Uncharted Waters

Feb 13 2017   1:18PM GMT

Is Your IoT Device Spying on You?

Justin Rohrman Justin Rohrman Profile: Justin Rohrman

Consumer IoT
vizio tv

I was born on the cusp of the internet revolution. As a kid, my friends and I roamed the streets and were more or less off the grid. Once we left the house, we were untraceable. We had to run to a friends house or a pay phone (remember those?) to get in touch with a parent.

It takes effort to do that today. I take for granted that my phone is connected to the internet, my thermostat and smoke detector are internet connected and can be monitored from my phone. A few years ago, we cancelled cable and started using internet connected streaming devices like the Apple TV and Amazon Fire stick.

Basically, our lives are centered around devices that connect to the internet. They are invisible and ingrained in our daily lives.

But, while we are blissfully watching TV and zoning out, our TVs are watching us and reporting back to the mother ship.

I’m not a tin-foil hat wearing, faraday cage building conspiracy theorist. This is actually your TV might really be spying on you.

In 2014, Vizio began adding  a special ingredient to their line of internet connected TVs; the ability to collect data on your TV watching habits and returning it to Vizio. Older internet connected Vizio TVs were silently updated to collect and send data. Any time your TV is on, it would collect a few pixels and match them to a database of commercial and TV content. Vizio was also able to collect data from service providers, set-top boxes, streaming devices, DVD players, and over-the-air broadcasts using an antenna. Somewhere around 100 billion pieces of data were being collected every day you used your Vizio TV.


Some products, Operating Systems and web browsers for example, have a configuration so you can opt in or out of sending data back to the company that made them. These software makers usually claim that the data is collected so they can learn about product failures and optimize future releases. The user is always given the choice to opt out, though. Vizio TVs on the other hand were collecting the data without consumer consent, and then selling off that data to advertisers and content producers.

After being caught, Vizio settled the issue for $2.2 million dollars in total; part fine paid to the FTC and part payment to the New Jersey Division of Consumer Affairs.

Vizio had $2.9 billion in revenue in 2015. And, they made some of that by selling illegally collected consumer data. Let that sink in for a second. At a cost of $2.2 million, collecting data from consumers and selling it is still a profitable business. My guess is that Vizio will continue collecting data because the profit margin is still in their favor.

Collecting data on your TV watching sounds fairly benign, but many (me for example) have their TVs connected to things like Netflix, Hulu, and iTunes that are all connected to billing information.

I read a lot about IoT security issues and the possibility of a bad guy lurking around somewhere trying to swipe information from my phone, or Apple Watches, or even cars. Thinking of cyber criminals is fun and inspires reports on the local news. But, it turns out the real risk at the moment is product manufacturers collecting and selling data with almost nonexistent consequences.

5  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • pdvarhol
    I have written similar things, and not just about IoT. I repeatedly trash Facebook for this. To be fair, I don't automatically diss it; I just think that people need to understand what they are doing when they give up personal information. Think about what you do when you type your email address or other personal information somewhere. Is it worth what you are getting out of it?
    40 pointsBadges:
  • Ruben van der Zwan
    While working at Yenlo implementing IoT and API enabled information systems all the time with open source technology, I never thought about the fact if people really mind or do not mind that their internet behaviour is being collected. I wrote a blog post about APIs collecting your personal data a while ago. Thanks for sharing your thoughts here.  
    35 pointsBadges:
  • shahnami
    25 pointsBadges:
  • wendygoerl
    What's worse, is that in more and more cases, we can't truly "opt out." For the privilege of being able to do business with them ("them" being everyone who offers the particular service/product you need), you are required to "voluntarily" accept their terms and conditions, including allowing and not interfering with their spyware.
    100 pointsBadges:
  • 0scorpion0
    Sacrificing privacy for privileges has become a sad reality. And it's not just limited to the IoT, but also social media applications & sites. Most users just don't bother with it, but a lot of sites, applications & devices would let you opt to protect your privacy by restricting the sharing of details, which you manually have to configure. Some of them don't, sadly.

    When I encounter anything that doesn't let you 'opt out,' I prefer to opt out of using it, if I don't necessarily need it...
    280 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: