be wary of Roku

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.

MichaelRSorg

Well-known member
Nov 1, 2020
76
7
RouterSecurity.org
Steve mentioned in the March 16th show that he uses Roku. So do I. Roku makes much of their money on advertising, so I would be vary of it. To that end, I suggest keeping it off when not in use. Also, its best to isolate in its own VLAN if you can. And review the Privacy section of the device settings.
I have not monitored it in a while, but last time I did, I noticed that it was using Google's DNS (8.8.8.8) for its own use even though the router was configured with different DNS servers.
 

PHolder

Well-known member
Sep 16, 2020
719
2
353
Ontario, Canada
I noticed that it was using Google's DNS (8.8.8.8) for its own use even though the router was configured with different DNS servers.
There is an easy fix for this. Do NOT allow DNS traffic from inside your network through your firewall. (At least unencrypted DNS traffic anyway, DoH may be a more interesting challenge.)
 

EdwinG

Well-known member
Sep 24, 2020
47
15
There is an easy fix for this. Do NOT allow DNS traffic from inside your network through your firewall. (At least unencrypted DNS traffic anyway, DoH may be a more interesting challenge.)
Even if I don’t own a Roku, I did just that. I only allow DoT traffic, which is generated by my PiHole.
 

ScruffyDan

Member
Sep 23, 2020
11
3
There is an easy fix for this. Do NOT allow DNS traffic from inside your network through your firewall. (At least unencrypted DNS traffic anyway, DoH may be a more interesting challenge.)
This the the main reason I am disappointed about DoH winning the encrypted DNS race. DoT is much better from a network management perspective.

On the flip side, DoH is a better option to circumvent censorship so it does have value... on other people's network:)
 

MichaelRSorg

Well-known member
Nov 1, 2020
76
7
RouterSecurity.org
I confirmed my years old observation - Roku is using Google for legacy DNS (8.8.8.8 and 8.8.4.4). However, it is using TCP rather than UDP. This while it is behind a router that is not using Google for legacy DNS. It also makes HTTP port 80 requests to Netflix IP addresses and uses a very non-standard port for some requests. And, its quite chatty on the network, even when it is not being used. All the more reason to leave it off when not in-use.

 

miquelfire

I like red!
Sep 26, 2020
51
5
www.miquelfire.red
So your router is configured to use NextDNS?
Yes it is.

I'm amazed at how much DNS traffic my network makes actually. I would have zapped the free tier of NextDNS within a week it seems.

Edit: I just remembered a detail that might be important, my internal network doesn't have IPv6 setup. My router has a IPv6 ip, but none of my internal devices have IPv6
 

drwtsn32

Active member
Sep 19, 2020
33
11
So your router is configured to use NextDNS?

I also started doing this recently. Previously I was using OpenDNS with some blocking. Very impressed with NextDNS and the analytics and logging capabilities.

I have issues using their NextDNS Ads & Trackers blocklist though. It prevents some streaming services from working properly (had issues with Paramount+), probably because I am presented with commercial ads sometimes and those get blocked. Trying to figure out what to add to the whitelist was a challenge so I just gave up and turned off that blocklist for now.
 

Paul Schlosser

New member
Sep 19, 2020
1
0
Mount Airy, MD
I returned a Roku after learning that its remote was broadcasting its own WiFi signal. You can not turn it off either.

My concern was a practical one, I wasn't worried about any medical issue. I live in a fairly rural area and just didn't want to add an unnecessary WiFi signal that might cause interference with my WiFi signal. And I didn't really need the Roku, it was only purchased after we lost video on demand on our TiVo. In the end we didn't care for the Roku (already have an Apple TV) so I returned the Roku.

I've got a Vizio TV in my kitchen that also broadcasts its own WiFi. It's not even apparent what the Vizio's WiFi does. The set is on my WiFi for firmware updates. And initially the set did not broadcast WiFi (it was turned on by a firmware update) so it's not for the remote control.
 

PHolder

Well-known member
Sep 16, 2020
719
2
353
Ontario, Canada
didn't want to add an unnecessary WiFi signal that might cause interference with my WiFi signal.
For remotes that don't have to be pointed at the device (i.e. not infra-red) then you really only have two choices. (The old satellite remotes used to use UHF, but those more or less required a very obvious little antenna.) It's either AdHoc WiFi (because they'd never require you to join it to your network) or it's Bluetooth. Either of these are likely in the *unlicensed* 2.4GHz band, along with your microwave, baby monitor, spread spectrum DECT POTS phone and a bunch of IoT device protocols like ZigBee.
 

miquelfire

I like red!
Sep 26, 2020
51
5
www.miquelfire.red
For the Visio, it might be for some wireless screen mirroring feature. Even though they're on different networks, I always wondered why my computer could mirror it's display to my Roku devices (along with some 40 inch Roku TV a neighbor around here owns).
 

bhelman

Member
Jan 7, 2021
12
0
Maybe I'm missing something here. Why do I care that my Roku's are sending me advertising? Sure, they know what I'm watching, but again, why do I care? I'm not conducting business or using it for anything illegal (or even questionable). I'm using the Roku to view .. not upload or otherwise send .. content. Other than the extra bandwidth (which is trivial compared to the streaming commercials I get from the different services we subscribe to), I don't see anything I'd be concerned about. Let them monetize me. I'm currently watching This Old House (that they purchased) for free and have been doing the same for old TV shows. I don't see a security risk here.
 

PHolder

Well-known member
Sep 16, 2020
719
2
353
Ontario, Canada
I don't see a security risk here.
I'm not necessarily disagreeing with your conclusion that being monetized is a problem (if you are aware.) But I wanted to comment that it's not necessarily a security risk... but it *IS* a privacy risk, and that can become a security risk for a *very* small subset of the population (those targeted in some way by a powerful organization like a government.) The risk to me is not that I am being "spied upon"... it that I being unknowingly (and/or unpreventably) spied upon. IMHO It should always be my option to pay for not being tracked so that I have an option for free with tracking or not free with NO tracking. Unfortunately, these days, even if you pay (say Netflix, or even your "Smart" TV) you still get tracking included with the bargain, with NO way to disable it except to not use the service or device.