After some investigation, I found a rather creepy corporate video advertising their data collection practices to potential advertisers. It's quite long but a sample of their claims are as follows:
In fact, there is an option in the system settings called "Collection of watching info:" which is set ON by default. This setting requires the user to scroll down to see it and, unlike most other settings, contains no "balloon help" to describe what it does.LG Smart Ad analyses users favourite programs, online behaviour, search keywords and other information to offer relevant ads to target audiences. For example, LG Smart Ad can feature sharp suits to men, or alluring cosmetics and fragrances to women.Furthermore, LG Smart Ad offers useful and various advertising performance reports. That live broadcasting ads cannot. To accurately identify actual advertising effectiveness.
At this point, I decided to do some traffic analysis to see what was being sent. It turns out that viewing information appears to be being sent regardless of whether this option is set to On or Off.
Here you can clearly see that a unique device ID is transmitted, along with the Channel name "BBC NEWS" and a unique device ID.
Here is another example of a viewing info packet.
GB.smartshare.lgtvsdp.com POST /ibs/v2.2/service/watchInformation.xml HTTP/1.1
Host: GB.ibis.lgappstv.com
Accept: */*
X-Device-Product:NETCAST 4.0
X-Device-Platform:NC4M
X-Device-Model:HE_DTV_NC4M_AFAAABAA
X-Device-Netcast-Platform-Version:0004.0002.0000
X-Device-Country:GB
X-Device-Country-Group:EU
X-Device-ID:2yxQ5kEhf45fjUD35G+E/xdq7xxWE2ghu0j4an9kbGoNcyWaSsoLgyk8JJoMtjRrYRsVS6mHKy/Zdd6nZp+Y+gK6DVqnbQeDqr16YgacdzKU80sCKwOAi1TwIQov/SlB
X-Authentication:YMu3V1dv8m8JD0ghrsmEToxONDI= cookie:JSESSIONID=3BB87277C55EED9489B6E6B2DEA7C9FD.node_sdpibis10; Path=/
Content-Length: 460
Content-Type: application/x-www-form-urlencoded
&chan_name=BBC TWO&device_src_idx=1&dtv_standard_type=2
&broadcast_type=2&device_platform_name=NETCAST 4.0_mtk5398&chan_code=251533454-72E0D0FB0A8A4C70E4E2D829523CA235&external_input_name=Antenna&chan_phy_no=&atsc_chan_maj_no=&atsc_chan_min_no=&chan_src_idx=1&chan_phy_no=&atsc_chan_maj_no=&atsc_chan_min_no=&chan_phy_no=47&atsc_chan_maj_no=2&atsc_chan_min_no=2&chan_src_idx=1&dvb_chan_nw_id=9018&dvb_chan_transf_id=4170&dvb_chan_svc_id=4287&watch_dvc_logging=0
This information appears to be sent back unencrypted and in the clear to LG every time you change channel, even if you have gone to the trouble of changing the setting above to switch collection of viewing information off.
It was at this point, I made an even more disturbing find within the packet data dumps. I noticed filenames were being posted to LG's servers and that these filenames were ones stored on my external USB hard drive. To demonstrate this, I created a mock avi file and copied it to a USB stick.
This file didn't really contain "midget porn" at all, I renamed it to make sure it had a unique filename that I could spot easily in the data and one that was unlikely to come from a broadcast source.
And sure enough, there is was...
Sometimes the names of the contents of an entire folder was posted, other times nothing was sent. I couldn't determine what rules controlled this.
I think it's important to point out that the URL that the data is being POSTed to doesn't in fact exist, you can see this from the HTTP 404 response in the next response from LG's server after the ACK.
However, despite being missing at the moment, this collection URL could be implemented by LG on their server tomorrow, enabling them to start transparently collecting detailed information on what media files you have stored.
It would easily be possible to infer the presence of adult content or files that had been downloaded from file sharing sites. My wife was shocked to see our children's names being transmitted in the name of a Christmas video file that we had watched from USB.
So what does LG have to say about this? I approached them and asked them to comment on data collection, profiling of their customers, collection of usage information and mandatory embedded advertising on products that their customers had paid for. Their response to this was as follows:
It was at this point, I made an even more disturbing find within the packet data dumps. I noticed filenames were being posted to LG's servers and that these filenames were ones stored on my external USB hard drive. To demonstrate this, I created a mock avi file and copied it to a USB stick.
And sure enough, there is was...
Sometimes the names of the contents of an entire folder was posted, other times nothing was sent. I couldn't determine what rules controlled this.
I think it's important to point out that the URL that the data is being POSTed to doesn't in fact exist, you can see this from the HTTP 404 response in the next response from LG's server after the ACK.
However, despite being missing at the moment, this collection URL could be implemented by LG on their server tomorrow, enabling them to start transparently collecting detailed information on what media files you have stored.
It would easily be possible to infer the presence of adult content or files that had been downloaded from file sharing sites. My wife was shocked to see our children's names being transmitted in the name of a Christmas video file that we had watched from USB.
So what does LG have to say about this? I approached them and asked them to comment on data collection, profiling of their customers, collection of usage information and mandatory embedded advertising on products that their customers had paid for. Their response to this was as follows:
I haven't asked them about leaking of USB filenames due to the "deal with it" nature of the above response but I have no real expectation that their response would be any different.Good MorningThank you for your e-mail.Further to our previous email to yourself, we have escalated the issues you reported to LG's UK Head Office.The advice we have been given is that unfortunately as you accepted the Terms and Conditions on your TV, your concerns would be best directed to the retailer. We understand you feel you should have been made aware of these T's and C's at the point of sale, and for obvious reasons LG are unable to pass comment on their actions.We apologise for any inconvenience this may cause you. If you have any further questions please do not hesitate to contact us again.Kind RegardsTomLG Electronics UK Helpdesk
Tel: 0844 847 5454
Fax: 01480 274 000
Email: cic.uk@lge.comUK: [premium rate number removed] Ireland: 0818 27 6954
Mon-Fri 9am to 8pm Sat 9am-6pmSunday 11am - 5pm
So how can we prevent this from happening? I haven't read the T&Cs but one thing I am sure about is that I own my router and have absolute jurisdiction of any traffic that I allow to pass, so I have compiled an initial list of internet domains that you can block to stop spying and advertising on TVs that we, as customers have actually paid for.
- ad.lgappstv.com
- yumenetworks.com
- smartclip.net
- smartclip.com
- llnwd.net
- smartshare.lgtvsdp.com
- ibis.lgappstv.com
This will free you from seeing ads plastered on your screen and having your viewing habits monitored, whilst it should still allow firmware updates to be applied.
Since you are in the UK, it may be worth forwarding this to the Information Commissioners Office: http://www.ico.org.uk/ and pointing out to LG that you have done so... It would be interesting to see how that might affect their next response.
ReplyDeleteIf their data collection collects any personally identifiable information, they are subject to the UK Data Protection Act. That potentially means you can serve them with a Subject Access Request: http://www.ico.org.uk/for_the_public/personal_information
Since it seems they are aiming to be able to track you, it would be interesting to send them one anyway and see what they respond - they can charge you up to 10 pounds to process it, and there are legally mandated response times. Including a full copy of one of the requests should be sufficient to authenticate you and provide them the information they'd need to check their logs...
They would also be subject to the Data Protection Act for things like retention and providing ability for you to have any records they might hold purged.
You may also want to draw LG (and the ICO)'s attention to the fact the request appears to include cookie information, and to the infamous "cookie law"...
Note in particular that it means *nothing* that the script returns a 404: The information may still be in their logs - collecting information this way without actually having anything at the endpoint is an old practice, and more efficient on server resources than making the web server execute anything.
This was very helpful. I wasn't aware of the 404 practice. Good to know.
DeleteIt's easy enough to generate a 'fake' 404 page, complete with proper header which still stores data into a database, for example I have a system running on http://img.overbythere.co.uk/ but I don't want people to see it, so I generate the 404 you see there.
DeleteI can back up the 404 logging practise, as we use it for error collection from client apps at the large online site I work for.
DeleteI would not block llnwd.net as that is actually a CDN operated by Lime Light networks. They use llnwd.net for a lot of content delivery
ReplyDeleteI was going to mention the same. Blocking llnwd.net would block access to several video content that goes via Limelight CDN.
DeleteTwo questions arise from this:
ReplyDelete1/ Surely, it doesn't matter what is in their T&Cs if the option to switch data collection off doesn't work, then that's a serious matter and needs to be investigated by LG?
2/ Are other Smart TV manufacturers doing the same thing, and not been found out yet?
I expect the "Tom" character in the email response from LG is a lowly figure in the food chain (equivalent to Call Centre staff). To pursue this, one would need to go considerably higher.
DeleteHello, could you help me to carry out the same checks with telefizor of Samsung?
ReplyDeleteIt's as simple as getting an old hub, putting your TV and a computer on the same hub, connecting hub to your router, and installing wireshark on your computer. It needs to be a hub and not a switch for accurate capture of packets.
DeleteNot all hubs support man in the middle sniffing. Best consult the wireshark wiki for the best way to set this up. Building your self a tap is the best way.
DeleteA Switch that supports Port mirroring would also work if you have one available.
DeleteThe Feature seems to be in a lot of these "Smart" or "Semi-Managed" switches.
You can use an old router with OpenWRT installed to handle the packet forwarding.
Delete@Jeff, yes they do. Hubs are OSI Layer 2 devices, and they broadcast all packets to all other ports. Anything that doesn't do this is not a hub.
DeleteThe 404 response from the server is meaningless. It could be saving the submitted data regardless.
ReplyDeleteCould be? Is.
DeleteLG's http server, regardless of type, maintains logs of all requests made of it, which include (amongst other things) the user-agent (what browser), the timestamp, and the contents of the request.
Their sysadmin for their webserver merely has to run the logs through a filter to look for all 404-spawning POST requests with the user-agent corresponding to their TVs. This will give him a complete archive of timestamped information suitable for processing for analytics or whatever other purposes they wish.
The fact that this is sent in the clear is also worrisome; anyone capable of intercepting your network traffic now knows you have an LG TV on it, and can (trivially) determine if you are home watching TV, or (some difficulty) research whatever current exploits that kind of TV is vulnerable to.
And yet people ask why a sysadmin like me has a 'dumb' TV and goes through the 'trouble' of hooking up separate boxes to it to watch things...
It doesn't matter what their logs are doing. Anyone can configure a web server to process a request and send a 404 as a response. They could send a 500 response, even a 403. It can still be processed by any type of service they have running. At the very least it's true that they are logging that information in their default configuration, but I bet there's more at play here.
DeleteI keep my TV dumb as well, with seperate boxes attached, but I have no illusions about those seperate boxes as well. Gameconsoles, set top boxes and mediaplayers might also scour your network and call home.
DeleteThis comment has been removed by the author.
ReplyDeleteI concur with Grant. If you get back a 404 there is a server at the other end.
ReplyDeleteThat server may be faking a 404 and log what you sent them so they know of your midget porn! ;)
ICO is the correct people to follow this up with. Regarding the T&C's line LG are going with, it appearers it could be an unfair condition (especially if not pointed out in laymen terms during activation) and the OFT may be interested.
ReplyDeleteIt would be interesting to know what the retailer has to say. Would they be happy that LG is spying on us and blaming them for it?
ReplyDeleteYeh that's kinda creepy. I'll need to check out my Vizio smart set for the same type of shenanigans.
ReplyDeleteNote the different URI than the one where watching habits are posted to; note the "smartshare" in there. LG TVs sport a "Smart Share" feature, so isn't this related to the LG Cloud feature and isn't it just looking for the file in your own "private" cloud?
ReplyDelete(That it does this in clear text is of course ridiculous!)
Well, an LG Smart TV was going to be my next TV but now I'll be looking elsewhere, cheeky £@$7@&*$
ReplyDeleteCode 200 would be a valid response for the peer initiating the POST request, however, they can send back any response code they want and still log the request...
ReplyDeleteSounds to me they're trying to camouflage it a bit.
wait, you didnt agree to any terms or conditions when the tv booted up? nor at purchase time?
ReplyDeletewell, just tell them they owe you $1million for replying to your email. oh they didnt see your T&C for email replies? heh
Dear Richer Sounds,
ReplyDeleteI saw a blog post which reports that LG smart TVs contain spyware which sends to LG detailed information about what is being viewed and even the filenames of any files it discovers.
http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html
The author asked LG about it and they disdainfully said it's up to the retailer to make "you agree to being spied upon" (I paraphrase) a contract term at the point of sale. Please see their reply in that blog post.
I purchased a LG smart TV and blu ray player from your Sheffield branch. The sales experience was very good but it was never explained to me that such a contract term did exist. If such a contract term was to exist then it would need to be pointed out at the point of sale, as it is not possible for the manufacturer to add further contract terms after purchase, regardless of whether or not they present me with pages of legalese and an "accept" button. UK law does not allow it.
In addition to contract law, the Consumer Protection From Unfair Trading Regulations does require that all significant terms be made clear at the point of sale. I would argue that this detailed snooping is significant.
I do not consent to any usage information being transmitted to LG (or anyone else) from the products I purchased from you. Had this behaviour been made clear to me at the point of purchase, I would not have made the purchase.
If the blog post is true, and in order to preserve my privacy, I can no longer use these devices. I cannot (and obviously should not) trust them.
So now we have a problem. I may need to return these units to you for a refund, regardless of how long ago the purchase was made.
1. Will you take this issue up with LG on behalf of your customers?
2. Had LG advised you that you must ensure that additional contract terms are explained to your customers as part of the sales contract? Can you please provide me with copies of the materials that LG provided to you about this?
3. Will you update your website, catalogue and in-store materials to make clear which products intrude upon user privacy and the extent to which such intrusion can be minimised?
4. For any customer who has purchased these products without agreeing in advance to this intrusion on privacy, will you provide a full refund, regardless of product age? I'd expect you to reclaim all monies and your costs from LG.
I assume that you were not expecting this problem to land with you, but unfortunately LG's reply does make clear that they are making it your problem. Perhaps they will have greater respect for the purchasers of their products if you get involved.
I look forward to your reply. I will post this message and your reply as comments to the blog post.
Nice
DeleteVERY nice!!
DeleteIt's possible the filename thing is attempting to identify the show in order to provide content information - for example with open source MythTV has a feature whereby you end up seeing the show logo and text about an episode if it identifies from the filename what the program is about. This must be using some form of web service to do it. It's possible the 404 you are getting back is not because the URL isn't found, but because it couldn't find any information about the program (for a REST API this would be a legitimate way of sending that sort of response)
ReplyDeleteIf (as is the case with MythTV) this was optional behaviour, then it would be OK, and potentially a useful feature, however, if you can't turn off (as in this case), then it is definitely an invasion of privacy...
There is a lot of encrypted traffic to ipg.content.glb.gracenote.com which I would expect is being used for media metadata.
DeleteIf this is not unlawful, it bloody well should be.
ReplyDeleteAnd now please add some irony with this article from 2010:
ReplyDeletehttp://torrentfreak.com/lg-shows-how-to-play-pirated-movies-on-tv-100205/
Awesome, I love it.
DeleteKeep in mind that just because the page is giving you a 404 doesn't mean that it doesn't exist. It's trivial to spoof a header, and most people (myself included) would take it at face value.
ReplyDeleteBut when they're quietly tracking information like this, they could easily have faked it to have plausible deniability. "Sure, the information is sent, but there's nothing at that location to save the data."
"your concerns would be best directed to the retailer. "
ReplyDeleteI bought a 55" LG LED 3D TV on Amazon five weeks ago. One week too late to return given Amazon's return policy.
No mention of this activity appears on the Amazon page for this TV.
Please join me in (at the very least) hitting them on twitter. @LGBlog @LGUS and @LGUK.
Here is my complaint to them that caused them to blame the retailer. Note this was before I discovered the filename leaks and the broken opt-out
DeleteDear Matt,
Thank you for replying to my query regarding advertising and user-behaviour tracking on my Smart TV.
Unfortunately, what you have told me makes me more certain than before that LG is in serious breach of EU Directive 95/46 on "Data Protection" in regard to the collection of data using my product.
Firstly: I purchased the TV from a high street dealer intending to use it for viewing digital TV and YouTube online content. The product is prominently labelled as having this feature on the box.
Upon setting up the TV, I did notice the user agreement that you pointed out and I initially refused to accept the terms. It became clear that not doing so rendered many features of the TV unavailable including many that were my reason for buying this product. Additionally, it was difficult to use the TV as it nagged me to accept the terms repeatedly - which I did after about a day.
I could not return the TV for a refund as the retailer's policy prohibits this once the box is opened. There was no way that I could be expected to give my informed consent to be tracked without unpacking the TV, and once this had been done there was no realistic way for me to decline the terms without accepting a crippled product that did not fit the description of what I purchased.
LG cannot insist that I submit to being spied on in order to use a product that I purchased, unless this is made perfectly clear at the point of sale when I can still decline without losing money.
Secondly: the data collection option in the system menu labelled "Collection of watching info" is defaulted to "ON" - even when the user chooses to decline the terms. This means that informed consent is not being obtained prior to data collection and tracking.
I intend to report this offence to the Office of the Information Commissioner and OFCOM tomorrow. I would urge LG to prepare a firmware update as soon as possible to rectify this situation.
I am speechless that LG would choose to treat its paying customers in this way; by stealthily monitoring them and selling the resulting information to advertisers for additional profit.
regards
The US Government should be interested in this too - it has to violate HIPPA if there's anything personally identifiable in the filename, like the patient name and/or number(*) and the disease name for a Case Study.
ReplyDelete(* = And that Patient ID number is often the Social Security Number in whole with a few letters or digits tacked on at one end to disguise it - or signify sex and birthdate, which would be an additional bonus. Nevermind it's been illegal to use the SSN as an I.D. number {in whole or part} for decades, virtually all major hospitals health plans and insurers all use it. Unless you see it and scream bloody murder.)
And think how handy it would have been for Hitler's staff to see a briefing video filename like (old example everyone should get) "Operation Overlord 06061944 Normandy" come across from a TV in a Pentagon briefing room a few weeks or months ahead... Huge Military Security Breach here we come.
Unfortunately, HIPPA only applies to health care workers. In other words. LG is not bound by it.
DeleteFurthermore, The Privacy Act of 1974 with a few exceptions applies to government agencies. Not the private sector.
The best you can do here in the USA is have some judge void the T & C as a "contract of adhesion".
I discovered similar activity from my Lg TV shortly after I bought it last year. I was infuriated to see budweiser and mcdonalds banner ads shortly after setting the TV up. I also discovered quite a lot of links being generated to a lot of non-lg sites for ad serving and activity tracking, with many of URLs going to blank or 404 pages. I think the activity tracking is a lot worse in the U.S.. I received a similar response from lg support, with excuses that the ads and tracking allow them to provide a better experience blah blah blah. I have blocked all the hosts via my router. I'm not playing this game over a device I OWN.
ReplyDeleteThe fact that their server is returning HTTP 404 response does not mean that they are not collecting data. They may be returning 404 on purpose, so in the event that they are sued, they can say their collection URL was not implemented, yet the may collect the data anyway.
ReplyDeleteTo those of you who seem to be aghast at this - how exactly did you think your SMART TV was getting it's SMART's? And as we laughed at many of the comments here at the office - do you really think that your other media devices aren't sending data on you back 'home'? You live in a connected world where much of the free services you use are powered by advertising - because things like hosting, development and so on costs money and if you aren't going to pay someone else has to. The point is not to worry about the fact that your TV is sending your viewing habits and penchant for midget porn to LG. The point to worry about is that they offer to stop sending this data as an option but don't honour that contract. I'm pretty sure that's no legal but I'm not a lawyer.
ReplyDeleteLG TVs are not "free".
DeleteLG smart TVs are a premium-priced paid-for product not a free service. You see the difference?
DeleteNothing supplied on LG TVs requires advertising and/or tracking. The streaming services these TVs have are either paid for via their own subscriptions or their own in app advertisements, same with the 3rd party apps in their app store. The price paid for the TV should be enough to cover the cost of development and to included the often lackluster media center options. If it isn't, then they need to reconsider how much they're going to charge for these products. The idea that LG customer service is trying to absolve themselves of responsibility and make the retailer to blame, at least in the U.K., is absurdity at its finest.
DeleteYou are _paying_ to get advertising on your TV ?
Deletedoesnt sound very smart to me.
Yeah, it a miracle that people pay for Sky, isn't it?
DeleteThis comment has been removed by the author.
ReplyDeleteObviously it's time to start spamming the daylight out of the endpoints with data that *could* be real but isn't. Make the data harvested as close to worthless as possible.
ReplyDelete+1
DeleteQuite so, Irregular Shed. Spurious spontaneous irregular and unconventional harvesting of massively misleading content is a guarantee of chaos delivery to madness and mayhem.
DeleteAnd if not a solution to encourage development change then also an application for Clouds Hosting Advanced Operating Systems to micromanage macro disorder and possibly smarter hostile user base energies for increased controlled and controlling powers with imaginative synergies and virtually elusive and/or attractively divisive distractions/sweet sticky passions which breed insatiably satisfying needs and feeds ...... Immaculate Source Seeding of QuITe Sublime IntelAIgent Services to Servers with Global Operating Devices for the COSMIC Application ProgramMING Environments ..... Mined Intelligence/Mind Infiltration Networking Games Grids for Live Operational Virtual Environments and the Sheer Pure Hell of IT’s Addictive Pleasures and Fiat Treasures.
And it would be pure speculation to imagine and posit that such as is freely shared there is a pre-emptive dump of info and intel in response to what be lost to Snowden from the Wild Wacky West and delivered in rapturous capture to the Exotic Erotic East .... but that in no way is to suggest that all or anything at all there is false whenever all is perfectly true.
can you share the packet capture? I'd like to see those http headers
ReplyDeletehttp://pastebin.com/5Kp2kC56
Deleteawesome, thanks. can you grab one for the channel change too?
Deletesetting up adtrap to block all this.. well, not block, but alter it so it's unusable to them. I'll probably just put in block rules if the tv will be normal if it can't get to those servers.
Deletehttp://forums.getadtrap.com/forums/viewtopic.php?f=8&t=2261&p=8369#p8369
notify flipping on.. forgot earlier
DeleteI hadn't heard of AdTrap, good work!
Deletehttp://pastebin.com/kQY4qKNm
Also, you see that last parameter? &watch_dvc_logging=0
I've just discovered that this is what the on screen opt-out seems to be changing...
Doctorbeet, when you check / uncheck the data collection box does the POST address change?
DeleteNo. The only change is that parameter. I'm not very impressed with this as an implementation to say the least.
DeletePeople use facebook, twitter, google+, gmail and they get stressed because LG knows what they are watching? No sense! :)
ReplyDeleteI use none of those.
DeletePeople don't pay hundreds/thousands of dollars for facebook, twitter, and google. Most people don't have a problem with free services collecting data.. Most people DO have a problem when their expensive toys spy on them without their consent.
DeleteValdemir - in my opinion ANY non public person posting their photo and other personally identifiable information, thus enabling ALL unstoppable mismanagement and abuse of these in the future through all kinds of commercial and legal actors, IS AN OBVIOUS MORON, not deserving any discussion with adults at all. Morons belong to kindergarten schooling about privacy and data security. That's all. Cheers.
DeleteThere is an easy way to stop this, just send LG a notice that your consulting fees are £500 per day or £1 per byte of data transmitted, whichever is greater, and then bill them for using your information that they so desperately want from you.
ReplyDeleteI traced mine, just opening the Applications menu and then opening Netflix. As part of that I see a request to
ReplyDeletehttp://ae.amgdgt.com/ads/?t=de&p=9372&pl=d3155b14&cat=portal.homelivecard.360x150&aid=&did=&dom=938rMmOsPSB&mod=&ref=&cip=&dou=&gender=&age=&rnd=3144535663689619721
followed by another request (truncated):
http://ad-emea.doubleclick.net/N8549/ad/lgtv.nc3.nl.smartclip/portal.homelivecard.360x150;appid=;devid=;gender=;age=;dom=938rMmOsPSB;sz=1x1;dt2=%26amgid%3D349426c0-e83c-4b0f-b8a6-d1889627f33b%26client%3Dlg%26a
And another truncated one:
http://ad.smartclip.net/delivery/tag?sys=4&sid=42049640&zid=42858680&size=1x1&aid=113899520&dt1=&dt2=%26amgid%3D349426c0-e83c-4b0f-b8a6-d1889627f33b%26client%3Dlg%26appid%3D%26devmod%3D%26ref%3D%26cip%3D
Note the "gender" and "age" parameters in that URL, albeit with empty values. This is for a TV registered in the Netherlands.
This comment has been removed by the author.
ReplyDeleteThis settlement with Google may have bearing on such devices in the US. "The settlement requires Google to not bypass cookie settings without a user’s consent, nor may it fail to inform consumers of how Google serves personalized ads to them via their browsers. In addition, Google must expire the cookies placed on Safari browsers from June 1, 2011 through Feb. 15, 2012 by February of next year."
ReplyDeletehttp://threatpost.com/google-pays-17m-privacy-settlement-to-37-states/102966
Great idea suggested by Irregular Shed about just spamming those endpoints. Wonder what legal issues would kick up if you had a linux box (or Raspberry Pi?) on the same hub as your wireshark tap that simply spewed spoofed packets constantly reporting random data? It seems dicey for them to charge you with unauthorized access to systems making unauthorized access to your information...
ReplyDeleteFound this info on the company behind the LG data collection:
ReplyDeletehttp://www.theregister.co.uk/2013/09/02/cognitive_lands_lg_as_its_first_tv_oem/
http://vimeo.com/22276085
My US lg looks similar but there is not option to disable data collection. It would be limited to usb and dnla played content because of our screwed up cable system that requires a box.
ReplyDeleteThe privacy concern here isn't that your data is being collected. You bought a smart TV, obviously the manufacturer has data on your usage of it. The issues are twofold.
ReplyDelete1. The end user is not being explicitly told their data is being collected, and they have no way of opting out
2. They're allowing third parties to collect the data directly from your device without telling you
Smartclip and Doubleclick are advertising companies. LG just gave them the keys to tag up your TV.
Similar to how websites have third party tracking from ad tech companies, the Smart TVs are inviting these companies to track directly as well. Those companies are doing a few things with the data.
1. Building a profile for your device based on data signals
2. Selling ad inventory targeted to the type of users they believe you are
3. Using your network data to cross-stitch to your phone, iPad, laptop etc.
Don't be surprised to get an ad for a fancy suit on your TV, then get it a few seconds later while you're browsing the web on your iPad. Then the next day on your Samsung galaxy... while you're walking past the fancy suit store.
Again, the biggest concern here is a lack of opt-out mechanism and transparency to the end user. At the end of the day, the ads aren't going away. Opting out won't make it so advertisers will stop messaging you, it will just make those messages less relevant.
"You bought a smart TV, obviously the manufacturer has data on your usage of it".
DeleteI don't see why this is 'obvious'. A Smart TV is a TV with an Internet stack, a Web browser and streaming clients for various OTT video protocols. End of story. It has no business whatsoever reporting any local activity back to the manufacturer whatever the user is forced to accept.
This isn't some subsidised mobile device where you have signed away your first born to an operator in return for a nearly free bit of kit, this is a generic TV bought full price at retail. Actually it amazes me that people even accept advertising in the manufacturer's portal in the first place (as opposed to services they may use, which is fair enough).
The irony is that LG probably wasn't using the data anyway - I know that 404's can be spoofed, of course, but never attribute something to malice that can be explained by incompetence...
Paul (Smart TV UI developer, among other things)
If I owned an LG Smart TV, and knowing they were collecting information in this way I would have a little fun. Here are a few suggestions.
ReplyDelete1. Place a rubber band over the channel change button on the remote control and point it at the tv so it continually changes channels. Do this once or twice a week when you plan to be out of the house for at least an hour.
2. Whenever you upload a video file to your USB, rename it things like "jihad for beginners", "101 to plan before your rampage", "Yes, I killed your dog" and "LG UK HQ blueprints". Get creative and have fun with it.
3. Use their packets as a template to send extra packet data to their servers. Randomize the the device ID and send random, non-tv related content. Pub quiz trivia might be a good place to start for content.
There is plenty more you can do. I feel like blocking it out is missing an opportunity...
Here's another way to capture this traffic that worked for me without a hub. I have a Linksys WRT54GL router with dd-wrt custom firmware. I used telnet into the router to setup iptables to forward all traffic from the TV to my PC with wireshark capturing the traffic. Example:
ReplyDeleteiptables -t mangle -A POSTROUTING -d 192.168.1.100 -j ROUTE --tee --gw 192.168.1.101
iptables -t mangle -A PREROUTING -s 192.168.1.100 -j ROUTE --tee --gw 192.168.1.101
This is a good method if you have a router with flashable firmware. I used an Xubuntu PC with two NICs and configured it as a router.
DeleteI wonder if they display this file data on a web interface somewhere. Try script injecting them.
ReplyDeleteI have not found this information anywhere in your post, so may I ask you which firmware version is running on the TV? Thanks!
ReplyDeleteI soo much hope there are enough people who stumble upon this post, and understand its implication, for this to go viral!!!
ReplyDeletehelp us put an end to this https://github.com/MarsVard/Everything-is-bugged
ReplyDeletegetting a 404 error from the server does not mean it doesn't process the data. it can process the data and send an 404 error back, just to obscure the fact that it is really collecting data... this is outrageus.
ReplyDeleteWell, this is an interesting coincidence -I was starting to look at the same things after a software update to my LG TV popped up a 50 screen "update our new privacy policy" sequence on reboot. You are ahead on me on wiresharking
ReplyDeleteIf there are group of people interesting in playing with what we can do here -serving up images, analysing the data, deanonymizing it or simply co-authoring letters to the ICO, i'd be up for joining
@steveloughran
meanwhile, here are my screen shots of the privacy policies as declared on the device, which doesn't differentiate web access from device access, but does say they consider MAC addrs, cookies and TV watching to be non-personal info, and they can do what they want with it. Personal details are name and address, and they can do what they want with that too
http://www.flickr.com/photos/steve_l/sets/72157637867348596
Thank you for posting this.
Delete"We may collect your first and last name and mailing addresss and may tie that information to your Non-Personally Identifiable Information), in an effort to track your usage of our products and services so that we can deliver products and services to you that meet your needs."
This would almost certainly place LG in violation of the Data Protection act and the EU DP directive. I have been unable to match my device serial number to the device ID that was being transmitted - but this statement indicates that they can and do match it back to your name.
Thanks for this information.
If some information contains enough information to tie it to "personally identifiable" information, I would think that the information should legally be considered "personally identifiable" - surely only aggregate information that fundamentally can't be tied back to a single person would be considered non-personal?
DeleteThis also seems relevant: http://www.out-law.com/page-8060 - it seems that IP addresses can become "personal data" in some cases, even if they aren't tied to your name. I would imagine the same would be true of the device ID (i.e. your viewing habits associated with a device ID would probably fall under the data protection act as "personal data" even if they aren't associated with your name and address, since they are still linking the information with a single specific (unknown) person in a non-aggregate way.
I've written to John Lewis customer services pointing out this article, and how LG are fobbing this issue off onto them. I've asked them to get LG to explain what the hell they are playing at.
ReplyDeleteI have just got myself one of these tv sets, and have now emailed Currys asking the same information as the person above who asked Richer Sounds. I will post any replies I get.
ReplyDeleteI the meantime I have set up url filters on my router to block traffic.
Many thanks for the heads up
Another thing many dont consider. When you have a device that is expecting a response over IP communications, if there is any issue with that like, DNS timeout, unreachable IP etc it can lead to a laggy experience. Most system software developers do not properly thread the code to let this communication process spin off on its own.
ReplyDeleteWill certainly be blocking this tonight. Personally i'm not as fussed over watching habits being reported but the transmission of what is on external media is ridiculous. I need to get a copy of the terms you accept when you start the TV. If there is a breach of the Ts&Cs the target IP (for gb.ibis.lgappstv.com) resides in a block of IPs managed by RIPE, who will investigate misuse of its network (http://www.ripe.net/data-tools/db/faq/faq-hacking-spamming)
ReplyDeletePut a firewall block outgoing from TV ip to internet, ip tables.
ReplyDeleteor hack the tv and install a proxy.
yea..
Delete1 Buy TV which can show Netflix and Hulu
2 Block that TV from internet..
Is this only if you are watching TV through the inbuilt tuner? What if you have cable box (eg Sky)? I assume they can't track what you are viewing then?
ReplyDeleteDear Sir or Madam,
ReplyDeleteI was thinking about purchasing one of your smart televisions, but have just discovered that you collect all viewing information, including what programmes are being watched, who is watching them and for how long, and that you are also collecting data from any usb connection to the television. This even includes file names and names and names of children on those files. I understand that you also offer an option to “opt out” of this, rather than “opt in” and that even when the opt out is selected you still collect the information. You don’t offer any guarantees regarding the safety or security of this information, you are allowing it to be passed over the internet unencrypted where anyone can collect it. If you could confirm these points for me before I purchase the television, I would be extremely grateful. I see also that you say that it is the responsibility of the retailer to inform the customer, and that it has nothing to do with your company or televisions...Are your retailers aware of this procedure. I always thought that when I purchased a television it was for the purposes of receiving information rather than divulging persona information for free. Is this the way of the future for L.G.? Would you like your children’s information, or your own private information spread over the internet, without your being aware or being asked for your consent?
Yours sincerely,
Douglas Rankine.
P.S. Have you checked with the Data Commissioner that what you are doing is perfectly legal and good practice for the protection of private Data?
Dear LG UK,
ReplyDeleteI'm furious to discover via the media that my "smart" TV has been sending details of every button press to you.
1. Please inform me the version number of the TV firmware where this snooping commenced.
2. On what date did that version become available for download by the 2012 smart TV range?
3. How was "informed consent" obtained such that each individual user of the upgraded 2012 television fully understands and agrees to the data collection?
4. How can users of a 2012 television seek recompense for the unilateral change of contract term if they do not agree to it? The UK Consumer Protection From Unfair Trading Regulations prohibit such unilateral changes in terms.
5. What are the contact details of your data controller (the Data Protection Act requires that you have one) and do you propose to charge a fee for a Subject Access Request under the Act?
I look forward to your prompt reply.
I use opendns.com as an easy way of filtering what sites can be easily accessed from my home network. Any restricted domains (I add), or sites containing certain types of info (drugs, web spam etc) can also be blocked.
ReplyDeleteVisiting those sites returns a configurable access denied type page.
You simply configure your router to use opendns servers, then you can create an account and setup 'web content filtering'.
I've added the sites listed in this post. This whole thing is pretty disgusting. I really must try and setup some form of traffic analysis myself. Would appreciate any good articles out there on doing this
Yes, but then what do you do about opendns.com tracking your DNS history?
DeleteThis is true, I guess you get nothing for free. Just like trusting Google with all your searches.
DeleteI trust opendns to do the right thing, more than LG. Is this really any worse than trusting your ISP with the same DNS history...
I have logged a complaint with the Irish Data Protection Commissioner today.
ReplyDeleteI will update you with any feedback.
We have an lg smart tv too, but the tv does not allow us to turn this off - it's greyed out! That's rather naughty!!
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteBBC News Online seem to have picked this up now, midget porn and all:
ReplyDeleteJust a note - llnwd.net is the generic top-level domain for the Limelight CDN. As far as I'm aware, it's not possible to collect data using a Content Delivery Network (it's for *delivering* *content*). Other than that, interesting article.
ReplyDeleteThis really just happened:
ReplyDelete"Hello, LG support"
"Hi, I'm calling about your smart TVs"
"What is your address and postcode?"
"Why do you need to know?"
"In case we want to write to you"
"It's excessive data collection that I am calling about..."