Smart TVs are leaking data to companies like Google, Facebook and Amazon, researchers warn

Ad trackers 'pervasive' across Roku and Amazon set-top boxes

Smart TVs from companies like Samsung, LG and others are leaking sensitive user data to firms such as Google, Facebook, and Amazon. And devices such as Roku and Amazon Fire TV Sticks are no better.

That's according to two separate studies, carried out to analyse the level of surveillance that today's smart TVs and other internet-connected TV devices are conducting on users. In these studies, researchers examined smart TVs of various types and searched for ad trackers and cookies on them.

Sixty-nine per cent of Roku channels and 89 per cent of Amazon Fire TV channels were found to have ad trackers on them.

The results suggested that a lot more data tracking is taking place in an average household than most people realise.

In the first study [PDF], the researchers from the University of Chicago and Princeton University reviewed more than 2,000 channels across Roku and Amazon television devices and found "pervasive" tracking across these channels.

Google's Doubleclick was the most common of all ad trackers present in these TV channels

According to the researchers, 69 per cent of Roku channels and 89 per cent of Amazon Fire TV channels were found to have ad trackers on them. Google's Doubleclick was the most common of all ad trackers present in these TV channels. Nine hundred and seventy five of the top 1,000 Roku channels were found to have this tracker.

Google analytics trackers were present in 360 Roku channels, the researchers said.

And on Amazon Fire TV channels, Amazon ad trackers were seen in 687 of 1,000 channels, Doubleclick and Facebook trackers were present in 307 and 196 channels, respectively.

Out of the top 1,000 Amazon Fire TV channels, WNEP was found to have the most number of trackers (64), followed by ABC7 News San Francisco (61), and Midnight Pulp (32).

The data being transmitted to advertisers included video's title, MAC addresses, SSIDs, and serial numbers/device-IDs.

Most of the devices, including smart TVs, were observed sending user data to the usual ad-tracking companies - Google, Facebook, and Amazon

The study also found that most of the channels were sending the data in an unencrypted, plaintext form.

In the second study [PDF], researchers from Northeastern University and Imperial College London examine plug-in devices as well as several smart TVs and other cloud-connected Internet of Things (IoT) devices.

Unfortunately, the situation in the IoT sector was not any better, according to researchers. Most of the devices, including smart TVs, were observed sending user data to the usual ad-tracking companies - Google, Facebook, and Amazon - as well as other organisations, including Microsoft and Akamai.

"Several non-first-party destinations (in particular Amazon, Google, and Akamai) receive information from many of our IoT devices, thus allowing them to potentially profile consumers," the researchers said.

"For example, these companies not only can learn the types of devices in a household, but also how/when they are used, simply by analysing the network traffic from IoT devices to their cloud services."

Earlier this month, Johnny Ryan, the chief policy officer of web browser maker Brave, accused Google of breaching the EU General Data Protection Regulation (GDPR) by using secret webpages to feed users' personal data to advertisers.

Ryan said he was actually trying to monitor how Google was trading his data on its advertising exchange.

According to Ryan, he found that Google had assigned him an identifying tracker that contained his location and web-browsing information, as well as other data.

Ryan believes Google was sending all that information to advertising firms via secret web pages with "no content". Those web pages enabled third-party companies to match their profiles with Google's profiles for targeting purposes.