ProPublica, a nonpartisan journalism outlet I’ve done a bit of pro bono work for in the past, has released a story about how Vizeo’s smart TVs ship with an on-by-default setting that shares quite a bit of fairly invasive information, like very specific viewing habits. This includes a possibly unencrypted IP, since in their recently updated privacy policy they don’t promise that IPs will be encrypted.
“Vizio’s technology works by analyzing snippets of the shows you’re watching,” ProPublica claims, “whether on traditional television or streaming Internet services such as Netflix. Vizio determines the date, time, channel of programs — as well as whether you watched them live or recorded.”
“The viewing patterns are then connected to your IP address – the Internet address that can be used to identify every device in a home, from your TV to a phone,” the report states. This is fairly troubling since, as the article points out, “IP addresses can increasingly be linked to individuals. Data broker Experian, for instance, offers a ‘data enrichment‘ service that provide ‘hundreds of attributes‘ such as age, profession and ‘wealth indicators’ tied to a particular IP address.”
This isn’t just a part of Vizio’s business, either — it’s part of their total strategy. Their financial filings even show that it’s one of their selling points as a company. “In an October filing for an initial public offering, Vizio touted its ability to provide ‘highly specific viewing behavior data on a massive scale with great accuracy.'” While most of the companies involved refused to comment or stated that they don’t discuss those relationships (or in one case didn’t have one), it’s pretty clear between the updates of privacy policy and what’s been found so far about “Smart Interactivity” means this data collection isn’t just about information to improve their product — it’s info to sell.
Shorter version — the consumer is the product, the televisions they pay for are just part of the whole revenue model.
While Vizio has updated their privacy policy, if it’s true that they’ve sold over 10 million sets with the setting defaulted to on, it’s pretty likely those original users haven’t read the updated policy — if they even read privacy policies in the first place, which too many people don’t. The obvious, first solution with this is any app, program, or device that collects data in this way, but especially very specific data about which media you consume, should always be opt-in. I know, marketers are cringing when I say this, but think about how negative the consumer response has been to this action — it’s not worth it to gather a bit of information at the cost of brand infamy.
Secondly, if you plan to use people’s data, companies should at the very least encrypt customers’ IP addresses. I don’t trust most places with my data, but that goes double when sensitive bits like IP, SSN, full name, and the like are included. On a long enough timeline everybody gets hacked, and if nobody’s thought to rip off data like this before, it won’t take long for ner-do-wells to think of it.
Until then, consider either purchasing a dumb television for any places you watch anything sensitive, sharing multiple profiles across the same device to confuse the marketers, and/or turning off all data gathering settings you can find on your consumer electronics.
COMMENTS
Please let us know if you're having issues with commenting.