This TV probably wasn’t spying on you.
I run a local resolver in my house and I’ve previously written about using it, together with a response policy zone, to block Windows 10 computers’ attempts to connect to Microsoft’s telemetry servers. I’ve added these lines to the zone in an effort to stop my telly connecting to the more suspicious-sounding domains:
log-ingestion-eu.samsungacr.com CNAME . devicelog.samsungcloudsolution.net CNAME . prderrordumpssm.samsungcloudsolution.net CNAME .
I’m being selective because I still want to use the ‘smart’ features of the set—I still want to watch Netflix and YouTube on it, for example. There’s more work to be done as can be seen from this list of domain lookup attempts by my TV in a period of five days. The Samsumg ones are the most interesting; some are obviously needed for the normal function of the TV’s smart features, but others might be blockable without disturbing them. If you find any that I haven’t listed, or know anything more about them, please leave a comment!
17688 log-ingestion-eu.samsungacr.com
2291 pool.ntp.org
2285 www.worldtime.com
2283 wwp.greenwichmeantime.com
1271 time.samsungcloudsolution.com
794 ns11.whois.co.kr
726 api-global.netflix.com
293 Coordinator-TA30-PROD-1091987395.eu-west-1.elb.amazonaws.com
247 secure.netflix.com
226 acr0.samsungcloudsolution.com
220 upu.samsungelectronics.com
203 appboot.netflix.com
185 nrdp.nccp.netflix.com
180 dpu.samsungelectronics.com
177 d1oxlq5h9kq8q5.cloudfront.net
161 lcprd2.samsungcloudsolution.net
139 osb-apps.samsungqbe.com
139 kpu.samsungelectronics.com
121 ichnaea.netflix.com
112 art-1.nflximg.net
97 art-0.nflximg.net
86 art-2.nflximg.net
67 cdn.samsungcloudsolution.com
63 www.samsungotn.net
59 noticecdn.samsungcloudsolution.com
57 googleads.g.doubleclick.net
53 www.samsungrm.net
46 ads.samsungads.com
43 notice.samsungcloudsolution.com
42 lcprd1.samsungcloudsolution.net
30 osb.samsungqbe.com
29 d38cmiae9b0e22.cloudfront.net
28 www.google.com
24 go.microsoft.com
22 multiscreen.samsung.com
22 config.samsungads.com
21 otn.samsungcloudcdn.com
21 cdn-0.nflximg.com
16 secureclock.playready.microsoft.com
14 oempprd.samsungcloudsolution.com
14 ipv6.connman.net
12 configprd.samsungcloudsolution.net
11 log-config.samsungacr.com
11 d3mjsomixevyw7.cloudfront.net
8 youtubei.youtube.com
8 www.youtube-nocookie.com
8 www.youtube.com
8 www.yahoo.com
8 www.google-analytics.com
8 tv.scdn.co
8 i.ytimg.com
8 ipv4.connman.net
8 gpm.samsungqbe.com
7 otnprd8.samsungcloudsolution.net
7 otnprd11.samsungcloudsolution.net
6 sas.samsungcloudsolution.com
Undertheradar
Ran across this because I got to looking at my chatty Samsung TV. WOW! Talk about spying on us!!! The TV keeps sending stuff to “log-ingestion”. Also I noticed that apps NOT BEING USED are checking in frequently (such as to Amazon…really??? I can only think profiling what I watch to figure out what I might want to buy)
These marketing folks are becoming more invasive every day. What I do and what I watch is MY BUSINESS!
I’m setting up selective blocking as well.
Thanks for your list. Here is partial of mine when I’m watching Pluto (DNS lookups removed to reduce noise):
2 6 21:49:49 Samsung TV (172.2.1.105) 34.225.153.50 (log-ingestion.samsungacr.com) HTTPS 3.23 KB / 6.13 KB close
4 6 21:49:41 Samsung TV (172.2.1.105) 34.204.239.34 (log-ingestion.samsungacr.com) HTTPS 2.14 KB / 5.97 KB close
5 6 21:48:49 Samsung TV (172.2.1.105) 52.44.210.24 (log-ingestion.samsungacr.com) HTTPS 3.23 KB / 6.13 KB close
8 6 21:48:31 Samsung TV (172.2.1.105) 34.205.103.15 (t.pluto.tv) HTTPS 645 B / 496 B close
9 6 21:48:16 Samsung TV (172.2.1.105) 34.205.103.15 (t.pluto.tv) HTTPS 928 B / 5.55 KB close
12 6 21:47:49 Samsung TV (172.2.1.105) 34.197.38.22 (log-ingestion.samsungacr.com) HTTPS 3.27 KB / 6.18 KB close
15 6 21:47:28 Samsung TV (172.2.1.105) 13.33.252.62 (silo.pluto.tv) HTTPS 645.98 KB / 29.10 MB close
16 6 21:47:06 Samsung TV (172.2.1.105) 35.169.131.5 (stitcher.pluto.tv) HTTPS 652 B / 496 B close
17 6 21:47:06 Samsung TV (172.2.1.105) 35.169.131.5 (stitcher.pluto.tv) HTTPS 935 B / 5.55 KB close
20 6 21:46:49 Samsung TV (172.2.1.105) 52.45.232.13 (log-ingestion.samsungacr.com) HTTPS 3.85 KB / 7.49 KB close
22 6 21:45:52 Samsung TV (172.2.1.105) 54.85.74.14 (log-ingestion.samsungacr.com) HTTPS 3.27 KB / 6.18 KB close
24 6 21:45:31 Samsung TV (172.2.1.105) 34.197.56.101 (t.pluto.tv) HTTPS 928 B / 5.55 KB close
29 6 21:44:48 Samsung TV (172.2.1.105) 52.22.134.185 (log-ingestion.samsungacr.com) HTTPS 3.32 KB / 6.25 KB close
31 6 21:44:40 Samsung TV (172.2.1.105) 52.22.220.25 (log-ingestion.samsungacr.com) HTTPS 2.10 KB / 5.97 KB close
35 6 21:44:09 Samsung TV (172.2.1.105) 52.50.124.229 (lcprd1.samsungcloudsolution.net) HTTPS 2.70 KB / 2.57 KB close
40 3 21:43:51 Samsung TV (172.2.1.105) 172.217.12.14 (smartlock.google.com) HTTPS 2.08 KB / 1.57 KB close
41 6 21:43:48 Samsung TV (172.2.1.105) 34.194.142.54 (log-ingestion.samsungacr.com) HTTPS 3.92 KB / 7.42 KB close
43 6 21:43:20 Samsung TV (172.2.1.105) 34.205.103.15 (t.pluto.tv) HTTPS 1.97 KB / 5.97 KB close
44 6 21:43:17 Samsung TV (172.2.1.105) 52.3.161.174 (k.pluto.tv) HTTPS 1.91 KB / 5.97 KB close
48 6 21:42:48 Samsung TV (172.2.1.105) 34.230.166.162 (log-ingestion.samsungacr.com) HTTPS 3.92 KB / 6.43 KB close
bs870
Since Samsung’s Smart TV’s started to show ads and automatically install the even more hated McAfee, I decided to accept the fight. The standard router I use at home is not very useful, however it allows me to add dns-entries and guide those requests to a non existing address.
The firewall at my work however is very good at showing which traffic the Samsung tv generates, and indeed: That’s a lot. The set of DNS-rules do help, but it also seems to connect to a bunch of IP-addresses directly using TCP port 5223. So I blocked that too.
The best way is probably to disconnect the tv from the internet and use another solution for the apps. Another workaround may be to block all traffic, and start allowing specific traffic.