Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
zm3sichi
Visitor

Re: Metrics/ Reporting on Views

"destruk" wrote:
But the credit agencies already sell your information, so what more harm can be done? Your employer also sells your information too. The only way to truly be off the grid is to not live in a modern society.
http://redtape.nbcnews.com/_news/2013/0 ... -data?lite

Just do a google search and you'll find thousands of stories and verified articles about how this all works.


I know exactly how it works... As stated, I do it for a living myself (ie. capture/collect data and build warehouses)... 🙂 What I *don't* do, as a matter of "data ethics," is collect P.I.I. (also Google-able :mrgreen: ) and tag it to the data I'm collecting. I always collect "anonymous" or "aggregated" data that can't be tied to an individual identity. Thankfully, no client has ever asked me for that. If they ever do, I may have to decline that particular gig. Wouldn't want to risk damage to my business rep. or even a lawsuit by the client's own customers (equivalent of a HIPPA violation in the medical/dental world).

The "greater harm," depending on your POV, is that now there is (potentially) another "new" set of data that is so much much easier than before to collect, store, and tag to your identity, reliably (thanks to "technology"), and is available to anyone who's willing to pay for it, to "profile" you, for whatever purpose they choose... direct marketing, financial/bank decisions, hiring decisions, even legal/LEO stuff. "You are what you watch/listen to..." It's a gold mine for them, and another "bigger" hit, potentially, on your privacy rights.

So, I ask again... Do the Roku device(s)/software collect the titles of each stream viewed by a user and link it to their account info (or device serial #), and do they make that available to the content providers or other 3rd parties?
0 Kudos
destruk
Binge Watcher

Re: Metrics/ Reporting on Views

I don't think the roku device itself does this, but with 750+ public channels in the channel store, and who knows how many thousands of private channels not in the channel store, I would guess a fourth to half of those will collect information that links directly to you personally and they sell that.
0 Kudos
zm3sichi
Visitor

Re: Metrics/ Reporting on Views

"destruk" wrote:
I don't think the roku device itself does this, but with 750+ public channels in the channel store, and who knows how many thousands of private channels not in the channel store, I would guess a fourth to half of those will collect information that links directly to you personally and they sell that.


But how would they (the channels) know it's "you," when you're streaming, unless you have to register for the channel (and give them your Roku serial#), or Roku gives it to them (makes it available) when you view a given stream?
0 Kudos
destruk
Binge Watcher

Re: Metrics/ Reporting on Views

Geolocation code on the server side that tracks to your address for your ISP? You said you know how it works, as you work in the field. Anyone who makes a channel, public or private, has access to the roku serial number to send anywhere they like. As the pkg files uploaded to the channel store are encrypted in some form, you'd have to get those, decrypt them, and scan each line of code to make sure they aren't doing what you don't want them to do. As that isn't possible, why worry about it again? You also have no access to the internal roku registry, the roku ebsite database for your roku account, or the backend servers of all these channels you installed, registered, or simply looked at. As soon as you pull the first file from an outside source they have the server logs that your device requested said resource with a date and timestamp, as well as any information associated with the transfer that got sent along, each and every time, in addition to any other backend routines that are triggered by the request.

IP address location data can include information such as country, region, city, postal/zip code., latitude, longitude and timezone. Deeper data sets can determine other parameters such as domain name, connection speed, ISP, language, proxies, company name, US DMA/MSA, NAICS codes, and home/business.

So enlighten us, just what data do you collect and how do you collect it in your job?
0 Kudos
zm3sichi
Visitor

Re: Metrics/ Reporting on Views

"destruk" wrote:
Geolocation code on the server side that tracks to your address for your ISP?


OK, so you have my WAN IP address. You know the the location of my ISP's router from where my service originates. But you still don't know to whom that WAN IP is assigned, unless you get it from my ISP. And they ain't giving that away without a court order. Either that, or they will know the fury of my legal team!

"destruk" wrote:
You said you know how it works, as you work in the field.


I know how it works "in general." It's impossible to know *everything"... or what data a specific company collects or how they do it. I know what having a given set of data means to a company that's looking to use it to enhance their business model and predict their future direction. I know the value of any data that's track-able to an individual identity. And the listening/viewing habits of individuals is a gold mine to people who want to target those individuals directly (read: SPAM), and/or to other entities who get to make financial, legal, employment and/or other decisions, regarding that individual. Until the advent of sites like Netflix, Amazon, etc., and devices like the Roku, it was difficult if not impossible to collect this data. Now, it's a slam dunk. But, at what cost? The cost is the individual's "right to privacy." It's none of anyone's business what an individual watches ("legally," of course). But, I'm sure the content providers and potential buyers/users of this data see that differently.

"destruk" wrote:
Anyone who makes a channel, public or private, has access to the roku serial number to send anywhere they like.


But, do they also have access to the Roku "user account info." linked to that serial # (i.e. Name, address, Phone, e-mail, etc.)? If not, then like my ISP, all they have is a serial#, the content that was selected/viewed, and the date and time. That may be valuable for "improved content/programming" efforts. But if the channel (or other entity) can also collect the name, address, phone, email, etc. of the person linked to that serial # as well, the value of that data increases geometrically! Now they can sell it "target marketing" firms, financial services, credit bureaus, govt./LE agencies, etc. etc., and at top dollar!

"destruk" wrote:
As the pkg files uploaded to the channel store are encrypted in some form, you'd have to get those, decrypt them, and scan each line of code to make sure they aren't doing what you don't want them to do. As that isn't possible, why worry about it again?


Because if they *are* doing it, then it's a violation of the individual's right to privacy! Practically, can an individual enforce that right? Probably not. But they can do their best to *not* generate any data for collection by not using the service. I just simply wanted to know if Roku was allowing access to that information is all. At least, you've told me the serial # is available. That's no worse than having my WAN IP exposed, as long as my name, address, phone, email etc. aren't available with it.

"destruk" wrote:
You also have no access to the internal roku registry, the roku ebsite database for your roku account, or the backend servers of all these channels you installed, registered, or simply looked at. As soon as you pull the first file from an outside source they have the server logs that your device requested said resource with a date and timestamp, as well as any information associated with the transfer that got sent along, each and every time, in addition to any other backend routines that are triggered by the request.


I don't need access to it. I'm not the one collecting the data. I just want to know who (beyond Roku) *does* have access to my Roku user account info, and are they collecting it along with what content choices I make.

"destruk" wrote:
IP address location data can include information such as country, region, city, postal/zip code., latitude, longitude and timezone. Deeper data sets can determine other parameters such as domain name, connection speed, ISP, language, proxies, company name, US DMA/MSA, NAICS codes, and home/business.


But none of that can resolve to an individual's identity (Name, Street Address, Phone Number, email, birth date, SS# etc.). Well... maybe LAT/LON can correlate to a street address, if it's sufficiently well defined. It also helps if the the individual has "published" telephone numbers or gave that info. to a company that sold it to a credit bureau. Then their info can be on several "People finder" or "White Pages" websites.

"destruk" wrote:
So enlighten us, just what data do you collect and how do you collect it in your job?


I'll be glad to tell you what I can (a lot of it is "client confidential") if we can take this discussion offline. It's starting to go off-topic.

Again, all I want to know is, "does Roku" make an individual's account info. accessible to channel providers or other entities, along with serial # and streams viewed?"
0 Kudos
destruk
Binge Watcher

Re: Metrics/ Reporting on Views

Yeah if it's confidential for you to disclose, then it is probably confidential for anyone else to disclose you think? Again, why do you care and how can you sue without proof? Nobody. Waste of time to concern yourself with such things.
So again, don't use roku, don't use the internet, if it bothers you.
0 Kudos
zm3sichi
Visitor

Re: Metrics/ Reporting on Views

"destruk" wrote:
So again, don't use roku, don't use the internet, if it bothers you.


It really isn't that drastic a deal, OK? Like many other things in life, it's a "risk/benefit" calculation. All I was trying to do by asking the question (still unanswered) is gain a bit more information to do that calculation.

Since no one seems to want to answer the question, I'll have to assume it's a "Yes," and plan my viewing (and make recommendations to my clients) accordingly. Yes, there may now be things I won't watch or channels I won't add/subscribe because of that issue. But, for me personally, it's not that much of a deal that I would dump my Roku now. If it were, I never would have bought it in the first place. My inquiry is more for my own business clients who may be interested in the service. I have to give them all the risks/benefits of it so they can make an informed calculation/decision. Otherwise, they might be able to sue me! 😄
0 Kudos
TheEndless
Channel Surfer

Re: Metrics/ Reporting on Views

"zm3sichi" wrote:
Since no one seems to want to answer the question, I'll have to assume it's a "Yes," and plan my viewing (and make recommendations to my clients) accordingly. Yes, there may now be things I won't watch or channels I won't add/subscribe because of that issue. But, for me personally, it's not that much of a deal that I would dump my Roku now. If it were, I never would have bought it in the first place. My inquiry is more for my own business clients who may be interested in the service. I have to give them all the risks/benefits of it so they can make an informed calculation/decision. Otherwise, they might be able to sue me!

You might want to read the Privacy Policy (http://www.roku.com/about/privacy). It has a whole section on how they use information that they collect.
My Channels: http://roku.permanence.com - Twitter: @TheEndlessDev
Instant Watch Browser (NetflixIWB), Aquarium Screensaver (AQUARIUM), Clever Clocks Screensaver (CLEVERCLOCKS), iTunes Podcasts (ITPC), My Channels (MYCHANNELS)
0 Kudos
RokuJoel
Binge Watcher

Re: Metrics/ Reporting on Views

"does Roku" make an individual's account info. accessible to channel providers or other entities, along with serial # and streams viewed?"

Please don't assume what the answer is just because nobody has had the time to get back to you yet with an answer.

Please see our Privacy Policy:
http://www.roku.com/about/privacy

Outside of the partner or "affiliate" types described in and who would be bound by our privacy policy, my understanding is we do not share that information.

The serial number and number of streams viewed is of course available to channel developers, since you are streaming data from their servers (not ours), they can tell much easier than we can which device watched which stream by looking at their server logs.

They cannot easily correlate that with who you are unless you give them your personal information, or they obtain that information from another source, for example, a developer with whom you *have* shared your information could potentially sell that information, so if you are concerned, read their privacy policy before you share information that you don't want passed around.

Just for reference, here is what a Roku Player looks like to the servers it connects to, I've sanitized it by changing the ip, serial number and the web address:

11.128.95.22 - - [31/Aug/2012:09:06:03 -0700] "GET /open/data.txt HTTP/1.1" 404 89 "-" "Roku/DVP-4.8 (024.<roku serial number>)" "www.myserver.com"

- Joel
0 Kudos
zm3sichi
Visitor

Re: Metrics/ Reporting on Views

"TheEndless" wrote:

You might want to read the Privacy Policy (http://www.roku.com/about/privacy). It has a whole section on how they use information that they collect.


Thank you. I appreciate your pointing me there. I admit I did not do my "due diligence" and read it before asking the question. I guess I've been conditioned, over the years, not to bother with them. IME, "privacy policies" have been more about what the firm's lawyers want said "officially" to limit the company's legal liability, rather than what they actually do (Think "Google" and what kinds of trouble they're getting into, now, worldwide). I have, therefore, tended not to give them much credence, as a result. At least this policy does disclose what the device captures/collects, and I can advise my business clients accordingly.

I apologize if I wasted too much bandwidth on this. I will waste no more.
0 Kudos