Assorted Nerdery

Vizio Privacy Policies

I recently came into possession of a nice new Vizio Smart TV. It’s pretty nice - 1080p, Netflix, etc. As part of the process for connecting the television to the internet, they made you agree to a number of different license agreements and privacy policies. In a fit of UX mastery, they did not show the privacy and license agreements on the television, instead instructing you to type a long URL into your web browser and reading the policies there. Nevertheless, they insisted upon your agreement before connecting to the Internet.

For fun, I decided to look up the privacy polices that I was agreeing to. There are some interesting bits there. The whole Vizio privacy can be found here.

VIZIO, Inc. and its affiliates (“VIZIO” or “we”) respect your privacy. Your privacy is a priority at VIZIO, and we take responsible measures to protect it.

Whew! I was really concerned that they didn’t care about my privacy!

This Privacy Policy also contains information on Smart Interactivity, a feature on Internet-connected televisions that recognizes onscreen content and may in the future permit you to interact with this content. You have the option in your television’s settings menu to disable this feature, which is set to “on” by default. As part of Smart Interactivity, VIZIO may collect and use anonymous viewing data associated with your television. VIZIO’s collection and use of this viewing data is described below in the Smart Interactivity Supplement to the Privacy Policy.

We turn on data gathering by default for your convenience!

By accessing and using VIZIO products and services, you agree to accept the terms and conditions of this Privacy Policy, and you consent to our use and disclosure of the information collected by us or submitted to us. You also acknowledge that you are aware that this policy may change over time. The effective date of this Privacy Policy is stated above.

We can change it whenever we want and if you don’t like it, you can’t use your television.

WHAT INFORMATION WE COLLECT Non-Personal or Anonymous Information. Non-Personal or Anonymous Information. We also collect data in a form that does not, on its own, permit direct association with any specific individual. We consider this Non-Personal or Anonymous Information. We may collect, use, transfer, and disclose Non-Personal Information for any purpose. Examples of Non-Personal Information we collect, use and share include the IP address you use to connect your Internet-connected products, your ZIP code, the online services you visit, as well as information about your VIZIO product such as MAC addresses, product model numbers, hardware and software versions, chipset IDs, and region and language settings. We also collect information about the products you request or purchase, the presence of other devices connected to your local network, and the number of users and frequency of use of VIZIO products and services. VIZIO also collects Anonymous Information regarding customer activities on our websites, on Internet-connected products and services, and on VIZIO’s Internet store.

We respect your privacy by collecting non-personal things like your IP address, location, as well as the online services (websites?) you visit! In addition, we portscan your network and send the information back to our servers. Do they also index the filex you have shared on your Samba server?

Cookies. VIZIO uses session and persistent “cookies” to collect information when you visit VIZIO’s website or online store, and uses pixel tags (also known as pixels or web beacons) to place and read these cookies. A cookie is a small data file that VIZIO transfers to your device and is stored locally on your device. Cookies are used by thousands of websites in order to enhance the website experience. When you visit VIZIO’s websites, we use cookies to identify your device so that you do not have to re-register each time you visit, and we use them to anonymously measure the traffic to our site and its different services and features. We also contract with third party service providers who use anonymous cookies to tag visitors to our online store and website. These cookies may be persistent, which means that they enable us to track and target the interests of our users to enhance the experience on our partners’ websites. Persistent cookies remain on your local storage for an extended period of time. If you have one of these persistent cookies, you may see advertisements for our products displayed on other publishers’ websites which you visit. Your browser contains features to help you manage cookies. You may remove or prevent placement of cookies by following the directions provided in your browser’s “help” file.

I guess this is fairly standard these days on websites. uBlock and Privacy Badger seem to do a reasonable enough job of filtering out ads on the Internet.

Viewing Data. As part of Smart Interactivity, VIZIO also collects specific information relating to your viewing of content on Internet-connected devices. This data is referred to as “Viewing Data.” This collection of Viewing Data is described under the “Smart Interactivity Supplement to the Privacy Policy“ below.

We watch what you watch. For your convenience.

Viewing Data. The use of Viewing Data, including Viewing Data combined with IP addresses or Non-Personal or Anonymous Information, is described under the “Smart Interactivity Supplement to the Privacy Policy” below.

We combine that non-identifying data with the content that you watch for some reason.

HOW WE PROTECT INFORMATION

Protective Measures. VIZIO has implemented systems designed to maintain the confidentiality of the Personal Information that it collects. VIZIO maintains internal practices designed to protect the security and confidentiality of this information by, among other things, limiting employee access to and use of this information. When you provide VIZIO with sensitive Personal Information such as credit card numbers over the Internet, we encrypt your transmissions using SSL (“Secure Sockets Layer”), and other industry standard security technology. While no one can guarantee the security of a website, Internet transmission, computer system or wireless connection, we do employ common safeguards intended to mitigate the risk of unauthorized access or disclosure of the Personal Information we store or handle. We keep such information on servers located in controlled facilities that are protected by firewalls and employ other technical measures designed to prevent intrusion or unauthorized access to our data centers. We maintain written policies and procedures for the protection of the Personal Information collected, stored, handled, or processed on our systems. For employees with access to Personal Information, we provide training to employees on privacy and data security.

We take security seriously! Just like Target.

HOW YOU CAN ACCESS OR REMOVE YOUR PERSONAL INFORMATION

If you desire access to view, correct or remove your own Personal Information, you may do so by emailing us at privacy@vizio.com or by calling 877-698-4946. If you request removal of Personal Information, you acknowledge that residual Personal Information may continue to reside in VIZIO’s records and archives, but VIZIO will not use that Personal Information going forward for commercial purposes. VIZIO reserves the right to maintain your Personal Information if VIZIO has suspended, limited, or terminated your access to the VIZIO website or VIZIO products and services for violating any applicable Terms of Use or the VIZIO Internet Apps Software License Agreement. This paragraph does not apply to VIZIO’s collection of Non-Personal or Anonymous Information.

I’ll try to call these guys one of these days and find out what data is associated with my account.

VIZIO.COM: DO NOT TRACK

VIZIO does not knowingly track Personal Information about visitors to VIZIO.com over different sites and over time, and it does not enable third parties to do so, regardless of whether VIZIO detects a do-not-track or similar signal from a visitor’s browser.

This is at least good!

SMART INTERACTIVITY – OVERVIEW

Smart Interactivity is a feature on Internet-connected VIZIO televisions that recognizes onscreen content. Currently, we only use this feature to gather data on a non-personal or anonymous basis, as described below. You have the option to turn this feature off at any time directly from the menu of your television.

However, in understanding this feature of your VIZIO television (and your option to disable this feature), we also want you to know that VIZIO is developing technologies that will permit you to interact with content in a variety of ways. These interactions may include voting in polls, accessing bonus content, and viewing advertisements that match your interests, based upon your viewing behaviors. Only some of these features (outlined below) are currently deployed, however. This Privacy Policy may therefore be modified from time to time as new features and functionality become available.

I am very glad that they’re willing to permit me to view advertisments based on my viewing behavior!! I’ve turned this feature off.

WHAT VIEWING DATA WE COLLECT

For VIZIO televisions that have Smart Interactivity enabled, VIZIO will collect data related to publicly available content displayed on your television, such as the identity of your broadcast, cable, or satellite television provider, and the television programs and commercials viewed (including time, date, channel, and whether you view them live or at a later time). This data is referred to as “Viewing Data.” The Viewing Data collected by VIZIO is anonymous and does not contain Personal Information. VIZIO does not collect Viewing Data from televisions located outside the United States.

We track who your provider is, what you watch and when you watch it. And we totally don’t combine it with all that non-identifying information that we talked about earlier!

Except where prohibited by law or policy, the Smart Interactivity feature is turned on by default. However, at any time you may turn off Smart Interactivity (and the associated collection of Viewing Data) from the menu of your VIZIO television. Turning Smart Interactivity off will not affect the performance of your VIZIO television or any online services. For specific instructions on how to turn Smart Interactivity off or on, see the text below under the heading “How to

For your convenience, you’ve been opted into the fun!

HOW WE USE THE VIEWING DATA WE COLLECT

VIZIO currently uses the Viewing Data collected from Smart Interactivity for the following purposes:

Beginning October 31, 2015, VIZIO will use Viewing Data together with your IP address and other Non-Personal Information in order to inform third party selection and delivery of targeted and re-targeted advertisements. These advertisements may be delivered to smartphones, tablets, PCs or other internet-connected devices that share an IP address or other identifier with your Smart TV. VIZIO combines the Viewing Data with IP address and other Non-Personal Information as well as other non-personal information (such as demographic information) it obtains from third parties in order to enhance, model and further analyze the Viewing Data. VIZIO shares the Viewing Data with media and data analytics companies as described below under the heading “How We Share the Viewing Data.” VIZIO does not combine or associate the Viewing Data with Personal Information.

We will figure out what phones and other computers that you’re using on the same network and combine that with a bunch of data we get from our “partners”. We then sell that bundle to ad networks who have been tracking your device location and they use that information to sell you stuff! Remember all that they collect is non-identifying, but those ad networks sure as heck know who you are.

HOW WE SHARE THE VIEWING DATA

VIZIO shares the Viewing Data in the aggregate with media and data analytics companies who have a business need to analyze television viewing behaviors in the aggregate. This analysis permits these companies to make, for example, better-informed decisions regarding content production, programming and advertising. VIZIO minimizes the sharing of Non-Personal device identifiers such as IP addresses. In most cases VIZIO hashes and replaces these identifiers before sharing them with our media and analytics partners. When VIZIO shares IP addresses with third parties, VIZIO imposes strict conditions of confidentiality and use on such third parties.

I’ll just leave this here. TL;DR, it’s not hard to deanonymize data.

We also share Viewing Data to facilitate the display of tailored advertisements on other devices. As of October 31, 2015, VIZIO will share Viewing Data, together with the IP address associated with the corresponding VIZIO television, with limited third parties with whom we have specifically partnered. These third parties may combine this information with other information about devices associated with that IP address, in order to customize the advertisements displayed on those other devices.

Your Netflix habits will follow you around. Watching too much Aqua Teen Hunger force? Prepare for Cheetos advertisements.

You always have the option to turn off the collection of Viewing Data in your television’s settings menu. However, for a period of time you may continue to see tailored ads on other devices that were targeted on the basis of Viewing Data that was shared before you turned off collection.

It’s going to be hard to verify if they’re not collecting this information anyway and uploading it to the server.

HOW WE PROTECT THE VIEWING DATA

VIZIO first protects the Viewing Data by not combining or associating the Viewing Data with Personal Information, even if VIZIO has collected Personal Information from other sources, such as an online purchase, account creation, or product registration. VIZIO also protects the Viewing Data according to the same standards that it uses to protect Personal Information and Non-Personal Information as described above, including by requiring the third parties who analyze or use the Viewing Data to employ reasonable security measures.

Even though the Viewing Data does not contain Personal Information, VIZIO encrypts the Viewing Data before transmission over the Internet.

Both of these are good things for sure! Unfortunately, as we’ve seen in many other cases “anonymous” information is fairly easy to deanonymize – especially when you can correlate the IP addresses with other data sources.

Summary

If I continue to use the “smart” features of this television, I will have to setup some firewall rules so that it can’t see anything else on my network. Currently it’s connected to an open access point and only has access to the Internet and no ability to see other devices on the network.

Since I started writing this, ProPublica has taken notice of the lousy privacy policy. I recommend reading their analysis of Vizio’s SmartTV program.