Stories
Slash Boxes
Comments

SoylentNews is people

Android TV Users are Seeing Ads after Latest Update

posted by martyb on Friday April 05 2019, @12:57PM   Printer-friendly
from the how-many-are-seeing-red? dept.

NotSanguine writes:

According to Doug Lynch at xda-developers.com:

Android TV owners recently received an update across multiple platforms that have started to display sponsored content with a "Promotional Channels' title in the launcher of the Android TV software. We're currently seeing reports that it has shown up in Sony smart TVs, the Mi Box 3 from Xiaomi, NVIDIA Shield TV, and others. This has been an incredibly off-putting change for a lot of Android TV users. What makes matters worse is people were unable to disable the ads at first, but Reddit user Felisens seems to have figured out how to disable them.

[...] Update: Google's response

A Google spokesperson gave us the following statement:

Android TV is committed to optimizing and personalizing the entertainment experience at home. As we explore new opportunities to engage the user community, we're running a pilot program to surface sponsored content on the Android TV home screen.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Android TV Users are Seeing Ads after Latest Update | Log In/Create an Account | Top | 72 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by curunir_wolf on Friday April 05 2019, @08:05PM (4 children)

    by curunir_wolf (4772) on Friday April 05 2019, @08:05PM (#825091)
    pi-hole. Works for Android TV too.
    --
    I am a crackpot
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Friday April 05 2019, @09:00PM (3 children)

    by Anonymous Coward on Friday April 05 2019, @09:00PM (#825116)

    DNS-over-HTTPS will exfiltrate your data even with a pi-hole.

    • (Score: 2) by NotSanguine on Friday April 05 2019, @09:45PM (2 children)

      by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Friday April 05 2019, @09:45PM (#825140) Homepage Journal

      Egress Filtering [wikipedia.org] FTW!

      DNS sinkholes [wikipedia.org] like Pi-hole aren't bad, but as you pointed out, local DNS restrictions can be overriden, and not just with DNS-over-HTTP. Assuming your firewall allows DNS requests outbound (necessary because you don't have the whole 'net in your DNS resolver or server caches), there are a bunch of things that can be done:

      1. Using hardcoded DNS servers on the device
      This can be defeated by -- you guessed it -- egress filtering -- only allow your local DNS servers to send DNS requests to the Internet
      2. Using hardcoded IP addresses for ad servers to avoid DNS sinkholes
      Again, egress filtering is your friend -- block outbound access for the device in question
      3. DNS-over-HTTP
      This can also be defeated via egress filtering with Policy-based Routing [wikipedia.org]

      The best (if potentially inconvenient and possibly blocking services you might wish to use) way, of course, to defeat data exfiltration is to block *all* access from the device to the Internet with...wait for it...egress filtering. :)

      --
      No, no, you're not thinking; you're just being logical. --Niels Bohr

      • (Score: 0) by Anonymous Coward on Saturday April 06 2019, @08:12AM (1 child)

        by Anonymous Coward on Saturday April 06 2019, @08:12AM (#825325)

        I'm not disputing anthing you wrote. But a pi-hole doesn't do egress filtering, does it?

        I'm also interested how you would do egress filtering if Google decides to use ajax.googleapis.com for both DoH and as data collection drop point.

        • (Score: 2) by NotSanguine on Saturday April 06 2019, @10:23AM

          by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Saturday April 06 2019, @10:23AM (#825335) Homepage Journal

          I have no idea what pi-hole's capabilities are.

          I read a brief summary that implied it was a DNS sinkhole with a gui. I don't know if it has packet filtering capabilities.

          Then again, if it runs on top of Linux/Unix your can always use netfilter/iptables [wikipedia.org]. But if you do that, why bother with pi-hole at all? Just set up your own BIND server and blackhole to your heart's content. Or use something like pfSense [pfsense.org].

          As for egress filtering on various types of web traffic, that can be handled via policy based routing [wikipedia.org] (PBR). However, determining whether it's application or spying traffic may be problematic with https, as the detail you require may be in the packet payloads rather than the headers.

          If you need to perform PBR on https traffic, you'll need to implement a transparent proxy, decrypt the payloads, then make a routing decision (in this case, route vs. drop) based on the content. This can be done with Squid [squid-cache.org], Privoxy [privoxy.org] or other tools.

          As for Google using ajax.googleapis.com for DoH (DNS over http(s)?) that shouldn't be a problem for PBR, as the payload will obviously have data structures as required by the DoH API. Again, if https is in use, you'll need to use a transparent proxy to decrypt, filter then connect/drop.

          HTHAL

          --
          No, no, you're not thinking; you're just being logical. --Niels Bohr