Smart Tvs
First Evaluation: February 2018
Latest Update: May 2020
Smart TVs are sets that connect to the internet, making it easy to stream videos from services such as Hulu and Netflix. Most smart TVs are equipped with “automated content recognition” (“ACR”) that scans images on viewers’ screens and identifies the content by comparing it to its own known videos, shows, and movies. In doing so, smart TVs can generate a detailed log of what consumers watch — often without clear notice or permission. In addition, consumers often cannot buy a TV that is not smart these days, thus making them more likely to be creeped on by their TV manufacturer.
Other researchers have found much the same thing. In one study, researchers at Northeastern University and Imperial College London looked at smart TVs and other internet-connected devices and found that many of them sent data to Amazon, Facebook, and Doubleclick, Google's advertising business. Nearly all the TVs sent data to Netflix even if the app wasn't installed or the owner hadn't activated it.
Another study, by researchers at Princeton and the University of Chicago, looked not at TVs but at two popular set-top streaming devices from Roku and Amazon Fire TV. More than 2,000 channels were offered, and the researchers found trackers on 69 percent of Roku channels and 89 percent of Amazon Fire TV channels. The numbers are likely to be the same for smart TVs that have Roku or Amazon platforms built in.
The smart TV itself may be subject to hacks or other security issues due to the connected nature of the product. Consumers often don’t know about how much data is collected about them while they use their tv and they often don’t know how or if they can change how much they share. Additionally, consumers have no way of evaluating the security of their smart tv. As part of one of our first case studies under the Digital Standard, we looked to evaluate smart tvs in order to respond to these two concerns.
[Excerpts gathered from CR Article: How to Turn Off Smart TV Snooping Features]
In February 2018, we performed our first ever tests on TVs using the Digital Standard. In 2020, we conducted another update on 2019 smart TVs in accordance with criteria of the Digital Standard. These generated new scores on the ratings site, incorporating data privacy and data security into our overall rating.
In March 2020, we conducted a recent study with 16 volunteers around the country showing that people may not understand what information their TVs collect, or know about settings they can use to boost their privacy. The project was part of CR's consumer experience and usability research program, in which we study how consumers interact with products to better inform our lab testing. In this case, a user-interface expert interviewed participants in an online environment as they clicked through screen shots taken from smart TV platforms. The participants helped us evaluate the type of smart TV platform they used at home, performing tasks such as finding privacy policies and the right settings for cutting down on data collection. Like laptops and smartphones, modern TVs collect consumer information, and the TVs come with privacy disclosures in their user agreements, which are typically displayed during the setup process. None of the volunteers in our study had read through an entire user agreement when they set up their TV.
Along with this, we published raw data from our Digital Standard testing including the workbook, test protocol, and test summary.
Samsung and Roku Smart TVs Vulnerable to Hacking, Consumer Reports Finds. This February 2018 report highlighted that our tests found that millions of smart TVs can be controlled by hackers exploiting easy to-find security flaws—this includes Samsung televisions, models made by TCL, and other brands that use the Roku TV smart-TV platform. Moreover, the TVs collect detailed information on their users, which raises privacy concerns.
The platforms are designed for people to race through their TV’s setup, agreeing to everything, and a constant stream of viewing data will be collected through automatic content recognition. The technology identifies every show you play on the TV—including cable, over-the-air broadcasts, streaming services, and even DVDs and Blu-ray discs—and sends the data to the TV maker or one of its business partners, or both.
People can limit data collection, but they may lose functionality. For example, if people turn off ACR monitoring while still agreeing to the set’s basic privacy policy, that may keep them from getting recommendations (“You liked ‘Westworld.’ Have you checked out ‘Godless’?”) Even the basic privacy policies may ask for the right to collect information on your location, which streaming apps you click on, and more. If you say no to these basic policies, the sets revert to old-fashioned dumb TVs: without the ability to stream anything from Amazon, Netflix, or other web-based services.
The Sony television was the only one that required people to agree to a privacy policy and terms of service to complete the setup of the TV. The set uses Google’s Android TV platform, and consumers have to click yes to Google agreements, even if they don’t plan to connect to the internet. That could be a frustrating thing to discover only after you’d bought the big-screen TV at the store, lugged it home, and maybe mounted it to a wall. Even though you can’t skip the Google privacy policy, you can say no to the user agreements from Sony itself and from Samba TV, a provider of ACR technology.
[Excerpts gathered from CR Article: Samsung and Roku Smart TVs Vulnerable to Hacking, Consumer Reports Finds]