Exodus Privacy report (v4.1.28110) identifies 14 third-party trackers in the LG ThinQ app: Adobe Experience Cloud, AltBeacon (physical location tracking via Bluetooth beacons), Braze (location/ads/analytics), Dynatrace, Facebook Analytics, Facebook Login, Facebook Share, Google AdMob (advertising), Google CrashLytics, Google Firebase Analytics, Keen, mParticle, Salesforce Marketing Cloud, and Treasure Data (profiling/analytics). 14 trackers is extremely high — the app is sharing user data with at least 14 separate third-party companies across advertising, profiling, location tracking, and analytics categories. This goes far beyond "improving services".

HUMAN Security uncovered BadBox 2.0 — the largest known botnet of connected TV devices. Malware was pre-installed in the firmware of cheap Android TV boxes, streaming devices, tablets, and digital picture frames manufactured in China. Over 10 million devices across 222 countries were compromised. The malware turns devices into residential proxies for ad fraud, DDoS attacks, and 2FA code theft. It survives factory resets.

Norwegian newspaper Dagens Næringsliv investigated Tidal in 2018 and found evidence of deliberate streaming number inflation. The investigation alleged that Beyoncé's Lemonade and Kanye West's The Life of Pablo had their streaming numbers artificially boosted through data manipulation -- with 306 million reported Lemonade streams called into question. Norwegian authorities opened a criminal investigation. Inflated streaming numbers mean inflated royalty payments to specific artists -- money that comes from the pool shared by all artists on the platform. The "artist-owned" platform allegedly manipulated data to benefit its owner-artists at the expense of every other musician. Jay-Z sold Tidal to Block Inc. (Jack Dorsey's company) in 2021 for $302 million -- after the subscriber inflation scandal but before the investigation concluded. The artist-owned platform defrauded other artists.

The Music Genome Project's 450+ attributes per song create the most detailed listener taste profile in streaming. Pandora doesn't just know what songs you like -- it knows why you like them: tempo preference, vocal range preference, harmonic complexity tolerance, lyric sentiment preference, instrumentation taste. These attributes correlate with personality traits, emotional states, and demographic characteristics. Pandora's advertising platform sells mood-based and activity-based targeting segments to advertisers: "listeners in a workout mood," "listeners in a relaxation state," "listeners showing signs of a commute pattern." Advertisers can target you not by what song is playing but by the emotional state Pandora has inferred from your listening pattern. The Music Genome Project wasn't built to recommend music. It was built to decode your personality through music and sell the insights to advertisers.

FTC/state AG $391.5M settlement (2022) found Google continued tracking users' locations even after they disabled location tracking. Google used dark patterns to pressure users into re-enabling tracking. Google's own support page admits: "When Google TV's Location setting is off and the internet is connected, Google or third parties may still get your general location through your Internet Protocol (IP) address."

In October 2021, a hacker leaked 125GB of Twitch internal data on 4chan tagged #DoBetterTwitch. Included entire source code, internal security tools, unreleased competitor codenamed Vapor, creator payouts back to 2019. Caused by a server misconfiguration. Evidence of the 2014 breach was still visible — Twitch never fully cleaned up from the first hack.

Roku's own ACR documentation states it can "understand on a second-by-second basis what content viewers watched on linear TV, what ads they saw, and how much of an ad they viewed." The privacy policy confirms ACR tracks viewing across ALL inputs — streaming, cable, broadcast, and even DVDs. Roku won an Emmy for developing this surveillance technology at scale. Platform revenue (primarily advertising) exceeded $1.4 billion in 2022, dwarfing hardware revenue — the device is sold at or below cost to maximize the ad-targeting installed base.

In 2023, Netflix deployed household verification continuously monitoring IP addresses, device IDs, login frequency, and location consistency. Devices must connect to primary household Wi-Fi every 31 days. By 2026, upgraded to multi-layered verification analyzing device history and location data. Generated a 102% increase in daily sign-ups (73,000/day).