Blocking smart TV surveillance

Any suggestions here?

Thank you

Apart from what everyone else tells (any type of dns based adblock),
you might also need to do "DNS Hijacking", since many TV's these days have hardcoded DNS/DOT/DOH endpoints for specific tracking/ad domains.
Refer here:
You can redirect standard DNS to your adblock.
for DOT, you can simply block all DOT access.
for DOH, you will need banIP and use it's DOH filter list.
The above link has very clear instructions.

a Note: i recently did all the steps i mentioned above to hijack DNS and i noticed that one of my Xiaomi camera stopped working. Turns out it had hardcoded, and it pings that google's DNS to check if there's working internet available, and if not, it just stops working. So i had to whitelist that specific device to allow pings to via iptables.

1 Like

Just keep in mind, that by using banIP or similar services (in my case adblock) you are putting important decisions about what can be reached in the internet into the hands of who ever compiles these lists... that is nothing bad per se, but something to keep in mind as it clearly is something that could be abused...

Interesting, it seems that the topic is more complex than I could imagine ...

Thank you very much for your hints @milindpatel63 and @moeller0

Yes, it seems quite hard to achieve what the OP is asking for. I bought a new LG with WebOSTV myself and I am facing the same question. That is how to block the TV sending its surveillance data.

With the latest WebOSTV there are 4 types of user agreements. At least the most basic agreement has to be accepted if you want to use apps like Netflix. However, even this mandatory user agreement says that LG is collection viewing information, usage patterns, and even clicks and pointer movements done with the remote.

So I was wondering how to stop that. My idea was: I use banip in whitelist mode and only allow all netflix ips and block every other connection that is not going to one of the netflix ips. It turns out that it is really hard to compile a list of all the ips needed. I tried to capture with tcpdump but it's an endless list of ips and it seems that this would take days if not longer to compile. If somebody has a working solution, any help on that issue would be much appreciated.

As you have highlighted, it is really hard, although not impossible, to come up with the right list. You can use something like adblock/adguard/pihole to as a mechanism to block all but allowed domains to a given device -- this would be achieved via DNS methods, rather than you attempting to build a comprehensive list of IP addesss.

That said, if you trust some other devices more (for example, Google TV, AppleTV, Roku, FireTV, etc.), you might find that it is easier to disconnect the TV from the network and use an STB/dongle device instead. (I don't want to open the can of worms about which devices/companies/services should be trusted or not, but just recommending a path to exclude your LG TV from the mix here).

1 Like

LG's current models access akamai, amazonaws, and a bunch of other CDNs. It not really feasible to block their data telemetry sending on a DNS level.

Like you say it's probably better to use another device and turn that TV into a TV without network access. Turns out, it's really hard to find a device that doesn't do the same like the TV is doing. However, I found an Android streaming box that can be flashed with LineageOS and still keeps
Widevine L1 so that's the best solution I could come up with.

Given that they may use many various CDNs, It would seem that dns level would be the way to do this (as compared to IP block lists)... you just need to know what domains are actually being used... and that could be challenging to conclusively determine.

The alternative is to block all except for the services/domains explicitly allowed....
yes, use an STB that you trust.

1 Like

Which Android box did you get? How's the performance, and can it control your tv volume via CEC?

I've been trying to find a decent TV box to replace some ancient roku's. I tried a few of those generic Android devices, but they had pretty awful performance and came with terrible remotes.

The Roku hardware/software is so solid that I'm tempted buy newer ones, but I hate how they've stuffed more and more ads and analytics on them over the years.

If you're in Walmart land, try their Onn Google TV 4k $20 box.

Google's own device is fine too, but the remote is awful, imho, that's why I'm looking into the Onn.

I'm currently using FireTV 4k, and are very happy with them, but the live TV app we use doesn't work on it.

I decided to go with the ONN Android TV 4K UHD streaming device. From a data privacy perspective using such devices only makes sense if one can install an OS that is not doing the same things like the TV's OS is doing.

So I chose a device that can be flashed with LineagesOS and which keeps the Widevine L1 level so Netflix works in high quality. This should work with Chromecast with Google TV and Dynalink TV Box (4K) too. Also Nvidia Shield TV is supported by LineageOS, but I don't have any infos if unlocking the bootloader on that device keeps Widevine L1.

Anyways, going that route is the best solution I could find.

1 Like