Vizio smart TVs tracked viewers around the clock without consent

Vizio smart TVs tracked viewers around the clock without consent

Manufacturer will pay $2.2 million and delete data to settle privacy-invasion charges.

DAN GOODIN - 2/6/2017, 12:42 PM

Vizio, one of the world's biggest makers of Smart TVs, is paying $2.2 million to settle charges that it collected viewing habits from 11 million devices without the knowledge or consent of the people watching them.

According to a complaint filed Monday by the US Federal Trade Commission, Internet-connected TVs from Vizio contained ACR—short for automated content recognition—software. Without asking for permission, the ACR code captured second-by-second information about the video the TVs displayed. The software collected other personal information and transmitted it, along with the viewing data, to servers controlled by the manufacturer. Vizio then sold the data to unnamed third-parties for purposes of audience measurement, analysis, and tracking.

"For all of these uses, Defendants provide highly specific, second-by-second information about television viewing," FTC lawyers wrote in Monday's complaint. "Each line of a report provides viewing information about a single television. In a securities filing, Vizio states that its data analytics program, for example, 'provides highly specific viewing behavior data on a massive scale with great accuracy, which can be used to generate intelligent insights for advertisers and media content providers.'"

In an e-mailed statement, Vizio officials wrote: "The ACR program never paired viewing data with personally identifiable information such as name or contact information, and the Commission did not allege or contend otherwise. Instead, as the Complaint notes, the practices challenged by the government related only to the use of viewing data in the ‘aggregate’ to create summary reports measuring viewing audiences or behaviors."

The tracking started in February 2014 on both new TVs and previously sold devices that didn't originally ship with ACR software installed. The software periodically appended IP addresses to the collected data and also made it possible for more detailed personal information—including age, sex, income, marital status, household size, education level, home ownership, and home values—to be associated. The collection occurred under a setting that was described as a "Smart Interactivity" feature that "enables program offers and suggestions." The menu never informed users that the feature also transmitted viewing habits or other personal information. The complaint offered these additional technical details:

Through the ACR software, Vizio's televisions transmit information about what a consumer is watching on a second-by-second basis. Defendants’ ACR software captures information about a selection of pixels on the screen and sends that data to Vizio servers, where it is uniquely matched to a database of publicly available television, movie, and commercial content. Defendants collect viewing data from cable or broadband service providers, set-top boxes, external streaming devices, DVD players, and over-the-air broadcasts. Defendants have stated that the ACR software captures up to 100 billion data points each day from more than 10 million VIZIO televisions. Defendants store this data indefinitely.

Defendants’ ACR software also periodically collects other information about the television, including IP address, wired and wireless MAC addresses, WiFi signal strength, nearby WiFi access points, and other items.

The allegations are only the latest to raise troubling privacy concerns about Internet-connected TVs and other so-called Internet-of-things devices. In late 2015, security researchers found that Vizio TVs failed to properly validate the HTTPS certificates of servers they connected to when transmitting viewing-habit data. That made it trivial for anyone who had the ability to monitor and control the Internet traffic passing between the TV and the Vizio servers to impersonate the servers and view or tamper with the transmitted data. Smart TVs manufactured by LG have also been caught collecting potentially sensitive data, including a list of shows being watched, the names of files contained on connected USB drives, and the names of files shared on home or office networks.

Under the terms of the settlement, Vizio will pay $1.5 million to the FTC and $700,000 to the New Jersey Division of Consumer affairs. The settlement also requires Vizio to delete all data collected before March 1, 2016. Additionally, Vizio has agreed to prominently disclose and obtain express consent for all future data collection. The FTC has more details about the case here and here.

https://arstechnica.com/tech-policy/2017/02/vizio-smart-tvs-tracked-viewers-around-the-clock-without-consent/


Comments

Post a Comment

Popular posts from this blog

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke...
Read more

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that th...
Read more

New ATM's: withdraw money with veins in your finger

New cash machines: withdraw money with veins in your finger Cash machine technology that reads the pattern of finger veins is already available in Japan and Poland   By Telegraph Reporters 6:59PM BST 15 May 2014 Cash machines could soon be installed with devices that identify customers by reading the veins in their fingers. The technology is already being rolled out in Poland, where 1,730 cash machines will this year be installed with readers, negating the need for a debit card and Pin. Developed by Hitachi, the Japanese electronics firm, the machines read the patterns of the veins just below the surface of the skin on your finger using infra-red sensors. The light is partially absorbed by haemoglobin in the veins to capture a unique finger vein pattern profile, which is matched to a profile. The technology is used by Japanese banks and also in Turkey, offering “groundbreaking levels of accuracy and speed of authentication”, Hitachi said, which in t...
Read more