The number of Smart TV users in the United States is predicted to rise to around 119 million when 2022 rolls around. Data by Strategy Analytics also shows that, by 2026, close to 1.1 billion households will own a Smart TV worldwide, which would be 51% of total TV users. Although that sounds encouraging, some unresolved issues may make you think having a “dumb” TV is the better choice. Or, at least never connecting Television to the Internet, let alone your home Wi-Fi. With that said, let’s answer, “should you use a VPN on Smart TV?”
Should you connect Smart TV to a VPN?
Short answer – yes, you should use a VPN for Smart TVs. This shouldn’t surprise you if read our articles on what a VPN is, why and when to use it, and how it works. Our guide on whether you should use a VPN on Android also provides key benefits of a VPN for devices based on this operating system, which a lot of Smart TVs are.
The difficulty of using a VPN for Smart TV
Installing a VPN isn’t always straightforward – just check our guide on adding a VPN to Android TV. Ergo, people usually need assurance it’s worth the effort. We can tell you one thing – using free VPN services, most certainly, isn’t. With that said, there are 3 typical problems users face:
- Their TV doesn’t have an innate way to set up a VPN. This is common. Update your TV firmware before you seek alternatives.
- The VPN provider doesn’t offer a dedicated VPN app for Smart TV. Check whether you can install OpenVPN and add the provider’s VPN configuration manually. If that fails, install your VPN to a router or share a connection from a hotspot.
- Their TV is using a proprietary operating system. This is common with high-end manufacturers such as LG and Samsung. Unless it’s based on Android and they offer a custom app, which is rare, we suggest connecting to a hotspot or a router with a VPN installed.
VPN mitigates the dangers of using a Smart TV
Here are the risks of unprotected Smart TVs and how VPNs reduce or eliminate them:
Outdated firmware and security flaws
Although manufacturers try to push firmware updates frequently, the high-end models are usually first in line. Ergo, updates for cheaper models lag, especially if models don’t share UI, features, or even an operating system. Furthermore, the userbase isn’t as large as with computers or mobile devices, so a lot of stuff goes unnoticed or unreported. This leads to a lack of security features and the presence of bugs and exploits. To give you an example, back in 2017, security researchers discovered 40 zero-day vulnerabilities in Samsung’s open-source OS, Tizen. Samsung fixed them, but there’s no saying how many new ones are lurking now.
How do VPNs help?
They can’t magically solve issues or prevent keylogging, but can prevent your activities from being linked to you. In other words, the VPN server will hide your true location and identity by concealing your real IP address, even if the attack already happened. Additionally, it will isolate the attack to the Smart TV, preventing it from spreading to other devices on the same network. The true power lies in the fact VPNs can prevent hackers, ISPs, or the TV manufacturer from budging in. That’s because the traffic between your TV and the VPN server is encrypted, preventing man-in-the-middle (MITM) attacks.
Smart TV manufacturers collect data
Many Smart TV manufacturers add a feature named automatic content recognition (ACR) to their devices. It captures a portion of the pixels on-screen every once in a while, letting them know what you’re watching. Even worse, they also note the date, time, and TV channel or app, and whether you used screen recording. In many countries, you must give your consent for this to happen. That’s because it’s classified as sensitive data, like financial or health data. Unfortunately, some smart TV providers abuse this, since third parties are willing to pay for it.
Your viewing history, if and when matched with the IP address of the collected browsing history, is a gold mine for targeted ads. Need proof? Vizio was caught using ACR to track over 11 million users in 2017 without clear consent. After a complaint was filed with the FTC, they had to shell out $2.2 million for using vague language in their Privacy Policy. Researchers also spotted LG was collecting data when users opted out in 2013. Luckily, VPNs mitigate the damage because your Smart TV activity gets tied to an IP address of the VPN server. Therefore, it can’t be matched to your real identity or location nor previously collected browsing history.
Third parties collect data
By now, you should realize that your Smart TV activity is tracked, whether you enjoy binging content on streaming services, using apps, or browsing the Internet. For example, a 2019 report named “Information Exposure From Consumer IoT Devices” published by Imperial College London and Northeastern University found Netflix was, unbeknownst to users, receiving data from almost all leading Smart TV manufacturers, and even Fire TV and Roku. The same was true even when they never logged in to a Netflix account i.e., agreed to Terms of Service. The same year, Princeton University published a report named “Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices.” According to them, close to 69% of Roku channels and 89% of Amazon Fire TV channels had trackers that belonged to Google and Facebook.
Poor data collection practice
Many TV manufacturers don’t put in effort in protecting the transfer of the data. Example: besides the 2013 offense, LG was also busted for sending data from users’ devices to their servers in plaintext (unencrypted) format. Therefore, anyone could intercept, view, or download it. VPN adds encryption that protects the Internet traffic even when TV manufacturers don’t.
Microphone recording without permission
Wikileaks, in their “Vault7” 2017 document dump, revealed that MI5 and CIA used a “Weeping Angel” program to remotely enable built-in microphones in Samsung Smart TVs, and spy on the owners. Unquestionably, similar exploits exist on other Smart TVs and can likely override the requirement of manually turning on voice capture. But even if it happens, VPN comes in clutch: active Internet traffic is encrypted, and the collected audio data won’t point to you.
