TY - GEN
T1 - Watching you watch
T2 - 26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019
AU - Moghaddam, Hooman Mohajeri
AU - Acar, Gunes
AU - Burgess, Ben
AU - Mathur, Arunesh
AU - Huang, Danny Yuxing
AU - Feamster, Nick
AU - Felten, Edward W.
AU - Mittal, Prateek
AU - Narayanan, Arvind
N1 - Publisher Copyright:
© 2019 Copyright held by the owner/author(s).
PY - 2019/11/6
Y1 - 2019/11/6
N2 - The number of Internet-connected TV devices has grown significantly in recent years, especially Over-the-Top (“OTT”) streaming devices, such as Roku TV and Amazon Fire TV. OTT devices offer an alternative to multi-channel television subscription services, and are often monetized through behavioral advertising. To shed light on the privacy practices of such platforms, we developed a system that can automatically download OTT apps (also known as channels), and interact with them while intercepting the network traffic and performing best-effort TLS interception. We used this smart crawler to visit more than 2,000 channels on two popular OTT platforms, namely Roku and Amazon Fire TV. Our results show that tracking is pervasive on both OTT platforms, with traffic to known trackers present on 69% of Roku channels and 89% of Amazon Fire TV channels. We also discover widespread practice of collecting and transmitting unique identifiers, such as device IDs, serial numbers, WiFi MAC addresses and SSIDs, at times over unencrypted connections. Finally, we show that the countermeasures available on these devices, such as limiting ad tracking options and adblocking, are practically ineffective. Based on our findings, we make recommendations for researchers, regulators, policy makers, and platform/app developers.
AB - The number of Internet-connected TV devices has grown significantly in recent years, especially Over-the-Top (“OTT”) streaming devices, such as Roku TV and Amazon Fire TV. OTT devices offer an alternative to multi-channel television subscription services, and are often monetized through behavioral advertising. To shed light on the privacy practices of such platforms, we developed a system that can automatically download OTT apps (also known as channels), and interact with them while intercepting the network traffic and performing best-effort TLS interception. We used this smart crawler to visit more than 2,000 channels on two popular OTT platforms, namely Roku and Amazon Fire TV. Our results show that tracking is pervasive on both OTT platforms, with traffic to known trackers present on 69% of Roku channels and 89% of Amazon Fire TV channels. We also discover widespread practice of collecting and transmitting unique identifiers, such as device IDs, serial numbers, WiFi MAC addresses and SSIDs, at times over unencrypted connections. Finally, we show that the countermeasures available on these devices, such as limiting ad tracking options and adblocking, are practically ineffective. Based on our findings, we make recommendations for researchers, regulators, policy makers, and platform/app developers.
KW - Automation
KW - Internet TV
KW - Measurement
KW - OTT
KW - Privacy
KW - Third-party tracking
UR - http://www.scopus.com/inward/record.url?scp=85075941110&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85075941110&partnerID=8YFLogxK
U2 - 10.1145/3319535.3354198
DO - 10.1145/3319535.3354198
M3 - Conference contribution
AN - SCOPUS:85075941110
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 131
EP - 147
BT - CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
Y2 - 11 November 2019 through 15 November 2019
ER -