Comment by autoexec

> If you're tracking packets can't you tell by the data size? A 4k image is a lot more data than a hash.

I admit, I've not gotten around to properly dumping that traffic. For anyone wanting to do this, there's also a spike of DNS requests every hour on the hour, even if tv is off(well, asleep). Would be interesting to see those too. Might be a fun NY holiday project right there. Even without decrypting (hopefully) encrypted traffic, it should be verifiable.

> Also just curious, what happens if you block those requests?

Due to `*.roku.com` DNS black hole, roku showed no ads but things like Netflix and YouTube using standard roku apps("channels") worked fine. I now moved on to playing content using nvidia shield and blocking outside traffic completely. Only odd thing is that the TV occasionally keeps blinking and complains about lack of network if I misclick and start something except HDMI input.

They're using perceptual hashing, not cryptographic hashing of raw pixels. So it's invariant to variable bitrate, compression, etc.

Main data comes from unbound[1], I use vector[2] to ship and transform logs. Dnstap[3] log format IME works better than the standard logs, especially when it comes to more complex queries and replies. Undesired queries get 0.0.0.0 as a response which I track.

Firewall is based on hand-rolled nftables rules.

[1]: https://www.nlnetlabs.nl/projects/unbound/about/ [2]: https://vector.dev [3]: https://dnstap.info/Examples/

Besides what others have said, another dead simple option is to use Nextdns: https://nextdns.io

Doesn't require running anything locally and supports various block rules and lists and allows you to enable full log retention if you want. I recommend it to non-techies as the easiest way to get something like pi-hole/dnscrypt-proxy. (but of course not being self-hosted has downsides)

edit: For Roku, DNS blocking like this only works if Roku doesn't use its own resolver. If it's like some Google devices it'll use 8.8.8.8 for DNS resolution ignoring your gateway/DHCP provided DNS server.

Replace your router's DNS with something like pi-hole or a bog standard dnsmasq, turn up the logging, that's it. Ubiquiti devices I think also offer detailed DNS logging but not sure.

My suggestion would be to configure your own router using a Linux distro. It's not as difficult as it sounds, the kernel already does most of the heavy lifting. All you need to really do is enable packet forwarding and configure the firewall using iptables rules (block all in, allow all out is a reasonable default). I use Unbound as my recursive DNS resolver, together with Hagezi's blacklists to provide DNS filtering. I filter ports 53 and 853, and filter by IP known public DNS servers (Hagezi maintains a list). DHCP is provided by the isc-dhcp-server package on Debian.

That's a more or less complete home router, with plenty on spare resources to run internal or external services like a Wireguard tunnel, file server, or the Docker/Podman runtime.

That being said, I still wouldn't connect a "smart" TV to the Internet. There are better options like a Linux HTPC.

Pfsense firewall. There is a week long learning curve and it’s best to put it on dedicated hardware.

It's polite to give parsers (human or otherwise) hints that they're about to encounter text which is now intended for a different kind of parser.

I recently forgot to surround my code in ``` and Gemini refused to help with it (I think I tripped a safety guardrail, it thought I was targeting it with an injection attack). Amusingly, the two ways to work around it were to fence off my code with backticks or to just respond to:

> I can't help you with that

With

> Why not?

After which it was then willing to help with the unquoted code. Presumably it then perceived it as some kind of philosophical puzzle rather than an attack.

Fair question, it does look a bit jarring when not rendered. I write a lot of markdown and it's a very strong force of habit to use backticks to sort of highlight a technical term and turn it into a noun. Similar to writing endash as a double hyphen.

When I read what I write, my eyes glance through backticks and maybe come back if I need to parse the inner term in more detail.

Markdown habit.

Tell me you don't Markdown, without telling me you don't Markdown.

It's a developer thing, using backticks means the enclosed text is emphasised when rendered from Markdown.

The TV thing isn't a new story, this was public. Everyone should have known about it and no one cared. (I could inset a boilerplate rant about Snowden here)

Those datacenters are not being built so that you can talk to ChatGPT all day, they are being built to generate and optimize ads. People who were not previously very suggestible are going to be. People who are suggestible will have their agency sold off to the highest bidder.

Avoid owning a TV? Your friends will. Maybe you can not have a FB/IG/WhatsApp account, only use cash, not have a mobile phone, but Meta (or Google, or Apple) can still detect your face in the background of photos/videos and know where you shop, travel and when.

This is really interesting. Can you expand on this? What are OTT and DSP in this context?

Do you have a sense for what data is tracked and how it's used? Or if this sort of system is blind in certain cases? (eg: I hook up an N64 to the a/v ports -- will I get retro game ads on the TV?)

> you have zero privacy

Is this data linked to me personally in some way (e.g. though an account) or is it anonymous data?

>Not to be alarmist butttt you have zero privacy.

Hence why I will never connect my TV to the internet

I understand the perils of a capitalist system but whyyy would you agree to build this

Soooo.... Why did you build it for them? You didn't have to further enable it. Despise people who just drop this kind of thing without any hint of repentance or contrition.

Would love to know what are the best things we can do to prevent this sort of tracking in general. PiHole? Don't re-use emails? On a scale of 1 to fucked are we cooked?

It'd make sense if they're using streamer in a different sense than I'm used to. I see that's at the bottom of the definitions Google will produce.

> The actual screenshot isn’t sent, some hash is generated from the screenshot and compared against a library of known screenshots of ads/shows/etc for similarity.

this is most likely the case, although there's nothing stopping them from uploading the original 4K screengrab in cases where there's no match to something in their database which would allow them to manually ID the content and add a hash or just scrape it for whatever info they can add to your dossier.

There are perceptual hashing algorithms for images/video/audio (dsp and ML based) that could work for that.

I've been led to believe those video thumbprints exist, but I know the hash of the perceived audio is often all that is needed for a match of what is currently being presented (movie, commercial advert, music-as-music-not-background, ...).

Is this what these sort of companies are doing?

TVs tend to incessantly ask for internet access, especially android ones.

Some TVs have a dedicated mobile connection, there is a SIM card and baseband radio inside. Of course only they can use it, not you.

The latter. In addition to being creepy, it’s such a horrible “feature”. I can’t imagine who thought it was a good idea.

I'm surprised to see how few of my non-technical friends and family actually care about privacy.

It’s right there in your TV’s settings though. Personally, I don’t trust them to obey the setting so my TV has no internet and I use an Apple TV.

There's probably compact signatures extracted from the screenshots (color profiles, OCR, etc) which are then uploaded later in bulk. You don't need the full original image to be able to reliably uniquely identify the content if you have an index of it already.

I thought the 2013 amendment to the VPPA largely defanged it by allowing sharing with customer consent (which is probably one of the clauses in the million-word customer agreement nobody reads).

Patient xray for example, blown up on big tv

right that's the purpose though, they don't need to ship screenshots for monitoring

I'm sure somebody's done it, but mine isn't. I do make sure to pull the microphones out of the controllers at least so while they can watch everything I'm doing on my screen they can't listen to the entire house.

> while the conversion rates plummet.

Isn't the segment who will set this up also likely to have a low conversion rate to begin with?

You'd need to make it so easy that it becomes fully mainstream. I suspect that's what happened to adblockers, it got a bit too "standard" for (Google's) comfort.

Same here. I've done this for podcasts (not in real time) and it works great. TV should be easier in some ways since the video stream and captions can also indicate an ad.

If you have a plugged-in device, then you can just disconnect the TV from the network.

...it doesn't.

Like, Apple knows what you're watching within the Apple TV app obviously.

But it's certainly not taking screenshots every second of what it displaying when you use other apps -- which shows and ads you're seeing. Nor does Apple sell personal data.

Other video apps do register what shows you're in the middle of, so they can appear on the top row of your home screen. But again, Apple's not selling that info.