1. bookVolume 2020 (2020): Issue 2 (April 2020)
Zeitschriftendaten
License
Format
Zeitschrift
Erstveröffentlichung
16 Apr 2015
Erscheinungsweise
4 Hefte pro Jahr
Sprachen
Englisch
access type Open Access

The TV is Smart and Full of Trackers: Measuring Smart TV Advertising and Tracking

Online veröffentlicht: 08 May 2020
Seitenbereich: 129 - 154
Eingereicht: 31 Aug 2019
Akzeptiert: 16 Dec 2019
Zeitschriftendaten
License
Format
Zeitschrift
Erstveröffentlichung
16 Apr 2015
Erscheinungsweise
4 Hefte pro Jahr
Sprachen
Englisch

In this paper, we present a large-scale measurement study of the smart TV advertising and tracking ecosystem. First, we illuminate the network behavior of smart TVs as used in the wild by analyzing network traffic collected from residential gateways. We find that smart TVs connect to well-known and platform-specific advertising and tracking services (ATSes). Second, we design and implement software tools that systematically explore and collect traffic from the top-1000 apps on two popular smart TV platforms, Roku and Amazon Fire TV. We discover that a subset of apps communicate with a large number of ATSes, and that some ATS organizations only appear on certain platforms, showing a possible segmentation of the smart TV ATS ecosystem across platforms. Third, we evaluate the (in)effectiveness of DNS-based blocklists in preventing smart TVs from accessing ATSes. We highlight that even smart TV-specific blocklists suffer from missed ads and incur functionality breakage. Finally, we examine our Roku and Fire TV datasets for exposure of personally identifiable information (PII) and find that hundreds of apps exfiltrate PII to third parties and platform domains. We also find evidence that some apps send the advertising ID alongside static PII values, effectively eliminating the user’s ability to opt out of ad personalization.

[1] Rimma Kats. How Many Households Own a Smart TV? https://www.emarketer.com/content/how-many-households-own-a-smart-tv, 2018. [Online; accessed 2019-05-10].Search in Google Scholar

[2] Hulu gained twice as many US subscribers as Netflix at the start of 2019. https://www.cnbc.com/2019/05/01/hulu-gained-twice-as-many-subscribers-as-netflix-in-us.html, 2019. [Online; accessed 2019-05-10].Search in Google Scholar

[3] Amazon: Smart TVs. https://www.amazon.com/smart-tv-store/b?ie=UTF8&node=5969290011, 2019. [Online; accessed 2019-05-10].Search in Google Scholar

[4] Connected TV Advertising is Surging. https://www.videonuze.com/article/connected-tv-advertising-is-surging, 2017. [Online; accessed 2019-05-10].Search in Google Scholar

[5] MAGNA ADVERTISING FORECASTS. https://magnaglobal.com/magna-advertising-forecasts-fall-update-executive-summary/, 2019. [Online; accessed 2019-05-10].Search in Google Scholar

[6] Jump PR. Beachfront Releases 2018 CTV Ad Data, Roku Still Leads, Amazon Growing Quickly. https://www.broadcastingcable.com/post-type-the-wire/2018-ctv-ad-data-realeased-by-beachfront, 2018. [Online; accessed 2019-05-10].Search in Google Scholar

[7] Pi-Hole: A black hole for Internet advertisements. https://pi-hole.net/, 2019. [Online; accessed 2019-05-11].Search in Google Scholar

[8] WaLLy3K. The Big Blocklist Collection. https://firebog.net, 2019. [Online; accessed 2019-04-29].Search in Google Scholar

[9] MoaAB: Mother of All AD-BLOCKING. https://forum.xda-developers.com/showthread.php?t=1916098, 2019. [Online; accessed 2019-04-22].Search in Google Scholar

[10] Kromtech Alliance Corp. Stopad for tv. https://stopad.io/tv, 2019.Search in Google Scholar

[11] Hooman Mohajeri Moghaddam, Gunes Acar, Ben Burgess, Arunesh Mathur, Danny Yuxing Huang, Nick Feamster, Edward W. Felten, Prateek Mittal, and Arvind Narayanan. Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS ’19, pages 131–147, New York, NY, USA, 2019. ACM.Search in Google Scholar

[12] UCI Networking Group. The TV is Smart and Full of Trackers: Project Page. http://athinagroup.eng.uci.edu/projects/smarttv/, 2019.Search in Google Scholar

[13] Ross Benes. 10 Ways Roku Is Growing Its Ad Business. https://www.emarketer.com/content/10-ways-roku-is-growing-its-ads-business, 2019. [Online; accessed 2019-05-10].Search in Google Scholar

[14] Garett Sloane. AMAZON IS NOW TAKING A 30 PERCENT CUT OF AD SALES FROM FIRE TV. https://adage.com/article/design/amazon-taking-30-percent-ad-sales-fire-tv/315678, 2018. [Online; accessed 2019-05-10].Search in Google Scholar

[15] Roku, Inc. The Roku Advantage. https://advertising.roku.com/advertising-solutions, 2019. [Online; accessed 2019-05-10].Search in Google Scholar

[16] Amazon.com, Inc. Amazon DSP. https://advertising.amazon.com/products/amazon-dsp, 2019. [Online; accessed 2019-05-10].Search in Google Scholar

[17] “Consumer Reports”. Samsung and Roku Smart TVs Vulnerable to Hacking. https://www.consumerreports.org/televisions/samsung-roku-smart-tvs-vulnerable-to-hacking-consumer-reports-finds/, 2018. [Online; accessed 2019-04-22].Search in Google Scholar

[18] Sapna Maheshwari. How Smart TVs in Millions of U.S. Homes Track More Than What’s On Tonight. https://www.nytimes.com/2018/07/05/business/media/tv-viewer-tracking.html, 2018. [Online; accessed 2019-05-10].Search in Google Scholar

[19] “FTC”. VIZIO to Pay $2.2 Million to FTC, State of New Jersey to Settle Charges It Collected Viewing Histories on 11 Million Smart Televisions without Users’ Consent. https://www.ftc.gov/news-events/press-releases/2017/02/viziopay-22-million-ftc-state-new-jersey-settle-charges-it, 2017. [Online; accessed 2019-04-22].Search in Google Scholar

[20] Whitson Gordon. How to Stop Your Smart TV From Tracking What You Watch. https://www.nytimes.com/2018/07/23/smarter-living/how-to-stop-your-smart-tv-from-tracking-what-you-watch.html, 2018. [Online; accessed 2019-05-10].Search in Google Scholar

[21] J. R. Mayer and J. C. Mitchell. Third-Party Web Tracking: Policy and Technology. In 2012 IEEE Symposium on Security and Privacy, pages 413–427, May 2012.Search in Google Scholar

[22] Phillipa Gill, Vijay Erramilli, Augustin Chaintreau, Balachander Krishnamurthy, Konstantina Papagiannaki, and Pablo Rodriguez. Follow the Money: Understanding Economics of Online Aggregation and Advertising. In Proceedings of the 2013 conference on Internet measurement conference, pages 141–148. ACM, 2013.Search in Google Scholar

[23] Steven Englehardt and Arvind Narayanan. Online Tracking: A 1-million-site Measurement and Analysis. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, pages 1388–1401, New York, NY, USA, 2016. ACM.Search in Google Scholar

[24] Abbas Razaghpanah, Rishab Nithyanand, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Mark Allman, Christian Kreibich, and Phillipa Gill. Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem. NDSS, 2018.Search in Google Scholar

[25] Jingjing Ren, Ashwin Rao, Martina Lindorfer, Arnaud Legout, and David Choffnes. ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, pages 361–374. ACM, 2016.Search in Google Scholar

[26] Anastasia Shuba, Athina Markopoulou, and Zubair Shafiq. NoMoAds: Effective and Efficient Cross-App Mobile Ad-Blocking. Proceedings on Privacy Enhancing Technologies, 2018(4):125–140, 2018.Search in Google Scholar

[27] Jingjing Ren, Daniel J. Dubois, David Choffnes, Anna Maria Mandalari, Roman Kolcun, and Hamed Haddadi. Information Exposure From Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach. In Proceedings of the Internet Measurement Conference, IMC ’19, pages 267–279, New York, NY, USA, 2019. ACM.Search in Google Scholar

[28] Danny Yuxing Huang, Noah Apthorpe, Gunes Acar, Frank Li, and Nick Feamster. IoT Inspector: Crowdsourcing Labeled Network Traffic from Smart Home Devices at Scale, 2019.Search in Google Scholar

[29] M. Ghiglieri and E. Tews. A privacy protection system for HbbTV in Smart TVs. In 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC), pages 357–362, Jan 2014.Search in Google Scholar

[30] Nathan Malkin, Julia Bernd, Maritza Johnson, and Serge Egelman. “What Can’t Data Be Used For?” Privacy Expectations about Smart TVs in the US. In European Workshop on Usable Security (Euro USEC), 2018.Search in Google Scholar

[31] VirusTotal. https://www.virustotal.com/. [Online; accessed 2019-08-24].Search in Google Scholar

[32] McAfee, LLC. Customer URL Ticketing System. https://www.trustedsource.org/. [Online; accessed 2019-08-24].Search in Google Scholar

[33] OpenDNS Domain Tagging. https://community.opendns.com/domaintagging/. [Online; accessed 2019-08-24].Search in Google Scholar

[34] Mozilla Foundation. Public Suffix List. https://publicsuffix.org/. [Online; accessed 2019-08-23].Search in Google Scholar

[35] John Kurkowsi. tldextract. https://github.com/john-kurkowski/tldextract. [Online; accessed 2019-08-23].Search in Google Scholar

[36] Crunchbase. https://www.crunchbase.com/. [Online; accessed 2019-08-29].Search in Google Scholar

[37] Anastasia Shuba, Anh Le, Emmanouil Alimpertis, Minas Gjoka, and Athina Markopoulou. AntMonitor: A System for On-Device Mobile Network Monitoring and its Applications. arXiv preprint arXiv:1611.04268, 2016.Search in Google Scholar

[38] Jeffrey Erman, Alexandre Gerber, KK Ramadrishnan, Subhabrata Sen, and Oliver Spatscheck. Over The Top Video: The Gorilla in Cellular Networks. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, pages 127–136. ACM, 2011.Search in Google Scholar

[39] Timm Böttger, Felix Cuadrado, Gareth Tyson, Ignacio Castro, and Steve Uhlig. Open Connect Everywhere: A Glimpse at the Internet Ecosystem through the Lens of the Netflix CDN. ACM SIGCOMM Computer Communication Review, 48(1):28–34, 2018.Search in Google Scholar

[40] Vijay Kumar Adhikari, Yang Guo, Fang Hao, Volker Hilt, and Zhi-Li Zhang. A tale of three CDNs: An active measurement study of Hulu and its CDNs. In 2012 Proceedings IEEE INFOCOM Workshops, pages 7–12. IEEE, 2012.Search in Google Scholar

[41] eMarketer. US Connected TV Users, by Brand, 2018 & 2022. https://www.emarketer.com/Chart/US-Connected-TV-Users-by-Brand-2018-2022-of-connected-TV-users/220767, 2018. [Online; accessed 2019-11-26].Search in Google Scholar

[42] Roku, Inc. Roku Channel Store. https://channelstore.roku.com, 2019. [Online; accessed 2019-04-19].Search in Google Scholar

[43] Roku, Inc. Roku Developer Documentation: Security Overview. https://sdkdocs.roku.com/display/sdkdoc/Security+Overview, 2019. [Online; accessed 2019-04-22].Search in Google Scholar

[44] Roku, Inc. Roku Developer Documentation: Development Environment Overview. https://sdkdocs.roku.com/display/sdkdoc/Development+Environment+Overview, 2019. [Online; accessed 2019-04-22].Search in Google Scholar

[45] Roku, Inc. Roku Developer Documentation: Roku Advertising Framework. https://sdkdocs.roku.com/display/sdkdoc/Roku+Advertising+Framework, 2019. [Online; accessed 2019-04-22].Search in Google Scholar

[46] Ooyala IQ SDK for Roku. https://github.com/ooyala/iqsdk-roku, 2015. [Online; accessed 2019-04-22].Search in Google Scholar

[47] Jeff Bush, Kevin Cooper, and Linda Kyrnitszke. External Control API. https://sdkdocs.roku.com/x/K5cY, 2013. [Online; accessed 2019-03-04].Search in Google Scholar

[48] AntMonitor open-source. https://github.com/UCI-Networking-Group/AntMonitor, 2018. [Online; accessed 2019-05-10].Search in Google Scholar

[49] Yuanchun Li, Ziyue Yang, Yao Guo, and Xiangqun Chen. DroidBot: a Lightweight UI-guided Test Input Generator for Android. In 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C), pages 23–26. IEEE, 2017.Search in Google Scholar

[50] Future Today Inc. http://www.stuffwelike.com/, 2019. [Online; accessed 2019-12-05].Search in Google Scholar

[51] StuffWeLike. http://www.stuffwelike.com/, 2019. [Online; accessed 2019-12-05].Search in Google Scholar

[52] Manta Media Inc. Htvma Solutions, Inc. https://www.manta.com/c/mhqfv38/htvma-solutions-inc, 2019. [Online; accessed 2019-12-05].Search in Google Scholar

[53] Gray Television, Inc. https://gray.tv/, 2019. [Online; accessed 2019-12-06].Search in Google Scholar

[54] telekrmor. Round 3: What Really Happens On Your Network? https://pi-hole.net/2017/07/06/round-3-what-really-happens-on-your-network/, 2017. [Online; accessed 2019-05-11].Search in Google Scholar

[55] Pi-hole LLC. Blocking Mode. https://docs.pi-hole.net/ftldns/blockingmode, 2018.Search in Google Scholar

[56] Customising Sources for Ad Lists. https://github.com/pi-hole/pi-hole/wiki/Customising-Sources-for-Ad-Lists, 2019.Search in Google Scholar

[57] Google LLC. apkanalyzer. https://developer.android.com/studio/command-line/apkanalyzer, 2019. [Online; accessed 2019-04-29].Search in Google Scholar

[58] Steven Englehardt, Jeffrey Han, and Arvind Narayanan. I never signed up for this! privacy implications of email tracking. Proceedings on Privacy Enhancing Technologies, 2018(1):109–126, 2018.Search in Google Scholar

[59] Georg Merzdovnik, Markus Huber, Damjan Buhov, Nick Nikiforakis, Sebastian Neuner, Martin Schmiedecker, and Edgar Weippl. Block me if you can: A large-scale study of tracker-blocking tools. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pages 319–333. IEEE, 2017.Search in Google Scholar

[60] Antidot. Content Delivery Platform. https://www.antidot.net/content-delivery-platform/, 2019. [Online; accessed 2019-12-05].Search in Google Scholar

[61] Sapna Maheshwari. How Smart TVs in Millions of U.S. Homes Track More Than What’s On Tonight. https://www.nytimes.com/2018/07/05/business/media/tv-viewer-tracking.html, 2018. [Online; accessed 2019-05-11].Search in Google Scholar

[62] Raspberry Pi Foundation. Setting up a Raspberry Pi as an access point in a standalone network (NAT). https://www.raspberrypi.org/documentation/configuration/wireless/access-point.md, 2019. [Online; accessed 2019-03-04].Search in Google Scholar

[63] Android tcpdump. https://www.androidtcpdump.com/, 2019. [Online; accessed 2019-04-11].Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo