A recent UK observer with a packet sniffer noticed that his LG “smart” TV was sending all his viewing habits back to an LG server. This included filenames from an external USB disk. Add this atop observations that Samsung’s 2012-era “smart” TVs were riddled with security holes. (No word yet on the 2013 edition.)
What’s going on here? Mostly it’s just incompetence. Somebody thought it was a good idea to build these TVs with all these features and nobody ever said “maybe we need some security people on the design team to make sure we don’t have a problem”, much less “maybe all this data flowing from the TV to us constitutes a massive violation of our customers’ privacy that will land us in legal hot water.” The deep issue here is that it’s relatively easy to build something that works, but it’s significantly harder to build something that’s secure and respects privacy.
What should you do about it? Decide which device or devices you intend to trust. Those get plugged into your network. The others don’t. For me, that means I trust a Google TV box and a TiVo box. My flat panel TV is too old to have an Ethernet jack, but if it did, it wouldn’t be plugged in. Yes, of course, the TiVo and Google TV boxes are also potentially leaking private data, but it’s at least under my control. TiVo provides an opt-out that, so far as anybody has noticed, seems to work. Likewise, Google TV allows third party apps to play things you download from the Internet. (I use the open-source ViMu.)
Also, ask yourself what you get in return for giving up your privacy. Maybe that’s customized recommendations (useful) versus targeted advertisements (creepy). Maybe you get to influence the popularity of your shows, in an aggregate, non-personally-identifying sort of way, and help keep them on the air (fantastic!), or maybe your personal information is used to profile you, in particular, and you get targeted postal advertisements (creepy). You’d think that vendors would avoid the creepy and focus on the useful, but that isn’t a given.
Of course, it would be awfully nice if regulators could catch up with this and start enforcing better behavior on these vendors. There’s no intrinsic reason that vendors can’t avoid the creepy things yet still make money (e.g., getting a referral fee when directing you to a movie that you can buy from an online streaming service), which is something that should help smooth the path to a happy medium for everybody. Meanwhile, there’s no rule that says your “smart” TV needs to be connected to anything more than an HDMI input from something else.