Correct. Assuming your TV doesn't connect to open wifi access points.
And assuming you never want to use any of the smart features or apps.
Yes you can build your own HTPC, and connect it to the TV, that is what I've been doing for the past 8 years.
You could also setup a virtual LAN. And disallow internet on that VLAN. Or go to the Privacy & Terms menu in the TV and disallow all privacy settings (opt-out).
Is there evidence of this happening?
Well no.. but I can't rule it out either.
The original author that is indeed behind a paywall doesn't know what he is talking about. I dove into the official study and it seems to be 500ms interval data gathering. But only 1 time per minute batches together 8KB data sent back to Samsung.
Since it can also connect to untrusted wifi access point (eg. without password). You need to live in a Faraday cage ..
Again your media PC (or HTPC) is still connected to a smart TV. And the problem is with the TV recording HDMI data. In fact, if you read correctly, the Smart TV does no record data from the built-in apps like Netflix.
It still can connect to untrusted wifi access point (without password protection). So also try to go to: Settings Menu -> General & Privacy -> Terms & Privacy -> And there is a whole list of privacy setting. Try to find the option to: Do not agree with all. Or you need to manually disallow each privacy option.. Good luck!
You can go to Settings Menu -> General & Privacy -> Terms & Privacy -> And there is a whole list of privacy setting you automatically agreed with (which you didn't). However, you should find an option for: Do not agree with all. Or you need to manually disallow each privacy option.. Good luck!
I'm the OP, but not the author of this article posted.
After I dove deep into the study, the study said it records data at 500ms. And then it batches the data together, and only sent data once per minute back to Samsung. Between 8kB and 9kB of data per minute. So definitely not 4K screenshots.
I agree. I'm the OP, but not the author of this article. I do believe this author doesn't know what he is talking about. After looking at the study, it seems it does record data at 500ms interval. However, only in intervals of 1 time per minute 8kB of data is sent back, meaning its only some kind of meta data.
2000 dollar/euro premium price for Samsung S95D isn't high enough?? No.. we already pay up-front with money. This is just a very nasty trick by Samsung & LG.
Causing the smart TV become even slower hahaha
Again, Samsung and LG is sniffing the HDMI port.. So especially if you use another device like an Apple TV or Android or HTPC running Linux, only then Samsung & LG will record this data and sent back to HQ.
No... they only record on HDMI.
It could also be the f*king soundbar?? https://github.com/home-assistant/core/issues/34810#issuecomment-621507325
Dynamic Host Configuration Protocol (DHCP) called Boot Server Discovery Protocol (BSDP), which is displayed in the data package section (version 0.1?).
I also see it with Wireshark on my network using the udp.port == 15600 filter.
It automatically connects to unprotected wifi access points.
Every major tech major brands and business, even cars like BMW and now also TVs like Samsung or LG are all spying on their customers. And why isn't this forbidden by lawn already?
So the data is still captured every 500ms. But it batches the data together and indeed only send data of around 8kb every minute back to the centralized server. But 8kb can not be full screenshots of MBs of course, so this is some kind of meta / fingerprint data. The original author (Jeremy Hsu) is misleading here with the term "screenshot every 500ms".
the remaining scenarios exhibit consistent peak values occurring every minute, accompanied by additional smaller traffic one minute following each peak. Samsung’s official documentation (Canada, 2022a) mentions that its ACR captures the frames every 500ms, suggesting that Samsung batches the captures as well and sends the fingerprints every minute. The differences in ACR capture frequency explains the different network behavior across the two brands.
By Jeremy Hsu on September 24, 2024
---
Popular smart TV models made by Samsung and LG can take multiple snapshots of what you are watching every second – even when they are being used as external displays for your laptop or video game console.
Smart TV manufacturers use these frequent screenshots, as well as audio recordings, in their automatic content recognition systems, which track viewing habits in order to target people with specific advertising. But researchers showed this tracking by some of the world’s most popular smart TV brands – Samsung TVs can take screenshots every 500 milliseconds and LG TVs every 10 milliseconds – can occur when people least expect it.
“When a user connects their laptop via HDMI just to browse stuff on their laptop on a bigger screen by using the TV as a ‘dumb’ display, they are unsuspecting of their activity being screenshotted,” says Yash Vekaria at the University of California, Davis. Samsung and LG did not respond to a request for comment.
Vekaria and his colleagues connected smart TVs from Samsung and LG to their own computer server. Their server, which was equipped with software for analysing network traffic, acted as a middleman to see what visual snapshots or audio data the TVs were uploading.
They found the smart TVs did not appear to upload any screenshots or audio data when streaming from Netflix or other third-party apps, mirroring YouTube content streamed on a separate phone or laptop or when sitting idle. But the smart TVs did upload snapshots when showing broadcasts from the TV antenna or content from an HDMI-connected device.
The researchers also discovered country-specific differences when users streamed the free ad-supported TV channel provided by Samsung or LG platforms. Such user activities were uploaded when the TV was operating in the US but not in the UK.
By recording user activity even when it’s coming from connected laptops, smart TVs might capture sensitive data, says Vekaria. For example, it might record if people are browsing for baby products or other personal items.
Customers can opt out of such tracking for Samsung and LG TVs. But the process requires customers to either enable or disable between six and 11 different options in the TV settings.
“This is the sort of privacy-intrusive technology that should require people to opt into sharing their data with clear language explaining exactly what they’re agreeing to, not baked into initial setup agreements that people tend to speed through,” says Thorin Klosowski at the Electronic Frontier Foundation, a digital privacy non-profit based in California.
https://www.newscientist.com/article/2449198-smart-tvs-take-snapshots-of-what-you-watch-multiple-times-per-second/ (paywall!!)
Sad story ahead
Today I fully removed Firefox as my main browser. It's banned from all my devices from now onwards. I used Firefox as my only browser since I was 10 years old. Which is 24 years now (24 years!). I loved
Firefox trying to be a good alternative to Chrome, promoting open-source and showing the world that privacy does matter. Sadly not anymore, recently after Mozilla hostile CEO takeover and moving the company forward to an advertisement company. Neglecting privacy. And fully want the other way around, tracking user data sending back to Mozilla. And at the same time Mozilla has also became an ads company just like Google, so there is no difference anymore really. And it only goes down-hill from here.
Furthermore, Mozilla is spending more money in AI companies then in the product Firefox itself. So..
Luckily, there are plenty great Firefox forks! Look into some of them yourself and really pick an alternative rather sooner than later:
- LibreWolf
- Floorp (I went with Floorp, thus far it's great!!!)
- Waterfox
- Mullvad
Just pick one, anything... from above list!
I know, it's sad. It's very sad, after 24 years I didn't went to leave Firefox, but this last moves was the straw that broke the camel's back. I'm out, cya at the fork!
I saw today the infamous pop-up of YouTube again that they will block the video player after 2 more videos if I keep using uBlock Origin. \\ Google.
Some people might think you can only use or set environment variable of the service in docker compose eg.:
``` my-service: image: lts-alpine environment: MY_SECRET_KEY: ${MY_SECRET_KEY}
```
But the same ${} syntax can be used to set a version of Docker image of PostgreSQL, like in this example below:
``` my-service: image: postgres:${POSTGRES_VERSION:-13}-alpine
```
If nothing is set, version 13 is the fallback value. Now you can set POSTGRES_VERSION environment via your shell. Or leverage the .env file of Docker:
``` POSTGRES_VERSION=16
```
When running: docker compose --env-file .env up, Docker should now use PostgreSQL v16 Alpine as Docker image.
Bonus: The docker-compose.yml filename is an old filename, use compose.yml from now. Same for other Compose files like compose.override.yml.
More info: https://docs.docker.com/compose/environment-variables/set-environment-variables/ and https://docs.docker.com/compose/environment-variables/set-environment-variables/
Kbin Servers Status. Find a Kbin server to sign up for, find one close to you!
You can also use the map feature of fediverse.observer to pick your new kbin instance.
Lemmy was/is vulnerable for XSS attacks.
Hackers try to inject JavaScript code that tries to steal your (ideally admin) cookie credentials. It seems that the admin account of lemmy.world was compromised this way (MichelleG). Other instances aren't safe either. Which could point to the custom emojis feature in the federate comments, meaning a lot of external instances could be effected by now.
Incorrect escaping of user input data could lead to these issues. Kbin just recently discovered a similar regression issue and which has been solved by now. But it seems that Lemmy was or still is vulnerable to this attack factor.
Mitigation action Lemmy users: You might want to disable JavaScript in the meanwhile.
Mitigation action for Lemmy server owner: Disable custom emoji:
``` DELETE FROM custom_emoji_keyword; DELETE FROM custom_emoji;
```
Clean-up the exploit content:
``` UPDATE comment SET content = '<REMOVED BY ADMIN>' WHERE content LIKE '%