For those of you who are not familiar with what I’m about to describe, you’re probably going to think I’m off my rocker. But I’m here to tell you: your smart TV is almost surely spying on you. I’m not just talking about the apps you’re running, which of course are spying on you. I’m talking about the TV itself… it knows what you’re watching, regardless of the app you’re using. And it’s sending this info to the manufacturer – who is selling this information to others. But it doesn’t have to be this way.
Automatic Content Recognition
You should already be aware that any app you run – on your phone, on your computer, on your watch, or on your TV – can be tracking what you do in that app and selling the information for advertising purposes… oops, sorry, to improve your experience. If you’re running the Netflix app, it makes sense that that app would know what movie or TV show you’re currently watching.
But your TV is just slinging the bits, right? It’s just taking a digital signal from an HDMI cable and painting it on the pixels of your screen. What if I told you that your TV can actually watch what you’re watching? Well, it can. It’s called Automatic Content Recognition (ACR), though different TV makers have different proprietary names for this feature. If you’re familiar with the Shazam app for recognizing songs just by listening to them, ACR does the same thing with TV shows, movies, and even ads. The software examines a snippet of the video and creates a sort of fingerprint of the content. It can then match this fingerprint to a database of known shows, and voila – your TV now knows what you’re watching. And it wants to know this so that it can report and sell your viewing habits to others. They call it “post-purchase monetization” (I’m not kidding).
Dumbing Down Your Smart TV
Note that you probably agreed to this tracking when you first turned on your spiffy new smart TV. You know, in that end user license agreement that you read completely and carefully before clicking “I Agree”. So one option here is to try to revoke your permission for tracking. This is not the best option in my opinion. I frankly don’t trust them to honor my wishes. But if you want to give it a shot, this article from Consumer Reports will explain where to find these settings on most popular TVs. It will also give you more information about this technology, so it’s worth a read. But even this article says “we’ve found that you can’t stop all the data collection”.
That article tangentially references the solution that I recommend: make your smart TV dumb. That is, don’t connect it to the internet at all. Unplug the Ethernet cable and/or delete the WiFi configuration information. This one move will block all data collection by your TV (or at least prevent it from sending the information anywhere).
But without an internet connection, how can you use the built-in apps like Netflix, Amazon Prime Video, Hulu and so on? You can’t. You will need an external streaming box now to run these apps. That means shelling out more money. And yes, this brings you right back to the same potential snooping problem, except now it’s the streaming box that’s the snitch, not the TV itself.
However, there is one streaming device that does a pretty good job of protecting your privacy: Apple TV. It’s not perfect, but as near as I can tell, it doesn’t use ACR and it forces each app to ask your permission to track you. And you can revoke that permission at any time. I got rid of all my Amazon Fire TV devices and strictly use Apple TVs now. With Apple TV, you can access Netflix, Amazon Prime Video, YouTube, Disney+, HBO Max, Hulu, Apple TV+ (obviously) and most other popular streaming services.
Cut Off Communications
There’s one other solution that’s worth mentioning here. You can block a lot of tracking, on all of your devices, by preventing them from ‘phoning home’. Your home router is the gateway to the internet for every single device in your house. It can therefore act as a gatekeeper for illicit data connections (not just inbound, but also outbound). Whenever a device on your network wants to connect to a server on the internet, it needs to look up it’s internet address. For example, converting domain names like google.com to IP addresses like 126.96.36.199. It uses Domain Name Service (DNS) to do this. Your router usually uses the DNS suggested by your internet service provider.
But you can choose a different DNS that will allow you to block connections to known tracking sites. If you’re handy and want to roll your own solution, you can set up a Pi-Hole box. It’s a tiny, cheap Raspberry Pi computer running specialized DNS “sinkhole” software that blocks DNS lookups to known tracking sites. Or you can sign up for a free DNS provider like NextDNS and then configure your home router to use it for all DNS lookups.
There’s no reason you can’t do all of these things at the same time (I do). They each improve your privacy in different ways. Apple TV will definitely be on my annual Gift Guide for this reason (I’ll be updating that soon, so stay tuned.)
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!