This looks really cool, but after I first learned about Automatic Content Recognition and all the ridiculous anti-privacy things these smart TVs do, I adopted a policy: A TV is a big dumb monitor, that's it, and it never ever gets internet access. So, for better or for worse, all of my TV needs go through an Apple TV, and I block Apple's 17.0.0.0/8 for that client just in case it wants to get a little too chatty about my habits with Apple. YouTube is AFAIK the only thing on there that's able to spy on me, mitigated to some extent I hope with pi hole, and 90% of the time I'm in plex or an IPTV client.
I think the person you’re replying to is more concerned about privacy implications than a security exploit involving an exotic TV airwave signal attack.
There was a long history of "jailbreakme" sites where one would "slide to jailbreak" their Apple devices because of their long history of under-investment in security.
This site is a spoof of jailbreakme, so using Apple devices as a defense is an somewhat amusing choice.
Exactly, never ever connect a smart TV to internet. Instead, connect a Apple TV/FireStick/ChromeCast/Android TV/Raspberry Pi to do the "smart" things and if they break, they will be cheaper and easier to be replaced than a TV.
At minimum they employ multiple dark patterns with the aim of getting you to fork over your email/agree to some fine print. Jellyfin is a great alternative
Yeah, that is a guilty pleasure I expect. I've looked through their privacy policy, nothing objectionable leaps out but I'd rather keep everything to myself. I may have to look at Jellyfin at some point, I've just been running Plex for so long there's a certain inertia. And plexamp is like... amazing.
I feel similarly about all modern TVs but I'm not willing to go to this much effort - I think next time I need to buy a TV I'll just get a projector instead.
I gave my very nice SmartTV to a hiking buddy last year and bought a cheap dumb TV from Walmart for $190 that only has HDMI inputs. I bought the latest Apple iTV box, and I couldn’t be happier with this setup.
In addition to better privacy (don’t SmartTV manufacturers make 30% of the profit on a TV from your data?), the user experience is so much better, no comparison really.
My wife is not 100% happy with the screen quality so I might replace the TV with a studio monitor, but for my tastes what we have is close to perfect.
I'd very much like a source on that. I filter and block everything (via whitelist) from my TV and streaming boxes. Apple hardware and services are by far the ones that makes the most connections in both amount of connections and amount of sources connecting to. A Xiaomi android box is on a far second-place.
IMO "Apple privacy" is a myth with no proof ever published unless you think Apple for some reason is a better data collector end-point. I don't believe they are and it is also beside the point. Data collected is staying collected forever which makes the collector irrelevant. They can always change their opinion - you cannot. Amount of privacy related info collected is the only thing that matters and since I cannot see the excact data collected there's only amount collected left. In that Apple is definitely #1.
At least the same concrete harm as someone spying on their neighbor without getting caught.
I do think the more compelling reason not to connect it is because as a general rule the updates they put out make the user experience worse over time and it's better to have a connected device that's easier/cheaper to replace when the cumulative security/compatability updates cause a slow down (Without getting in to anti user features like devoting more screen space to ads each update).
Some hypothetical concrete harms that are technically possible when the data is being collected:
Targeted advertising outing someones behaviour because they watched a video related to that topic on the tv.
The TV reporting you for piracy for playing a home video of your kids dancing to copyrighted music.
Reported to the government for watching speeches from an oposition party.
i seem to remember having issues with blocking 17.0.0.0/8 when i first tried it. don’t remember exactly, but probably with icloud and homekit at the very least. i wish we had better info on what services talk to which ip (plus port) ranges, and why.
I don't have iCloud or use HomeKit. Software updates stopped working and I can't download apps without suspending my rule, but I almost never do either of those things anyway. Everything I use works fine but yeah, I can see those 2 causing big issues.
I'm still using an ancient netcast based LG TV, which it's also possible to root with a few different methods. AFAIK there's no public information on how to do it, maybe I'll see about making it public too.
It would be nice if there were proper open source distros for TVs. Hopefully the GPL lawsuit against Vizio will get source code and install info, so that distros can run on them, perhaps with Kodi as the UI. It also hopes to set the precedent that anyone can sue over GPL violations, not just the copyright holder, which could help increase the available TVs that can have an open source distros, through further lawsuits by other folks.
Just used this to root my 65" LG OLED. Works great!
Looks like you can't change the root password (error writing /etc/shadow), but as the documentation says, you can load your authorized_keys and the password login is no longer allowed.
I was sort of hoping that the cpu would still be reachable from the (wired) network while in standby, but it does not seem to be.
Happy to have helped test this release. Bought a 43" just to mess with all of this on. Has been a fantastic experience. Devs are great and it has been fun seeing what all I can run.
Awesome project. You can already install third-party applications in LG webOS TVs after enabling the "Developer Mode" application, but you have to keep renewing your session every 50 hours or else your apps get deleted. Pretty annoying. Now we can circumvent that.
I'm wondering if we could use WireGuard on these TVs now. That would be sweet... Guessing the userland golang client would be trivial...
It’s cool that we can now root the latest firmwares, but the 50-hours limit for dev mode has an easy workaround. I’ve been meaning to blog about it, but basically use the webos sdk to ssh into the tv, get your tv session token stored in /var/luna/preferences/devmode_enabled and then have a cronjob somewhere that curl https://developer.lge.com/secure/ResetDevModeSession.dev?ses... every day or so.
This keep resetting the timeout - the dev mode app still shows the wrong countdown but apps will still open. Been using this for ad free YouTube for a few months.
Ah, I saw that trick on r/jellyfin this week and tried it, but noticed that the countdown wasn't reset and assumed the apps would get deleted. Well now I have root so it doesn't matter!
# /tmp/wireguard-go wg0
# ip l show dev wg0
8: wg0: <POINTOPOINT,MULTICAST,NOARP> mtu 1420 qdisc noop state DOWN mode DEFAULT group default qlen 500
link/none
Now I just need to cross-compile the wireguard-tools to get the wg command.
I have a 2017 LG 43" TV and I'm a bit disappointed.
Last year I think the back-light started breaking down - I see big square sections where the colors are less bright and purplish. The display seems to have a grid of 4x2 of these individual regions.
And the remote buttons are getting harder to press too (it's not the battery). I had remotes which worked for 12 years, this one is barely 5 years old.
The LED strips are somewhat replaceable - you should be able to find them on either eBay, AliExpress or ShopJimmy.
I will warn you however that it's quite an involved process - I know a fair few people who have managed to crack their LCDs or rip ribbon cables in the process of trying to fix backlights.
Unfortunately it seems that backlight issues are becoming more and more common - especially as most sets have a "Dynamic" mode or similar which sets the backlights to full brightness and drastically shortens their lives.
Have already committed to trying to fix my ~2012 dumb Samsung myself when it eventually fails, was happily surprised to find one or two solid YouTube channels dedicated to this.
Readit News
https://twitter.com/David3141593/status/1481993413843161092
This site is a spoof of jailbreakme, so using Apple devices as a defense is an somewhat amusing choice.
[0]: https://www.reddit.com/r/PleX/comments/30j7ye/plex_media_bro...
Also, Sceptre in the US and Swedx in the EU still make dumb TVs.
https://www.sceptre.com/
https://www.swedx.com/
If anyone knows of other brands making dumb consumer TVs, please let us know.
In addition to better privacy (don’t SmartTV manufacturers make 30% of the profit on a TV from your data?), the user experience is so much better, no comparison really.
My wife is not 100% happy with the screen quality so I might replace the TV with a studio monitor, but for my tastes what we have is close to perfect.
I'm not sure about all manufacturers but in the case of Vizio, selling user data:
- accounts for 65% of their net profit
- is double the amount of money they make from selling actual TVs
- grew 134% year over year as of Q3 2021
https://www.theverge.com/2021/11/10/22773073/vizio-acr-adver...
https://investors.vizio.com/news/news-details/2021/VIZIO-HOL...
Okay but...
>In addition to better privacy
I'd very much like a source on that. I filter and block everything (via whitelist) from my TV and streaming boxes. Apple hardware and services are by far the ones that makes the most connections in both amount of connections and amount of sources connecting to. A Xiaomi android box is on a far second-place.
IMO "Apple privacy" is a myth with no proof ever published unless you think Apple for some reason is a better data collector end-point. I don't believe they are and it is also beside the point. Data collected is staying collected forever which makes the collector irrelevant. They can always change their opinion - you cannot. Amount of privacy related info collected is the only thing that matters and since I cannot see the excact data collected there's only amount collected left. In that Apple is definitely #1.
What are some concrete harms to the individual viewer in anonymously sharing TV viewing data?
I do think the more compelling reason not to connect it is because as a general rule the updates they put out make the user experience worse over time and it's better to have a connected device that's easier/cheaper to replace when the cumulative security/compatability updates cause a slow down (Without getting in to anti user features like devoting more screen space to ads each update).
Some hypothetical concrete harms that are technically possible when the data is being collected:
Targeted advertising outing someones behaviour because they watched a video related to that topic on the tv.
The TV reporting you for piracy for playing a home video of your kids dancing to copyrighted music.
Reported to the government for watching speeches from an oposition party.
https://sfconservancy.org/copyleft-compliance/vizio.html
Looks like you can't change the root password (error writing /etc/shadow), but as the documentation says, you can load your authorized_keys and the password login is no longer allowed.
I was sort of hoping that the cpu would still be reachable from the (wired) network while in standby, but it does not seem to be.
I'm wondering if we could use WireGuard on these TVs now. That would be sweet... Guessing the userland golang client would be trivial...
This keep resetting the timeout - the dev mode app still shows the wrong countdown but apps will still open. Been using this for ad free YouTube for a few months.
Last year I think the back-light started breaking down - I see big square sections where the colors are less bright and purplish. The display seems to have a grid of 4x2 of these individual regions.
And the remote buttons are getting harder to press too (it's not the battery). I had remotes which worked for 12 years, this one is barely 5 years old.
I had my TV (similar to yours) fixed by replacing those bars, check with a TV repair shop in your area.
I will warn you however that it's quite an involved process - I know a fair few people who have managed to crack their LCDs or rip ribbon cables in the process of trying to fix backlights.
Unfortunately it seems that backlight issues are becoming more and more common - especially as most sets have a "Dynamic" mode or similar which sets the backlights to full brightness and drastically shortens their lives.