UPDATE (November 4, 2017): I ultimately was able to get specific answers from Roku to my questions, via their corporate representatives. The bottom line is that based on that information, I do not consider Roku (or other popular streaming devices) to be suitable for the kind of applications described below, for a variety of reasons. I recommend non-networked, standalone media players (~$30 or less) and an ordinary HDMI cable for these situations.
– – –
Roku makes some excellent, inexpensive video streaming products. I actually have both a Roku Stick and a great Google Chromecast — they each have somewhat different best use cases.
Some days ago the chief security officer at a large firm contacted me with a question about a potential use for Roku units in a corporate environment. They already had Roku boxes or sticks on most of their meeting room monitors, and were concerned about a specific security/privacy issue.
Essentially, they were considering use of the existing Roku units — in conjunction with the Roku Media Player app available to download to those units — to display locally created video assets.
My immediate reaction was to discourage this — much preferring a method that was totally under their control with no chance of leakage outside their own networks — even if that meant direct wiring to the displays. But for a number of reasons he insisted that he wanted to explore the use of Rokus in this application.
Unfortunately, figuring out the privacy and security implications of such a course has so far proven to be nontrivial.
The lengthy online Roku privacy policies page goes into a great deal of detail concerning the information that they collect from your devices — Wi-Fi info, channel data, search data, etc. — all sorts of stuff related to viewing of “conventional” Roku-capable streaming channels.
But the Roku Media Player app is different. It doesn’t play external streams, it play your own video or audio files from your own local server. That Roku privacy page seems to make no specific mention of their Media Player at all.
So I went to the Roku Forum to ask what sorts of data — Usage info? Thumbnail images? EXIF or other metadata? Filenames? — would be collected by Roku (or other third parties) from Roku Media Player usage.
Nothing but crickets. No responses at all. Hmm.
Next, I sent a note with the same information request to the privacy email address that Roku specified for additional questions.
Silence.
Then I asked on G+ and Twitter. A couple of retweets later, I was contacted by the Roku Support Twitter account. They suggested the privacy email address. When I told them that I’d already tried that, they suggested the Roku legal department email address.
You know where this is going. Still no reply at all.
At this stage I don’t know what’s up with Roku. Are they just so super busy that they can’t at least shoot out an acknowledgement of my queries? Or perhaps they’re scurrying around trying to figure out what their own Media Player actually does before replying to me at all. Or maybe they just hope that I’ll go away if they don’t acknowledge my email. (To paraphrase Bugs Bunny: “They don’t know me very well, do they?”)
To say that this state of affairs doesn’t exactly create a wellspring of confidence in Roku would be a significant understatement.
Now I want to know the answers to my questions about Roku’s privacy policies irrespective of the query from that original firm that got this all started.
We shall see what transpires.
–Lauren–