Blocking smart TV surveillance

Hi,

I have OpenWRT 22.03 installed and am soon upgrading my TV. Its a new LG and I want to block the surveillance on a network level. What is they 'right' way to do this? At the moment the OpenWRT router is vanilla and does the DNS and DHCP, I have a redirect for all port 53 traffic to the router to stop other DNS being used. I'd prefer not to install adblock or pihole.

The websites to block are apparently: ad.lgappstv.com yumenetworks.com smartclip.ne smartclip.com smartshare.lgtvsdp.com ibis.lgappstv.com

Should I just do a simple hosts file > 127.0.0.1?

Second query - What's the tcpdump command so i can see what websites the LG is accessing? The LG software has updated and I'm wondering if they will do some way.

Thanks in advance.

Is your intention to keep the device connected so it can use the WAN? If so, recommend:

  1. VLANs to segregate your smarttv from your regular devices.
  2. Pi-hole or adguardhome for blocking.

Yes I want to keep it connected to the internet. I just want to try to stop it surveilling me. i might use some of the WebOS features.

What benefit does pihole and adguard give me over just making a hosts list? Will they actually stops ads being delivered to the TV? I thought video ads were very difficult to block?

If you manage to do it on the tv, then it can work.
Otherwise you'll need to add them in a blacklist.

tcpdump -i br-lan ether host 00:11:22:33:44:55:66
adapt lan interface name and mac address of the tv.

I think there's more than just those sites to block.

Check out this set of lists https://perflyst.github.io/PiHoleBlocklist/

You can use them with something like simple-adblock or AdGuardHome or Pihole.

2 Likes

Just install addblock mate. You can have addblock set to just block adds for the IP of the TV. There is a list that was made just for this.

3 Likes

Interesting topic @alexmelSC

@darksky, if I understand correctly, VLAN will allow the device to access the internet, but not to "see" the rest of the network (which was one of my question in my post here: Wireless bridge with ASUS RT-10 B1). Does VLAN reduce the performances of the connection?

Would it be equivalent to some VPN services that offer some DNS filtering?

Thank you

Yes and yes.

Yes but you can install it on your router and provide LAN wide blocking/filtering.

See this thread for more details.

Thanks for the quick reply.

I should keep that in my when I update my material then (besides being old and slow, my ASUS RT seems not compatible with VLAN, according to the page here: Wireless bridge with ASUS RT-10 B1) . I will try to learn more about VLANs, but it seems that some interesting things can be managed (separation between different wifi clients; work and home PCs... Apologies if I am just discovering this, routing is a new world to me)

Check out this video to help you understand:

1 Like

Communication with third parties is mentioned in the optional agreements you can chose to accept when you initialise/set your TV up. If you change your mind, and wish to revoke those agreements, you should be able to "remove" your agreement from the configuration screens, but this will likely disable some features.

Thank you.
For that, I guess I need to upgrade

  1. my material (see above)
  2. my skills :slight_smile: (your thread seems way above my current level of knowledge)

Although I have really appreciated you reply, since it helps me along the path of starting to understand what I regarded as "black boxes", I need much more work before being ready for such a configuration. Let's hope in the future ...

1 Like

Thank you, I have just started it :slight_smile:

Pretty interesting videos there, thank you @darksky for making me discover them

1 Like

I don't trust these agreements so i want to do it technically. I just don't believe any manufacturer as its just not in their DNA to care about things like this.

Legally speaking you are right.

1 Like

Not what you asked for, but I operate my nominally smart tv as simple hdmi monitor... in my case that just moves the problem around a bit, but apple was spying on me anyways (I use 'itunes', erm apple movies as it seems to be called currently).

@alexmelSC - I spun up a guest wireless for my Samsung TV. Look a this:

  • ~70% of the traffic from it was blocked by pihole :angry:
  • The TV was making up to 30 queries per second

Of the 5,950 blocked queries:

      2 log-config.samsungacr.com
      4 device-metrics-us-2.amazon.com
      4 oempprd.samsungcloudsolution.com
      4 static.doubleclick.net
     36 customerevents.netflix.com
     44 ichnaea.netflix.com
     50 config.samsungads.com
    590 lcprd1.samsungcloudsolution.net
   5216 tvpnlogopus.samsungcloud.tv
2 Likes

Really puts things into perspective when you see actual data on how "chatty" tv or other devices are.

1 Like

Hi,

I am back to the topic because I need to plan my update of the wireless bridge.
I have few questions:

  1. what is the difference between the solutions above? In a very basic way: effectiveness vs easiness to install in a OpenWRT device and use it
  2. would it work even if the OpenWRT device is set up as a wireless bridge?
  3. if a device is conneted to the wireless bridge with a VPN enabled, would the internet connection work? Or are there any incompatibilities between these tools and the VPN on the device?
  4. if I configure the VPN (OpenVPN) directly on the wireless bridge, that would not be allow any pi-hole / AdguardHome / Ad blocking, right?

Thank you very much in advance