Your Smart TV Is Watching You: A Guide to Disabling ACR

While examining my smart TV's network traffic with Wireshark, I noticed constant HTTPS requests going to external servers in the background, even though I wasn't touching the remote. The TV was merely playing content from a computer connected to its HDMI port; no internal streaming apps or satellite broadcasts were active. Despite this, I saw the device analyzing the pixels on the screen and sharing data with external servers.

The underlying technology behind this is ACR (Automatic Content Recognition), which smart TV manufacturers use to sell data to advertisers and build user profiles. In this guide, under the title Your Smart TV Is Watching You: A Guide to Disabling ACR, we will explore how this tracking technology works, how to disable this feature from your TV's interface, and why it's not entirely sufficient, along with network-level solutions.

What is ACR (Automatic Content Recognition) and How Does It Work?

ACR, or Automatic Content Recognition, is a technology that dynamically identifies any visual and auditory content playing on your TV. This technology doesn't care about the source of the on-screen image; it works regardless of whether the content is from an internal app, Netflix, a game console, a satellite receiver, or an HDMI source. The system captures real-time acoustic and visual "fingerprints" of the pixels on the screen or the audio coming from the speakers.

These fingerprints are compared within milliseconds against a massive database on the manufacturer's cloud servers. If a match is found, your TV knows exactly what show you're watching, how long you've had a particular advertisement on screen, or which game you're playing. The data collected is then sold directly to targeted advertising companies and used to send ads to your other devices (phone, tablet, computer) based on your interests.

This process constantly engages the TV's processor and network bandwidth. You typically consent to this feature in user agreements, often written in small print under headings like "Interactive Services" or "Viewing Information." However, it is entirely up to you to revoke this consent later and stop this data flow.

How to Disable ACR on Smart TVs? (Brand-Specific Steps)

Every TV manufacturer hides the ACR feature behind different marketing names. Some call it "Samba TV," others "Live Plus," and some directly label it "Viewing History." Below, I've outlined step-by-step how to find and disable these settings on the three major TV operating systems most commonly used in the market.

Samsung (Tizen OS)

On Samsung TVs, ACR and similar tracking systems are generally found under "Internet-Based Advertising" and "Viewing Information Services."

1. Press the Settings button on your remote.
2. Follow the steps: All Settings > General & Privacy.
3. Click on Terms & Privacy.
4. Open the Privacy Choice menu.
5. Here, uncheck the options for Viewing Information Services and Interest-Based Advertising.

LG (webOS)

On LG TVs, this technology is directly called "Live Plus" and comes enabled by default.

1. Press the gear icon on your remote to open the All Settings menu.
2. Go to the General tab.
3. Select System and then Additional Settings.
4. Find the Live Plus option and turn it off.
5. Additionally, go to User Agreements under the same menu and revoke your consent for "Viewing Information" and "Personalized Ads."

Sony and TCL (Android TV / Google TV)

On Android-based TVs, ACR is often managed by a third-party service called "Samba TV." Even if you didn't accept it during the initial setup, system updates might have activated it.

1. Open the Settings menu.
2. Go to Device Preferences or directly to the System tab.
3. Find the Samba Interactive TV option.
4. Disable this option and cancel the service agreement.
5. Additionally, under Privacy > Usage & Diagnostics, turn off data sending.

⚠️ Beware of Software Updates

A major system update (firmware update) on your TV might reset previously disabled privacy settings or present a new user agreement, asking for your consent again. I strongly recommend checking these menus after any update.

Why Disabling ACR Alone Isn't Enough

Disabling the ACR setting from the TV's interface only stops the analysis of on-screen pixels and the sending of fingerprints. However, the TV's operating system continues to communicate with the outside world and send other telemetry data. This is due to the device's fundamental network behaviors.

• App Telemetry: Information like when you open apps such as Netflix, YouTube, or Prime Video, how long you stay active, and which categories you browse is still sent to the respective app servers.
• Network Discovery Protocols (mDNS/SSDP): Smart TVs constantly scan your local network for other devices (phones, smart bulbs, NAS devices). This scan data is sent to the manufacturer to build a profile of your household.
• DNS Bypass (DoH/DoT): Some modern smart TVs ignore the DNS server you've defined on your local network and directly send encrypted DNS (DNS over HTTPS) requests to public DNS servers like Google (8.8.8.8) or Cloudflare (1.1.1.1). This allows them to bypass your local filtering mechanisms.

Therefore, if we want to achieve true privacy, we need to restrict the TV's scope of action on the network. We cannot simply rely on the manufacturer's mercy by pressing a button on the device.

Network-Level Blocking: DNS and Pi-hole / AdGuard Home

The cleanest way to block telemetry and advertising requests that the TV intends to send to the outside world, before they even leave your network, is to use a local DNS server (DNS sinkhole). If you have Pi-hole or AdGuard Home running in your home, you can blacklist the domain names that the TV attempts to access for advertising and tracking.

Below, I've listed some critical domain names used by popular TV brands for telemetry and ACR. By blocking these domains on your DNS server, you can stop the traffic.

Brand	Critical Domains to Block (Wildcard)
Samsung	*.samsungqbe.com, *.samsungotn.net, *.samsungrm.net, *.samsungcloudplatform.com
LG	*.lgtvcommon.com, *.yumenetworks.com, *.ad.lgappstv.com, *.rdl.lgtvcommon.com
Sony / Android	*.samba.tv, *.tvinteractive.tv, *.scribe.reidi.net, *.telemetry.api

If you use AdGuard Home or Pi-hole, you can make these blockages more dynamic by writing regex (regular expression) rules. For example, to block Samsung telemetry servers collectively, you can define the following regex rule:

||samsungqbe.com^
||samsungotn.net^
||samsungrm.net^

However, to solve the "DNS Bypass" issue mentioned earlier, you need to redirect port 53 (DNS) to your local DNS server on your modem or firewall device and block outgoing requests to external DNS servers.

Advanced Measures: VLAN Segmentation and Firewall Rules

If you use a managed switch or an advanced firewall (like OPNsense, pfSense, or Ubiquiti) in your home network, you should completely isolate your smart TV from your main network. Smart TVs are the weakest link for infiltrating local network devices or collecting data.

I place all my IoT (Internet of Things) devices and smart TVs in a separate VLAN (e.g., VLAN 50). I completely block access from this VLAN to devices on my main network (VLAN 10 - Personal computers and phones) using firewall rules.

After implementing this segmentation, defining the following rules on your firewall will significantly enhance security:

1. Local Network Block: Block all traffic from VLAN 50 to VLAN 10 (Drop all RFC1918 traffic).
2. DNS Enforcement: Allow the TV to access only your designated local DNS IP (e.g., Pi-hole on VLAN 10) on port 53. Block all other DNS requests.
3. DoH / DoT Blocking: Completely disable port 853 (DNS over TLS) and block traffic to known public DoH IP addresses.

This way, your TV can still connect to the internet and play Netflix or YouTube, but it cannot scan your local network devices or bypass your local DNS filters.

Alternative Solutions for Smart TV Security: Dumb TV and External Devices

If you don't want to deal with the network configurations described above, or if you want to be absolutely sure your TV isn't tracking you, you should consider more radical but definitive solutions.

1. Completely Disconnecting the TV's Internet Connection (Dumb TV)

The most secure smart TV is one that is not connected to the internet. Make the device forget its Wi-Fi password or unplug the Ethernet cable from the back. Use the TV solely as a "monitor" (Dumb TV). Transfer your content via an external device that you have complete control over.

2. Using an External Media Player

After disconnecting the TV from the internet, you can connect an external device like an Apple TV, Nvidia Shield, or a media center running on a Raspberry Pi (LibreELEC/Kodi) to its HDMI port.

• Apple TV: It has much stricter privacy policies compared to TV manufacturers. It does not host any background services that perform pixel analysis similar to ACR.
• Apple TV / Android Box Advantages: Their processors are significantly more powerful than the built-in processors of TVs, making their interfaces much smoother, and your device won't slow down with system updates.

With this method, your smart TV becomes a dumb panel that simply displays the HDMI signal it receives. You can safely run all your streaming applications through an external device.

Conclusion

Smart TVs are one of the largest data collection tools entering our homes, directly monitoring our living spaces. ACR technology is a system that is activated with user consent (or often hidden behind complex agreements) and converts our viewing habits into commercial profit.

Going into your TV's privacy settings to disable these features is the first and easiest step. However, to achieve complete protection, using local DNS filters, isolating the device on a separate VLAN network, or completely cutting off its internet connection and switching to an external media player are the most permanent solutions.

In the next post, I will detail how to capture and analyze DNS over HTTPS (DoH) traffic at the firewall level in home networks.

Comments

[𝕋𝕙𝕖 𝕃𝕒𝕫𝕪 𝔾𝕚𝕣𝕝]

Great guide. A lot of people don't realize that Automatic Content Recognition (ACR) isn't just tracking what they watch through built-in apps—it can often identify content from HDMI devices, game consoles, and even broadcast TV. Disabling ACR is one of the easiest privacy wins for smart TV owners. It would also be worth mentioning that users can go a step further by blocking internet access for the TV at the router or using an external streaming device if they don't rely on the TV's smart features. Privacy is all about reducing unnecessary data collection, and articles like this help raise awareness. Nice work!

[Mustafa ERBAY]

Aww, thank you! 😊 I’m really glad you enjoyed it. You’re absolutely right—turning the TV into a “dumb display” with an external device is still one of my favorite privacy tricks. 😄

And now you’ve given me even more motivation to finish the next article about blocking DoH/DoT at the firewall level. Hope you’ll stop by for that one too. 😉

[𝕋𝕙𝕖 𝕃𝕒𝕫𝕪 𝔾𝕚𝕣𝕝]

Promise :D