November 15, 2024

Why Tech Companies Are Not Your Friends: Lessons From Roku

This month, many of the 80 million owners of Roku devices, including streaming sticks, set-top boxes and internet-connected TVs running the company’s streaming software, turned on their Rokus to see a block of text. I, the owner of a cheap Roku TV in my bedroom, was among those who got stuck with the screen.

The message gave updated terms of service that made it harder for customers to take legal action against the company. Unless they agreed, users were blocked from access to the Roku menu and apps, essentially bricking their devices. The only way to opt out was to mail a letter to the company.

To Isaac Phillips, a software engineer in Tampa, Fla., this felt unfair. So he came up with a workaround to disconnect his Roku TV from the internet and use it as a normal TV without Roku’s apps, which include Netflix, Hulu and other streaming services.

“It should belong to whoever paid for it,” Mr. Phillips said. “To lock somebody out of it completely just doesn’t seem right. It’s pretty unacceptable.”

Also this month, Roku announced a security breach involving about 15,000 user accounts. The victims’ login credentials had been illegally obtained through a breach of another company’s servers and were used to get into Roku accounts to buy streaming subscriptions, according to Roku.

“Like many companies, Roku updates its terms of service from time to time,” the company said in a statement, adding that the change was unrelated to the breach.

Roku’s no-good month stirred discussions in online forums about what it means when a company can essentially deactivate the device you paid for. That’s similar to how companies like Apple, Google and Microsoft can decide to stop issuing software updates for older devices, which gradually degrades their performance.

It’s a lesson we have to learn and relearn. Companies, even those that say they strive to delight us and make our lives better, cater to their own interests. In reality, the tech products we buy can evolve to keep protecting those interests — and the hoops we have to jump through to gain some control are often impractical. Here’s a reminder of what to remember.

More than a decade ago, when we bought a TV it was just that — a big screen that let you plug into it whatever you wanted. Nowadays, the vast majority of TVs connect to the internet and run the manufacturer’s operating system and apps. Even though you bought the TV, the software component, a major part of what makes the product work, remains controlled by the company.

Changes to the product’s software interface and data collection practices can happen at any moment. In extreme examples, a device can stop working. In 2020, for instance, Amazon deactivated the Echo Look, a camera that helped people organize their wardrobes. It issued a promotional credit for owners to buy a different Amazon gadget that lacked similar features.

The less extreme, more common situation is when companies stop supporting older products because they need to sell new gadgets. Apple’s original Apple Watch from 2015, for example, no longer gets software updates and now barely works.

This issue is not new but has grown more problematic as more of our devices rely on apps and internet connections, said Nathan Proctor, a director for the U.S. Public Interest Research Group, a consumer advocacy organization. With computers, consumers could modify their machines by installing a different operating system. But with many other types of electronics with locked-down software systems, from streaming devices to e-book readers, those modifications are typically not possible.

“When you get to the core of it, do you even own it anymore?” he said.

In a nutshell, Roku’s terms of service have long required customers to agree to resolve any legal disputes through a private forum, the process known as mandatory arbitration, which can prevent consumers who share the same complaints from banding together to file lawsuits. The updated terms added language that shields the company from so-called mass arbitrations, where lawyers could file hundreds of thousands of individual arbitration claims, a tactic to fight back against arbitration clauses.

Mandatory arbitration clauses have become an industry standard. The terms of service for companies including Sony PlayStation, Vizio and Hulu include similar language about arbitration, and those companies also require consumers to mail a letter to opt out of those terms.

Roku customers can opt out of the revised terms and continue to use their products, but the process is not intuitive. First, they must hit the “agree” button on the terms of service screen. Then, within 30 days, they must mail a letter asking to opt out of the terms, along with a copy of the receipt for their Roku product, to Roku’s general counsel at 1701 Junction Court, Suite 100, San Jose, Calif. 95112.

A Roku spokesman also provided a list of steps for those who wish to use their Roku TVs as normal TVs without an internet connection. It involves pressing a button or pinhole on the back of the TV to reset the software and skipping the step to set up the internet connection.

Why is it harder to opt out than it is to opt in? Because the companies are legally allowed to do this.

I suggest that Roku customers follow those steps to opt out of the new terms and hold on to what little power they have. I, for one, took this opportunity to disconnect my Roku TV from the internet and plug in a different streaming device with less onerous terms, an old Apple TV. As for a letter to opt out, I plan to use the A.I. chatbot ChatGPT to draft a testy note.

Separately, the Roku customers that were especially vulnerable in recent weeks were the 15,000 affected by a cyberattack known as “credential stuffing.” Hackers obtained user names and passwords that were leaked elsewhere and reused them to log in to Roku accounts. The lesson here is to create a strong, unique password for every internet account you own and never reuse it for another site.

Like many tech companies, Roku has marketed itself as a company with consumers’ interests at heart. Its website, embellished with wholesome photos of families watching TV, invites you to join the millions of people saving money by cutting the cord. Its streaming devices, including its $20 streaming stick and $290 55-inch TV, are also relatively inexpensive.

But any successful business exists to make money, not friends, and Roku’s aggressive moves this month should make that crystal clear.

With Roku and similarly inexpensive streaming products like Google’s $30 Chromecast and Amazon’s $40 Fire TV stick, you are largely subsidizing the purchase of the product by sharing your data with advertisers, said Jen Caltrider, a director at Mozilla who researches companies’ privacy policies.

But Roku is a bigger offender, as it collects much more information than it needs to provide a device that runs streaming apps, including information about your employment, education and religious beliefs, she said.

“Their privacy policy is a shining example of a terrible privacy policy for a consumer,” Ms. Caltrider said. “They are a data-hoovering company.”