I don't think the roku device itself does this, but with 750+ public channels in the channel store, and who knows how many thousands of private channels not in the channel store, I would guess a fourth to half of those will collect information that links directly to you personally and they sell that.

"destruk" wrote:
I don't think the roku device itself does this, but with 750+ public channels in the channel store, and who knows how many thousands of private channels not in the channel store, I would guess a fourth to half of those will collect information that links directly to you personally and they sell that.

But how would they (the channels) know it's "you," when you're streaming, unless you have to register for the channel (and give them your Roku serial#), or Roku gives it to them (makes it available) when you view a given stream?

Geolocation code on the server side that tracks to your address for your ISP? You said you know how it works, as you work in the field. Anyone who makes a channel, public or private, has access to the roku serial number to send anywhere they like. As the pkg files uploaded to the channel store are encrypted in some form, you'd have to get those, decrypt them, and scan each line of code to make sure they aren't doing what you don't want them to do. As that isn't possible, why worry about it again? You also have no access to the internal roku registry, the roku ebsite database for your roku account, or the backend servers of all these channels you installed, registered, or simply looked at. As soon as you pull the first file from an outside source they have the server logs that your device requested said resource with a date and timestamp, as well as any information associated with the transfer that got sent along, each and every time, in addition to any other backend routines that are triggered by the request.

IP address location data can include information such as country, region, city, postal/zip code., latitude, longitude and timezone. Deeper data sets can determine other parameters such as domain name, connection speed, ISP, language, proxies, company name, US DMA/MSA, NAICS codes, and home/business.

So enlighten us, just what data do you collect and how do you collect it in your job?

"destruk" wrote:
Geolocation code on the server side that tracks to your address for your ISP?

OK, so you have my WAN IP address. You know the the location of my ISP's router from where my service originates. But you still don't know to whom that WAN IP is assigned, unless you get it from my ISP. And they ain't giving that away without a court order. Either that, or they will know the fury of my legal team!

"destruk" wrote:
You said you know how it works, as you work in the field.

I know how it works "in general." It's impossible to know *everything"... or what data a specific company collects or how they do it. I know what having a given set of data means to a company that's looking to use it to enhance their business model and predict their future direction. I know the value of any data that's track-able to an individual identity. And the listening/viewing habits of individuals is a gold mine to people who want to target those individuals directly (read: SPAM), and/or to other entities who get to make financial, legal, employment and/or other decisions, regarding that individual. Until the advent of sites like Netflix, Amazon, etc., and devices like the Roku, it was difficult if not impossible to collect this data. Now, it's a slam dunk. But, at what cost? The cost is the individual's "right to privacy." It's none of anyone's business what an individual watches ("legally," of course). But, I'm sure the content providers and potential buyers/users of this data see that differently.

"destruk" wrote:
Anyone who makes a channel, public or private, has access to the roku serial number to send anywhere they like.

But, do they also have access to the Roku "user account info." linked to that serial # (i.e. Name, address, Phone, e-mail, etc.)? If not, then like my ISP, all they have is a serial#, the content that was selected/viewed, and the date and time. That may be valuable for "improved content/programming" efforts. But if the channel (or other entity) can also collect the name, address, phone, email, etc. of the person linked to that serial # as well, the value of that data increases geometrically! Now they can sell it "target marketing" firms, financial services, credit bureaus, govt./LE agencies, etc. etc., and at top dollar!

"destruk" wrote:
As the pkg files uploaded to the channel store are encrypted in some form, you'd have to get those, decrypt them, and scan each line of code to make sure they aren't doing what you don't want them to do. As that isn't possible, why worry about it again?

Because if they *are* doing it, then it's a violation of the individual's right to privacy! Practically, can an individual enforce that right? Probably not. But they can do their best to *not* generate any data for collection by not using the service. I just simply wanted to know if Roku was allowing access to that information is all. At least, you've told me the serial # is available. That's no worse than having my WAN IP exposed, as long as my name, address, phone, email etc. aren't available with it.

"destruk" wrote:
You also have no access to the internal roku registry, the roku ebsite database for your roku account, or the backend servers of all these channels you installed, registered, or simply looked at. As soon as you pull the first file from an outside source they have the server logs that your device requested said resource with a date and timestamp, as well as any information associated with the transfer that got sent along, each and every time, in addition to any other backend routines that are triggered by the request.

I don't need access to it. I'm not the one collecting the data. I just want to know who (beyond Roku) *does* have access to my Roku user account info, and are they collecting it along with what content choices I make.

"destruk" wrote:
IP address location data can include information such as country, region, city, postal/zip code., latitude, longitude and timezone. Deeper data sets can determine other parameters such as domain name, connection speed, ISP, language, proxies, company name, US DMA/MSA, NAICS codes, and home/business.

But none of that can resolve to an individual's identity (Name, Street Address, Phone Number, email, birth date, SS# etc.). Well... maybe LAT/LON can correlate to a street address, if it's sufficiently well defined. It also helps if the the individual has "published" telephone numbers or gave that info. to a company that sold it to a credit bureau. Then their info can be on several "People finder" or "White Pages" websites.

"destruk" wrote:
So enlighten us, just what data do you collect and how do you collect it in your job?

I'll be glad to tell you what I can (a lot of it is "client confidential") if we can take this discussion offline. It's starting to go off-topic.

Again, all I want to know is, "does Roku" make an individual's account info. accessible to channel providers or other entities, along with serial # and streams viewed?"

Yeah if it's confidential for you to disclose, then it is probably confidential for anyone else to disclose you think? Again, why do you care and how can you sue without proof? Nobody. Waste of time to concern yourself with such things.
So again, don't use roku, don't use the internet, if it bothers you.

"destruk" wrote:
So again, don't use roku, don't use the internet, if it bothers you.

It really isn't that drastic a deal, OK? Like many other things in life, it's a "risk/benefit" calculation. All I was trying to do by asking the question (still unanswered) is gain a bit more information to do that calculation.

Since no one seems to want to answer the question, I'll have to assume it's a "Yes," and plan my viewing (and make recommendations to my clients) accordingly. Yes, there may now be things I won't watch or channels I won't add/subscribe because of that issue. But, for me personally, it's not that much of a deal that I would dump my Roku now. If it were, I never would have bought it in the first place. My inquiry is more for my own business clients who may be interested in the service. I have to give them all the risks/benefits of it so they can make an informed calculation/decision. Otherwise, they might be able to sue me! 😄

"zm3sichi" wrote:
Since no one seems to want to answer the question, I'll have to assume it's a "Yes," and plan my viewing (and make recommendations to my clients) accordingly. Yes, there may now be things I won't watch or channels I won't add/subscribe because of that issue. But, for me personally, it's not that much of a deal that I would dump my Roku now. If it were, I never would have bought it in the first place. My inquiry is more for my own business clients who may be interested in the service. I have to give them all the risks/benefits of it so they can make an informed calculation/decision. Otherwise, they might be able to sue me!

You might want to read the Privacy Policy (http://www.roku.com/about/privacy). It has a whole section on how they use information that they collect.

"does Roku" make an individual's account info. accessible to channel providers or other entities, along with serial # and streams viewed?"

Please don't assume what the answer is just because nobody has had the time to get back to you yet with an answer.

Please see our Privacy Policy:
http://www.roku.com/about/privacy

Outside of the partner or "affiliate" types described in and who would be bound by our privacy policy, my understanding is we do not share that information.

The serial number and number of streams viewed is of course available to channel developers, since you are streaming data from their servers (not ours), they can tell much easier than we can which device watched which stream by looking at their server logs.

They cannot easily correlate that with who you are unless you give them your personal information, or they obtain that information from another source, for example, a developer with whom you *have* shared your information could potentially sell that information, so if you are concerned, read their privacy policy before you share information that you don't want passed around.

Just for reference, here is what a Roku Player looks like to the servers it connects to, I've sanitized it by changing the ip, serial number and the web address:

11.128.95.22 - - [31/Aug/2012:09:06:03 -0700] "GET /open/data.txt HTTP/1.1" 404 89 "-" "Roku/DVP-4.8 (024.<roku serial number>)" "www.myserver.com"

- Joel

"TheEndless" wrote:

You might want to read the Privacy Policy (http://www.roku.com/about/privacy). It has a whole section on how they use information that they collect.

Thank you. I appreciate your pointing me there. I admit I did not do my "due diligence" and read it before asking the question. I guess I've been conditioned, over the years, not to bother with them. IME, "privacy policies" have been more about what the firm's lawyers want said "officially" to limit the company's legal liability, rather than what they actually do (Think "Google" and what kinds of trouble they're getting into, now, worldwide). I have, therefore, tended not to give them much credence, as a result. At least this policy does disclose what the device captures/collects, and I can advise my business clients accordingly.

I apologize if I wasted too much bandwidth on this. I will waste no more.