This may be old news to many but since there may be some, like myself, who know information is being collected but don’t know much about how it’s being done or what’s being done with it, here’s a little of what I learned. This post contains a lot of lengthy quotes so you can spot info I didn’t cover or didn’t see. By the way, this is a Roku device:
It seems that “web beacon” is a nicer name for what’s called a “web bug.” According to Wikipedia:
Web bugging is analogous to conventional bugging, but is not as invasive or intrusive. The term should not be confused with the more benign web spider, nor with the more malicious computer worms.
How web bugs are used on websites:
Companies or organisations, buttons or images of which are included on many sites, can thus track (part of) the browsing habits of a significant share of web users. Earlier, this included mainly ad- or counter-serving companies, but nowadays buttons of social media sites are becoming common.
How web bugs are used in email:
Through the use of unique identifiers contained in the URL of the web bugs, the sender of an email containing a web bug is able to record the exact time that a message was read, as well as the IP address of the computer used to read the mail or the proxy server that the user went through. In this way, the sender can gather detailed information about when and where each particular recipient reads email. Every subsequent time the email message is displayed can also send information back to the sender.
The Wikipedia article includes info on how to avoid web bugs.
Here is Roku’s disclosure about its devices:
We regularly and automatically collect information about your Roku Devices and your usage. The collected information about your Roku Devices includes, for example, the IP address associated with your Roku Devices, your device types and models, device identifiers, the retailer to whom your device was shipped, various quality measures, error logs, software version numbers, Wi-Fi network name (SSID – service set identifier) and strength. We also collect usage data such as your search history (including letters you key in for searches, and utterances provided in connection with your use of voice search), search results, content you select and view and content settings and preferences, channels you add and view, including time and duration in the channels, and other usage statistics. Usage information collected from Roku Devices may be associated with your Roku account or with product device identifiers (such as product serial numbers and other identifiers including those used for advertising and analytics). We associate device identifiers and usage data with your Roku accounts and other personally identifiable information for purposes described in this Policy.
Apparently, the newest Roku players have “voice search.” From CNET:
…touch the dedicated button [on the remote] and a dialog pops up to indicate that the mic is listening.
It seems Amazon Fire TV also has voice search. What are the chances that these devices cannot be remotely activated? I wonder whether the tyrannical globalist overlords ever dreamed we’d be so willing to pay for the devices they use to spy on us?
Users who use Roku’s mobile app lose even more privacy:
If you download Roku Mobile Apps to a mobile device, we also automatically log information related to your mobile device and network. We may log, for example, your device type, device identifiers, Wi-Fi networking connection data, information about connected Wi-Fi devices, the types and versions of mobile operating system you use, time-stamped logs of data exchanges associated with the Roku Mobile Apps, and usage statistics associated with the Roku Mobile Apps such as your search history (including letters you key in for searches, and utterances provided in connection with your use of voice search), search results, content you select and view, and channels you add and view. We also log whether you use Play on Roku to play content stored on your mobile device (such as music, photos, or videos) through the Roku Device connected with the Roku Mobile App. To let you play content on your mobile device through the Roku Device, the Roku Mobile App needs permissions to access content and other information stored on your mobile device.
It’s not only Roku that’s collecting data through its products:
Third parties who provide us with analytics services for the Roku Sites, Roku Devices and Roku Mobile Apps may also automatically collect some of the information described above, including, for example, IP address, access times, browser type and language, device type, device identifiers and Wi-Fi information.
There’s also this:
Other third parties, including channel providers, advertisers and ad networks, may also automatically collect information about you through the Roku Sites, Roku Devices, the Roku Mobile Apps or our services, including personally identifiable information about your online activities over time and across different websites, devices, online channels and applications when you use our services.
How do you like strangers having all that info about your kids?
Who has the time to find out who’s partnering with Google? At the same time, who trusts Google with their personal information?
Each Roku Device has unique identifiers, including a unique, non-permanent identifier called Roku Identifiers for Advertisers (RIDAs)…We supplement that information with information collected from Roku Sites, Roku Mobile Apps or third party data sources to further personalize the advertising you see on your Roku Devices. We use third party service providers, such as Google, to help deliver, personalize and target this advertising.
Channel providers, third party advertisers and ad networks may also use RIDAs and other information they collect about you from your Roku Devices, for their own advertising purposes…
RIDA stands for “Roku Identifiers for Advertisers.” From February of this year:
On January 20, 2015, a district court judge in New Jersey dismissed with prejudice a VPPA action against Viacom, Inc. (“Viacom”), holding that disclosure of anonymous user information to Google, Inc. (“Google”) was not actionable because such information did not constitute “personally identifiable information” (“PII”) as defined under the VPPA…
The court found that nothing in the VPPA or its legislative history suggested that PII included anonymous user IDs, gender and age, or data about a user’s computer. Plaintiffs argued that Google, because it already had so much general information at its disposal, could use the information garnered from Viacom to ascertain personal identities.
There’s Google again. They seem to have access to all the data that’s collected on everybody.
to enforce our terms and conditions or protect our business or users; and
to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
Can they detect such things by collecting data on our electronic devices and operating systems, our SSIDs (the name you’ve given to your local network), and who sold you your Roku?
I love this part. It’s advising users who post comments on the Roku website:
Please be mindful of your own privacy needs as you choose what to share and make public.
Could it happen that Roku data could be turned over by, say, anti-gun types who work for Roku? Could Roku’s “voice search” record the sounds of you cleaning your firearm and give that data to the Feds? That would be covered under iii above. Let’s take it a step further and consider that someone who doesn’t like you might have a friend who works for one of Roku’s third party vendors. There’s also the possibility that a pedophile in your neighborhood knows someone with the same type of access. Also, everyone should be aware of the fact that human beings look at information about people they know.
The Roku privacy notice includes a section on disabling some of the spy devices and how to request to opt out of third party tracking, which is useful even if you don’t own a Roku. It ends with a warning:
Roku uses industry-standard methods of securing its electronic databases of personal information. However, you should know that no company, including Roku, can fully eliminate security risks associated with personal information…
Information collected by Roku or on our behalf may be stored on your Roku Devices, on your mobile device if you use the Roku Mobile App, or on our servers, and may be transferred to, accessed from, or stored and processed in, the United States, EU member state countries, India, the Philippines and Costa Rica, and any other country where Roku or its service providers maintain facilities or call centers, including jurisdictions that may not have data privacy laws that provide protections equivalent to those provided in your home country.
If you have questions about Roku’s use of personal information you can contact them. However, don’t expect a quick response:
We will use commercially reasonable efforts to respond to your request in a timely manner.
“Commercially reasonable”? What the heck is that? From USlegal:
Commercially reasonable efforts is a term incapable of a precise definition and will vary depending on the context in which it is used.
It means they’ll get back to you when they get back to you, i.e., it means nothing.