Tuesday, February 7, 2017

My Vizio TV is Watching Me Watch - My Car Too?

http://www.huffingtonpost.com/entry/vizio-settlement_us_589962dee4b0c1284f27e534?
"According to a complaint filed by the FTC and the attorney general of New Jersey, Vizio began making TVs in 2014 that automatically tracked what people were watching. Older devices were retrofitted remotely through software updates, and all of the data was gathered without telling consumers and without their consent."

"Automatically tracked" Yes, Vizio did but how it was done and the scope is amazing as well as amazingly simple and doable.  So Vizio did it and made money selling the information harvested on a grand scale.

From the link:


"The FTC detailed how the electronics giant used hidden tracking software to spy on its customers:

On a second-by-second basis, Vizio collected a selection of pixels on the screen that it matched to a database of TV, movie and commercial content. What’s more, Vizio identified viewing data from cable or broadband service providers, set-top boxes, streaming devices, DVD players and over-the-air broadcasts. Add it all up and Vizio captured as many as 100 billion data points each day from millions of TVs.

...We’re not talking about summary information about national viewing trends. According to the complaint, Vizio got personal. The company provided consumers’ IP addresses to data aggregators, who then matched the address with an individual consumer or household. Vizio’s contracts with third parties prohibited the re-identification of consumers and households by name, but allowed a host of other personal details – for example, sex, age, income, marital status, household size, education and home ownership. And Vizio permitted these companies to track and target its consumers across devices."
Vizio selected a matrix of pixels large enough to match against a data base of digital media delivered to the TV screen via "cable or broadband service providers, set-top boxes, streaming devices, DVD players and over-the-air broadcasts."

The methodology is obviously simple:  Select a matrix size of pixels sufficiently large enough copy the matrix information and send it to Vizio.  Probably every second whatever an adequate sample rate would be for the purpose.  The variable pixel matrix size could be up to full frame every 30th or 60th of a second with any variable interval between full screen captures.  If the programming is that simple and there it is certainly probable that it could be then the the potential magnitude and purpose of this method is truly astounding!

How to find a smart TV IP address:
If your TV is connected to internet, press the Menu button on your remote device and select the Network option. Select the Network Settings and then, select IP settings option. The existing IP address of your TV appears. It will be a private IP address if you are using router to connect to your ISP.

http://whatismyipaddress.com/private-ip explains how IP address works.  A private IP address of a TV on a network conveys no user information itself.  The IP address of the internet router it is connected to in a home or any other place is the identifier that is connected to a user, the user account and all information about the user that can be obtained or attributed to the user router IP address.

Amazing!

A smart TV is a computer.  Essentially no different than the laptop I am using to write this blog entry.  Any application program running on the computer could be coded to send a screen pixel matrix copy to any programmed address on the internet?  A screen shot of what I am typing right now?  What I am typing right now is being sent to Google in real time before I even publish this bog entry.  Sent in either draft form or modifying an already posted form if I am editing it.  Beyond that known real time Google monitoring -- for spell check purposes -- any other program on my computer could be sending a matrix screen capture to an address of the programmer's choice.  

This is big:  Not only sending a screen capture but a stealth audio capture or video capture.  While the screen is always on when I am using the computer, sound capture microphone  and video camera sound/video capture may not be on unless I am using (Hey Siri, FaceTime or Skype) them or they are turned on by stealth.  A 60th of a second video frame screen capture is all that is necessary for any program to send the screen capture anywhere.  

Deep Packet inspection is a spy method to find out what is being transmitted over the internet and to whom.  Perhaps I need my own spyware program on my computer to spy on itself!  The NSA could go into the App store business!

Of course Vizio phoning home turned on by default could be turned off by the user.  That however is the "Reader Digest" turned on by default model used to scam people that are not aware that the default setting of on remains set until it is specifically turned off by the user.  Money and/information continues to flow to the originator of the "on by default" setting.  

The scope of Vizio pixel capture is even greater in the  obvious situation that what is captured on the screen may not be related to media arriving via the internet.  Arriving via a dvd for example or from my mac computer via Airplay.  From my Photos on my mac computer being displayed on my Vizio.  Yes, I do have a smart Vizio.  

Ponder this:  Face and object as well as audio recognition is a technological state of the art Artificial Intelligence fact.  It merely requires video/audio analytical programs either incorporated in the transmitting device to selectively transmit or analytical programs applied to real time or history transmissions at the receiving end.

The conclusion:  If the screen shot pixel matrix grabbed by Vizio do not match any media in its data base that is associated with customer having an interest in connection to a data base match then the screen shot still has commercial data mining value to discover a potential customer market.  Match or not it is a win/win money maker to monetize the information.  Contract with the NSA?

The potential for smart TV's to phone home data of interest to a recipient is immense.

For example:  High frequency audio coded signals can be embedded in an audio stream to trigger an event or even transmit an audio code that can be translated into a video screen display object.  Embed that high frequency coded signal into an audio recording stream and if that stream is played on any internet connected device and if the device is phoning home a detection of a high frequency range embedded audio code along with an associated UIC then bingo!  A traceable connection!  Apply that method to top secret level audio/video recording and security leaks can be identified and traced!

Speakers on the device playing the audio probably do not necessarily have the technical ability to process the high frequency range sound beyond the threshold of human hearing.  That would not be necessary.  It is likely that it could be in the digital audio sample that is computer processed.

Likewise a pixel matrix could be embedded in any video, like a video trademark, and the smart TV could be programmed to look for that pixel matrix.  Perhaps it could be pixels or small matrices of pixels distributed across the screen image over a segment of frames over a segment of time or a single video frame.  When detected....Phone Home.

The algorithms do all this are probably patented.  Some company holds the patent.  Maybe it was created in house by Vizio?  Maybe the patent holder is selling it to anyone wanting it.  Maybe it came from In-Q-tel?  NSA would not even have to pay Vizio for the information.  Simply get it for nothing by tapping into the Internet.  That however has its Government Surveillance problems.  Maybe better to pay a private business for it.  NSA gets all the money it wants so why steal it and be on the hook?  Let Vizio or any other entity using this methodology be on the hook.

Vizio is paying the price for being on the hook!  Perhaps a customer contract with Vizio includes payments in the event that Vizio is caught?  It is a cost analysis risk/reward thing.

From the top link:
"Aside from the monetary penalty, Vizio must also stop the tracking, delete most of the data it collected before March 1, 2016 and require consumers to give consent before collecting their information."

Yes, of course!  But what about the data collected and sold to customers and their retention of collected data?  That would require disclosure of any customers that bought the data.  Maybe it is good for someone that the penalty not go that far?

Who else in the smart TV domain is doing this?

Is it being done in the general internet computer domain?

Who has the patent on this method of information capture?

We are Number 1.  Vizio however sells to everyone below us.  What have they done in their courts?  

Picture this as a mild example scenario:

Closed door business briefing using a big screen Vizio TV to present proprietary business information.  The same TV has an internet connection used for other conference room matters.  Large matrix screen shots of the presentation are captured by Vizio.  If the Vizio program detects no internet connection then the screen shots are stored for transmission when the internet is connected.

Insider information?  Company secrets?

Surveillance for profit! 

Here is a real kicker:  Visio makes a router!
https://www.cnet.com/products/vizio-xwr100-dual-band-wireless-router/review/ 
What slick things can that do?

As I suspected the Vizio spyware was provided by a company that offers the product to Smart TV makers. https://en.wikipedia.org/wiki/Inscape_Data_Services
"Inscape is a provider of ACR services to Smart TV OEMs.[1] The company was founded in 2009 as TV Interactive Systems later renamed Cognitive Media Networks Inc. On August 10, 2015, Vizio acquired Cognitive Media Networks and renamed it Inscape. On July 2016 Vizio announced Inscape will spin off and operate as a separate, privately owned company."

CEO Zeev Neumeier patents on the technology here:
https://www.linkedin.com/in/zeev-neumeier-38ab271 
https://www.google.com/patents/US8930980 

http://www.bloomberg.com/research/stocks/private/snapshot.asp?privcapId=378233394 

Could be one of the data aggregators that draws personal info from all sources to their data base for monetization.  Maybe Vizio would not be a source since this is more of a tracing investigation oriented data base, not a marketing one which is BtoB.  However an upper level aggregator might aggregate both? 
https://www.bloomberg.com/news/articles/2016-08-05/this-company-has-built-a-profile-on-every-american-adult 

http://ididata.com/solutions/idicore/ 

What is it about these "credentialed" PI agencies that gives them the privelges of signing up for this personal information in accordance with government privacy rules that any ordinary citizen cannot sign up for.  It is probably only a check mark for the authorized credentialed agencies to check at the website that they agree to all the rules and regulations of use.  Exactly like the one any citizen checks in the terms of agreement for access to anything on the internet.

Doctors for example have credentialed privileges  associated with their professional ethics.  PI's?  What ethics do private snoops have?  A license?  Certification? A trench coat? Dues paying members?

https://www.toddington.com/resources/ is evidently draws from open sources, public, information but has a tool to search the open sourced data base that it sells.  It appears to be a  mixed bag of open, semi-fenced and fenced sources and tools free or available at a price.

What about the car watching us?
http://www.autoblog.com/2017/02/24/tv-vizio-privacy-car-data-listening-opinion/ 

No comments:

Post a Comment