Your smart TV might be watching you more closely than you're watching it. A sweeping legal action by Texas Attorney General Ken Paxton has thrown the smart TV industry into the spotlight, alleging that five major manufacturers—LG, Samsung, Sony, Hisense, and TCL—have been secretly surveilling users through sophisticated tracking technology. Compounding these concerns, LG recently forced an unwanted AI assistant onto users' devices, creating a perfect storm of privacy violations.
What Happened
In December 2025, Texas AG Ken Paxton filed lawsuits against five television manufacturers, accusing them of deploying Automated Content Recognition (ACR) technology to spy on consumers without proper consent. The lawsuit targets industry giants LG, Samsung, Sony, Hisense, and TCL—collectively representing a massive share of the global TV market.
Simultaneously, LG smart TV owners discovered that a recent webOS update silently installed Microsoft Copilot as an unremovable application. The forced installation, which provided no opt-out mechanism, triggered immediate backlash from users concerned about expanding data collection endpoints and unwanted AI integrations on their devices.
Technical Details: How ACR Works
Automated Content Recognition is far more invasive than most consumers realize. According to the Texas AG's office, ACR technology captures screenshots of your TV screen every 500 milliseconds—that's twice per second, continuously monitoring everything displayed on your television.
This granular surveillance doesn't just track what shows you're watching. The technology can potentially capture sensitive on-screen information including passwords, banking data, and personal documents displayed via screen casting from phones or computers. When you cast your phone to your TV to show family photos, review financial statements, or enter credentials, ACR may be silently recording it all.
The captured data flows back to manufacturers' servers, where it's processed and monetized through targeted advertising networks. This creates a continuous data pipeline from your living room to advertising ecosystems—often without meaningful user awareness or consent.
The forced Copilot installation adds another layer of concern. LG's webOS update introduced Microsoft's AI assistant with no removal option, effectively expanding the attack surface of these devices while introducing additional third-party data flows. After significant user backlash, LG stated it would "take steps to allow users to delete the shortcut icon"—though notably, this addresses only the icon, not necessarily the underlying functionality.
Impact Assessment
The scope of this privacy crisis is substantial. The 5 manufacturers named in the Texas lawsuit represent the majority of smart TVs in American homes. If the allegations prove accurate, tens of millions of households have been subject to undisclosed surveillance.
For context on the broader IoT security landscape, Kaspersky ICS-CERT reported 129 confirmed industrial cybersecurity incidents in Q3 2025 alone, highlighting the expanding attack surface of connected devices. Smart TVs, often overlooked in home security planning, represent a significant vulnerability point.
The business model driving these practices is increasingly clear: smart devices are subsidized by ongoing data monetization. That attractively-priced television may cost less upfront precisely because manufacturers expect to recoup value through years of behavioral data collection and targeted advertising revenue.
What You Should Do
Protecting yourself requires proactive steps across multiple fronts:
Disable ACR immediately. Navigate to Settings → General → Privacy on most smart TVs to find ACR controls. The exact location varies by manufacturer—look for options labeled "Viewing Information Services," "Live Plus," or "ACR."
Turn off personalized advertising. This setting is typically found in the same privacy menu and limits how your viewing data feeds advertising profiles.
Consider network isolation. For technically inclined users, placing your smart TV on a separate VLAN restricts its ability to communicate with other devices on your home network and allows more granular traffic monitoring.
Use external streaming devices. Devices like Apple TV or Roku, while not perfect, often provide more transparent privacy controls than built-in smart TV platforms. Running them on isolated network segments adds another layer of protection.
The nuclear option: disconnect entirely. If privacy is paramount, disconnecting your smart TV from the internet and using it purely as a display eliminates most data collection vectors—though you'll lose streaming functionality.
Audit installed applications. Review what's been silently added to your devices and remove anything unnecessary. For LG owners affected by the Copilot installation, monitor for the promised removal option.
Lessons Learned
This case crystallizes several uncomfortable truths for developers, security professionals, and consumers alike.
First, hardware-level data collection is exceptionally difficult to detect or prevent. When surveillance is baked into the device firmware, users have limited visibility and control. This underscores why privacy-by-design principles must be priorities in IoT and smart device development—not afterthoughts.
Second, forced software installations represent a growing trend that expands attack surfaces and introduces unpredictable third-party dependencies. The Copilot incident demonstrates how manufacturers can fundamentally alter device functionality post-purchase without user consent.
Third, transparent consent mechanisms remain the exception, not the rule. Buried settings, dark patterns, and opt-out-by-default configurations continue to undermine meaningful user choice.
For developers building connected devices: this lawsuit should serve as a warning. Regulatory scrutiny of IoT privacy practices is intensifying, and the Texas AG's action may be the first of many.