All smart TVs are watching you back, but Vizio's spyware never blinks


#1

[Read the post]


#2

This assumes that you connect your television set to the Internet.

Don’t do that. Use a real computer for the Internet connection.


#3

Precisely. I live in a small apartment, and so am fortunate enough that I can hook my TV directly up to my PC via HDMI. I have not even once entertained the idea of directly connecting my TV to the internet.


#4

Eh, a lot of “smart TVs” offer features like letting you connect directly to netflix, hulu, amazon, stuff like that, in a very simple way that requires nothing but a remote. I can see why people would want to do that. Also the number of people who want a computer attached to their TV is… pretty low in my experience. (By which I mean like a desktop or a laptop general purpose computer)


#5

I don’t disagree. There’s a lot more work involved in reproducing the default features of a smart TV via a general purpose computer. As seems to increasingly be the case these days, it takes a significant commitment of time, effort and technical knowledge not to have the companies that manufacture the products you purchase from harvesting every scrap of information about you that they possibly can. And even though I try, I doubt I am succeeding overly well either.


#6

I have a Vizio TV, but the WiFi chip recently broke. We’re left with no choice but to use one of our numerous other devices to watch Netflix.

Checkmate, Vizio. :smiley:


#7

Glad this was posted. I didn’t know about “smart interactivity”.

You can, apparently, opt-out, which I will do forthwith.


#8

Yeah, so simple they never come out with software updates as new features are implemented or vulnerabilities are discovered.

Smart TV’s are a colossally shit idea with an even shittier implementation. Companies who have no skill implementing a user interface and even less skill dealing with the internet are shoveling crap that looks good when you’re playing with it in the store, but falls apart rapidly 6 months down the road when the list of annoying quirks starts to grow.

Considering the average length of time people hang on to a TV (drive through a neighborhood on a “anything goes” trash day, you’ll still see CRT’s showing up on the curb) that’s a really situation to be in.


#9

Been shopping for an HDTV lately. All I want is a monitor with a minimum of 4 HDMI ports (and preferably with some other inputs as well) I don’t want it to be a computer, connected to the internet or even to have a TV tuner. I have devices that are going to plug into he TV that do those tasks.

But you cannot buy a ~50" monitor. It will be a “Smart TV” because that is all anyone sells, unless you are willing to pay multiple thousands for industrial monitors.

And as for “Not hooking it up to the internet” Doesn’t the HDMI spec support Ethernet now? Is it such a leap to think that cable boxes or game systems might get a request “Please open a network bridge” And then the TV is connected anyways? And you’d never know until you check the setting on the TV. I suppose you could airgap everything plugged into your TV, but there goes online gameplay, patches, Netflix, Hulu, NAS storage of video…


#10

Err, I mean, that would be a huge change that none of the devices you’re mentioning support and it wouldn’t really benefit them to support. Like Sony and Microsoft and Roku/etc all have no clear gain to add by including a complicated and user-silent feature like an hdmi>wifi network bridge.

The rest of your post however, I have to sadly agree with. The long and short of it is that none of the smart tv features you’re complaining about cost a bunch of extra money for the manufacturers to include, so they just toss it on everything, because why not? Just accept that you’re going to get one and you can’t save money by not, (and you’re probably not spending any more than the alternative if it even existed), and keep shopping. Wirecutter has some good reviews of both basic and higher end TVs.


#11

HDMI did introduce “HDMI Ethernet Channel” in version 1.4. I don’t know of much support at present; but the idea is, indeed, for all your HDMI-connected devices to conspire against you if even one of them is connected to the network(analogous to HDMI CEC’s role, for allowing one device to act on others in response to input it receives).

Luckily, the HDMI people appear to be averse to adding auxiliary data to the TDMS signal lines that carry the video, so HEC was added using the previously-idle Pin 14, and Pin 19, hot plug detect, as a data pair.

Some cables simply don’t connect pin 14, or provide a twisted pair with pin 19’s line, and so are safe; but even ethernet-capable devices should be amenable to being declawed by insulating, removing, or cutting the signal line connected to, pin 14. Unless they simply refuse to work without an internet connection, of course, or cell modems get cheap enough that literally phoning home becomes worthwhile; in which case fuck the future.


#12

Unfortunately, as much as I enjoy a good geek-out at technical countermeasures, it’s hard to shake the impression that this sort of thing won’t just keep getting more invasive, and probably more competently embedded and concealed, until somebody starts playing ‘actually toothy FTC’ and dishing out gruesome vigilante justice to those responsible for the decision to implement this sort of thing.


#13

Why, oh why, does article after article about the alarm over the lack of security and privacy of appliances and IoT never mention that people who are interested in locking down their household network need a firewall? It is not a new thing, people! I almost feel that it is my duty to remind people in every one of these topics, because it should be obvious.

If/when you control what data can make it in and out of your house, these problems become easy. Trusting every product to keep your security and privacy is madness. That’s like giving a key to your house to the UPS driver, the cable installer - everybody who comes to your door - and then wondering why your key has become useless at controlling the access of others.


#14

Seriously? Seriously? The standard is to allow less cables to be used, so you can transfer data over your hdmi cable and have a single cable, not a goddamn skynet terminator uprising.

Do you have tapes of this? The HDMI board, sitting around a darkened table, wringing their hands menacingly and snickering over the new conspiracy of the living room?

“Yes, Perkins, and then their DVD player will be able to access the internet as well, MWAHAHAHAHA!”

Look guys, the underlying point of this original article (which to remind everyone off in crazy town was 'Vizio and several other TV manufacturers have an opt-out system to report usage data") is bad, and it’s good that BoingBoing covered it, because people deserve to know what their devices are doing.The vast toaster conspiracy that the comments turned into is catastophizing and nonexistant.


#15

Yes! A sane response! This is absolutely true, and until the day your TV refuses to work without network connectivity, either unplugging it, or opting out, or using a firewall are all normal, sane answers that don’t hearken to the robot wars of 2655.


#16

Is the data sent by the TV encrypted? I doubt it is. I bet some smart person could figure out how to replace it with meaningless garbage. Or worse…


#17

Even if it had to connect to a network, a firewall can still control what ports are used, what requests are received, what data is transmitted, etc.

Within a few years, maybe you will finding yourself using an open source television, and the problem becomes irrelevant.


#18

Easy to turn off if you don’t want this functionality: http://www.vizio.com/smartinteractivity


#19

Sure, you can leave the Ethernet port unplugged, you can refuse to enter the WPA2 pass code. You can even black list the MAC of the TV at the firewall to prevent traffic. But you shouldn’t have to.

My point is that technology exists that circumvents these protections. Technology that is designed to be easy and invisible (until you wireshark your network and maybe even then if it treats the connected device as a gateway). The HDMI standard is designed to eliminate cables and user configuration. These devices are designed to be easy to setup and assume you want all the features. They are trying to make it so that everyone can network without knowing about networking.

You can opt out of Visio’s campaign, but the device may still be connected. Devices connected to a network that can then be compromised. Like the router firmware hacks that have been in the news. Security is hard when every thing is designed to connect for you.

I should not have to check my monitor for network traffic. I shouldn’t have to worry about some future device or update bridging the HDMI connection to the Ethernet. There should be an alternative option. My monitor (and stove and fridge and dishwasher etc) should not be network devices. Rhere isbnonreason for thrm to be. But I haven’t found a tv yet that isn’t (at the consumer level).


#20

Your TV probably runs some version of Linux. An unpatched, poorly configured version of Linux, but Linux nonetheless.