Praise be the folks that curate these lists. Even without a pi-hole you can plug these into any firewall for your brand(s).
More annoying is the 15 second "home menu" that pops up on my OLED every time it is turned on. I almost always forget to manually dismiss it before I set the remote down and there's no option I can find to disable it.
I would pay a premium for a TV with no internet connection.
>I would pay a premium for a TV with no internet connection.
I bought a Samsung QLED TV recently, and it works fine without an internet connection. I did give it an ethernet connection to grab firmware updates, and it downloaded a bunch of ads and crap to clutter the home screen. Luckily, unplugging the ethernet cord and factory-resetting the device got rid of the garbage and kept the updated firmware.
As a business, it is quite easy to buy panel screens without the cruft. See e.g. panelook.com and they are not expensive, though you have to add your own bezel and tuner. I'm surprised nobody turned this into a business.
Wait, so you're saying that DRM has become so ingrained in modern tech that if I wanted to connect a firestick to a Dumb Display(No electronics other than to drive the display), if that Display doesn't have DRM functionality then the app won't load or play content even though the firetv has the DRM?
Yep, been that way for a while. I remember a couple of years ago Amazon Prime refusing to play HD on a PC made from parts bought from Amazon (well, the significant ones, definitely the GPU), on a dumb TV bought via Amazon, using an Amazon branded cable...
Content obtained via torrent played, and still does, at 1080 perfectly well though, if you are looking for a workaround. I currently pipe stuff to the TV from my media array via Kodi on a Pi.
(I do actually pay for Prime, though mainly for the delivery options, and Netflix, but still consume their content "my" way more often than not)
No, the top parent here is FUD. Never give the TV itself access to the internet. Firestick would work for modern DRM, as would apple tv, a computer plugged into HDMI, etc.
Please don't throw the word "FUD" around, especially when you didn't understand the comment.
GGP did mean HDCP 2.x (DRM to encrypt the signal between display and device) which is often not supported by commercial displays. Unless devices detect a compatible, DRM-protected display, devices will refuse to play UHD content made by the movie industry.
To stream 4K from commercial services you need HDCP 2.2 or later. This was only introduced in 2013 so a 12 year old TV will not have full HDCP 2.2 support. It might have 2.0 (released in 2008) but that won't enable 4K streaming from a commercial service.
All streaming services require HDCP 2.2 support throughout the device chain. Because commercial displays aren't intended to use on-device streaming services or be used in consumer environments they often lack HDCP 2.2 support. While they might support HCDP 1.4 or 2.0, that will only support FHD content either streaming or disc-based. It's fairly difficult to find specs on commercial displays about their HDCP support level.
My Sony Bravia professional display does support HDCP. I suspect it’s actually the same hardware as the consumer version but with a different firmware. So maybe if this is a concern look for models that have equivalents in the consumer range rather than purpose-built professional displays which might lack HDCP-compliant hardware.
I'd guess most commercial displays are the consumer hardware with an alternate firmware. But the difference in firmware can mean a lack of HDCP 2.0/2.2. I bought a new TV recently and I wanted to go with a commercial display. It was unfortunately hard to find reviews of such displays and/or lists of missing features (HDCP 2.0, etc). I ended up just getting a consumer TV and banning it from the Internet. All it's content comes through an AppleTV so I don't need or want any of its native apps.
It's a ridiculous state of affairs that I have to jump through hoops just to get a TV to display a fucking video feed. I don't need or want the TV's software. I don't need or want a UI more complicated than the old analog TV genlocked character generator UI. I'll plug smart stuff into the TV if I want.
I’ve had good success with Sony Bravia professional displays. They seem to be very close to the consumer-grade version in terms of features and capabilities with just the firmware being different (bare Android TV) and cost-wise are maybe just 1/3 more expensive than the equivalent consumer version.
I can't be the only one that thinks this (DNS blocking) is an exceptionally poor solution to this problem. It's essentially whack-a-mole. You either A) don't allow your smart TV ip address to egress traffic to the internet or B) don't connect it at all. There are some domains in that list like the *.cloudfront.net that might change over time.
Part of the problem is that it's a rather terrible, leaky, and easily-worked-around hammer. It mostly only continues to work because they haven't bothered to do simple things to prevent their more technical users from blocking it.
I previously had some Roku devices in my house and they immediately went into a restricted VLAN not for the least of reasons that their ToS/privacy policy stated I was agreeing to give them permission to collect data about my network and send it back to them. Whatever that means.
Roku devices hardcode 8.8.8.8 DNS in their software. So a Pi-Hole would be useless in a typical config. Evident by the constant hammering of dns.google in my firewall logs (dropped).
DNS filtering can only be effective if you intercept/drop all other outbound DNS traffic at the edge of your network.
Yeah. It's less a hammer and more a strip of "do not cross" plastic ribbon across a freeway. It only works while they play nice, and they probably even breach it accidentally sometimes.
> Roku devices hardcode 8.8.8.8 DNS in their software.
Are they fussy about where responses come from? If not then you can redirect to your local filtering DNS service. If they do "protect" themselves that way then I'll add them to the list of devices that I'll never knowingly connect to my network.
I agree despite using DNS blocking myself. DNS blocking can easily be mitigated against with DoH or DoT at the application level. It's only a matter of time before advertisers start using either to bypass DNS blocking and serve ads.
>I agree despite using DNS blocking myself. DNS blocking can easily be mitigated against with DoH or DoT at the application level. It's only a matter of time before advertisers start using either to bypass DNS blocking and serve ads.
DoH/DoT are just the camel's nose under the tent. Just wait (perhaps it's already happening) until TV manufacturers install 4g/5g modems in their devices.
At which point, there will be a market for TV-shaped faraday cages. Or not, as that will make actually watching the TV difficult/impossible.
>Just wait (perhaps it's already happening) until TV manufacturers install 4g/5g modems in their devices.
I hear this raised every now and then, but is that even feasible economically? Those embedded cell connections are a recurring cost, after all. I'm curious if the per-unit revenue from ads and tracking is large enough to justify the per-unit cost to send/receive that data over a cell connection.
Seems like UI nudges and dark patterns to push users into connecting their TVs to their home internet connection would be cheaper and more effective.
>I hear this raised every now and then, but is that even feasible economically? Those embedded cell connections are a recurring cost, after all.
That's a great question. If it's not today, it likely will be soon.
I think it may be so already. These are niche cases, but the costs aren't so different than TVs:
I use a CPAP machine and the one I got six years ago had a cellular modem (as well as WiFi) without my involvement in any mobile account. Thankfully, I was able to disable that (and a big "Fuck you!" to Philips for being such rapacious scumbags).
I also got a Kindle as a gift in ~2004 or so and it had both WiFi and a cellular modem with no charges to me.
>Seems like UI nudges and dark patterns to push users into connecting their TVs to their home internet connection would be cheaper and more effective.
Cheaper? Definitely.
Effective? Most likely yes.
More effective than a cellular modem? Methinks not so much. A device connecting to a network over which you have no control would be much more effective, IMHO.
Aside from a small group of folks who will shoot, stab, defenestrate, bend, fold, spindle or mutilate such a device, most folks would likely just shrug and move on while being forced to watch ads.
It’s not just a recurring cost with 4G/5G modems, but it’s also practically infeasible in many countries where getting a cellular connection of any kind requires KYC and related formalities. There’s no way these TV manufacturing companies can buy one connection per TV (and accept the liabilities that come with such a connection) or get their customers to have one. If they do try WiFi to a known hotspot that the company has deployed almost everywhere, that will be a huge cost with very little benefit.
If they make the TV into one of those monstrous Alexa Show (?) devices where you can make calls or do other things, they may be able to persuade some customers to get a connection for the TV. Even then it’s a stretch because most TVs are in one place for years and the places they’re in would have WiFi/broadband coverage in the same or a nearby room.
>It’s not just a recurring cost with 4G/5G modems, but it’s also practically infeasible in many countries where getting a cellular connection of any kind requires KYC and related formalities.
That doesn't seem to bother Amazon's Whispernet.
Amazon has been doing this for years[0]. Free cellular access for specific Kindle devices for specific purposes. They've sold many millions of those around the world.
Granted, Amazon was generating revenue from selling ebooks, which was the incentive for providing the service.
>There’s no way these TV manufacturing companies can buy one connection per TV (and accept the liabilities that come with such a connection) or get their customers to have one.
If they follow Amazon's lead, they'll enter into contracts with global networks (Amazon uses AT&T) for bulk rates on carrying their products' traffic.
That said, it's not at all clear to me what the break even point might be on a per-device basis for these TVs, but the first search result for "WiFI/LTE chipset price" yielded this link[1]:
ZTE 4G Module LTE Wireless Wifi Board with Sim
Card Slot Mini Router PCB for IOT Camera GPS
Sensor Data Transmission
1 - 499 Pieces $17.49
500 - 1999 Pieces $15.99
>=2000 Pieces $14.99
I'm guessing that Sony, LG, Samsung et. al can get much better prices for their specific needs than some random Alibaba listing. That, and they already have WiFi and wired ethernet, so adding the capability is easily within reach.
Whether or not it would be profitable for the TV manufacturers is an open question.
I'm not saying that it will happen, just that it could.
I was thinking about Whispernet too, and then I thought about Sidewalk, and how some cable ISPs are offering wifi hotspot service via the router they rent you (Comcast does this).
Would manufacturers need to add cellular support if they could instead sign deals with other companies to auto-setup a wireless connection?
I realize Sidewalk is very low bandwidth, but I wonder if that's a problem for the telemetry data we're worried about.
KYC might be needed for internet access - TV’s SIMs can very well be restricted to a specific APN that only allows traffic to the ad & telemetry servers, no longer counting as “internet” access for legal purposes and thus not requiring KYC.
Car GPS devices have had them built in for almost two decades now, and they routinely sold for around $100 or less as a one-time purchase once they were relatively common (unless you wanted weekly over-the-air map updates rather than monthly or quarterly).
Far more TVs are sold than those car navigation units ever did. I don't think money is an issue if they want a slow back channel. If they wanted to ship all ads over it, sure, but periodic phone-homes? Updates to DNS-bypassing lists of IP addresses? Unless they're prevented from selling it, they'll do it eventually.
The general public seems complacent when it comes to advertising, stalking and being treated like shit by their tech in general, so I don’t see it being necessary to put modems & cellular plans in appliances because the vast majority of people is happy to voluntarily give it internet access anyway.
Until this changes (and I don’t see it happening - if anything, the new generations seem even more happy with living in an advertising-saturated world), the people who resist will be a tiny minority not worth going after.
I imagine that, at some point, advertising will pay for the costs of internet connections. I can also imagine companies subsidizing the costs of internet connections just so they can get their hands on data, or to accelerate the business model.
Companies subsidizing the cost of internet connections is already historic fact. Google fiber, googles project loon, and facebooks India initiative are already examples.
They'll go with a LoRa/LoRaWAN adapter and make a mesh network until it reaches a TV from their brand that is connected to the Internet and upload all the data.
Computer monitors are overwhelmingly "dumb", as well as having far lower latency and far higher refresh rates.
And also more expensive :) I wish I knew if that was because the crapware and ads on smart TVs are actually reducing the cost, or if it's just that smart TVs use crap hardware and software by comparison. Given how laggy they can be, that wouldn't surprise me.
I think mid-tier TVs are just a higher volume product with thinner margins compared to mid-tier monitors. The average american loves their 4K TV, but would never upgrade from the 1080p 60hz monitor they stole from work.
If you get quotes from chinese sellers on panelook, you'll find that monitor panels+drivers are cheaper than TVs with the same specs, even at 1pc pricing.
Almost certainly this is a 'little bit of a, little bit of b' type situation, right?
At least in terms of the actual display parts. The smart TV probably has some processing capabilities that are incomparably better than what you'd get in a monitor. This is, of course, used to display ads. However, the ads are necessary to subsidize the cost of the powerful SOC... wait, why do we need the SOC again?
I've wondered about this. Are the TV-sized 'gaming monitors' smart tvs? Looking at a couple of OLED ones - Aorus FO48U, Alienware AW5520QF - it doesn't look like it. No wireless, and they are expensive.
It's not clear whether they have HDCP, but... surely they must? That's table stakes for a computer monitor.
I think it's a little of both. The TV market is amazingly competitive, so it's not uncommon to find sales that are at or near cost. I suspect the reason there are so many players still in the game is because the monetary value of ads and data aggregation is really high.
>I would pay a premium for a TV with no internet connection.
No premium required. Just set your TV's with a static IP address and block outbound access to that address at your firewall.
I also blackhole the DNS entries of specific hosts that the TV attempts to contact. Blocking the IP address is sufficient, but I choose to nuke it from orbit. It's the only way to be sure. ;)
> Just set your TV's with a static IP address and block outbound access to that address at your firewall.
If you're assuming the TV is malicious, why trust it to honor that static IP setting? Doesn't even have to be malicious - a bug or carelessness could mean that it temporarily falls back to DHCP for some time in the boot process.
A separate VLAN (or wireless network) with the entire thing isolated and not being able to talk to anything is the way to go, but there just aren't many reasons to connect it to a network to begin with so save your time and just don't.
>If you're assuming the TV is malicious, why trust it to honor that static IP setting? Doesn't even have to be malicious - a bug or carelessness could mean that it temporarily falls back to DHCP for some time in the boot process.
I guess you missed this part, eh?
I also blackhole the DNS entries of specific hosts
that the TV attempts to contact. Blocking the IP
address is sufficient, but I choose to nuke it from
orbit. It's the only way to be sure. ;)
I really hope I’m not missing a silly point. I always buy a TV that has the specs I need and can afford, and have a steadfast rule that they are forbidden from ever connecting to my WiFi. No firmware updates! - if it does not work when I bought it, it goes back. If it works, I’m fine if it does the same job for its life.
What am I missing? Isn't every smart TV in the market a dumb TV if you don’t ever give it the keys to your network?
> I would pay a premium for a TV with no internet connection.
Why pay a premium when this is something that is extremely easy to achieve? Simply don't connect your TV to the internet. Criteria met. If you want to go further, you can also easily remove the WiFi antenna and ethernet ports.
I totally agree. My Sony TV has lost sound multiple times. A full restart is the only solution and that takes a few minutes.
Everything is so slow. Back when Freeview started being a thing in the UK, TVs then had a rapid TV Guide built in and everything felt instant. Now every screen change is a pause. I've got a PS5 so I'm much happier using that for apps.
It feels like feature phones were slow and laggy, we then got responsive smartphones. TVs were responsive, now they're slow and laggy.
You could pay a very small amount for a used house router and convince the TV that the house router is The Internet... and The Internet is down today. Best is if the TV doesn't try wifi when an ethernet cable is plugged in. Second best is if it has credentials to the wifi running on the used router.
Note that the router should not actually be connected to any other network.
This gets raised all the time but I just don't see it being necessary - the vast majority is happy to voluntarily provide it with an internet connection. The ones like us who fight it is a very small minority not worth spending on including modems/Sidewalk/etc in every TV.
> I would pay a premium for a TV with no internet connection.
There is a solution for which time is running out but is currently still possible. You can find someone selling a used, perfectly good television made in the era right before every single TV was a "smart" TV.
For any Australians reading, JB Hifi still has dumb Blaupunkt TVs. They're neither big nor 4k, but if you're weird like me and feel technology peaked in 2009, they're perfect.
Just as long as you never have any guests that want to be helpful and connect it to the Internet either via your guest wifi or their own phone's hotspot so they can watch their Netflix or whatever on it.
The streaming box will have to be complicit and act like an ethernet switch or NAT router (in case of Wi-Fi not supporting WDS so can't be bridged) to passthrough the connection.
There's no reason to believe this won't be a configurable option on the box itself, but this is a moot point because I have yet to see anything in the wild actually supporting Ethernet over HDMI.
This gets raised all the time but I just don't see it being necessary - the vast majority is happy to voluntarily provide it with an internet connection. The ones like us who fight it is a very small minority not worth spending on including modems/Sidewalk/etc in every TV.
Unfortunately LG has terrible sound - but a soundbar works well.
Unfortunately the LG soundbars - which integrate well with the TV - use a wifi based wireless subwoofer. the soundbar becomes a wifi access point.
There don't appear to be any wired soundbars. I guess a component speaker system + receiver is the solution, which is probably much better sound anyway.
The Gigabyte Aorus FO48U might work for you. A dumb OLED monitor the size of a small TV. Catered towards the gaming market of course but is a viable option: https://www.gigabyte.com/Monitor/AORUS-FO48U
Hopefully Software Freedom Conservancy's lawsuit against Vizio will lead to people being able to replace the OS pre-installed on smart TVs with standard Linux distros, so that blocklists like this are no longer needed. Of course even standard Linux distros have privacy issues, but they are easier to deal with than the ads and other issues in pre-installed vendor operating systems.
Best case, only Vizio will comply, and only if it turns out Vizio violated the GPL, and only if SF Conservancy resists any potentially lucrative attempts to get the case settled out of court.
Its pretty clear that Vizio violated the GPL, the question to be answered by the case is who gets to enforce the GPL.
If Conservancy win this case, then they get the precedent set that any recipient of GPLed binaries gets to sue for GPL compliance. That precedent applies to any person or company that distributes Linux or other copyleft code on hardware or elsewhere. That means any person who buys Linux hardware can sue if it doesn't come with source code. Potentially that means many more possibilities of GPL compliance suits, maybe even class action ones. The threat of that and the actual suits in turn will hopefully lead to much higher amounts of GPL compliance.
If Conservancy lose this case, then the copyright holders still get to sue for GPL compliance and I assume Conservancy will switch to pursuing Vizio in this way.
If you don’t want to do a lot of setup. If you set NextDNS as your DNS provider, you’re all set. NextDNS has a free tier that includes supporting block lists. In my opinion it’s pricing model is reasonable too.
I was just thinking about how much I hate our TV blasting random shows every time I turn it on. Who on earth wants more “recommendations by ai”? AI is short for advertising industry at this point.
Is the Pi-Hole even reasonably effective these days?
> Nearly 70% of smart TVs and 46% of game consoles were found to contain hardcoded DNS settings - allowing them to simply ignore your local network’s DNS server entirely.
You can create port forward firewall rules to redirect any outbound DNS port 53 traffic. This will not work for DNS over HTTPS, which is going to be increasingly common for IoT I'd imagine.
Many of the biggest ISPs in the US are actively monitoring DNS queries, collecting the data of which sites you visit, and packaging it for sale to ad networks and data brokers. DoH stops that.
It really doesn't, as server name indication is sent in clear text. As encrypted SNI didnt take off, you dont actually get privacy benefits from DoH and friends, just security/mild inconvenience to censors.
Says who? I think your data is very old considering that ECH replaced ESNI 2 years ago. IIRC it has ~50% adoption, same as TLS 1.3. Just about every company that cares about security supported ECH for years.
Moreover, someone has to move first. If DoH wasn’t widely deployed you’d be complaining that ECH is useless because DNS is unencrypted.
Yes and it is better that google and cloudflare do that collecting under the guise of protection...
People really are gulible aren't they...
DoH is a not or a privacy feature. It simply changes who is collecting your data and makes it harder for responsibile network operators to protect their users under the guise that the big tech companies are really protecting the users from the network operators and "big bad ISPs".
Ironic given the billions big tech is making from that data.
I see this common response, but that is not really a valid rebuttable. Companies do not need to sell your data to violate your privacy, in the case of google their entire model is selling their TARGETING, not the data. That is still a violation of privacy. The fact they did not "sell" it to a 3rd party to form the customer profile changes little.
In the case of cloudflare, it is going to be interesting how they continue to justify the free public services to institutional investors now that they are public. I have a feeling there is going to be some strong pressure to either cease the free services, or find away to monetize them which likely will involve some kind of usage of that data maybe not selling per say, but some other kind of targeting or something to add to the profitability of the company.
I am no more comfortable with cloudflare having my data than I am with google or verizion, I have never used any of their DNS services
That's a stretch given the context. A smart TV maker can put whatever they want in their own client software. They don't care what features Firefox and Google support.
They could also do that with out DoH, they dont because it is not "trivial" and prone to all kinds of downsides.
DoH is the problem here, as it hides things from network operators making it harder to block ads, spam, and other items at the network level under the guise of privacy, when in reality DoH's actual goal is to further centralize the internet into approved gate keepers like CloudFlare and Google.
I would rather pay more for a TV than have it subsidized by ads. Or even better, a TV with no smart features, then I can just connect a computer for whatever smarts I want.
Yes; PiHoles are used for far more than just blocking smart TVs. The difference between browsing the web at my house and browsing away from home is so stark that it's almost not worth browsing most sites if I'm not behind it.
I did what i think is the logical extreme and put a pihole on my tailscale network and use that as my dns on any device connected to that network so i have it on the go
I block my TV’s MAC at the router. I use a roku for the streaming apps, which doesn’t seem to hardcode it’s DNS yet. But when it does you can just write some iptables rules. When they switch to dns over https, well I don’t know then haha.
The workaround is already in use for ad hosting - serve all the content from one domain (or an IP) with services natted behind that, so if you block it, nothing works.
The ideal solution is custom clients for every service. Why use their proprietary software? We should make our own software we can use to connect to their servers. That way we can make it do whatever we want.
It probably depends on your use patterns. I have a console and a TV in my apartment, but I spend much more time on personal computers than I do on either. My Pi-hole instance is still reasonably effective for that, and I'm sure I could (eventually) be motivated to do the workaround described in the post you linked.
I've setup firewall rules to redirect traffic from some devices to avoid that, but some are starting to use dns over https which is more difficult to deal with
I don't get it. Also down below there's even a whole comment chain about how "hard it is" to buy a dumb TV. Why bother with all this blocking, just disable the surveillance entirely. Change your wifi password, don't give the new one to the TV, and use a computer as input. A TV is a big dumb monitor, full stop.
VLANs (if using Ethernet) or separate wireless network with no access to the internet nor your LAN (LAN->TV is OK, TV->LAN is not) is the only way to go. Anything else is a game of whack-a-mole that you're likely to lose.
I have extra networking hardware. I wasn't aware I could have LAN->TV but not bidirectional communication. Is there a source you know of better than googling on how to achieve this, since you seem to imply it's different than searching about VLANs since it's wireless.
Technically you'd need bidirectional communication once a LAN->TV connection has been established. What I meant is to restrict connection establishment to only LAN->TV but not the other way around.
In terms of configuring firewalls/etc, it really depends on your equipment, however in most cases there's already a catch-all rule to allow any established & related traffic so you only need to add a rule to allow the initial connection establishment from LAN->TV.
> since you seem to imply it's different than searching about VLANs since it's wireless.
When it comes to VLANs, the idea is that the Ethernet port of the TV should either be connected to a managed switch that will tag any incoming traffic on that port with a VLAN tag before sending it upstream to your router (so it can tell what it is, since at that point it'll be arriving via a port that also has trusted LAN traffic), or connect it directly to the router and have that router's port not be part of the LAN bridge.
You don't have VLANs in wireless, instead you just create a new network - however the access point itself will need to either tag all traffic from said network with a VLAN tag (so again your upstream router can differentiate between that and trusted LAN traffic arriving over the same port), or if the AP is incapable of VLAN management then dedicate it to the TV network and connect it to a managed switch or dedicated port on the router as described above.
My naive solution was going to be to assign the non-internet devices a smaller subnet with a bad gateway, and have all the "bridging" devices have IP addresses in that subnet, but with the real subnet and gateway. I'm sure VLANs are superior, but if you could tell me what's dumb about my idea I would appreciate it.
Meanwhile, do the VLANs allow the "enumerate devices" style multicast to come down from the regular LAN and be responded to?
A TV also shouldn't need an operating system that takes 30 seconds to boot up and gets laggier over time until it crashes and the TV becomes unusable. There's much more to a dumb TV than just a "smart" TV with the internet switched off.
Looks like an API versioning scheme for TVs manufactured during that fiscal year, if I were to speculate (FY2020 = Fiscal Year 2020). Remember that most TVs probably never get updated. Maybe they stopped because the API stabilized or they have mandatory auto-updates.
I just manually unchecked the cookie permissions for a couple of hundred different ad companies on my Samsung TV. Using my remote. Of course there was a button to accept all of them, but not reject them. How one of the worlds largest companies sells stuff that so blatantly violates the GDPR while web developers at tiny companies sweat over whether we can save an IP for five minutes is beyond me.
I actually bought a TV box to avoid using those so called smart functions. Samsung TV's design, especially the remote designs are crap, which make switching video source a pain in the neck.
> How one of the worlds largest companies sells stuff that so blatantly violates the GDPR while web developers at tiny companies sweat over whether we can save an IP for five minutes is beyond me.
Money solves a lot of problems, and people at tiny companies seem more likely to actually care.
Still not scaled enough. Those fines might be staggering to a small company, but for those giants, might be less than 0.5% of net profit. So you can see that Apple/Google/FB etc.. were fined for billions but they simply paid the fine and continue to do what they were doing. The reason behind is actually pretty simple: fixing those problems would probably costing them more.
Given my experience reporting breaches to the ICO and seeing no tangible action even for an actor clearly operating in bad faith and brazenly ignoring the ICO's letters, a head-in-the-sand approach to GDPR compliance is unfortunately a very valid strategy.
To be fair to the ICO, they're chronically understaffed. The only time I have ever needed them, they did the one thing I needed of them - reply-all to an email accepting the complaint I was making.
I already use this list, and one thing to note, which is not necessarily bad and can be good in many cases, is that this can also block TV firmware updates.
I just have to check manually once in a while and disable while I update the firmware. Of course firmware in most cases can also be updated via USB.
That reminds me I need to look at the traffic being requested by our Sony TVs. We recently bought one for the bedroom, and its Android/Google ecosystem seems to work pretty well. Certainly better than the crap I've heard about from LG and Samsung.
Our old LG TV stopped working last week, and we're getting a replacement Sony on Monday. I'm hoping the worst features are relatively easy to block with OpenWRT while leaving the rest of the built-in features working correctly.
(I am not affiliated with Sony, beyond working for their broadcast R&D in the UK over 20 years ago)
I got a Sony "Smart Android TV" last year, and have never connected it to the internet or cable (and therefore never updated firmware or anything), and it works perfectly as a dumb TV.
I just upgraded my ISP's router/modem and got rid of my old mikrotik. Turns out that the new router does not allow me to set custom DNS.
The new system uses a weird management style -- a combination of on router settings (https://10.0.0.1 whatever admin console) and an ISP portal. I can't set port forwarding unless I go to the ISP portal. I suppose it's to support the mobile app they are pushing. The lack of DNS customization is a pain though.
I'm assuming you're talking about Xfinity xFi. If so, you can just put it in bridge mode and use your own router.
Your own router will need to use a different private address range (e.g. 192.168.1.x or 172.16.0.x) because then you'll still be able to connect to the xFi admin interface on 10.0.0.1 (e.g. if you decide to turn off bridge mode).
The mobile app features shouldn't be related to whether you're using their router/modem, or whether you have it in bridge mode with your own router. Which features are you referring to?
I actually switched away from Shaw due to my dissatisfaction with their router/modems. Their modems are all have obnoxiously high power draws (active cooling required?!), can't have wifi entirely disabled even if you use your own access point, and all use the trashy[1] Intel PUMA chipsets. Switched to TekSavvy using Shaw last-mile infrastructure so I can use my own modem and chipset. (And support TekSavvy's lobbying efforts.) Losing access to the Shaw hot spots was a bit of a pain, but for me, it was worth it.
I like it showing me when a new device connects to the network; time based usage limits. I'm assuming if I put it in bridge mode and have my own router I'm going to lose that. How is shaw going to know who/what is connecting if my router assigns and manages DHCP?
Right, those are router features, if you don’t use the Shaw router you won’t have those features via the Shaw router, but those are pretty basic basic features for modern routers. (I use Eero, which has the features you listed via its app.)
I’ve got no real skin in your pick of router though, the Shaw one is fine if you’re okay with its limitations.
Some providers offer better pricing if you use their modem/router combo. For example, Xfinity plans come with a 1.2TB monthly data cap. So, you might have the following options:
A) $50/month with your own equipment and a data cap
B) $80/month for the same as (A), but unlimited data
C) $60/month for the same as (B), but higher bandwidth and using the ISP's equipment
- they get some data on how many (and what) LAN devices you have
- they face fewer support calls from people using DOCSIS modems with one of the buggy intel chipsets, and from people with a random router/modem combination that their support people aren't trained to debug
- they can expand their wifi hotspot network (the xfinity wifi hotspot is enabled by default, but the user can turn it off)
These are commented out, but did someone really think the app would still work after blocking these? I get blocking ads, but I don't understand the mindset of someone who wants "smart" features but still wants to block everything.
I bought a smart TV that works just fine with the smarts never enabled. I think it's a Sony, I bought it after one of these threads a few years ago when someone else said that model could simply be told to be dumb.
Based on current comments if I were to buy today it'd be a Spectre. The more consumers who refuse to buy a TV with mandatory advertising, the sooner it will stop being profitable.
About 1), if you wanted it to act as a non-smart TV, you would disconnect it from the internet entirely. Perhaps only connect it if you really want to update the software, then disconnect again. 2) seems more plausible.
My TV has some sort of smart feature bullshit, but I just never gave it any wifi access. Avoids the issue entirely and I treat the TV as a monitor+speaker combo and nothing else.
I bought a Sceptre after reading comments here. It was cheap and I'm very pleased with how dumb it is. I'm not sure if they're available everywhere, however.
Because they're not sold as televisions, they're sold as "commercial monitors", so first you have to know that, and then you have to figure out where they're sold, and then you have to figure out what is compatible with your home system.
Are the number of people who do this numerous enough for them to make the effort?
(edited to add) I feel like the real problem will be when they start adding wireless connectivity that you can't disable. I can keep my LG off the network today by refusing to configure networking for it. I can't do that if it doesn't use/require my network...
I was bored a few months ago and opened up my samsung tv to see if I could unhook the wifi antennas. Turns out there wasn't actually any in there but I was able to desolder the wifi chip. It was a small separate board mounted by 8 or so pins off the motherboard that I had to use low temp solder on.
TV still works (minus the streaming services). If you try to open the network settings the screen just shows a loading icon indefinitely.
You got very lucky that the lack of expected hardware didn't crash the boot process. If anyone is considering doing this, I'd suggest tampering with the analog part of the wireless radio instead, so that the OS still sees a Wi-Fi chip, just that it's no longer able to receive anything.
People so often fail to remember this as an option. I once wanted an Android device for listening to podcasts at the gym, but the device couldn't have any cameras or radios or microphones because of the gym's policy. I just popped it open, unsnapped a few connections, and problem solved.
Some people might be paranoid that the TV would automatically connect to any unencrypted Wi-Fi in range, but I think it's an urban legend as I've never seen it properly demonstrated and documented.
> I feel like the real problem will be when they start adding wireless connectivity that you can't disable
This gets raised all the time but I just don't see it being necessary - the vast majority is happy to voluntarily provide it with an internet connection. The ones like us who fight it is a very small minority not worth spending on including cellular modems (& the associated data plan) in every TV.
They would need to have a fallback in case people block DoH.
I think this is way further out than people may realize. I've done pentesting in a lot of different office networks and 53/UDP is open for all, but not 443/TCP unless you're a known device.
Zscaler is a multi-billion dollar company, and the comment you replied to basically describes their primary product. Cloudflare now has a Secure Web Gateway product. So does VMware, and Cisco, and just about any networking/security vendor who is trying to make a play in the "SASE" space.
Hate to say it, but invisible TLS-intercepting proxies are more widely used today than they were in the 90s.
Can you reliably block DoH? I guess if you can figure out the DoH endpoint someone is using you can block that.
On 443 blocking: Doesn't that defeat the purpose of having a "smart" streaming tv. If you are willing to blanket deny 443 you might as well just block the whole address and turn it into a dumb tv.
And on that note. I have set up unsecured wifi access points before and seen the neighborhood samsung tvs eagerly use it to send their nefarious spyware payload.
time to do tls inspection at home... but wait you cant install certs on a smart tv.....
im telling you these non-standard unrootable bricks companies keep creating needs to stop. need to balance security and right to own your own device!! let alone enviromental considerations.
How would it work to block some addresses and not others though? Only way I can think of is to block all DoH traffic, and hope it falls back to conventional DNS, and then selectively block that. If there is no fallback, you might as well disconnect it from the internet, the effect will be the same.
I used to be against smart TVs, but after I found out that Samsung TV Plus streams Clubbing.TV for free 24/7, along with 5 other music video channels, I've stopped my paid cable TV service and am now happy to be the product.
In the age of ubiquitous small form factor computing, does having one less cable net enough benefits to overcome all the problems that come up with allowing a TV on the internet
I'll finally install pi-hole because of this particular list. Never realized how good it could be to specifictly target bad software on a mostly hardware product.
Do you have a guide for doing that? I have Edgerouters, and something never set quite well with shunting all the DNS traffic for my network over to a Pi. I do love the adblocking though that it provides.
EDIT: did some research after asking like a responsible requester of such information and found https://github.com/britannic/blacklist . Looks promising :) I’d be interested if you settled on another solution.
This is it! I’ve been using it for about 3 years now.
The DNSMasq blacklist package has a command line to add other blocklists (but you come up with your own name for this list - couldn’t get this in my head when I was first setting it up). Limitations over Pihole is that there no regex and no pretty UI.
I’ve also set up firewall rules to redirect DNS traffic, but not sure how effective this is with DoH becoming mainstream. The guides I’ve found online all use the UI, but would love to be able to find a CLI guide.
Some smart TVs display ads, others are "upgraded" into displaying ads later on even if they didn't do so originally, but most importantly, a lot of them spy on what you're watching.
Dumb TVs are difficult to come by, what you now need is professional displays.
They come in different ranges and the prices & features vary a lot. Digital signage ones which might be a poor fit for a TV as they're very expensive, have different reliability requirements (24/7 operation) and may lack some features such as 4K, HDR or HDCP which are desirable if you want to use it as a TV. The ones designed/marketed for meeting room use would be my suggestion - are usually based on the same hardware as the consumer version which means you get all the features you'd expect from a consumer-grade TV (the tuner is the only part missing) and cost-wise are reasonable compared to digital signage displays.
I've had good luck with Sony's professional display range: https://pro.sony/en_GB/products/pro-displays - they are reasonably priced (in my case the markup was around 1/3 more than an equivalent consumer-grade version) and give you what seems like a consumer-grade TV with all the normal TV features but a cleaned-up firmware (bare Android TV with no BS, though the Play Store is there if you want, and you can install APKs such as Kodi directly).
Thanks for this. Does just unplugging the TV from the internet work too? All my TV comes from my pc underneath my TV.
Or is installing barebones android myself an possibility?
The best thing you can do is make your TV dumb by not connecting to the internet. Then use an Apple TV or whatever Android stick there are on commerce.
You probably only have a few services that you genuinely want the TV to reach. If I had a "smart" TV, I think I'd go with a whitelisting approach instead.
I ran allow list at home for a while with a transparent squid proxy. It worked well for me, I could add stuff to the squid Conf and reload easily but not practical for the other three people ink my home. Amazing all the endpoints failing with no visible impact on anything I wanted to use.
I sidedstepped the problem by buying a nice TV and not caring about ads or what the thing is doing w/ my wifi. Of all the things for me to get worked up over, this isn’t one of them.
Just wondering... (really interested, not being snarky!) I see this opinion with family members and other people who aren't in tech/computers (the majority of people). I figured it was because they don't know how impressive data science has become.
But you most likely do know: so what would it actually take to make you care about what they are doing over your wifi?
Transmit every remote control button push? Send hashes of audio keywords recorded from you talking and use that to recommend shows/products? Raw lidar data? Raw audio/video recording of you/your house?
Is there potentially a line they could cross, or is data just data, and therefore equally fair game?
None of that stuff would bother me — except maybe the audio and video recording. But it’s not like they’re just recording me, it’d be thousands of other people too and there’s no way I’m the most interesting of the bunch. The issue I’d have would be the bandwidth adding towards my cable ISP’s data cap. But if they use some other network, whatever go nuts.
I think that's fair, and honestly it's how 90% of the TV consumer market feels. The vast majority of people don't really care that their TV is collecting marketing info on them. I do, but I'm not going to bend over backwards to avoid it. I just won't buy one.
I don't have cable or satellite or streaming services, but I bought a dumb TV (the Sceptre listed elsewhere in this thread, in fact). It is definitely a better experience than watching movies on my laptop screen.
More annoying is the 15 second "home menu" that pops up on my OLED every time it is turned on. I almost always forget to manually dismiss it before I set the remote down and there's no option I can find to disable it.
I would pay a premium for a TV with no internet connection.