Blocking smart TV surveillance

If you manage to do it on the tv, then it can work.
Otherwise you'll need to add them in a blacklist.

tcpdump -i br-lan ether host 00:11:22:33:44:55:66
adapt lan interface name and mac address of the tv.

I think there's more than just those sites to block.

Check out this set of lists https://perflyst.github.io/PiHoleBlocklist/

You can use them with something like simple-adblock or AdGuardHome or Pihole.

Just install addblock mate. You can have addblock set to just block adds for the IP of the TV. There is a list that was made just for this.

Interesting topic @alexmelSC

@darksky, if I understand correctly, VLAN will allow the device to access the internet, but not to "see" the rest of the network (which was one of my question in my post here: Wireless bridge with ASUS RT-10 B1). Does VLAN reduce the performances of the connection?

Would it be equivalent to some VPN services that offer some DNS filtering?

Thank you

Yes and yes.

Yes but you can install it on your router and provide LAN wide blocking/filtering.

See this thread for more details.

Thanks for the quick reply.

I should keep that in my when I update my material then (besides being old and slow, my ASUS RT seems not compatible with VLAN, according to the page here: Wireless bridge with ASUS RT-10 B1) . I will try to learn more about VLANs, but it seems that some interesting things can be managed (separation between different wifi clients; work and home PCs... Apologies if I am just discovering this, routing is a new world to me)

Check out this video to help you understand:

Communication with third parties is mentioned in the optional agreements you can chose to accept when you initialise/set your TV up. If you change your mind, and wish to revoke those agreements, you should be able to "remove" your agreement from the configuration screens, but this will likely disable some features.

Thank you.
For that, I guess I need to upgrade

1. my material (see above)
2. my skills (your thread seems way above my current level of knowledge)

Although I have really appreciated you reply, since it helps me along the path of starting to understand what I regarded as "black boxes", I need much more work before being ready for such a configuration. Let's hope in the future ...

Thank you, I have just started it

Pretty interesting videos there, thank you @darksky for making me discover them

I don't trust these agreements so i want to do it technically. I just don't believe any manufacturer as its just not in their DNA to care about things like this.

Legally speaking you are right.

Not what you asked for, but I operate my nominally smart tv as simple hdmi monitor... in my case that just moves the problem around a bit, but apple was spying on me anyways (I use 'itunes', erm apple movies as it seems to be called currently).

@alexmelSC - I spun up a guest wireless for my Samsung TV. Look a this:

85.wow1446×192 22 KB

• ~70% of the traffic from it was blocked by pihole
• The TV was making up to 30 queries per second

Of the 5,950 blocked queries:

      2 log-config.samsungacr.com
      4 device-metrics-us-2.amazon.com
      4 oempprd.samsungcloudsolution.com
      4 static.doubleclick.net
     36 customerevents.netflix.com
     44 ichnaea.netflix.com
     50 config.samsungads.com
    590 lcprd1.samsungcloudsolution.net
   5216 tvpnlogopus.samsungcloud.tv

Really puts things into perspective when you see actual data on how "chatty" tv or other devices are.

Hi,

I am back to the topic because I need to plan my update of the wireless bridge.
I have few questions:

1. what is the difference between the solutions above? In a very basic way: effectiveness vs easiness to install in a OpenWRT device and use it
2. would it work even if the OpenWRT device is set up as a wireless bridge?
3. if a device is conneted to the wireless bridge with a VPN enabled, would the internet connection work? Or are there any incompatibilities between these tools and the VPN on the device?
4. if I configure the VPN (OpenVPN) directly on the wireless bridge, that would not be allow any pi-hole / AdguardHome / Ad blocking, right?

Thank you very much in advance

Any suggestions here?

Thank you

Apart from what everyone else tells (any type of dns based adblock),
you might also need to do "DNS Hijacking", since many TV's these days have hardcoded DNS/DOT/DOH endpoints for specific tracking/ad domains.
Refer here: https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns
You can redirect standard DNS to your adblock.
for DOT, you can simply block all DOT access.
for DOH, you will need banIP and use it's DOH filter list.
The above link has very clear instructions.

a Note: i recently did all the steps i mentioned above to hijack DNS and i noticed that one of my Xiaomi camera stopped working. Turns out it had hardcoded 8.8.8.8, and it pings that google's DNS to check if there's working internet available, and if not, it just stops working. So i had to whitelist that specific device to allow pings to 8.8.8.8 via iptables.

Just keep in mind, that by using banIP or similar services (in my case adblock) you are putting important decisions about what can be reached in the internet into the hands of who ever compiles these lists... that is nothing bad per se, but something to keep in mind as it clearly is something that could be abused...