RIP, Google Privacy Sandbox
Chrome will keep third-party cookies, a win for web giant's ad rivals
Applications
22 Apr 2025 | 24
#$%%$%@
dammit!
LG: You can stop hiding from your scary SPY TELLY quite soon now
South Korean electronics giant LG has confirmed that some of its smart TVs have been logging their owners' viewing habits without their permission and has promised a patch. Hull, UK–based developer Jason Huntley, aka "DoctorBeet," was first to notice the spying behavior when he analyzed network traffic coming from his LG TV …
-
-
Friday 22nd November 2013 13:08 GMT CommanderGalaxian
Re: And...
>>Will all the TV's (anything else? BluRay players?) that do this get patched or only stuff less then a year old?
Realistically, I think you need to assume yes - everything else is probably doing the same. Me personally, I had already been thinking of updating my firewall setup to stop devices like this initiating outbound connections.
-
Friday 22nd November 2013 14:18 GMT Andy Gates
Re: And...
" I had already been thinking of updating my firewall setup to stop devices like this initiating outbound connections."
...which would have to be done with a bit of finesse, as there's content-delivery services in among the spook-drops and advertising servers. Next thing you know, the baked-in Netflix stops working.
-
-
-
Friday 22nd November 2013 02:15 GMT John Tserkezis
This isn't the first time they've done this, nor will it be their last.
"Bluebirds" anyone?
With no disk inserted in an affected DVD drive, it would simulate a disk with their bluebirds utility. Along with autorun, so if you were stupid enough to have that enabled, it would insist on reinstalling itself every time.
Their firmware update introduced absolutely no changes except bluebirds was taken out. They _insisted_ it was for the betterment of its customers there too. They also _insisted_ it wasn't malware, regardless of the fact that it _silently_ installed itself, without any user confirmation, agreement to do so, or any indication in fact.
I'm sure there were other examples, but for me, I gave up on them a long time ago.
"don't take it personally" my arse.
-
Friday 22nd November 2013 03:09 GMT croc
Don't take it personally, but if you are naive enough to believe that anything that you connect to any public facing communications channel is 'private' then here's a clue... You are wrong. Corporations have no morals. Governments have no morals. Makes me wonder sometimes why I bother to even try to be nice. Or legal, for that matter... Corporations and governments can get away with (literally) murder, why not we plebes? Let anarchy reign on everyone's parade!
NSA, Microsoft, Apple et al... You started it. Make sure that you can finish it, mates....
-
Friday 22nd November 2013 03:12 GMT gap
It's strange how their attitude changed once the story was picked up by news media. They originally told people "too bad, you agreed to it in the T&C's. Go complain to the retailer you bought it from."
The problem with their latest response is they don't even act like it's an issue, let alone a privacy issue. Because they don't take the issue seriously, I'll no longer seriously think about buying their spyware infested products.
-
Friday 22nd November 2013 09:04 GMT Ian 14
Voted with feet
My previous two LCD purchases were LG products. Yesterday I needed a new monitor. In the wake of this scandal, and LG's f**k y*u attitude to customers who approached them I decided to vote with my feet. A few days ago I'd have been looking at a shiny new LG logo under this very screen I'm typing on, instead it says HP. LG, if you're listening, your bad behaviour isn't just immoral, it also affects your bottom line and doubtless ultimately your stock price.
-
Friday 22nd November 2013 10:04 GMT Anonymous Coward
It's strange how their attitude changed
they must have had a VERY fast session on "damage limitation" and decided to kill the story before it gets picked up by mainstream media under the "your LG telly spies on you!" headline. Let's face it, even the most outrageous story of global proportions published by the Register (or any other non-mainstream) media will sink in no time - unless it gets picked up by the big boys. Or rather: unless the big boys decide to pick it up.
-
Friday 22nd November 2013 16:55 GMT Down not across
"The problem with their latest response is they don't even act like it's an issue, let alone a privacy issue. Because they don't take the issue seriously, I'll no longer seriously think about buying their spyware infested products."
Indeed. The worst part of the whole debacle is the general attitude and the fact that LG seriously doesn't seem to think there is anything wrong with what they are doing.
How is viewing information not personal? Isn't it a person doing the viewing? :-)
-
-
Friday 22nd November 2013 03:28 GMT Munin
If it's transmitted, it's collected
Their statement that the data's not been collected is farcical--anyone who has ever administered any webserver knows full well that the httpd logs have a full record of every single one of those POST operations, regardless of the response code sent.
I had a notion when those 'smart' TVs started coming out that they'd be too vulnerable an attack vector, but I was thinking that the attack would materialize through bad actors' compromise of poorly patched proprietary firmware in the set, rather than active vendor exfiltration of information.
My decision to avoid purchasing such a device is looking wiser every day.
-
Friday 22nd November 2013 03:44 GMT Anonymous Coward
Like I said before
Has anyone checked to see whether Panasonic, Samsung, Vizio and so on are doing the same? Anyone believe them if they say they'll never do that? Believe them enough they'd let their "smart" TV go ahead and download firmware updates and install them on its own?
Why do you need to plug any of these into the network? Or if you do (for remote control) to let them access the internet? Netflix? Youtube? Yeah, as if you don't already have a half dozen other devices that can do the same...
-
Friday 22nd November 2013 16:45 GMT Down not across
Re: Like I said before
"Has anyone checked to see whether Panasonic, Samsung, Vizio and so on are doing the same?"
Panasonic (sadly, as their kit has been rather nice and loved their CRT TVs) made my do-not-buy list when they decided its a good idea to have a GUI that serves you adverts. It's not like they give you the TV for free and recoup it with advertising money. No, they sell it at profit and then want advertising money on top.
-
-
Friday 22nd November 2013 08:04 GMT Adam JC
Legal liability
Since they'v been beaming people's potentially confidential data (RE: The USB media filename thing) - With personally identifiable information attached (IP Address, et al?) - Why aren't they worried about repercussions from lawsuits as a result of breaching data protection?
IANAL but I'm sure this opens them up to something in the form of a legal challenge for being so careless with potential confidential(ish) data.
-
Friday 22nd November 2013 08:28 GMT Paul Crawford
Re: Legal liability
I hope this is picked up in the USA as they have class-action lawsuits to make it worth while for the lawyers to go after them for compensation.
Sadly the worst likely to happen here is a ICO slap on the wrists. I hoped the BBC and so on would cover it on national TV, that would be fitting punishment for the company - to have its amoral behaviour aired the way its customers where being aired.
-
-
Friday 22nd November 2013 08:23 GMT Jellied Eel
Impersonal personal information for no purposeful purpose
"is not personal but viewing information," the statement explains. The information is collected, it says, in order to provide "more relevant advertisement"
It doesn't collect any personal information, but uses what it collects to try and serve more personalised information. This is an explanation only a marketing person (overshadowed by counsel) could make with a straight face. How could it make adverts "more relevant", unless it understood the personal characteristics of the person it's targetting?
-
Friday 22nd November 2013 08:37 GMT Anonymous Coward
Re: Impersonal personal information for no purposeful purpose
How could it make adverts "more relevant", unless it understood the personal characteristics of the person it's targetting?
So true. What I choose to watch, particularly from a locally served file, is certainly personal and although it is all above board, I would object to anyone thinking they have a right to know and process that information.
And besides, their argument is blown out of the water by the fact that they are snooping on shared files of whatever type - nothing whatsoever to do with media consumption.
Well, credit to LG for encouraging such a wide discussion of a significant privacy and security issue which has been lurking for quite a while.
-
Friday 22nd November 2013 19:36 GMT Tom 35
Re: Impersonal personal information for no purposeful purpose
Marketing think you only need to change what you call something to make it ok.
An email blast is not spam, it's an email blast. And it's totally unfair when they put us on a black list for spamming because it was not spam, it was an email blast. (a real conversation with the head of marketing where I used to work).
-
-
Friday 22nd November 2013 08:31 GMT ForthIsNotDead
Meh
Quite sure all the manufacturers are/will be doing it. And you can gurantee that government is being allowed access to the data for "security purposes". They'll use that data to determine what kind of person you are and categorise you appropriately, so that they can prioritise who to round up when the hammer falls.
If they determine that you have files from wiki leaks, then you're obviously a dangerous terrorist. Put him on the list.
If you have hard core porn then you could be a potential rapist. Put him on the list.
If you have lots of TV shows, you're probably a pirate. On the list.
-
-
Friday 22nd November 2013 10:06 GMT Fihart
Re: LG values its customers' privacy
Don't take it personally, it's just meaningless corporate-speak learned by rote in PR coaching.
Listen to politicians and more senior business types being interviewd on radio and they always start by thanking the interviewer for having them on the programme and then constantly refer to the interviewer by their first name.
Insulting, but they don't think we know any better.
-
-
Friday 22nd November 2013 10:07 GMT Anonymous Coward
Sony does similar, but without any obvious filenames being sent
I checked one of our TVs - a recent Sony Bravia.
When I browse a local mov file on a USB stick, it sends the following to Sony:
video.avc.none.mov.local.none.pull.010401000104280000000000000000000000008D3601000000010205110201010105023E015E0000000000000D121301000002.51
And when viewing a jpg over a dnla connection, it sends the following:
photo.none.none.jpeg.dlna.none.other.0301000003020A0002000002000004B0000003200100000000000000000000.31
Also, it seems to send what appears to be each button push of the remote, for example:
GET /bravia-e/l?cid=0804020703040E0F07090C01050200030807030C&v=CTV1.0&r=1300&i=0483A52C&I=0E155040&s=PKG3.901EUA&c=00524247&l=00676E65&t=0000000000000000&T=0000000000000000&e=1029&d=1 HTTP/1.1
Host: bravia-e.dl.playstation.net
Accept: */*
This is all over unencrypted plain text. I've now blocked that host on our network - I will check my other Sony TV this weekend.
-
Friday 22nd November 2013 10:22 GMT John Smith 19
Bottom line *nothing* should go out of a home net without *justification*
"Also, it seems to send what appears to be each button push of the remote, for example:
GET /bravia-e/l?cid=0804020703040E0F07090C01050200030807030C&v=CTV1.0&r=1300&i=0483A52C&I=0E155040&s=PKG3.901EUA&c=00524247&l=00676E65&t=0000000000000000&T=0000000000000000&e=1029&d=1 HTTP/1.1
Host: bravia-e.dl.playstation.net"
Every single button?
And this s**t does not have that.
-
Friday 22nd November 2013 11:39 GMT Anonymous Coward
Re: Bottom line *nothing* should go out of a home net without *justification*
I only checked the flow for a few minutes this morning - for this time there happened to be a direct mapping of two requests for each button push I made on the remote (with one HTTP parameter flipping between 1 and 0). The requests never seemed to happen unless I pushed a button on the remote during the time I observed the traffic - so, taking a guess here, they are related.
Note that I may have unwittingly accepted some T&Cs which allowed this, and there also may be an opt out setting somewhere that I have yet to find.
-
-
-
Friday 22nd November 2013 11:43 GMT Anonymous Coward
Re: Sony does similar, but without any obvious filenames being sent
Ok, dug through the settings in the TV, there is an option 'Usage History Log' which is used for QA and Usage Analysis. I had it turned on (the default setting) - I have now turned it off and will confirm later today if it correctly complies to that setting being off.
To be clear, I didn't find any personal or other privacy invading information being sent, it was clearly just logging every interaction I had with it.
-
Friday 22nd November 2013 12:23 GMT The Mole
Re: Sony does similar, but without any obvious filenames being sent
There certainly is personal information there, in fact in the UK I'd argue it would count as sensitive personal information. From the key presses it is relatively trivial to work out what channels you are tuning into. From the channels (for a subset of viewers) you may be able to deduce pretty accurate assessments of their religious beliefs (watching the God channel or Islam TV) or sexual life (watching porn channels gives clues in both interests and orientation).
Based on this it is just a matter whether the sensitive personal information is identifiable to a person, the IP address would be sufficient for this, particularly if the user also has a playstation account linked to a credit card.
This type of correlation isn't going to be 100% reliable or cover everybody but for a sizable minority sensitive personal information about a known individual can be deduced from the data if Sony so desired.
-
-
-
Friday 22nd November 2013 11:34 GMT MJI
Re: Sony does similar, LOOK AT SOURCE CODE
I only have one question about this, one word, three letters.
Why?
Why report every key press made, that is just silly, what can they do with the information?
The ONLY things I can think of are.
1) Seeing what features are used.
2) If it gets a faulty afterwards - bug trapping.
3) Some numpty left some code in.
Done a search and found this
So have a look and let us know why your TV is doing this.
-
Friday 22nd November 2013 22:49 GMT Anonymous Coward
Re: Sony does similar, but without any obvious filenames being sent
I normally have the LAN turned off on my Sony Bravia because it disrupts the local wireless and stops other devices connecting (haven't been bothered to find out why). It gets turned on occasionally just to watch catchup services when the recorder has missed something.
Anyway, it had just been turned on when I read this post, so I looked at the router log to see what it had connected to. Here's the list:
applicast.ga.sony.net
bravia.dl.playstation.net
bravia-e.dl.playstation.net
adnetwork.rovicorp.com
cs.prd.msys.playstation.net
imagec12.247realmedia.com
a.ad.playstation.net
I can't rule out that some other device connected during that period, but they all look Sony-related to me. So fairly clearly, there's some ad-serving type stuff going on here. You can see the sort of thing if you look at:
http://www.roviadvertising.com/inventory-and-audience.html
and you'll probably find similar things if you poke around at some of the other addresses above.
So clearly I'll need to block some of this at the router - the question is which ones need to stay open? And since the firmware gets regularly updated, the addresses could easily change. The more I think about it, the more I think I need a dedicated firewall machine at home. Sigh.
-
-
Friday 22nd November 2013 13:36 GMT Anonymous Coward
[internal only]
I just hope these geeky bastards on the TheReg don't work out how much better the tracking will be once we go IPv6 end to end. As long as the Bluetooth can still use their phones to get the data out we should still be OK but someone needs to stop these guys sharing this stuff, the sales department spat some seriously expensive wine over this.
Note to engineering - how much are powerline networking chips? get one in every TV then watch the loosers try and "unplug it".
-
Friday 22nd November 2013 13:51 GMT no_RS
What happened to Privacy first
As the titles say, why is there an assumption that the user has to turn off or stop the device doing something. What happened to a presumption of privacy unless the individual wants to give it away.
This whole situation is the wrong way around i.e. only those who think about it get privacy whereas everyone else doesn't. Isn't privacy a fundamental human right and the clowns at LG and others think people aren't entitled to?
Doesn't the European human Rights Act have anything to say about this?
There is probably a graph somewhere of IQ v Privacy which follows the y=mx+c formula..
-
Friday 22nd November 2013 14:41 GMT Anonymous Coward
The answer to this is the same as it is for prostitution
Hit the demand and the suppliers wont add "features" if no one wants the service
I would make advertisers and their agents pay for any data they collected and be required to pay anyone who opts into their collection campaigns, if they use data without permission they pay @ x100.
This way they would be required to provide evidence where their stats came from and that they are paying their guinea pigs for watching TV.
I am sure there will be some people who fancy being paid to watch TV especially when beds start posting when they are in use on the net.
Finally a way for adolescences to pay for their own Xbones
-
Friday 22nd November 2013 14:53 GMT Pascal Monett
Accepted in the T's & C's
So that's their argument ?
Ok, two can play that game.
I hereby declare the Consumer General Terms and Conditions.
1) Any Supplier agreeing to sell goods to a Consumer tacitely agrees to these conditions without right of refusing or contesting any of their conditions.
2) Any goods sold to a Consumer must be fit for their DECLARED purpose and without harm for the user.
3) ALL functions and functionalities of the goods must be declared. Any undeclared function is grounds for immediate return and reimbursement of the goods without question and without recourse.
4) NO, repeat NO transmission of data of ANY KIND without prior notice and ACCEPTANCE IN WRITING will ever be considered acceptable or even tolerable. Goods of any kind are purchased for the convenience of the Consumer, NOT to improve ad-targeting algorithms of the Supplier. The excuse that better targeted ads are a service to the Consumer is not acceptable since the Consumer has never requested ads of any kind.
5) The Supplier guarantees that the goods sold to the Consumer will only ever use the minimal network bandwidth that it requires to provide the DECLARED functionality. Any other possible network packet type MUST first require authorization from the user before being sent, must CLEARLY inform the user in PLAIN TEXT (not lawyer-speak or worse, PR-speak) of what the use of that packet is, and must refrain from sending said packet as long as user does not agree to its emission.
6) The Supplier is NOT allowed any excuse along the line of "if you turned it on then you agreed to this" to initiate network activity that is not a technical part of the primary function of the Goods. A radio's primary function is to recieve radio channels, sending monitoring data on which channels are listened to is not. A TV's primary function is recieving TV channels, sending monitoring info on which shows are viewed is not.
7) In case the Supplier finds itself guilty of transgressing any of these rules, the CEO, the Board and all Upper Management of the Supplier administration will immediately and voluntarily proceed to the nearest Consumer Correction and Oversight facility and self-attach themselves to the nearest Post of Penitance in order to recieve the twenty lashes of Consumer Needs Enlightment that will open their minds to the needs of the Consumer and train them to remain within that point of view.
8) Failure to adhere to any of these articles WILL result in the formation of a Consumer Correction Group which will, if sufficiently enervated, proceed to the headquarters of the Supplier and enforce a Temporary Local Correction and Oversight Facility with the goal of distributing the proper Consumer Needs Enlightment therapy to the assigned individuals. The Supplier notes that, in this case, the limit of twenty lashes may well be exceeded by individually frustrated members of the Correction Group, and thus absolves all members of all legal liability.
-
Friday 22nd November 2013 17:07 GMT Dan Paul
Small Claims Court?
Perhaps if thosand of US Smart TV owners were to sue their TV's manufacturer in small claims (max $3,000 but can be tripled) citing this issue and accuse them of being "peeping Toms"; perhaps THEN these dickwads would get the message.
If you were a Nielsen family, they would pay you handsomly for this data.
Too bad that every cable company does the same thing with their set top boxen.
Wanna bet their networks aren't very secure? LET"S FIND OUT!
-
This post has been deleted by its author
This topic is closed for new posts.
Biting the hand that feeds IT
