Re: Which is why…
Hmm. My apologies. Perhaps I didn't make my point very clearly. It isn't so much about trusting anyone to play nicely with my data, it's about trusting them to ensure that the operating system is patched up regularly so that it presents a reasonable level of security (or facsimile thereof, depending on how tinfoil your hat is)
It isn't that it's impossible to remotely hack a patched up Linux, Mac or Windows system, but it certainly isn't easy. The reason that its difficult is that these systems are regularly patched to ensure that an OS compromise is non-trivial.
Sony, Samsung, insert preferred vendor of soon-to-be-connected gizmo here, have little experience of writing a general purpose OS from scratch and ensuring that it remains patched for the lifetime of the device. And the lifetime of the device is likely to be long. Worse yet, these devices aren't going to be like a computer, where it's easy to reformat the hard drive and replace the OS with one that is more up to date or more suited to your tastes. These devices are going to be more like mobile phones or portable media players. It's not that total replacement of the OS can't be done, it's that it won't be easy - and, anyway, life is too short to be slapping Linux on the telly, fridge, toaster, lightbulbs etc., and then keeping them patched and up to date.
The real problem is that the average lifetime of a television or fridge is an order of magnitude greater than that of a phone. My fridge is fifteen years old, showing no signs of packing up, and therefore not due for replacement. The TV is nearly ten, and much the same applies. Given that Samsung and Sony can't be bothered to ensure that a one year old phone is running the latest version of Android, I can't really see them bothering to update the OS of a ten year old TV.
So what to do? Your TV is now three years old, and you were lucky. You bought a TV from a manufacturer who kept it patched for a year or two. But now its getting on a bit. It's a bit old, and the manufacturer would rather sell you a new device - so no more patches for you. Your options are to disconnect from the internet (rendering the utility of the device somewhat moot), or buy a new one (which isn't very environmentally friendly given the huge piles of toxic crap that we throw away each year). And even sandboxing isn't going to help much - for two reasons. Firstly, because even sandboxing has its limits - only Apple really takes it to its logical limit, and (IMO) its the only reason that older iOS devices aren't hotbeds of malware. Secondly, because geeks, the early adopters, don't like it - look at all the bitching on el Reg about sandboxing on iOS - and on a TV or other consumer device, sandboxing is going to be more essential than ever.
You'll note that I've left government security out of the parameters of my argument. This is because government security challenges are either intractable or blown out of all proportion, depending on how paranoid / realistic about the limits of government probity you are.