There was another thread with a paywalled article, but here’s the actual study that found that smart TVs use “automatic content recognition” to build an ad profile for you based on what’s on your screen… including HDMI content streamed from a laptop, game console, etc. Yikes.
At a high level, ACR works by periodically capturing the content displayed on a TV’s screen and matching it against a content library to detect the content being viewed on the TV. It is essentially a Shazam-like technology for audio/video content on the smart TV [38]. ACR is implemented by all major smart TV manufacturers, including Samsung [9] and LG [55 ].
Our findings indicate that (1) ACR operates even when it is used as a “dumb” display via HDMI; (2) opt-out mecha- nisms stop ACR traffic; (3) ACR works differently in the UK as com- pared to the US.
So it seems like you’re opted-in by default, but you can stop ACR traffic by simply configuring six different options on Samsung, or eleven different options on LG.
Oh, and this doesn’t seem to happen when you’re using native streaming apps like Netflix or Disney+, because hey, they wouldn’t want to infringe on those companies’ rights by spying on them, right?
I find this difficult to read. What would have been useful is a per country/state and manufacturer overview that shows where I have to worry about what with whom. Nevertheless this is very alarming and a good reminder to never connect your TV to the internet.
Yeah, someone should definitely do that. I think this is written from the perspective of a security researcher communicating with others in the security world about a discovery they made, so it’s a) dense to read, and b) not thorough as a consumer guide.
Hopefully someone follows up with a resource like you describe.
Yeah fair enough we’re not really the target audience and the main message came through anyway.