I wanted to ask Purism why you are not launching a project to produce TV and TV Box for them, as this is a very profitable and useful project for the community. In 10-15 years, I have never seen you mention this anywhere.
The reason this idea came to mind is that I went to a shop and saw that almost 99% of televisions have what is known as SmartTV from Google, as well as separate GoogleTV and other unnecessary features. That is, the user is NOT the OWNER of the television; there is commercial firmware that cannot be removed or flashed, and the buyer agrees to all advertising conditions when purchasing the television.
If, for example, you are the owner of a Samsung television, you will be surprised to find that when you press the OFF button on the remote control, your television does not turn off; it continues to operate and send packets to the Samsung server. You can check this through your router.
Perhaps someone knows of a model or manufacturer of a high-quality television that can play 4K videos, as well as a TV box.
You can block this through your router. But yeah it sucks that Surveillance Capitalism has come to the TV market.
I think, for Panasonic, it will depend on the model and age of your TV as to whether it has the Google Virus.
Coming to your question, I suppose one consideration is the shipping cost of a big box item like a TV (where I am considering here a global market).
The workaround would appear to be: get a dumb TV, or a smart TV but ensure that it has no network access at all, and plug a safe computer into one of the HDMI ports of the TV.
Yes, youâre right, you donât have to give a DHCP address, but I donât remember how to do it right now using LibreCMC or OpenWRT.
If anyone knows, please write the settings and commands here.
As for buying a regular TV separately and a TV box separately, I agree with you, which is why I created this post so that users could write the models of these televisions that have high build quality and are not from âunknown companiesâ.
Or simpler ⌠if WiFi then just donât configure in the SSID and passphrase into the TV ⌠and if ethernet then just donât plug the TV in to your wired LAN.
Or ⌠at slightly higher risk ⌠configure the TV not to use DHCP and instead give it a static IP address and give it a bogus internet gateway address.
So the TV can attack your local network but theoretically cannot access the internet - and if the potential for accessing the internet worries you then you can firewall the TVâs source IP address. A truly malicious TV or a truly determined Surveillance Capitalist could still bypass all that. So âŚ
The only truly secure way of connecting an untrusted device to your local network is to put the untrusted device on its own local subnet with a firewall router between that subnet and the rest of your local network.
There are use cases where the configuration of allowing the TV local network access but not allowing the TV internet access does make sense. But for sure the safest option is to keep the TV completely off the network.
Another consideration in all this is getting software updates for the TV. If the TV is never on the network then it can never get updates via the network - and hence may have unpatched security bugs. You would want to consider carefully the risks of that and the potential mitigations of that e.g. some devices allow offline software update via USB flash drive (if you can extract the needed information from the manufacturer for how to do that).
I have read everything and would like to clarify how it is possible to keep the TV offline?
Are you referring to cable? If I do not have an internet connection, I will not be able to watch cable television either.
But I agree with you that if a malicious TV, as well as other devices such as a computer or phone, are on the same local network, it could be a problem.
I am considering buying a TV without smart TV and installing a TV box like this one, which I can flash myself and also update myself.
Youâll need the TVâs Ethernet (or WiâFi) MAC address.
On most TVs itâs shown in the network settings menu, or you can look it up in the DHCP lease table after the TV has obtained an address once.
2. Add a static lease with uci
# Replace these values with your own
TV_MAC="AA:BB:CC:DD:EE:FF" # TVâs MAC address
TV_IP="192.168.1.50" # Desired static IP
TV_NETMASK="255.255.255.0"
TV_GATEWAY="192.168.1.254" # False/placeholder gateway
TV_DNS=".0.0.0 0.0.0." # Optional DNS servers
# Create the static lease entry
uci add dhcp host
uci set dhcp.@host[-1].mac="${TV_MAC}"
uci set dhcp.@host[-1].ip="${TV_IP}"
uci set dhcp.@host[-1].dns="${TV_DNS}"
uci set dhcp.@host[-1].gateway="${TV_GATEWAY}"
uci set dhcp.@host[-1].netmask="${TV_NETMASK}"
uci commit dhcp
/etc/init.d/dnsmasq restart
dhcp.@host[-1] creates a new host entry at the end of the list.
The gateway field tells the TV which router to use; setting it to a nonâexistent address (e.g., 192.168.1.254 when your real gateway is 192.168.1.1) effectively disables Internet access while still allowing local LAN traffic.
After the TV reconnects, it will request the static lease and receive the IP 192.168.1.50 with the false gateway you specified.
Optional: Disable DHCP entirely for the TV
If you prefer the TV to ignore DHCP altogether, you can manually configure the static settings on the TV itself (most smartâTV menus have a âManualâ or âStaticâ IP option). Use the same values you set above:
IP address:192.168.1.50
Subnet mask:255.255.255.0
Gateway:192.168.1.254 (or any address that isnât reachable)
DNS:0.0.0.0 (or leave blank)
This way the TV never asks the router for an address, and the false gateway prevents it from reaching the Internet.
Yes, you either need to forgo streaming altogether or you need to stream through an attached box and therefore the TV itself does not need to be on the network.
I mean this option.
For the DNS, you need to determine whether the TV needs a working DNS in order to access content on the local network. If a DNS server is needed then by definition you would need to have a local DNS server.
Keeping in mind that if the attached box is a commercial streaming device, it will likely spy on you as well: Data collected on me by ROKU
It would be better, privacy-wise, to connect a trustworthy Linux computer and use a privacy-respecting browser to access streams, if possible - a browser with appropriate privacy extensions (NoScript, uBO, Privacy Badger, etc.) installed.
Of course, installing Pi-hole on your home network and loading up some of the well-known public anti-tracker lists can prevent much of the data-slurping, whether from a TV or a streaming box, or a computer. (We all hope.)
My 12+ year old LG TV tries to contact half a dozen sites. After 10 years of enduring nags to update and other pop up notices while watching content, I installed pi-hole on an LXC container in my router and blocked all those sites. That stopped all the notices and presumably any spying, but that allowed the TVâs idea of what time it is to drift. and that disrupted some 3rd party services.
I figured out which site set the time and unblocked it and things started working again. That caused a tiny bit of traffic on power up and each 60 minutes after. After some digging on the web, I found a blog that claimed to set up a local web server that masqueraded as the LG site, but I havenât had time to go any further.
I have no idea what LG and ither TV manufacturers are up to now, or whether similar defenses can be performed with other TVs.
But yeah, if you donât need it to have network traffic at all, donât give it any wifi info or plug in a network cable.
I kind of assumed that the TV could obtain the time from the TV broadcast. If that is even correct (and I am not across the details of the DVB standards) then perhaps your problem is that you havenât just disconnected the TV from the network.
In other words, the TV sees that it is on the local network and therefore attempts to use NTP or something equivalent to NTP (but you were blocking that) whereas if the TV sees that it is not on the local network then it would revert to using the time from the TV broadcast. The TV doesnât have the smarts to failover more robustly for a time source. And why would the manufacturer provide that? There is no incentive to accommodate attempts to maintain privacy. The manufacturer wants you as a data source.
In the US VCRâs used to get time from local PBS stations (SONY always screwed up DST changes in either direction and had to be power cycled and/or manually reset, I forget). I donât know whether PBS still sends the time. I never had a dumb TV that had any idea about time that I could see.
As to other TCP/IP traffic, there wasnât any. I think ATSC and transport stream packets have time stamps, maybe my LG TV doesnât trust those or they didnât think to use them.
If I recall correctly, the old analog TV signal used two wide bands and there was a very small empty band in the middle. That middle band was wide enough to cover the whole FM band. I suppose a timing signal could have been there. It was not worth pirating, no one had a receiver for those middle bands and the propagation wouldnât go that far either.
Now the original bandwidth has been turned to digital, I suppose the wide bandwidth of the whole channel is why we now have decimal subchannels.
Yeah, but sometimes they cram so many subchannels in that the primary channel isnât all that good, for example my local PBS channel. (And comcast recompresses the heck out of over the air local stations, including converting 1080i to 720p.)
Companies that manufacture TVs without smart features: if you know of any TV models or other companies, please write them here so that others can benefit from this information.
Iâm thinking about testing it on my desktop, starting with Open TV as a client. If that goes well, I could find a suitable host for a Dispatcharr server and use Open TV or something else running on a second-hand Librem Mini (NUC, Odroid, etc..) as a set-top box connected to a TV via HDMI and IP blocked on my router.
I wonder if you can hack a dumb monitor with one those internet boxes and watch streaming services from there? Like you can with a PC.
Maybe you can, I just donât know. I doubt it because a dumb monitor wonât have a remote to move selections back and forth. At least a PC has a mouse.
Ideally they would just use the Librem Mini, throw in a remote, maybe optical audio out on the next gen, and call it a day for a TV box, but there are other challenges.
On firmware, thereâs the whole HDMI 2.1 thing that Valve is dealing with. Dolby Vision/Atmos remain proprietary, and Iâm sure thereâs other issues, perhaps with CEC or sleep or something
With the software, QT6 KDE Plasma Bigscreen, which is the best FOSS tv interface Iâve been able to find for Linux, still leaves a lot to be desired and would be another big project. Then thereâs connecting to services: most streaming providers I imagine donât have accessible enough sites to use a remote for navigation, and if they do, itâs likely clunky, and would need to have a native wrapper like with PWAs for Firefox already populating the app store, along with a filter for TV optimized apps in addition to the mobile one theyâve implemented. Given that most donât have native apps, the next closest option is using Android TV apps from Aurora Store (Google Play), again proprietary. With Kodi, which does have integrations into many providers, sometimes they donât work, donât work well, donât have feature parity, or have other limitations. Perhaps they could ship Retroarch with an integration into the Internet archive to do âretro video game researchâ, but then you need a controller to ship as well, or tell customers they need to buy it separately.
