While examining my smart TV’s network traffic with Wireshark, I noticed constant HTTPS requests going to external servers in the background, even though I wasn’t touching the remote. The TV was merely playing content from a computer connected to its HDMI port; no internal streaming apps or satellite broadcasts were active. Despite this, I saw the device analyzing the pixels on the screen and sharing data with external servers.
The underlying technology behind this is ACR (Automatic Content Recognition), which smart TV manufacturers use to sell data to advertisers and build user profiles. In this guide, under the title Your Smart TV Is Watching You: A Guide to Disabling ACR, we will explore how this tracking technology works, how to disable this feature from your TV’s interface, and why it’s not entirely sufficient, along with network-level solutions.
What is ACR (Automatic Content Recognition) and How Does It Work?
ACR, or Automatic Content Recognition, is a technology that dynamically identifies any visual and auditory content playing on your TV. This technology doesn’t care about the source of the on-screen image; it works regardless of whether the content is from an internal app, Netflix, a game console, a satellite receiver, or an HDMI source. The system captures real-time acoustic and visual “fingerprints” of the pixels on the screen or the audio coming from the speakers.
These fingerprints are compared within milliseconds against a massive database on the manufacturer’s cloud servers. If a match is found, your TV knows exactly what show you’re watching, how long you’ve had a particular advertisement on screen, or which game you’re playing. The data collected is then sold directly to targeted advertising companies and used to send ads to your other devices (phone, tablet, computer) based on your interests.
graph TD;
A["Screen Capture / Audio Input"] --> B["Real-time Fingerprint Generation"]
B --> C["Sending to Manufacturer Servers via HTTPS Protocol"]
C --> D{"Match in Cloud Database?"}
D -- "Yes" --> E["Content and Ad Profiling (User Data Sales)"]
D -- "No" --> F["Anonymized Data Storage"]
This process constantly engages the TV’s processor and network bandwidth. You typically consent to this feature in user agreements, often written in small print under headings like “Interactive Services” or “Viewing Information.” However, it is entirely up to you to revoke this consent later and stop this data flow.
How to Disable ACR on Smart TVs? (Brand-Specific Steps)
Every TV manufacturer hides the ACR feature behind different marketing names. Some call it “Samba TV,” others “Live Plus,” and some directly label it “Viewing History.” Below, I’ve outlined step-by-step how to find and disable these settings on the three major TV operating systems most commonly used in the market.
Samsung (Tizen OS)
On Samsung TVs, ACR and similar tracking systems are generally found under “Internet-Based Advertising” and “Viewing Information Services.”
- Press the Settings button on your remote.
- Follow the steps: All Settings > General & Privacy.
- Click on Terms & Privacy.
- Open the Privacy Choice menu.
- Here, uncheck the options for Viewing Information Services and Interest-Based Advertising.
LG (webOS)
On LG TVs, this technology is directly called “Live Plus” and comes enabled by default.
- Press the gear icon on your remote to open the All Settings menu.
- Go to the General tab.
- Select System and then Additional Settings.
- Find the Live Plus option and turn it off.
- Additionally, go to User Agreements under the same menu and revoke your consent for “Viewing Information” and “Personalized Ads.”
Sony and TCL (Android TV / Google TV)
On Android-based TVs, ACR is often managed by a third-party service called “Samba TV.” Even if you didn’t accept it during the initial setup, system updates might have activated it.
- Open the Settings menu.
- Go to Device Preferences or directly to the System tab.
- Find the Samba Interactive TV option.
- Disable this option and cancel the service agreement.
- Additionally, under Privacy > Usage & Diagnostics, turn off data sending.
Why Disabling ACR Alone Isn’t Enough
Disabling the ACR setting from the TV’s interface only stops the analysis of on-screen pixels and the sending of fingerprints. However, the TV’s operating system continues to communicate with the outside world and send other telemetry data. This is due to the device’s fundamental network behaviors.
- App Telemetry: Information like when you open apps such as Netflix, YouTube, or Prime Video, how long you stay active, and which categories you browse is still sent to the respective app servers.
- Network Discovery Protocols (mDNS/SSDP): Smart TVs constantly scan your local network for other devices (phones, smart bulbs, NAS devices). This scan data is sent to the manufacturer to build a profile of your household.
- DNS Bypass (DoH/DoT): Some modern smart TVs ignore the DNS server you’ve defined on your local network and directly send encrypted DNS (DNS over HTTPS) requests to public DNS servers like Google (
8.8.8.8) or Cloudflare (1.1.1.1). This allows them to bypass your local filtering mechanisms.
Therefore, if we want to achieve true privacy, we need to restrict the TV’s scope of action on the network. We cannot simply rely on the manufacturer’s mercy by pressing a button on the device.
Network-Level Blocking: DNS and Pi-hole / AdGuard Home
The cleanest way to block telemetry and advertising requests that the TV intends to send to the outside world, before they even leave your network, is to use a local DNS server (DNS sinkhole). If you have Pi-hole or AdGuard Home running in your home, you can blacklist the domain names that the TV attempts to access for advertising and tracking.
Below, I’ve listed some critical domain names used by popular TV brands for telemetry and ACR. By blocking these domains on your DNS server, you can stop the traffic.
| Brand | Critical Domains to Block (Wildcard) |
|---|---|
| Samsung | *.samsungqbe.com, *.samsungotn.net, *.samsungrm.net, *.samsungcloudplatform.com |
| LG | *.lgtvcommon.com, *.yumenetworks.com, *.ad.lgappstv.com, *.rdl.lgtvcommon.com |
| Sony / Android | *.samba.tv, *.tvinteractive.tv, *.scribe.reidi.net, *.telemetry.api |
If you use AdGuard Home or Pi-hole, you can make these blockages more dynamic by writing regex (regular expression) rules. For example, to block Samsung telemetry servers collectively, you can define the following regex rule:
||samsungqbe.com^
||samsungotn.net^
||samsungrm.net^However, to solve the “DNS Bypass” issue mentioned earlier, you need to redirect port 53 (DNS) to your local DNS server on your modem or firewall device and block outgoing requests to external DNS servers.
Advanced Measures: VLAN Segmentation and Firewall Rules
If you use a managed switch or an advanced firewall (like OPNsense, pfSense, or Ubiquiti) in your home network, you should completely isolate your smart TV from your main network. Smart TVs are the weakest link for infiltrating local network devices or collecting data.
I place all my IoT (Internet of Things) devices and smart TVs in a separate VLAN (e.g., VLAN 50). I completely block access from this VLAN to devices on my main network (VLAN 10 - Personal computers and phones) using firewall rules.
graph LR; A["Personal Network (VLAN 10)"] -->|Access Allowed| B["Internet Gateway"] C["IoT & Smart TV (VLAN 50)"] -->|Internet Only (Restricted)| B C -- "BLOCKED" --> A
After implementing this segmentation, defining the following rules on your firewall will significantly enhance security:
- Local Network Block: Block all traffic from VLAN 50 to VLAN 10 (Drop all RFC1918 traffic).
- DNS Enforcement: Allow the TV to access only your designated local DNS IP (e.g., Pi-hole on VLAN 10) on port 53. Block all other DNS requests.
- DoH / DoT Blocking: Completely disable port 853 (DNS over TLS) and block traffic to known public DoH IP addresses.
This way, your TV can still connect to the internet and play Netflix or YouTube, but it cannot scan your local network devices or bypass your local DNS filters.
Alternative Solutions for Smart TV Security: Dumb TV and External Devices
If you don’t want to deal with the network configurations described above, or if you want to be absolutely sure your TV isn’t tracking you, you should consider more radical but definitive solutions.
1. Completely Disconnecting the TV’s Internet Connection (Dumb TV)
The most secure smart TV is one that is not connected to the internet. Make the device forget its Wi-Fi password or unplug the Ethernet cable from the back. Use the TV solely as a “monitor” (Dumb TV). Transfer your content via an external device that you have complete control over.
2. Using an External Media Player
After disconnecting the TV from the internet, you can connect an external device like an Apple TV, Nvidia Shield, or a media center running on a Raspberry Pi (LibreELEC/Kodi) to its HDMI port.
- Apple TV: It has much stricter privacy policies compared to TV manufacturers. It does not host any background services that perform pixel analysis similar to ACR.
- Apple TV / Android Box Advantages: Their processors are significantly more powerful than the built-in processors of TVs, making their interfaces much smoother, and your device won’t slow down with system updates.
With this method, your smart TV becomes a dumb panel that simply displays the HDMI signal it receives. You can safely run all your streaming applications through an external device.
Conclusion
Smart TVs are one of the largest data collection tools entering our homes, directly monitoring our living spaces. ACR technology is a system that is activated with user consent (or often hidden behind complex agreements) and converts our viewing habits into commercial profit.
Going into your TV’s privacy settings to disable these features is the first and easiest step. However, to achieve complete protection, using local DNS filters, isolating the device on a separate VLAN network, or completely cutting off its internet connection and switching to an external media player are the most permanent solutions.
In the next post, I will detail how to capture and analyze DNS over HTTPS (DoH) traffic at the firewall level in home networks.