Mastodawn

Ron Bowes

@dangoodin I disagree with the last point - when my Android TV pushed an update that started showing unsolicited ads, it went to e-waste recycling and I was out a couple hundred to buy a different device. If my TV decides I need to start seeing mandatory ads to use it, I'm out thousands.

My TV isn't and has never been allowed on the internet, because I'm not willing to roll the dice that the manufacturer won't push a malicious update to show ads or collect data or something. It's too expensive to replace.

@dangoodin I also don't trust the threat model of TV developers. I am fairly confident that for all their flaws Apple and Google practice decent sandboxing and OS hardening and put real money and effort into security. I'm not at all confident that the TV manufacturers do that (nor the vast majority of other smart-home vendors).

Dan Goodin Apr 29, 2024

You're concerned somebody is going to exploit a buffer overflow in your Samsung TV?

@dangoodin I'm more concerned that an app I install will interfere with other apps or my Cloud account in unexpected ways. Safety from internet attacks is one thing (super unlikely), but having a reasonable app permission model is also important, and something that Google and Apple have spent a lot of time on for their mobile platforms.

But honestly I'm MOST concerned with the manufacturer deciding I need to see more ads. I've worked very hard to keep ads out of my life, and I don't trust TV manufacturers not to hop on that bandwagon. I never plan to let my TV have an IP address or to update it.

Dan Goodin Apr 29, 2024

Perfectly legit reasons for concern, but they apply equally if not more to your phone, AppleTV and most other internet-connected devices as well.

@dangoodin Apple TV is much, much cheaper to replace than a TV. We actually DID replace our nVidia Shield (which runs Android TV) when they decided to push ads and moved to Apple.

If every platform collectively starts showing ads, maybe I'll just go back to reading books. :)

Royce Williams Apr 29, 2024

@dangoodin

I'd also argue that the "two minutes" is only briefly true. The TV manufacturers are constantly trying to figure out new ways to re-enable the tracking (and keep getting caught doing so), and also keep pushing the knobs to disable it deeper and deeper - such that the CR piece started to become outdated as soon as it was published.

If I use an Apple TV, but then also hook up a VHS player to my TV, Apple knows what I played through Apple TV, but not what VHS tapes I played. By contrast, unless I disable Internet access on the TV* or keep checking frequently for changes, the TV manufacturer does.

** and even then IIRC haven't we caught TV manufacturers caching the data, waiting for an open AP, and then uploading the backlog?

@tychotithonus @dangoodin If a device looked for / used nearby open APs, that'd be a clever way of messing with people like me. Hopefully they never do that!

At least if I don't ever update my TV or give it an IP, it's stuck at the point-of-time firmware when I bought it, which I'm perfectly fine with

Royce Williams Apr 29, 2024