https://tv-watches-you.princeton.edu/tv-tracking-acm-ccs19.pdf
Abstract:
The number of Internet-connected TV devices has grown significantly in recent years, especially Over-the-Top ("OTT") streaming devices, such as Roku TV and Amazon Fire TV. OTT devices offer an alternative to multi-channel television subscription services,and are often monetized through behavioral advertising. To shed light on the privacy practices of such platforms, we developed a system that can automatically download OTT apps (also known as channels), and interact with them while intercepting the network traffic and performing best-effort TLS interception. We used this smart crawler to visit more than 2,000 channels on two popular OTT platforms, namely Roku and Amazon Fire TV. Our results show that tracking is pervasive on both OTT platforms, with traffic to known trackers present on 69% of Roku channels and 89% of Amazon Fire TV channels. We also discover widespread practice of collecting and transmitting unique identifiers, such as device IDs,serial numbers, WiFi MAC addresses and SSIDs, at times over un-encrypted connections. Finally, we show that the countermeasures available on these devices, such as limiting ad tracking options and adblocking, are practically ineffective. Based on our findings, we make recommendations for researchers, regulators, policy makers,and platform/app developers.
(Score: 0) by Anonymous Coward on Sunday September 29 2019, @04:09PM (11 children)
HOSTS FILE and VPN fix any tracking by blacklisting the tracking servers and misdirecting the advertisers.
Put your Roku TV or your Fire TV behind a VPN firewall box with a HOSTS FILE and no advertiser can track you.
(Score: 0) by Anonymous Coward on Sunday September 29 2019, @04:13PM (8 children)
Well, there, Helpy Helperton - you don't bother to say exactly what should be HOSTED? Just use a HOSTS file? Well, then, let me contact my TV manufacturer to see what I need in my HOSTS file. /sarcasm
(Score: 0) by Anonymous Coward on Sunday September 29 2019, @04:26PM (7 children)
Get a list of "known trackers" from TFA.
(Score: 2) by barbara hudson on Sunday September 29 2019, @04:33PM (6 children)
So fuck you and fuck your stupid hosts file spam. Your ISP knows who you are, and what you subscribe to through them, and they sell this information.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: -1, Troll) by Anonymous Coward on Sunday September 29 2019, @04:45PM
Good to see you too, Looney Eunuch!
APK
(Score: 2) by Runaway1956 on Sunday September 29 2019, @04:59PM (4 children)
Uhhhh, wait. You subscribe to online services through your ISP? What the hell for? GGP isn't all that helpful, but HOSTS files are useful, and the VPN is useful, and blocking stuff at the router is at least as useful as either of the other two. My ISP only knows that stuff originates from my IP address, and goes to a VPN. They have no idea what the hell I am looking at, unless they are doing deep packet inspections on all my traffic. Even if they are doing that, I don't think they get much more than a general idea where I go, what I do, or what I have to say.
In general, I see almost zero advertising, and the little that I do see misses the mark by a wide margin. Example? I'm having a health issue, for which I have recently searched for information. The Average Joe is inundated with advertising after doing such searches. Me? Nothing at all. Not even Google has hit me with anything related to that issue.
I see more advertising on Ebay than all other sites combined. But, even Ebay comes up a day late and a dollar short in it's advertising efforts. Only AFTER I have made a purchase do they try to show me the type of item that I WAS interested in.
Defense in depth does include a good HOSTS file, it includes a good VPN, and it includes a good router. If you aren't using all three, then you can't claim to be secure online.
(Score: 2) by barbara hudson on Sunday September 29 2019, @05:40PM (3 children)
Also, many of the boxes are illegal, used to pirate paid content. This is especially true for Android boxes that come preloaded with software to pirate video from multiple providers.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Sunday September 29 2019, @05:50PM (2 children)
We are discussing Roku and Amazon Fire TV. Try to stay on topic.
(Score: 2) by barbara hudson on Sunday September 29 2019, @06:51PM (1 child)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Sunday September 29 2019, @08:58PM
You can't read.
(Score: 2, Insightful) by Anonymous Coward on Sunday September 29 2019, @07:32PM (1 child)
Which is why google is going to do DNS over HTTPS.
(Score: 2) by DannyB on Monday September 30 2019, @04:20PM
Google devices, Amazon devices, Roku devices, Apple devices, etc could all make DNS requests to the outside, bypassing your local DNS server.
Since it's HTTPS, you can't intercept or monitor what sites are being requested.
Furthermore, just to escalate the arms race, a device, such as RoKu could use a proprietary DNS protocol to its own mother ship at RoKu.
The lower I set my standards the more accomplishments I have.