The smart TVs studied were sending personal data such as location and IP address to Netflix and third-party advertisers.

By Ian Horswill

Posted on September 19, 2019

Smart TVs are smarter than is stated.

Two separate studies found that the smart TVs are leaking user data to companies including Netflix, Google and Facebook even when some devices are idle.

This data is being used to target you with specific advertising and probably being shared with other companies.

Read Next: What every business leader needs to know about identity governance

Researchers from Northeastern University and Imperial College London found that a number of smart TVs, including Apple TV and LG Smart TVs, and the streaming dongles Roku and Amazon’s FireTV were sending out data such as location and IP address to Netflix and third-party advertisers.

The data was sent even if the user did not have a Netflix account. The researchers also found that other smart devices including speakers and cameras were sending user data to dozens of third parties including Spotify and Microsoft.

The second study of smart TVs by Princeton University found that some apps supported by Roku and FireTV were sending data such as specific user details to third parties including Google.

“Amazon is contacted by almost half the devices in our tests, which stands out because (this means) Amazon can infer a lot of information about what you’re doing with different devices in your home, including those they don’t manufacture,” said Northeastern University author David Choffnes.

The fact that much of the data sent is encrypted means authors could not identify precisely what was being shared.

“What they can exactly see depends on what the manufacturer is sending, which we have not made an attempt to re-engineer,” said a co-author, Hamed Haddadi, from Imperial College London.

About 68% of US households had a connected TV device, including external hardware such as Roku and Apple TV, at the end of 2018, Nielsen reported in March.

The Northeastern University study, conducted on 81 different devices, both in the UK and the US, is the largest published experiment of its kind, and found “notable cases of information exposure”. 

Amazon, Google, Akamai and Microsoft were the most frequently contacted companies, partly because these companies provide cloud and networking services for smart devices to operate on.