Mudsock Heights

Mudsock Heights

If you play your own files via USB on your Roku TV, you'll be asked to let Roku's

TikTok Television

By Dennis E. Powell | Posted at 2:55 PM

First in a series

Your television is spying on you, as mine is spying on me.

This is true unless you are watching only programs via broadcast signal and receive them through an antenna — and maybe you’re having your information collected even then.

There’s a good chance you are receiving your programs via cable. If so, your cable provider has, and is almost certainly selling, all kinds of information about you. They already know who you are and where you live, your bank account or credit card number, and more. Add to that knowledge of shows you watch, when you are watching and when you’re not, how many televisions you have — and even before the advent of “artificial intelligence,” the data brokers had enough to create an elaborate and largely accurate profile of you. Which they then sell to anyone who will pay for it. They are required by law to tell you about it, but you may be certain that it is presented in obscure language in the smallest possible print.

They may have blocked those data from going upstream to the places where they get the programs, or they may not. It figures in their deals with the providers, and the one thing of which you can be sure is that your privacy and interests are not at the top of the list of their considerations. Those things do not appear on the list at all.

If you are streaming your programs — if you have a “smart” television — then Katy, bar the door. It comes over the internet and guess what? Absolutely everyone in that stream is scrambling for your information. You are not given a choice. You are often not told at all, and the television manufacturers disguise and hide it.

Here, for example, is the (lack of) “privacy” policy from the Roku company, the largest maker of streaming devices. Though even on the web page the print is tiny, it makes for a worthwhile if sobering read. Here is my favorite part, because it illustrates just how invasive Roku — and remember, we’re talking about a frigging television set — is:

“Personal information about other people may be collected and used when you use Roku Smart Home devices and services. For instance, your Smart Home Devices may capture videos, images or voice content of other individuals.

“We rely on you to obtain any required permissions in advance to allow us to collect their personal information.”

Did you read those sentences? They are flat-out saying that they are bugging your house, both audio and video. There are settings where you can supposedly turn off microphones and such, sort of. Do you trust the company? I certainly don’t. (Have anything that uses Alexa or Siri or “Hey, Google” or any of the other first-named spyware? Do you have it turned on? You have bugged yourself and sent the information to a company that doesn’t give the faintest toot about you and that is always listening.)

I’d bet that less than 1 percent of Roku owners have ever read the “privacy” policy. I guarantee you that there is no way to be rid of it, to opt out, except not buying or using the television at all. And, just for fun, I bet that not one Roku owner ever asked guests coming to his home to give the Roku company permission to record their audio and video for sale to anyone who cares to buy it for whatever use, good or ill, they care to put it.

Read the whole Roku document, if you’ve been looking for a way to make your hair stand on end. As a chaser, read the TikTok “privacy” policy. Remember, we’re about to order TikTok sold because of the information it collects. The two “privacy” policies are remarkably similar. Read the privacy policy of your “smart” television or streaming device maker if it is other than Roku. Read the privacy policy of your cable company. (If you want to get right down to it, read the “privacy” policy of anything to which you subscribe.)

Get used to reading the execrable use of “partners” as a synonym for “customers.” That misleading bait-and-switch is popular other businesses, too, and by government agencies. When someone uses “partner” when he really means something else, you can be sure he’s trying to put one over on you. Beware.

My good friend Timothy Butler believes that the television products offered by Apple are better in this regard, and they may be marginally so, but I think they simply have lawyer-writers better at sanding the sharp edges off of much of the same stuff. Hilariously, if you subscribe to Apple TV program service, like dozens of others, and you want to watch it on a Roku television, there will be a pop-up box asking you if you would like Apple to share your information with Roku. (I hope that granting permission changes settings on the Apple app, because if you choose to allow it you are an idiot and Apple should allow you to watch only children’s programming. It would be the electronic version of Captain Kangaroo’s “round-nose scissors.”)

And even if these characters are as honest as they want you to believe they are, they are sometimes incompetent. Just last Friday Roku announced that more than a half-million accounts had been breached. Information made available to them through their “privacy” policy is now available on the dark web, too. And it is not as if Apple has been immune to such mischief. The information you allow to be out there is vulnerable, and often, as we’ve seen, you are not given a realistic choice.

Last year I installed a pretty good television antenna, which allows me to receive a couple of stations — it’s very hilly around here and there are no nearby cities. There is a way on my Roku television to attach the coaxial cable from the antenna, and a built-in application that scans the antenna and constructs a menu of local channels. A nice feature, but being able to receive television broadcasts on a television is scarcely a luxury. The local broadcasts include a weather radar channel that it useful every time Frontier Communications, the worst company in the world, encounters . . . weather (and often when it’s a fine day; the internet and phone have gone down here for from minutes to hours every day for the last two weeks — such is the nature of monopolies).

Anyway, it wasn’t until later that I learned that Roku collects information about the over-the-air programming you watch and uploads that to the mothership, too.

The final straw came last week when, during one of the regular communications blackouts courtesy of Frontier Communications (which survives not by providing good service but instead by government subsidy), I plugged a USB stick, containing some programs I’d saved, into a Roku device. Immediately came a popup asking me to allow the contents of the stick to be given to any channel on my device that wants them. (I just noticed in the “privacy” policy that the popup doesn’t apply to Roku — they just take it “for example, for content moderation purposes,” without your permission. It is similar to the way Apple collects information about you even when you ask it to refrain from doing so.

Oh, and last week Roku filed a patent application to show its own ads over anything you are watching — even your video game console or a movie you’re watching on DVD. Hit “pause” to answer the phone? Too bad.

I am not picking on Roku here. The others — LG’s WebOS, Google, and especially Amazon’s Fire TV — are as bad or, especially in the case of Amazon, worse, if worse is actually possible. Nor can we count on the government to protect our privacy.

You may not have noticed, but the government is made up of uncontrolled bureaucrats and elected representatives with the maturity, seriousness, and abilities of 5-year-olds who haven’t had their nap. If our privacy is to be protected, we have to do it ourselves. Our lawmakers and law enforcers won’t be of any help.

Some of this is easy and relatively convenient. I keep an anonymous pre-paid debit card for payment of the very few television services for which I pay, and another for making online purchases, where my address is necessary. For non-television online activities I use secure email (though many of my friends, who are technological morons, do not, which defeats the whole thing to an extent) and a secure messaging service. I use relatively secure browsers and add reliable security plugins to block trackers and the like. My phone and tablet run the very secure Graphene OS. And all of them employ a top-rank virtual private network, or VPN. I use a very long, unique password for everything that requires me to sign in, handled by a trusted password manager. It’s still possible to get information about me; my purpose is to make it sufficiently difficult that the effort necessary offsets any possible gain from doing so. (Also, I’m not very interesting.)

Image

Here’s the InvizBox device. It is the size of a hockey puck but marginally — only marginally — more useful. It is also festooned with irritating green and blue LEDs. It is a purchase I regret. (Credit: Dennis E. Powell)

I was not surprised to learn that the people at Roku have no provision for streaming through a VPN. (And they know who and where I am, anyway.) I thought it might be useful to add a router-based VPN, so I bought an InvizBox device, which is supposed to be a wifi repeater with your choice of VPN that will then send all your internet traffic via the VPN. I figured that I could at least change the VPN server location from time to time, creating a small amount of confusion among the data brokers. It was an attempt to restrict the Roku’s internet access due to its misbehavior. It might have helped, had it ever worked reliably. It never did for more than a few minutes. And even if it worked perfectly it would solve only one small part of the puzzle.

In the year since, I have learned that Roku is basically TikTok television, scraping all the information it can about anyone within range — and it’s a broad range; read the “privacy” policy — and selling it. No, it is not (as far as I know) owned by the Chinese Communist Party. So what? I don’t want my information made available to anyone without my full, explicit permission and no, a “how we’re invading your privacy” policy ain’t it. (And buying data from Roku would probably be cheaper for the CCP than running TikTok, anyway. Banning that contemptible site, while laudable, would be the InvizBox of legislation: wouldn’t do much if it worked at all. Comprehensive privacy legislation and vigorous prosecution of offenders is the only useful answer. As I said, don’t hold your breath.)

After the USB incident described above, which of course extends to local stations and DVDs I watch and probably the radio stations I listen to, I decided something stronger is needed. The Roku needs to lose its internet privileges entirely. Can it be done?

I think so. I’ve undertaken a project that ought to be able to do the trick, in a way that is easy.

In the next installment, I hope next week but that’s not entirely up to me, we’ll find out if it works and if so, how to do it.

Dennis E. Powell is crackpot-at-large at Open for Business. Powell was a reporter in New York and elsewhere before moving to Ohio, where he has (mostly) recovered. You can reach him at dep@drippingwithirony.com.

Share on:
Follow On:

Start the Conversation

Be the first to comment!

You need to be logged in if you wish to comment on this article. Sign in or sign up here.