Blocking smart TV surveillance

alexmelSC · December 1, 2022, 1:25pm

Hi,

I have OpenWRT 22.03 installed and am soon upgrading my TV. Its a new LG and I want to block the surveillance on a network level. What is they 'right' way to do this? At the moment the OpenWRT router is vanilla and does the DNS and DHCP, I have a redirect for all port 53 traffic to the router to stop other DNS being used. I'd prefer not to install adblock or pihole.

The websites to block are apparently: ad.lgappstv.com yumenetworks.com smartclip.ne smartclip.com smartshare.lgtvsdp.com ibis.lgappstv.com

Should I just do a simple hosts file > 127.0.0.1?

Second query - What's the tcpdump command so i can see what websites the LG is accessing? The LG software has updated and I'm wondering if they will do some way.

Thanks in advance.

darksky · December 1, 2022, 1:29pm

Is your intention to keep the device connected so it can use the WAN? If so, recommend:

VLANs to segregate your smarttv from your regular devices.
Pi-hole or adguardhome for blocking.

alexmelSC · December 1, 2022, 1:47pm

Yes I want to keep it connected to the internet. I just want to try to stop it surveilling me. i might use some of the WebOS features.

What benefit does pihole and adguard give me over just making a hosts list? Will they actually stops ads being delivered to the TV? I thought video ads were very difficult to block?

trendy · December 1, 2022, 2:47pm

If you manage to do it on the tv, then it can work.
Otherwise you'll need to add them in a blacklist.

tcpdump -i br-lan ether host 00:11:22:33:44:55:66
adapt lan interface name and mac address of the tv.

mercygroundabyss · December 1, 2022, 4:26pm

I think there's more than just those sites to block.

Check out this set of lists https://perflyst.github.io/PiHoleBlocklist/

You can use them with something like simple-adblock or AdGuardHome or Pihole.

tapper · December 2, 2022, 9:01am

Just install addblock mate. You can have addblock set to just block adds for the IP of the TV. There is a list that was made just for this.

N2OWrt · December 2, 2022, 4:52pm

Interesting topic @alexmelSC

@darksky, if I understand correctly, VLAN will allow the device to access the internet, but not to "see" the rest of the network (which was one of my question in my post here: Wireless bridge with ASUS RT-10 B1). Does VLAN reduce the performances of the connection?

Would it be equivalent to some VPN services that offer some DNS filtering?

Thank you

darksky · December 2, 2022, 4:56pm

Yes and yes.

mercygroundabyss · December 2, 2022, 5:07pm

Yes but you can install it on your router and provide LAN wide blocking/filtering.

See this thread for more details.

N2OWrt · December 2, 2022, 5:16pm

Thanks for the quick reply.

I should keep that in my when I update my material then (besides being old and slow, my ASUS RT seems not compatible with VLAN, according to the page here: Wireless bridge with ASUS RT-10 B1) . I will try to learn more about VLANs, but it seems that some interesting things can be managed (separation between different wifi clients; work and home PCs... Apologies if I am just discovering this, routing is a new world to me)

darksky · December 2, 2022, 6:05pm

Check out this video to help you understand:

Fiouz · December 2, 2022, 6:07pm

Communication with third parties is mentioned in the optional agreements you can chose to accept when you initialise/set your TV up. If you change your mind, and wish to revoke those agreements, you should be able to "remove" your agreement from the configuration screens, but this will likely disable some features.

N2OWrt · December 2, 2022, 6:34pm

Thank you.
For that, I guess I need to upgrade

my material (see above)
my skills (your thread seems way above my current level of knowledge)

Although I have really appreciated you reply, since it helps me along the path of starting to understand what I regarded as "black boxes", I need much more work before being ready for such a configuration. Let's hope in the future ...

N2OWrt · December 2, 2022, 6:35pm

Thank you, I have just started it

N2OWrt · December 5, 2022, 3:16pm

Pretty interesting videos there, thank you @darksky for making me discover them

alexmelSC · December 5, 2022, 4:12pm

I don't trust these agreements so i want to do it technically. I just don't believe any manufacturer as its just not in their DNA to care about things like this.

Legally speaking you are right.

moeller0 · December 5, 2022, 4:23pm

Not what you asked for, but I operate my nominally smart tv as simple hdmi monitor... in my case that just moves the problem around a bit, but apple was spying on me anyways (I use 'itunes', erm apple movies as it seems to be called currently).

darksky · December 6, 2022, 10:26am

@alexmelSC - I spun up a guest wireless for my Samsung TV. Look a this:

~70% of the traffic from it was blocked by pihole
The TV was making up to 30 queries per second

Of the 5,950 blocked queries:

      2 log-config.samsungacr.com
      4 device-metrics-us-2.amazon.com
      4 oempprd.samsungcloudsolution.com
      4 static.doubleclick.net
     36 customerevents.netflix.com
     44 ichnaea.netflix.com
     50 config.samsungads.com
    590 lcprd1.samsungcloudsolution.net
   5216 tvpnlogopus.samsungcloud.tv

mercygroundabyss · December 6, 2022, 6:57pm

Really puts things into perspective when you see actual data on how "chatty" tv or other devices are.