require an Internet connection for some "always on" next-gen DRM.

      This DRM could constantly monitor (with facial recognition uploads) how many people are in the room, to shut off a video if more than a certain amount are watching a movie, of it someone banned from a service enters the room.

      If you give an inch, they will tak

  • I love this lovely bit of weaseling:

    The advice we have been given is that unfortunately as you accepted the Terms and Conditions on your TV, your concerns would be best directed to the retailer. We understand you feel you should have been made aware of these T's and C's at the point of sale, and for obvious reasons LG are unable to pass comment on their actions.

    So, once again, it's in the EULA and Terms and Conditions, so we can do any fucking thing we want.

    Companies can cramp any opaque license in there t

  • by Marrow (195242) on Tuesday November 19, 2013 @11:17AM (#45463467)

    LG decided that it needed to update its user agreement and sent an update that paralyzed my TV. It would no long switch between inputs or do anything useful until I clicked their stupid agreement. They even supplied an email address for question about the process onscreen, but nobody ever responded.
    I was a good customer for them until that stunt.

    • by Culture20 (968837)
      Essentially, you were forced to sign their agreement under duress, and it is thus invalid.
  • Sites to Blacklist (Score:5, Informative)

    by Fnord666 (889225) on Tuesday November 19, 2013 @11:27AM (#45463553) Journal
    From the article:

    So how can we prevent this from happening? I haven't read the T&Cs but one thing I am sure about is that I own my router and have absolute jurisdiction of any traffic that I allow to pass, so I have compiled an initial list of internet domains that you can block to stop spying and advertising on TVs that we, as customers have actually paid for.

    • ad.lgappstv.com
    • yumenetworks.com
    • smartclip.net
    • smartclip.com
    • llnwd.net
    • smartshare.lgtvsdp.com
    • ibis.lgappstv.com
  • That's a fantastic idea, LG! We certainly will abide by your wishes and make it a matter between the consumer and the retailer by not buying your tv's.

    Done and done!

  • He didn't want anyone to know he was watching teletubbies. How embarrassing.
  • No Internet access (Score:5, Insightful)

    by Natales (182136) on Tuesday November 19, 2013 @11:45AM (#45463745)
    Is this a surprise to anybody? why do you think all TV vendors are pushing for "Smart TV"? all this metadata could be a huge source of revenue to them in all kinds of areas, from advertising profiling to law enforcement.

    Since we have more and more connected devices in our lives, you've got to take extra precautions. First and foremost, if your device doesn't need to be connected to the Internet, just don't. There is no reason your wired printer need Internet access, so block that MAC address for external access. If your device does need it, then make sure that it's in an isolated segment with no raw access to Ethernet frames from other systems in your house, and if it's WiFi-enabled, make sure you have guest isolation turned on. Then, setup a proxy, transparent or not, to make sure you have the chance to monitor that traffic for unexpected surprises. If you can, whitelist some specific sites that your application needs to access, like Netflix or VUDU for example and block access to everything else.

    Finally, why use apps in the TV when you can have excellent open source software provide you with content, like XBMC or MythTV?
  • It's time for egress filtering, both at the TCP layer, and at the application (hello Privoxy) layer on home firewalls.

    • by xombo (628858)

      Yes. Thank you. I don't understand why there is so little in the way of outbound port and IP control on home routers. You have to install one of the open source WRT packages and know how to maintain iptables to even run a wifi access point safely, these days.

  • But... (Score:4, Funny)

    by sacrilicious (316896) on Tuesday November 19, 2013 @11:59AM (#45463893) Homepage
    Who will monitor the monitors?
  • Since when did Ubuntu start supplying Smart TV builds?

  • by Dan East (318230) on Tuesday November 19, 2013 @12:08PM (#45463973) Homepage Journal

    Spamming them to death with garbage data would be the best way to take control of the issue. Since the information is unencrypted, posting gibberish data to their server will be a breeze. It would be even better to have a registry of device IDs that people can opt-in so that many people can be spamming them on behalf of other device IDs. Better yet is if the device IDs are serial, then the whole range can be randomly spammed. It doesn't have to go to the point of DDOSing them. Just throwing some bad data at them would be enough to totally screw up their ability to mine / sell that data.

  • by wiredlogic (135348) on Tuesday November 19, 2013 @01:39PM (#45465047)

    I think it's important to point out that the URL that the data is being POSTed to doesn't in fact exist, you can see this from the HTTP 404 response in the next response from LG's server after the ACK.

    However, despite being missing at the moment, this collection URL could be implemented by LG on their server tomorrow, enabling them to start transparently collecting detailed information on what media files you have stored.

    LG doesn't need to implement a valid page for the URL to get the data. The POST is logged on their servers and the 404 gives them deniability if this matter ever draws an executive out to testify in front of legislators.

It's not so hard to lift yourself by your bootstraps once you're off the ground. -- Daniel B. Luten

Working...