Thread - Nostr Hypermedia

⚡️🚨 BIG - An Israeli company has turned hundreds of millions of Smart TVs into a data collection infrastructure for AI. Including yours. The company is called Bright Data. It operates the world’s largest network of residential proxies. Here’s how it works: an SDK embedded in Smart TV apps turns the device into an exit node. Bright Data’s clients’ scraping traffic passes through your home connection. Target sites see your home IP address, not that of a data center. The one making money is the app developer. The one footing the bill is you—with your bandwidth and IP reputation. The SDK works in apps for Tizen and webOS, the operating systems used by Samsung and LG. The consent dialog states that Bright Data will “occasionally” use your device’s resources. “Occasionally.” Security researchers downloaded the actual SDK configuration from a public server, without authentication. The actual limit: 200 GB of monthly traffic via Wi-Fi. Per device. And there’s one detail that makes it all worse: The SDK considers your TV “available” for routing third-party traffic even when the screen is on. Even during a call. The ignore_screen_on and ignore_on_call settings are enabled. This doesn’t mean you’ve stopped using the device. It means that the CPU and memory are within the limits set by Bright Data. You don’t decide whether the device is available. The SDK does. Include Security reverse-engineered the SDK’s protocol. The channel that routes traffic through your network has no message signatures. No authentication. No device verification. In the researchers’ words: less secure than a typical malware command-and-control server. On iOS, the SDK connects directly to the physical network interface. It bypasses any user-configured VPN. Traffic flows outside the tunnel. Corporate network, parental controls, device management—none of them see it. Among the partners listed in the SDK configuration are PlayWorks (over 400 games for Smart TVs, claimed reach of ~250 million TVs), CloudTV (over 125 TV brands), Viber (up to 820 million users), and Hola Networks, the parent company of Bright Data itself. The FBI issued a formal warning about residential proxy networks this year. Academic research dating back to 2019 documents widespread abuse. Bright Data was notified by researchers on May 11. No response. How to block: → Go to nextdns.io (free) → Add these domains to the block list: proxyjs.brdtnet.com proxyjs.luminatinet.com proxyjs.bright-sdk.com clientsdk.bright-sdk.com clientsdk.brdtnet.com → Configure your router’s DNS to point to NextDNS Detailed steps are available directly on NextDNS. It takes 5 minutes. Your TV is only yours if you keep an eye on what it’s doing with your internet.

Replies (27)

FLASH flash@primal.net 2 days ago

🗞️

Include Security Research Blog

The Smart TV in Your LivingRoom Is a Node in the AIScraping Economy - Include Security Research Blog

In this post we look under the hood of BrightData's SDK and how it turns ordinary consumer TVs into exit nodes of an enormous commercial, resi...

Sam sam@relayk.it 2 days ago

Wild

Hazey hazey@iris.to 2 days ago

TV software is closed source malware, don't let it connect it to the internet.

A Rux 🚴🏿 alru@nostrplebs.com 2 days ago

Do you know of any pi hole block list including those domains?

1 replies ↓

The Big D-Base 2 days ago

The Bitcoin POMP continues.... Path Of Most Pain Conviction is being tested. Most will fail. This path was destined. Humans are generally terrible at overcoming fear. Big Boy attacks were always on the menu. It's always darkest before the dawn. View quoted note → View quoted note →

The Big D-Base 2 days ago

What are you going to do when what you're watching is watching you? View quoted note →

1 replies ↓

Baerson 2 days ago

LOL but your iPhone is all good bro...right?

PlebInstitute plebinstitute@einundzwanzig.space 2 days ago

Just add them manually over die GUI

1 replies ↓

Flix flix@primal.net 2 days ago

FOSS is our only defense against a lot more of this. View quoted note →

1 replies ↓

Eluc eluc@bitcoincoin.ch 2 days ago

I have a not so smart TV from 15 years ago, I didn't connect it to internet for years, will never need again. I use an NVIDIA Shield for media, not thr best in terms of privacy but at least I can minimize the app installed and know more or less what it's doing. Ad a backup I have also a simple linux computer for some games, experiment and when Shield is doing shit after an update. The main issue for me to fully re place the Shield is CEC remote support, I need to be able to autostart Jellyfin or Kodi and control everything inside the app from the TV remote. But I tried for hours installing script and stuff, with AI help and forum help, but it never worked. Linus Tech Tips also mention the same issue in a video when building a media center gaming PC to mimic a Steam Machine. Maybe I will get a Steam Machine if it ever release and have reqsonnable priced options for such light usage.

1 replies ↓

TJ.III tj24hours@iris.to 2 days ago

😠😡🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬 View quoted note →

1 replies ↓

npub1ah3a...l76e 2 days ago

I don't own a TV. It's peak fiat shit coin economy and it is clear that the programming and the smartness are all weapons directed at you and your family. Tell me if you have a TV and I tell you what kind of a maxi you are.

Papa Figos papafigos@nostrcheck.me 2 days ago

bold, lol.

A Rux 🚴🏿 alru@nostrplebs.com 2 days ago

Yes did that and found another Lg related pi hole list as well

Hanshan hanshan@hanshan.io 2 days ago

The jokes on them. I don't own a TV.

The_Crin thecrin@satlantis.io 2 days ago

oh wow, I don't know how to react to this and even less how to tell my acquaintances about it without seeming conspiracy-minded, my parents spent a lot of time buying a lot of smart TVs because none of them lasted more than 2 years, going into debt every time they could just so that others could find them. spying?

npub14jg2...8hf6 2 days ago

So if you never connect the wifi but just use an Apple TV?