Your Toaster is Talking to Beijing

Recent Research on the For-Profit Surveillance State

Wacom’s Experience Program

You know why new televisions are so cheap? Because many tv manufacturers have adopted Google’s and Facebook’s business model: cheap (or free) product on the front-end, profit on the back-end. That back-end is your data. Vizio, for example, sells televisions at cost (more or less); their profit comes from selling data. What data? Well, your television is watching you. Recently, several papers have been published that demonstrate just how much your devices are monitoring and monetizing your life. And it’s not always just what you watched. Often, it’s your device ID, your email address, and, of course, your name, address, phone number, gender, quantity of frozen burritos in your refrigerator.

Roku & Amazon Fire TV

Roku and Amazon Fire TV let you subscribe to “channels” (apps). Of course, everything you do is tracked. DoubleClick (that’s Google) is tracking your behavior on 97.5% of Roku channels. There are some channels with over 50 trackers. Also, the majority of trackers were able to grab your unique device ID. A few channels leaked email addresses and many leaked video titles — often unencrypted, so your viewing history is exposed on the network.

Of course, Roku and Amazon have options to limit or disable this digital Stasi. You seriously think they do what you think they do? Roku has a “Limit Ad Tracking” option. Turning it on increased the number of tracking servers contacted. It did prevent Roku’s AD ID from leaking, but many other unique IDs are available.

[paper] Princeton/U. Chicago. Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices

Smart TVs & Doorbells

Northeastern University and Imperial College London analyzed 81 IoT devices including five smart TVs. They tested whether devices transmitted data (audio/video) all the time. The TVs generally didn’t — they activated when you explicitly used the television. However, other devices did record audio and/or video at random times (and, of course, sent those recording to faraway places). For example, one IoT doorbell records video anytime someone is in front of it, and the company does not disclose this or provide user access to the video. Of course, you can’t turn it off, either.

Not surprisingly, devices made by Chinese companies send their data back to China. Surprisingly, almost all TVs contacted Netflix, even when they were never registered with a Netflix account.

As the Vizio CTO explained:

It’s about post-purchase monetization, fool.

[paper] Northeastern/Imperial College. Information Exposure From Consumer IoT Devices.

[article] Roku’s advertising business is outpacing its hardware business.

Neurotic Coffee Pots

A group of Princeton and Cal researchers have open sourced their IoT inspector (used in some of their previous research), so if you’re code-inclined, you can horrify yourself. Their motto is “Our smart devices are watching us. It’s time for us to watch them.” If you’re into self-harm them you can read their paper; when you use IoT inspector, it sends reports back to the research, who then publish their findings.

IoT inspector’s television findings are consistent with the other papers. About half the TVs sent your data to tracking services, and some TVs connect to Automatic Content Recognition (ACR) services. ACR transmits a screen-print of your screen contents to a server (usually often, like once a second) for an algorithm to figure out what you’re watching. One coffee pot was sending data to Microsoft (unbeknownst to the user), and an Amazon Echo was connecting to seventeen different servers every few minutes when not being used. Yikes.

Even if your television isn’t connected to the internet, it may be transmitting ultrasonic sounds to your phone, which then rats you out to Google, etc.

The apps silently listen for ultrasonic sounds that marketers use as high-tech beacons to indicate when a phone user is viewing a TV commercial or other type of targeted audio. A representative sample of just five of the 234 apps have been downloaded from 2.25 million to 11.1 million times, according to the researchers, citing official Google Play figures. None of them discloses the tracking capabilities in their privacy policies.

These apps on your phone that track your television don’t have names such as “Spy App.” Rather, they are generic consumer apps (like for restaurants) that have the function embedded — either on purpose or covertly by the app developers, who then makes extra money by selling that data. You’ll never know.

[code] Princeton IoT Inspector

[paper] IoT Inspector: Crowdsourcing Labeled Network Traffic from Smart Home Devices at Scale

[article] Television Tracking via Phone Apps

Halp!

I was hoping the toaster would send my data to Beijing Huaxiay

Like Google and Facebook, device manufacturers are moving toward data-monetization business models. They can’t just stop doing it — it’s literally increasingly becoming the way they make money. You like cheap stuff? They need to make money. The compromise for selling you a decent $40 coffee maker is that it’s going to spy on you for Microsoft. And maybe you enjoy your TiVo, but realize that your TiVo data was sold to Cambridge Analytica. (Yes, that Cambridge Analytica.) (TiVo’s Opt-Out.)

It’s nearly impossible to stop. Unlike web tracking, TV tracking is mostly beyond control because TVs are closed platforms and many devices don’t give you an option to opt-out (and, when they do, it’s often a lie). Finally, the law and regulations are usually worked-around by agreeing to some regulation then driving a gig of your data through a loophole. From a recent WaPo article:

If you’re getting a great deal (and free is the best deal), then your data is being sold. Maybe your voice. Your child’s voice. Pictures from inside and outside your house. Problem? You installed the surveillance network on yourself.

Of course, this takes eavesdropping to a whole new level. If you wanted, you could give Brittany a call and buy your neighbor’s data.

You could then launch a targeted campaign on your neighbors to convince them that you’re the coolest neighbor. Don’t worry, politicians do it all the time but don’t really know how it works. That’s why there are consultants to do all the work for you.

Sketchy behavior? Wacom tablet drivers phone home with names, times of every app opened on your computer. https://www.theregister.co.uk/2020/02/05/wacom_user_tracking/

About Nathan Allen

Founder of Xio Research (A.I.), Applied Magic (A.I.), and Andover (data). Strategy and development leader at IBM. Academic training is in intellectual history; his most recent book, Weapon of Choice, examines the creation of American identity and modern Western power. Don’t get too excited, Weapon of Choice isn’t about wars but rather more about the seeming ex nihilo development of individual agency … which doesn’t really seem sexy until you consider that individual agency covers everything from voting rights to the cash in your wallet to the reason mass communication even makes sense…. Lectures on historical aspects of media, privacy/law, and power structures (mostly). Previous book: Arsonist.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store