First, let’s start from the beginning. Earlier this week, blogger "DoctorBeet" updated his Blogspot site with an interesting post about his LG Smart TV. Just like units sold by Samsung, LG provides ads on the main landing screen that may or may not have anything to do with apps installed on the TV set. While this isn’t exactly suspicious behavior, he conducted research on the internet and came across a corporate video advertising LG’s data collection practices.
“LG Smart Ad analyses uses favorite programs, online behavior, search keywords and other information to offer relevant ads to target audiences,” he recites. “For example, LG Smart Ad can feature sharp suits to men, or alluring cosmetics and fragrances to women. Furthermore, LG Smart Ad offers useful and various advertising performance reports that live broadcasting ads cannot to accurately identify actual advertising effectiveness.”
That led to some digging through the Smart TV’s options, which revealed a setting called “Collection of watching info” that was switched on by default (note: I couldn’t find anything like this on my Samsung Smart TV -KP). After turning this feature off, he decided to perform traffic analysis to see what was being sent, and quickly discovered that the TV was sending viewing information when the setting was switch both On and Off. Even more, this info was sent back to LG unencrypted and each time he changed the channel.
Seriously, what the hey hey!?!
“It was at this point, I made an even more disturbing find within the packet data dumps. I noticed filenames were being posted to LG's servers and that these filenames were ones stored on my external USB hard drive,” he writes. To verify this, he created a fake AVI file with a very unique name, and sure enough, the file name was listed on LG’s servers. Sometimes the names of the contents of an entire folder was posted, other times nothing was sent, he says.
“I think it's important to point out that the URL that the data is being POSTed to doesn't in fact exist, you can see this from the HTTP 404 response in the next response from LG's server after the ACK,” he writes. “However, despite being missing at the moment, this collection URL could be implemented by LG on their server tomorrow, enabling them to start transparently collecting detailed information on what media files you have stored.”
So what does LG have to say for itself? Too bad, so sad, essentially. “Unfortunately as you accepted the Terms and Conditions on your TV, your concerns would be best directed to the retailer. We understand you feel you should have been made aware of these T's and C's at the point of sale, and for obvious reasons LG are unable to pass comment on their actions.”
The best thing for LG Smart TV owners to do is to block specific internet domains in the network’s router. They are listed below: