I dont add it to the wifi or drop a cat 5 cable to it and my smart phone will still see it in the house and ask if I want the two devices to connect. I miss when TVs were a bit thicker and easier to take apart so you could easily take out the wifi and Bluetooth cards.
Comment on Cox deletes ‘Active Listening’ ad pitch after boasting that it eavesdrops though our phones
RunningInRVA@lemmy.world 6 months ago
I’m confident this is built in to many smart TVs these days.
grahamja@reddthat.com 5 months ago
whofearsthenight@lemm.ee 5 months ago
If it were, it would be pretty common knowledge and there would be several news cycles about it. I don’t doubt that they could bury it in the terms of service, but we have wiretap laws in enough places that are two-party consent that it would have had to come out by now. Not to mention nerds like me running pi-hole and monitoring their traffic, repair people who could easily regonize a mic in the device, etc.
BearOfaTime@lemm.ee 5 months ago
The privacy agreement in them covers it, just like Alexa.
Check yours, if you don’t agree to the privacy agreement, things like cable and broadcast channel recognition don’t work.
It also breaks Automatic Content Recognition, which enables the manufacturer to monitor what you’re watching.
Granted that’s not the same as listening, but it’s close enough. And we know Google employees have been caught listening/watching people. There was another article just the other day of another company caught doing the same.
Just because something’s illegal doesn’t stop people from doing it.
As for catching it with monitoring… We know Microsoft has hard coded domain names into certain DLL’s since XP, so you can’t block the domains with a hosts file. There’s some talk in the Pihole community about smart tv’s being able to bypass your DNS with hard-coded IP destinations - they only need one to be able to then deliver their own DNS.
Some smart TV’s will connect to others via wifi if they don’t have connectivity, yet another way to bypass our efforts to block their connections.
That manufacturers are so blatantly adversarial makes it pretty clear they’ll try to get away with anything they can. And anything I can think of, surely their dedicated teams of engineers thought of it long before me.
neurogenesis@lemmy.dbzer0.com 5 months ago
Well. Wireshark would confirm that if it were true.
RunningInRVA@lemmy.world 5 months ago
I’m sure it will show HTTPS traffic outbound from your TV.
gravitas_deficiency@sh.itjust.works 5 months ago
I’m sure it will show no traffic whatsoever if you don’t connect your TV to your network
piecat@lemmy.world 5 months ago
There’s a dozen ways they could jump the air gap.
Ultrasonic to a phone or Alexa/Siri/etc, connect to an unsecured network, send data to a neighbor’s smart TV which is connected to Internet, Bluetooth or other to a phone
LWD@lemm.ee 5 months ago
TV’s have been spotted connecting to open networks on their own. They could easily look for alternative routes.
hasnt_seen_goonies@lemmy.world 5 months ago
It would show the encrypted out bound traffic right? You wouldn’t be able to identify it by reading the bits, but you could by the volume and not doing anything else.
KeepFlying@lemmy.world 5 months ago
Maybe. They might do some processing locally and just upload as text so it might be easy to batch the data, making the upload volume and pattern less obvious.
It also saves them network bandwidth so I’m sure that would motivate them too. Uploading raw mic data from all TVs would be expensive.
neurogenesis@lemmy.dbzer0.com 5 months ago
And with DNS requests and timing you should be able to figure whats in those packets.
GenderNeutralBro@lemmy.sdf.org 5 months ago
Sorry if this is a noob question, but…how?
DNS will tell you the server name and address, which would just be some server owned by the company. Nothing weird there unless they have the chutzpah to name it something telling. They could even bypass DNS entirely with hardcoded IP addresses.
Timing wouldn’t be a great indicator either if they aggregate requests.
They could slide anything nefarious in with daily software update checks or whatever other phone-homing they normally do, and without deep packet inspection or reverse engineering the software, it would be very difficult to tell.
I don’t think Wireshark can do deep packet inspection, can it? Assuming the client is using SSL and verifying certs, maybe even using cert pinning?
Size would be a big indicator if they’re sending full voice recordings, but not if they’re doing voice recognition locally and only sending transcripts, metadata, or keywords.
I’ve never actually done this kind of work in earnest, and my experience with Wireshark is at least a decade out of date. I’m just approaching this from the perspective of “if I were a corporate shitbag, how would I implement my shitbaggery?”
EncryptKeeper@lemmy.world 5 months ago
That’s not how that works lol