Last updated: April 2026
Your smart TV is taking screenshots of your screen, fingerprinting what is on it, and sending that data to the manufacturer's servers. This is not a rumor, a theory, or a paranoid read of a privacy policy. A peer-reviewed study published at the 2024 ACM Internet Measurement Conference measured it directly on Samsung and LG televisions. The Texas Attorney General sued five major brands over it in December 2025. Samsung settled the Texas case in February 2026. And the vast majority of smart TVs sold in the last five years still have the tracking on by default.
The quick fix every viral post recommends is to dig through your TV's settings and toggle the right option off. That is a fine first step, but it is not a solution. Firmware updates silently re-enable privacy settings. Menus get renamed. New tracking settings appear. And even when every toggle is off, your TV may still reach out to endpoints the settings do not control. The only reliable fix is to stop trusting the TV and start controlling the network it is plugged into.
This guide walks through both layers: how to disable Automatic Content Recognition (ACR) on every major brand, and how to block it at the network level so the next firmware update cannot undo your work.
Key Takeaways
- The 2024 UC Davis / UCL / UC3M study confirmed Samsung TVs transmit ACR data roughly every minute and LG TVs roughly every 15 seconds, and that the same tracking runs when the TV is used as a "dumb" external display through HDMI.
- Every major smart TV platform ships with ACR enabled by default, but the setting is buried under names like "Viewing Information Services" (Samsung), "Live Plus" (LG), "Samba Interactive TV" (Sony), and "Viewing Data" (Vizio).
- Settings toggles alone are not enough because firmware updates can reset them. Blocking ACR endpoints at the DNS layer with Pi-hole, isolating the TV on its own VLAN, and adding router-level firewall rules give you a defense your TV cannot override.
What ACR Actually Does to Your Screen
Automatic Content Recognition is a Shazam-style fingerprinting technology built into the operating system of most smart TVs. At regular intervals, the TV captures what is on the screen, generates a compact fingerprint of that frame or audio clip, and sends it to a server owned by the TV manufacturer or a third-party partner. The server matches the fingerprint against a library of known content and returns an identification: what you are watching, what channel you are on, what ad is playing, how long it has been on your screen.
The study "Watching TV with the Second-Party: A First Look at Automatic Content Recognition Tracking in Smart TVs," published at the 2024 ACM Internet Measurement Conference by researchers at UC Davis, University College London, and Universidad Carlos III de Madrid, conducted a black-box audit of the actual network traffic leaving Samsung and LG smart TVs. They found that Samsung TVs send ACR data to the manufacturer's servers roughly once per minute, and LG TVs send it roughly every 15 seconds.
The Texas Attorney General's December 2025 complaints allege the on-device capture is far more frequent than the outbound transmission. The filings state that ACR software can capture screenshots of a user's television display every 500 milliseconds, and that LG's system captures "every sound and image on their Smart TV every 10 milliseconds." These rates describe what the TV records locally, which is then fingerprinted and batched for upload. Both numbers can be true at once: aggressive local capture, periodic server transmission.
The data transmitted with each fingerprint typically includes the content identifier, a device identifier, the TV's IP address, and in some cases nearby Wi-Fi network names and profile data. Combined with IP-based geolocation and data broker matching, it becomes a running log of what you watch, when, for how long, and how that behavior correlates with demographic and household data the manufacturer has purchased elsewhere.
The HDMI Finding That Changes Everything
The most important finding in the 2024 study is not that ACR exists. Privacy researchers have known about it for years. The new result is that ACR runs even when the smart TV is used as a "dumb" external display over HDMI. The researchers demonstrated that ACR network traffic continues when the user is not using any of the TV's smart features at all, simply watching content from a laptop, console, or cable box plugged into the HDMI port.
This destroys the common assumption that you can buy a smart TV and opt out of the smart features by never connecting it to the internet or only using external devices. If the TV is connected to the internet and ACR is enabled, anything you display on the screen is fingerprinted, including:
- Work laptops connected via HDMI
- Gaming consoles (PlayStation, Xbox, Nintendo Switch)
- Cable and satellite receivers
- Blu-ray players
- Streaming sticks plugged into HDMI
- Home security camera feeds routed through the TV
- Video conferencing sessions
The Texas AG complaints make this explicit. They allege that ACR captures data from security and doorbell camera feeds displayed on the TV, and from content sent to the TV via Apple AirPlay or Google Cast. The fingerprint does not care where the signal originated. If pixels reach the panel, they can be captured.
Who Is Doing It, Who Is Suing, and Who Just Settled
ACR is not a side experiment. It is a profit center. Vizio's platform revenue, which includes advertising and data licensing, reached $598 million in 2023, exceeding the company's hardware revenue that year. LG's advertising business brought in approximately $700 million in 2024. TV manufacturers make more money watching viewers than they do selling them televisions.
The legal history of ACR is older than most people realize:
- 2017 — FTC v. Vizio. Vizio paid a $2.2 million fine to the Federal Trade Commission and the New Jersey Attorney General for using ACR to collect data from 11 million televisions without user consent. The company had installed the tracking software on TVs already in consumers' homes through a software update.
- 2019 — FBI smart TV warning. The FBI's Portland field office published an advisory warning consumers about the surveillance capabilities built into modern televisions and recommending users review privacy settings and consider placing tape over built-in cameras.
- December 15, 2025 — Texas sues five manufacturers. Attorney General Ken Paxton filed parallel lawsuits against Sony, Samsung, LG, Hisense, and TCL under the Texas Deceptive Trade Practices Act, alleging unlawful collection and monetization of viewing data through ACR. Potential penalties under the DTPA range from $10,000 to $250,000 per violation per consumer.
- December 17, 2025 — Hisense restrained. A Texas court issued a temporary restraining order against Hisense, blocking the company from collecting ACR data from Texas consumers within 48 hours of the filing.
- February 26, 2026 — Samsung settles. Samsung became the first manufacturer to settle the Texas case, agreeing to obtain "express consent" before collecting ACR data and to rewrite its consent screens to be clear and conspicuous. The settlement applies only to Texas residents.
- 2026 — Kentucky legislates. Kentucky became the first state to pass an ACR-specific privacy law, requiring explicit consent before smart TVs can collect viewing data. The bill passed the Kentucky House 92-0.
The cases against Sony, LG, Hisense, and TCL remain active as of publication. The Texas complaints add a national security dimension to the China-owned manufacturers: Hisense and TCL are subject to China's National Security Law, which can compel Chinese companies to share data with the government. Whether the Chinese Communist Party has any interest in an American household's Tuesday-night viewing habits is debatable, but the legal pipeline exists.
Step 1: Turn ACR Off in Your TV's Settings
This is the first layer, not the last. Find your brand below and walk through the menu path. If you have multiple TVs or multiple brands in the house, repeat for each one.
| Brand | What They Call ACR | Menu Path | Notes |
|---|---|---|---|
| Samsung | Viewing Information Services | Settings → All Settings → General & Privacy → Terms & Privacy → uncheck "Viewing Information Services" | Texas residents now get a different consent flow after the February 2026 settlement. |
| LG | Live Plus, Viewing Information | Settings → General → System → Additional Settings → toggle off "Live Plus." Then Settings → Support → Privacy & Terms → User Agreements → turn off "Viewing Information." | Multiple users have reported Live Plus re-enables itself after firmware updates. Re-check every few months. |
| Roku TVs (TCL, Hisense, Philips, Insignia, Onn, Sharp, and others) | Use Info from TV Inputs, Personalize Ads | Settings → Privacy → Smart TV Experience → uncheck "Use Info from TV Inputs." Then Settings → Privacy → Advertising → uncheck "Personalize Ads." | Applies to any TV running Roku software, not just Roku-branded ones. |
| Sony | Samba Interactive TV | Settings → All Settings → Samba Interactive TV → toggle off. | Sony uses the third-party data broker Samba TV to run ACR, adding an additional layer of data handling outside Sony's own privacy policies. |
| Vizio | Viewing Data (formerly "Smart Interactivity") | Menu → Settings → All Settings → Admin & Privacy → Viewing Data → turn off. | The FTC forced Vizio to request consent after the 2017 settlement, but the setting still exists and defaults can reset. |
| Amazon Fire TV (Fire Stick, Fire TV Cube, Insignia Fire TV, Toshiba Fire TV) | Device Usage Data, Collect App and Over-the-Air Usage, Interest-Based Ads | Settings → Preferences → Privacy Settings → turn off all three. | These settings are documented to re-enable themselves after Fire TV software updates. Re-check after every update. |
A few important points that apply across brands:
- The opt-in is one click. The opt-out is six or more. This is deliberate design. Manufacturers engineer consent flows to capture as many users as possible during initial setup.
- Menu names change between firmware versions. If a path above does not match exactly, look for any setting referring to viewing data, interactive content, personalized ads, interest-based advertising, or "improving your experience."
- Firmware updates are the reset button. Treat this as something to re-audit every time your TV updates, which is typically every few months.
Why Settings Alone Are Not Enough
The 2024 ACM paper confirmed that opting out of ACR on Samsung and LG televisions did stop the outbound ACR traffic in the researchers' US test setup. That is the good news. Opting out works, when it stays opted out. The problem is every condition in that sentence.
Firmware updates can silently re-enable privacy settings. This has been widely reported on LG TVs (Live Plus turning back on), on Amazon Fire TV devices (privacy toggles reverting), and on Sony TVs, where at least one user reported being required to agree to data collection as a condition of installing a firmware update. Every update is a fresh opportunity for the vendor to reset your defaults.
ACR is not the only telemetry leaving your TV. Manufacturers collect app usage data, timing data, remote control press patterns, voice search queries, and diagnostic telemetry through separate pipelines that are not governed by the ACR opt-out. Turning off Viewing Information Services does not stop your Samsung TV from phoning home; it stops one specific kind of phone call.
Regional variation is documented. The 2024 paper found differences in how ACR behaves in the US versus the UK. If you travel internationally, use a VPN, or own a TV that was purchased in a different market, the opt-out behavior may not match what the setting suggests.
And finally, the vendor holds the pen. Menu names change. Settings get moved. New categories appear. The toggle you turned off last year may no longer control the same thing this year. This is the same dynamic that makes renting your modem a bad idea: when the vendor controls the device, the vendor controls the rules, and those rules can change at any time without your input. We have covered this pattern in detail in the ISP gateway privacy guide and in the analysis of Amazon's Kindle revocation policy. The principle is the same: if you do not control the infrastructure, you do not control the outcome.
The ModemGuides Fix: Block ACR at the Network Level
The durable answer is to stop trusting the TV entirely. Treat it as a hostile device on your home network, and control what it can and cannot reach at the network layer. A TV cannot talk to a server if your network will not let the packet leave. Four layers, in order of difficulty and impact.
Option A: Block ACR Endpoints with Pi-hole
Pi-hole is a free, open-source DNS sinkhole that runs on a Raspberry Pi or equivalent low-power device. It sits between every device on your network and the internet, intercepting DNS queries and blocking lookups to domains you specify. We have a complete walkthrough in our Pi-hole setup guide.
For ACR specifically, the goal is to blackhole the domains that smart TVs use to phone home. Adding the following entries as custom blocked domains in Pi-hole will cut off the most widely documented ACR endpoints for the major brands:
# LG ACR servers
ibs.lgappstv.com
us.ibs.lgappstv.com
uk.ibs.lgappstv.com
# Samsung ACR servers
acr0.samsungcloudsolution.com
acr.samsungcloudsolution.net
# Samba TV (used by Sony and some third-party apps)
samba.tv
beacon.samba.tv
api.samba.tv
# Vizio Inscape (ACR subsidiary)
inscape.tv
inscapedata.com
This is a starter list based on widely documented endpoints and on the SafeNetIoT/ACR research repository maintained by the authors of the 2024 study. Consult that repository for a more comprehensive and updated domain list, and be prepared to add new domains as manufacturers rotate endpoints.
The hardware cost for Pi-hole is low. A Raspberry Pi 5 starter kit covers everything you need to run Pi-hole for a typical household, and the same device can run other privacy services alongside it. [CanaKit Raspberry Pi 5 Starter Kit PRO on Amazon — affiliate link]
One honest caveat. Pi-hole blocks at the DNS layer. If a smart TV uses hardcoded IP addresses to reach ACR servers, or if it uses DNS-over-HTTPS to resolve queries directly through an encrypted channel, Pi-hole will not see the lookup and cannot block it. This is why Pi-hole is the first layer and not the only layer. Router-level firewall rules catch what DNS blocking misses.
Option B: Route All Traffic Through an Encrypted, Privacy-Respecting DNS Resolver
Even without Pi-hole, changing your router's upstream DNS from your ISP's default to a privacy-respecting resolver improves the baseline. This prevents your ISP from building a running log of every DNS lookup on your network, which includes the ACR queries. We cover the full comparison in our best DNS servers guide, but the short version is: use Quad9 (9.9.9.9) for built-in malware filtering, or Cloudflare (1.1.1.1) for maximum speed. Both support encrypted DNS via DNS-over-HTTPS and DNS-over-TLS.
This is the easiest layer to implement because it requires no new hardware. It is a router configuration change.
Option C: Isolate Your TV on Its Own VLAN
A virtual LAN (VLAN) is a way of partitioning your network so that devices on one segment cannot see or communicate with devices on another. Put your smart TV on a dedicated "IoT" VLAN, and even if ACR is running full throttle, the TV has no visibility into your laptop, your NAS, your phone, or any other trusted device. It can phone home, but it cannot inventory your network in the process.
This is the highest-impact security measure for a household with many connected devices, and it also protects against the scenario where a smart TV (or any IoT device) is compromised through a firmware vulnerability. We have a step-by-step guide in our VLAN setup article.
VLAN configuration requires a router and managed switch that support 802.1Q VLAN tagging. ISP-provided gateways typically do not support this, which means you will likely need to put the ISP gateway into bridge mode and use your own router. Our bridge mode walkthrough covers that process for every major ISP.
Option D: Firewall Rules at the Router Level
The most thorough layer, and the one that catches what Pi-hole misses, is to block ACR server IP ranges directly at the router firewall. If your TV tries to connect to a known Samba TV or LG ACR IP address, the router drops the packet regardless of how the lookup was resolved. This also catches hardcoded IPs and DNS-over-HTTPS connections.
Implementing firewall rules at this level requires a router running open-source firmware, because most stock router firmware from major consumer brands does not expose the firewall controls needed. OpenWrt, FreshTomato, and pfSense all support detailed outbound firewall rules. Our open-source firmware comparison explains the trade-offs between them and which is right for your hardware.
On OpenWrt, you can create a firewall rule that blocks outbound traffic from your TV's IP address to known ACR server IP ranges. Combined with a VLAN, this gives you surgical control over what each device on your network can reach.
The Nuclear Option: Disconnect and Use an External Streamer
The simplest advice from the viral social media thread on this topic was "disconnect your TV from Wi-Fi and use an external streaming device." That advice is closer to right than wrong, but it has caveats worth understanding.
First, disconnection alone does not guarantee privacy. Reporting by the New York Times has found that some smart TVs cache ACR data locally and batch-upload it the next time the TV reconnects to the internet, even briefly, for a firmware update. If the TV ever sees the internet again, what it recorded during the offline period can still leave.
Second, not all external streamers are privacy-respecting. A quick honest ranking:
- Apple TV is currently the least-tracked mainstream streaming box. Apple does not run ACR on the device, and the platform's App Tracking Transparency framework forces third-party apps to ask before tracking across apps. This does not mean Apple collects no data, but it is substantially less invasive than the alternatives.
- Chromecast with Google TV collects Google account activity, viewing data, and ad personalization signals, though it does not run classic screen-fingerprinting ACR.
- Roku sticks run their own ACR. Using a Roku stick to avoid your smart TV's ACR is trading one surveillance system for a smaller one.
- Fire TV sticks track extensively and suffer from the same settings-reset behavior as Fire TV-branded televisions.
The most practical hybrid is: disable ACR in your TV's settings, block ACR endpoints at the network level with Pi-hole and firewall rules, and use an Apple TV for streaming.
How the Pieces Fit Into a Whole-Home Privacy Stack
ACR is one surveillance pipeline among many. The same infrastructure that blocks it also blocks trackers in your browser, telemetry from IoT devices, ads before they reach any screen in the house, and known malicious domains before any device can reach them. This is the architecture we have been building toward across our network privacy coverage:
- Own your modem. A rental gateway has ISP-controlled firmware and remote management protocols like TR-069. Replacing it with a modem you own removes the first backdoor into your network. See our guide to owning your modem.
- Use your own router with open-source firmware. This is where VLANs, firewall rules, and network-wide VPN routing live. Stock firmware from major consumer brands will not let you do what you need to do here.
- Run Pi-hole. DNS-layer blocking for ads, trackers, and telemetry across every device on the network.
- Segment with VLANs. Put IoT devices, including smart TVs, on their own network segment.
- Use encrypted DNS to a privacy-respecting resolver. Quad9 or Cloudflare upstream of Pi-hole.
- Consider a router-level VPN for encrypted egress. Proton VPN supports router-level configuration and keeps ISP-side visibility to a minimum.
No one of these layers is sufficient. All of them together produce a home network where your devices behave the way you expect them to, and where the companies selling them do not get a second revenue stream from your living room.
Frequently Asked Questions
Does disabling ACR in the TV's settings actually stop my TV from tracking me?
The 2024 ACM IMC study confirmed that opting out of ACR on Samsung and LG televisions stopped outbound ACR network traffic in the researchers' US lab conditions. That is real and it matters. What it does not guarantee is that the setting will stay off after firmware updates, that other telemetry channels besides ACR are also disabled, or that your TV's behavior matches a TV purchased in a different region. Settings are a first line of defense, not a complete solution.
Will my smart TV still work normally if I block ACR endpoints with Pi-hole?
Yes. ACR is purely a telemetry pipeline. Streaming apps, software updates, smart home integrations, and all core TV functions use different endpoints that Pi-hole will not block. If you notice a specific feature breaking after adding an ACR domain to Pi-hole, you can whitelist that specific domain, but this is uncommon in practice.
Can a smart TV use DNS-over-HTTPS to bypass Pi-hole?
It is possible. If a TV is hardcoded to use a specific DoH resolver, or if it embeds hardcoded IP addresses for its ACR servers, DNS-layer blocking will not catch those lookups. This is why firewall rules at the router level, applied to known ACR server IP ranges, are the belt-and-suspenders layer on top of Pi-hole. A VLAN isolating the TV adds a further boundary.
Does ACR still work if my TV is not connected to the internet?
Capture can continue locally. Reporting has documented that some televisions cache ACR data and batch-upload it the next time the TV reaches the internet, even briefly. Permanent disconnection is reasonably effective, but temporary disconnection with occasional reconnects is not.
Do Roku sticks and Fire TV sticks have the same problem as smart TVs?
Yes. Roku devices run their own ACR system, and Fire TV devices track extensively. The settings paths in the table above apply to both the standalone streaming sticks and the branded televisions that run those operating systems. Disabling tracking on an external streamer is just as important as disabling it on the TV itself.
Will the Texas lawsuit force all smart TV manufacturers to change their practices nationally?
Samsung's February 2026 settlement only applies to Texas residents. The cases against Sony, LG, Hisense, and TCL remain active as of publication. The enforcement landscape is expanding, though: Kentucky passed the first state-level ACR-specific privacy law in 2026, and privacy advocates expect other states to follow. For now, assume the default is tracking unless you live in a state with specific protections and a TV sold after that state's law took effect.
Will a VPN stop ACR tracking?
A VPN encrypts the traffic between your network and the VPN server, which prevents your ISP from logging which ACR servers your TV connects to. It does not prevent the ACR servers themselves from receiving and recording the fingerprints your TV is sending them. A VPN is useful for broader network privacy, but it is not a substitute for blocking ACR endpoints at the DNS or firewall layer. If you want a router-level VPN, we recommend Proton VPN or Mullvad VPN.
The Bottom Line
Every major smart TV sold in the last five years is configured to track what is on your screen and send that data to the manufacturer. The Texas Attorney General has sued five of the largest manufacturers over it. Samsung has already settled one of those cases. A peer-reviewed study has confirmed the technology does exactly what privacy advocates have been saying it does for years, including through HDMI when the TV is used as a simple external display.
The settings toggles are a useful first step, but they are not durable. The durable answer is to treat your TV like any other untrusted device on your network and control what it can do at the network layer. Pi-hole stops it from reaching the servers it is trying to call. VLANs stop it from inventorying what else is on your network. Firewall rules catch what DNS blocking misses. Own your infrastructure, and the surveillance has nowhere to go.
None of this is hidden. It has just been buried. Now you know where to find it.
