Information Use
We will not release any data that you have provided, as part of the registration or information request process, in a personally identifiable form to any 3rd party organizations. Nuvyyo may, where appropriate, engage 3rd party organizations for services where this personally identifiable information may be shared. In these circumstances, all data will be covered under contract and legally binding confidentially agreements.
I love Tablo, but having spent much of the past year working on institutions’ responses to the EU General Data Protection Regulation and related privacy policies, I don’t find the Information Use policy, or the privacy policy as a whole, cited by Tablo in any way relevant to the comment/disclosure above that “We do collect data on usage but we don’t sell it to any third parties. It basically allows us to have data for troubleshooting and product development research.”
In fact the privacy statement essentially says that Tablo does not collect such personally identifiable usage data.
This can be easily corrected with an additional item in the privacy statement, and I urge Tablo to do so. (Since I am watching Tablo remotely in the EU right now, Tablo is technically violating GDPR right now, and that involves potential fines of €20 million, so it’s worth paying attention to this beyond just good business practice.)
Sorry to be a bit prissy, but claiming the privacy statement covers what apparently is collected sticks a bit in the craw.
If you are sitting in an EU country aren’t there any number (possibly large) of WEB sites that you could connect to that don’t conform to GDPR?
If you are sitting in a hotel in Paris and use your phone to connect to a U.S. only retail site, purchase a product that can only be shipped to a U.S. address, does that site need GDPR?
If so why not just have the EU remove the address from EU DNS servers until they conform.
Actually, I think if the EU really cracked down on GDPR “violations”, they could fit their view of the Internet into an 8 bit address space. This could greatly simplify things for them.
Tablo server only works with U.S. and Canadian OTA. Thus the tablo server would reside in one of those countries to be functional.
A humane has to locally (U.S>/Canada) set up a device to use remotely. The tablo belongs to the user but resides in the U.S. Any data collected would be from the tablo residing the the U.S.
If the user travels to the EU and connects to “their” tablo and thus violates GDPR who is in violation Nuvyyo or the actual tablo owner.
That’s really clever. Not sure the EU data privacy chief or the information commissioners in all 27 EU countries would agree, but it is a very shrewd argument.
Semi-off topic: One of the really interesting things about GDPR is the number of U.S. sites that are actually complying either by extra consent screens that pop up for extra permissions from EU based users or simply blocking anyone evidently from the EU (sometimes off of geo-location, sometimes ISP); the LA Times, for instance, can’t even be accessed by an apparently EU-based reader anymore.
As it is, GDPR was just a little table-thumping - my real point is that it has helped further spur the movement for clear and transparent privacy policies worldwide, and the Tablo privacy statement does not disclose usage tracking.
It should, IMO. (This may never have occurred to any relevant person before this thread, but now that it has, it would be a good thing, I think.) I don’t object, but I’m glad to be informed they’re tracking my usage, and it always makes me uncomfortable to discover it when it wasn’t obvious. For me, at least, the internet component of Tablo has always been somewhat opaque and it ddidn’t occur to me that they were routinely monitoring usage … I thought that was more when Support logged into the Tablo box remotely at a user’s request for some help with the logs.
As for the Paris hotel user of a U.S. retail site for delivery to the U.S. - GDPR says it absolutely does apply to that situation if the user is “EU resident”. There’s no certitude yet what that means, if for example it applies to tourists. Most who care are assuming it does. This is the first major legislation where the EU has asserted broad extra-territoriality. It’s sort of revenge for all the U.S. laws that require compliance by businesses (especially banks) around the world.
It’s an interesting inversion of “information wants to be free” - instead, it’s not free; it belongs to the person it concerns. It takes some real head-twisting to come to terms with, but it actually works once one gets used to it. And so far it does cut down on spam!
Well, let me tell you what many company that didn’t comply with GDPR did to fixed the problem. They shut down or blocked Europe altogether.
Technically speaking you must connect to the Tablo site as a middle point in order to access your Tablo. I recommend Tablo take this at least seriously enough to run it by their lawyers. Obviously none of us are lawyers here or at least none are Tablos lawyers and cannot legally give Tablo advice. Good arguments have been made on both sides but you can be both correct and get sued.
@TabloTV An ounce of prevention is best especially when places like California are considering GDPR type regulation. Everyone here wants you to succeed. Particularly us Lifer subscribers.
The forum reply stated “don’t sell” then quoted the privacy policy “will not release”. In circumstances where they find appropriate to share data, it’s under contract.
Could be GiantMarketingCorp offering Nuvyyo profit bost by signing their contract to share our info.
Possibility seems to exist. When I enter http://my.tablotv.com to use my purchased device none of this is made available! (no active links) It’s just something users should at least be aware of.
This, again, is stretching off-topic. Do they need “permission”? In another post someone refereed to it as the owners tablo. I can telnet to it, get a log on prompt, but don’t know the username or password. Admittingly I haven’t inquired, I presume it’s propitiatory. Yet I havn’t been presented with a license agreement… software is licensed not sold.
So if the hardware is mine, and I’m not bound by a EULA then I should also be able to view my own use logs?
If I use the web to access my tablo - an excerpt from the Terms of Use reads
Nuvyyo may alter, suspend, or discontinue this web site at any time for any reason, without notice or cost.
Shouldn’t I be informed I may suddenly find my device useless prior to use, if not purchase?
I buy the product, generates one-time profit for the hardware. The subscriptions are sourced from Gracenote. Though I’m sure there’s some revenue, much probably goes for all the copyrighted graphics I get and for the service it’s self. But to maintain the server to keep all our all-ready-paid-for devices working, comes for somewhere.
Boilerplate, that’s what lawyers do. If their servers go down for a week because of a DDOS attack they don’t want to be liable. I’m sure that in the event something happens they will do their best to notify us. That is assuming you gave them a way to contact you. You didn’t have to unless you subscribed. They also don’t want the onus of contacting you on them if you didn’t give them proper contact info or keep it up to date.
You can access at least some of the logs on your Tablo. I don’t see much on usage history but I’m still exploring. Logs about any given show seem to get erased when the show does. You could save it though if you like. If you’re crafty you can even log the back and fourth traffic to and from Tablo servers. It’s not going to be very interesting to most people though.
I didn’t reference the part about downtime due to maintenance. I accept this is extreme “suspend or discontinue” as in final. Doubtful they’ll feel any obligation to tell any one they’re shutting down. It’s more realistic, with an innovative product, they’ll get consumed by a ginormous corporation (in the name of competition).
I quoted
Not sure of the validity here, it’s access the tablo device (and presumably, my mistake) system logs. When I telnet to the device I get a login prompt, but I never set a user name and password.
Turns out tablo runs lighttpd a lightweight web-server. Given the device has an html server for WEB app and I connected it to my network - back to my original post, the internet, technically did it truly need to be mandated?
Basic function requires an internet connection. The “app” for the streaming devices are a form or type of WEB based app. As an android app, is primarily JS, HTML/XHTML and probably CSS. It’s the device’s “browser” which interprets and presents the content.
We’ve got something in common here. I’ve spent hours looking through code and my hard drive dumps. I haven’t wire sharked anything yet. It’s funny you mention telnet because that was in my list of things to do.
Let me know if you get in. The drive is formatted ext4, leads to suspect it may be bulit on linux kernal at minimal have some open source code. I used curl to view the http headers and found it uses lighttpd. It is open source, licensed under the revised BSD license. Which reads in part
Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
Where’s any copyright or license, for any open source they may use. If you have an android device - built on the linux kernal - buried under Settings > about > Leagal (may vary by vendor) you should find the GPL and various licenses and copyright notices. I haven’t even been asked to accept an EULA! There aren’t any links to any of these in the tablo web app.