Roku Streaming Sticks

Warning: *privacy not included with this product

Roku Streaming Sticks

Roku
Wi-Fi Bluetooth

Review date: Nov. 9, 2022

|
|

Mozilla says

|
People voted: Super creepy

Roku is the streaming TV device company that focuses solely on streaming TV. From streaming sticks to connected soundbars to their Roku TVs, they give you lots of "channels" in their app store--everything from standards like Netflix and Hulu, to YuppTV for those can't miss south Asian channels and FunimationNow for the anime lovers. News, weather, sports, classic cartoons, Bollywood HD and Pokémon TV. Roku has something for everyone. They also collect lots of data so they can target ads for everyone too.

What could happen if something goes wrong?

Roku is like the nosy, gossipy neighbor of connected devices. They track just about everything they can. And share the data with lots and lots of advertisers, channel providers, business affiliates, and more. Roku’s privacy policy says they collect everything from your name, email address, postal address, telephone number, birth date, demographic information, location, device and usage information, and lots and lots of data about what you watch, when you watch it, how long you watch it for. Shoot, Roku also says they can collect audio information when you use the voice-enabled features, and information about your photos, videos, and music files if you use their Roku Media Players to listen or view such things.

Roku likes to know as much about you as they can, but it doesn't stop there with the data collection. Rolu also says they can combine data from “data providers” -- which feels like a pretty vague term that could likely include anything from advertising companies to data brokers to social media -- with the data they collect on you.

Once Roku has all these gobs of data and personal information collected on you, they say they can share that information with lots of third parties. According to Roku's privacy policy, they share your personal data with advertisers to show you targeted ads and create profiles about you over time and across different services and devices. Roku also gives advertisers detailed data about your interactions with advertisements, your demographic data, and audience segment. Roku shares viewing data with measurement providers who may target you with ads. Roku may share your personal information with third parties for their own marketing purposes.

Roku’s data sharing is vast, which is, unfortunately, too common in the streaming TV space. Automatic Content Recognition or ACR is the way Roku and others try to identify every show you watch whether it be streaming, cable, broadcast on an antenna, or even the DVDs you watch. They collect all this data to target you with new shows, and allow you to be targeted with lots of ads from lots of places. It’s a lot of data collection and you should opt out. Note when you opt out of ACR, a Roku spokeswoman said, “Opting out of ACR does not affect collection of information about the use of Roku streaming channels.” So yeah, they’re still collecting data on you, just a little less. Consumer Reports also recommends you take the time to do things like opt out of allowing Roku to access the microphone on your Roku remote control or your mobile device for voice-activated features.

What’s the worst that could happen with Roku? Well, there is this one particularly creepy line in Roku’s privacy policy that says, “Personal information about other people may be collected and used when you use Roku Smart Home devices and services. For instance, your Smart Home Devices may capture videos, images or voice content of other individuals. You are responsible for ensuring compliance with the privacy rights of others when using Roku Smart Home devices.” It would suck to invite your Mom over to watch a movie, get into a conversation with her about your family medical history, have Roku overhear all of that, and then have that conversation exist out on the internet where it could be vulnerable. Not good. But hey, it’s your responsibility to make sure that never happens. Thanks for nothing, Roku.

Tips to protect yourself

  • Turn off ACR (Automatic Content Recognition) on all your Roku devices
  • Turn access to the microphone off on your Roku device.
  • Limit ad shraring in your Roku privacy settings.
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
mobile Privacy warning Security warning A.I.

Can it snoop on me? information

Camera

Device: No

App: No

Microphone

Device: Yes

App: Yes

Tracks location

Device: Yes

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

We ding this product for sharing personal data with third-party advertisers in a way that may be considered a 'sale' under some regulatuions. And for combining personal data with data obtained from data providers including for advertisement.

"In the prior 12 months before the date of this Privacy Policy, we may have shared Identifiers, Protected Classifications, Commercial Information, Electronic Network Activity, Profiles and Inferences, and Professional/Employment Information with business partners to bring you ads that are more relevant and to measure and report on the effectiveness of ad campaigns. Under the CCPA, some of this data sharing may be broadly considered a “sale” of information even though these activities do not fit what most people would understand “sale” to mean. Except for this type of sharing, we do not sell your information."

"We may receive data about you from other sources like data providers and combine it with the data that we collect from you or your use of the Roku Services. Advertisers that show ads through Roku’s advertising services may also provide data about individuals to us to personalize and measure ads through Roku’s advertising services.

We may also receive your personal information from others if they have referred you as described under Part I, Section A(5), above."

"Based on this, in the preceding 12 months, we have “sold” and, subject to your opt-out right described below, may in the future “sell” the following categories of personal information to third parties, including third party advertising networks, social media platforms and other business partners for advertising purposes. Advertising, including targeted advertising, enables us to provide you with certain content for free and to provide you with content and ads that are relevant to you. We do not have actual knowledge that we sell the personal information of minors under 16 years of age."

Roku says they "may receive data about you from other sources like data providers and combine it with the data that we collect from you or your use of the Roku Services. Advertisers that show ads through Roku’s advertising services may also provide data about individuals to us to personalize and measure ads through Roku’s advertising services."

Roku says they share personal information with third parties for broad advertising services
"Advertising Services. We use your information to show you ads (including personalized ads) through the Roku Services, on Third-Party Channels, and on third-party websites, mobile apps, platforms and devices. We use your information to measure and understand the reach, viewership, and effectiveness of advertising, and provide advertising analytics and reporting. We also help advertisers and advertising partners reach the desired audience and understand and improve their ad campaigns. We associate the browsers and devices (such as smartphones, tablets, streaming players, connected TVs, and computers) used by the same individual or household for purposes of advertising to that individual or household on different browsers or devices. This allows, for example, ads you see on your tablet to be based on activities you engaged in on your Roku TV."

"We work with advertising partners to show you ads that we think may interest you for Roku’s products and services on Roku Services and on other companies’ websites, apps, and devices. We also work with advertising partners in order to show you ads from advertisers on Roku Services and on other companies’ websites, apps, and devices. We share information with these advertising partners and our advertisers, and they may set and access their own cookies, pixel tags and similar technologies on the Roku Services and they may otherwise collect or have access to information about you which they collect over time and across different online services and devices."

"We also collect the personal information of other people, for example, if you invite or refer our products or services to families and friends by providing their names or email addresses, if you provide the postal addresses of recipients for gift purchases.

Personal information about other people may be collected and used when you use Roku Smart Home devices and services. For instance, your Smart Home Devices may capture videos, images or voice content of other individuals. You are responsible for ensuring compliance with the privacy rights of others when using Roku Smart Home devices."

How can you control your data?

We ding this product as Roku does not provide a way for all users to delete their data. Only residents of California have the right to have their data deleted.

"If you are a resident of California, you have the right to make the following requests, up to twice every 12 months:

The right to request a copy of the personal information that we have collected about you in the prior 12 months.
The right to request details about the categories of personal information we collect, the categories of sources, the business or commercial purposes for collecting information, and the categories of third parties with which we share information.
The right to request deletion of the personal information that we have collected about you, subject to certain exemptions.
The right to opt-out of sale of your personal information."

What is the company’s known track record of protecting users’ data?

Average

No known incidents in the last 3 years.

Child Privacy Information

No child privacy informaiton was provided in Roku's privacy policy.

Can this product be used offline?

No

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

No

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

No

An independent cybersecurity review into Roku paid for by Mozilla found, "An enumeration of the Roku website’s online resources and various bug bounty programs revealed a lack of an established vulnerability management system." And, "In terms of vulnerability disclosure, Roku appears to lack a dedicated contact for disclosing security vulnerabilities. Generic support is provided via https://support.roku.com/, though no point of contact for security related issues or even a bug bounty program is offered."

Privacy policy

Yes

Does the product use AI? information

Yes

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Roku uses Automatic Content Recognition (ACR) to track what you are watching on TV. They use this information to help advertisers target you more accurately. You can disable this feature, but it is on by default.

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Yes

*privacy not included

Dive Deeper

  • Got a Streaming Device? Change These Settings Right Now
    CNET
  • How to Turn Off Smart TV Snooping Features
    Consumer Reports
  • The FBI just issued a warning about the risks of owning a smart TV — here are its suggestions for protecting your privacy
    Insider
  • A Thumbs Down for Streaming Privacy
    New York Times
  • How to make your smart TV a little dumb (and why you should)
    Mashable
  • Yes, your smart TV is spying on you – Here’s how to stop it
    Komando.com
  • Standard Privacy Report for Roku
    Common Sense
  • Roku leaves rivals in dust – claiming machine learning breakthrough
    ReTHINK
  • Samsung and Roku Smart TVs Vulnerable to Hacking, Consumer Reports Finds
    Consumer Reports
  • Roku is in the ad business, not the hardware business, says CEO
    The Verge
  • Cheatsheet: Roku expects to make $1 billion in revenue this year
    Digiday

Comments

Got a comment? Let us hear it.