You THINK you're watching your LG smart TV - but IT's WATCHING YOU, baby LG smart TVs silently log owners' viewing habits to the South Korean company's servers and use them to serve targeted ads, one researcher has claimed. According to Yorkshire, UK–based hacker "DoctorBeet," the internet-enabled sets try to phone home to LG every time a viewer changes the channel, giving the chaebol the ability …
> So the server returns a 404 - does that mean there is no application
> or an application that stores the data and then returns a 404?
I'll bet there's a server that stores the data, and then returns a 404. This way the router does not cache the access, hereby hiding the URL. It also gives LG a plausible denial.
Now try to imagine yourself in the living room. You get your first look at this sixty inch LED as you sit on the sofa. And you keep still because you think that maybe its control sensors are based on movement like X-Box – it'll lose you if you don't move. But no, not Smart TV. You stare at it, and it just stares right back. And that's when the attack comes. Not from the front, but from the side, from the other two Smart TVs you didn't even know were there...
So LG have removed themselves from the trustworthy list, as have Sony (rootkits anyone?), Apple, Google, Samsung have started territory locking their handsets for no good reason, the Chinese brands are probably worth holding reservations about, Nokia is Microsoft.
Anyone suggest a good phone?
Shame on LG. I really hope this article gets more play than just on the Register.
It has already appeared on Risks Digest. As far as I can tell, this is a simple, plain vanilla breach of Data Protection laws (as no explicit permission was asked) and if this cannot be disabled, the TV may have to be taken off the market in any country with a working Data Protection regime (think the whole of Europe).
I thus think that LGs "meh" response is not acceptable. The first thing I'd do if I was in the UK and had one of those TVs was to dig up who the LG's Data Registrar is and send a Data Subject Access request. If they cannot provide that data they are in breach, and if they can they are in breach too because they'll have to prove they warned me this was going to happen and they got my explicit permission. I can't see that happen.
Methinks they got themselves somewhat of a problem. I hope they haven't sold too many of those TVs, and I hope the firmware can be upgraded..
I think LG are suggesting that he accepted the t&c. Somewhere deep in the small print is the permission to collect the data.
That would be a direct violation of Data Protection Act principles in the UK, more exactly the "fairness" principle. It is not permissible to include this permission in 4 point light grey text on white whilst referring to a statement available in the local planning office's cellar in the bottom of a locked filing cabinet in a disused lavatory with a sign on the door saying "Beware of the Leopard" and consider that a "fair" approach (I'm paraphrasing here a bit, thank you Douglas Adams).
In my opinion and experience LG's answer is most certainly NOT going to fly if a complaint is filed, and I personally think a formal complaint is essential to get to the bottom of this. LG's response demonstrates they are either aware that they have broken the law, or are so clueless that don't even know that law exists. Both situations call for a somewhat abrupt education IMHO.
Close
Actually its hidden in the policy that is only available on the TV (search terms don't find it online), viewable on 50 pages if you scroll down that "opt out settings" menu to find a menu option that is off the window, then select "legal". Everything bar the "beware of the leopard" sign
http://steveloughran.blogspot.co.uk/2013/11/television-viewing-privacy-policies-and.html
http://www.flickr.com/photos/steve_l/sets/72157637867348596
The subjet access suggestion stands or falls by whether or not this information actually constitutes personal data and based on what is in the article I'd say it probably isnt . Thats not to say that this type of monitoring isnt of concern.
As for who the data controller is that'll be LG, the 'corporate person' holds the statutory responsibility rather than any specific individual.
The subjet access suggestion stands or falls by whether or not this information actually constitutes personal data and based on what is in the article I'd say it probably isnt .
That depends a bit on what sort of engineering efforts are behind this collection to tie the data to a person. The moment the information becomes personally identifiable there is an issue.
But actually, you could be correct - this could fall under the Regulation of Investigative Powers Act instead, and I'm not entirely sure how the permission framework for that operates (not my area of expertise). Maybe a small sentence "by using this device you give us permission to do whatever the hell we like with your usage data and whatever else we find on your network" at the end of the contract is all it takes to make that legal. The fun starts when that is NOT enough to make it legal, because RIPA violations are as far as I know criminal, which could make this a rather entertaining "mistake".
I got mine before they got smart (no internet connection at the time) so it is not on my network. Was looking for something with DNLA for another room, but LG can go spin on it now.
Not that it would have mattered, it won't be able to tell what channel I'm watching on Sky.. What's that? Sky log details too?
They receive the guarantee card filled in with your name and address and the card has the TV's serial number on. The serial number will be sent with the data, because that's what creeps do.
I know these guarantee card systems are stored in a database for marketing purposes. So it's just an SQL Join to pull up your individual viewing habits.
So actually what they're doing is sending themselves a *personalized* detail of what you watch. These are then business records which can be sold on to anyone for any reason.
Perhaps they send a flag too "didn't consent to the collection", and store the data in a "lockbox" instead of a "database". Sounds familiar?
Simply boycott LG products, all of them, because if they do that with TVs think what they're doing with their smartphones, that computer, even the guarantee card for the toaster has lots of data. That can be sold on, your email address the lot could likely be sold. Because any company with that attitude has no reason to protect your data.
EU Privacy directive applies, and should stop this, but I'm not expecting anything from government when there are so many and apparatchiks in power. You could sue? The UK equivalent of a class action lawsuit?
These TVs surf the net don't they? Does LG also get the internet surf data? Because that links to 'selectors' like email etc.
I see it sends the details of DNLA (media on your local network) played, and the details of of USB stick files played. So I bet they send stuff about the apps run, and internet surfed.
A person that would think its OK to spy on people, doesn't draw a line at how much data they grab. The 'grab it all'.
"............do people really fill out warranty cards?"
Probably not usually, though on a major purchase I guess many might. There's no need to register the warranty with the manufacturer because the warranty makes no difference to rights under Sale Of Goods Act which long outlast 12 months. The obligation falls on the retailer not the manufacturer.
Most retailers will happily repair or replace within warranty period on production of the sales receipt because the manufacturer will foot the bill. Outside the 12 months the branch staff are likely to deny liability but a call to the shop's head office and mention of Small Claims usually sorts that out.
"...do people really fill out warranty cards?"
Not in Europe where there are enforceable consumer rights whether you fill it in or not, but in the less civilised and more predatory bits of the world, where the corporation is king and the consumer is cannon fodder, it's pretty common to be refused a refund or replacement on some shoddy piece of crap simply because you didn't provide the manufacturer (or more commonly these days the repackager/distributor) with a piece of cardboard containing enough personal information for them to steal your identity.
Australia. Why do you ask?
Oh, fuck right off.
I just bought a second LG TV because I was so impressed with the interface of the first one. I liked the remote and the way it worked but this is just not. fucking. on.
That said, I don't actually use the 'Smart TV' features and really have no desire to. Mine certainly isn't connected up to my network and won't ever be. Still, it shows that LG are viewing the people handing over their hard-earned not as loyal or valued customers but as cattle to exploit.
If anyone from LG is reading these comments*, be very clear on this: this is not welcome. It is not okay. I will not buy another LG product unless you promise to stop this.
I am a 'techie'. I am the one that friends and family come to for recommendations about anything that runs on electricity. I will advocate against buying any LG product. More immediately, I am buying my mother a new TV to replace her aging CRT. I was absolutely going to buy an LG thanks to my satisfaction with my own units. This will no longer be the case. Again, it doesn't matter that she will never connect it to the Internet, nor play video from a USB HDD.
* - If not then, well, I feel better getting that out anyway, but I know that large companies like LG do indeed employ people whose job it is to research customer sentiment, gleaned via forums and blogs and 'social media'. So, if there's one browsing this thread, put a '1' down in the "previously loyal customers lost due to greedy, intrusive, dickbag move" column. Love, Dan.
True enough. I'm a pretty loyal chap and am generally tolerant of problems but treat me like a chump once and you may never get my business again.
I suppose that's the same with lots of techies: we've got money to spend, we like new toys and we play favourites, so we can be a pretty good market for such companies. Screw us over, however . . .
Exactly my thoughts. I have an LG TV but even before this there was no way I would connect it to the internet.
As a result of this 'ET habbit', LG joins Samsung and Canon on my 'Do not buy list'. The last two are for appalling responses to legitimate warranty claims. Anon because one of them is more than likely going to end up in court.
I will not buy another LG product unless you promise to stop this.
Unfortunately, while absolutely right approach, LG (and others) can, and WILL happily ignore such (empty) threats. Because, very soon down the line, most, and then all tellies, by all manufacturers, will do exactly the same. And 99,999% of consumers WILL buy LG regardless. Or Sony. Or any other "brand". So the refusenicks, like you, are irrelevant, in terms of lost revenue potential. The main heard will chew happily. And even if you don't buy their telly, you'll buy their toaster, mobile, fridge. Or one of them by another brand. And, at some point, you will not be unable to operate them at all, unless they're "connected", because it will be a "design feature". Want Windows 7? Have to activate. No internet? Sorry.
Because, hey, you got it all wrong, this is ALL for your own benefit, those logs are there so that you consume wonderful, (revolutionary) ads based on your personal profile, tailored by our carefully chosen business partners. Why would ANYONE not want this?
Well said AC but it won't pan out like that. Eventually, people will get what they want, and what they want is privacy. The message will gradually seep out until the whole population becomes mega-paranoid about *any* privacy incursion. They will be even more anal about it than they were at any time. It will be a zeitgeist in 2050.
In the meantime techies can foil the snooping one way or another. Eg the owner of an LG TV could hook up an alternative like a WD TV live or similar.
@AC 11:06
That's my fear, mate.
It's all a bit foil-hat but it keeps happening. I feel the same about Steam - lots of people love Steam for the convenience and (sometimes) cheaper prices but every single purchase from Steam reinforces the video game industry's belief that online DRM is acceptable.
It's got to the point where it's even threatening to spill over into consoles, as evidenced by MS's desire to have online activation on the XBox One.
The anti-foil-hat brigade spout the usual: "just don't use it then" but, as you have identified, if one company does it and gets away with it then others will too. Sooner or later, there really is no alternative.
And you have it wrong - it's not 'advertising', it's a method to allow businesses to 'reach' and 'communicate' with their customers. Advertising; that's so last decade . . . : )
Perhaps, but the point I was trying to make, following from the AC's comment was that Steam has made it 'okay' to make Internet connectivity a requirement for playing video games on PC - regardless of if the game itself actually is an 'online' game.
That's the core problem - once you have to be online to play a game, you have essentially given up your rights because the T&Cs can always be updated on the (e.g. Steam, Origin, etc...) client.
That's all tangential to the story but was the point of what the AC and I were 'discussing'. (For want of a better word.)
And the Fanbois think their Apple TV doesnt?
Xbox's do the same
if you want to be in the "connected" world you have to assume it means people can see what you do with the "connected" device
Me? i'd be more concerned about the RAT webcam exploit on the smart device than what data LG were recieving
Actual streamer appliances may need to keep track of what you are doing in order to tell you what you've already watched to to suggest something new. However, collecting this information in the course and scope of actually presenting you with content to watch is entirely different than what this LG TV is doing.
LG is engaging in pre-emptive data snooping not related to any end user requirement.
LG and anyone else that does this crap should be nailed to the wall by their family jewels.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
