The Dark Side of Netflix

Netflix Underground is not affiliated with Netflix, Inc.

9/27/2010

Watching the Watchers: Silverlight 4 Can Access Your Web Cam and Microphone


Silverlight has attracted little attention on Netflix Underground. Basically, some Netflix subscribers hate Silverlight, have loads of problems with it, wish they had never installed it, and are now stuck with it. There just was not much else to mention.

Now, however, a Netflix Undergrounder is claiming that Silverlight accessed his/her personal webcam and microphone without his/her knowledge. The subscriber claims Silverlight had a live image from his/her webcam, and he/she could view it simply by right-clicking and then selecting on a WebCam/Mic tab.

It is true Silverlight 4 has webcam and microphone support. That may be a nice feature, but it would be creepy to find out that Silverlight actively captures images and sounds from personal web cams and microphones by default.

Hopefully, some solid precautions have been taken to keep the private audio/visuals inaccessible to others, but a resourceful hacker might love to peek in on a person's private web cam just to snoop around and see who watches Netflix movies in their underwear. Nothing online is 100% hacker-proof, so this issue could raise some privacy concerns.

Certainly, this sort of functionality is addressed somewhere in Silverlight's terms of use or user agreement; however, given the massive potential for privacy violations, users should have to manually activate their web cams and microphones. Some people (the smart ones) do not want live audio/visual feeds being streamed from their homes over the Web.

Before anyone freaks out, please keep in mind this is just an accusation from one Netflix subscriber/Silverlight user, and this may just stem from a simple misunderstanding, oversight, or mistake; however, if it turns out to be true that Silverlight is automatically capturing webcam video and microphone audio, there is a concern that a serious breach of privacy has been made.

It must be noted that instructions at SilverlightShow indicate Silverlight 4 does have the capability to automatically detect webcams and microphones, but the same instructions also indicate users must grant Silverlight permission to access theses devices. As long as users are actually aware Silverlight is accessing their web cams and microphones and have a fair chance to allow or disallow access, everything is fine, and there is no cause for alarm.

Please check to see if Silverlight is accessing your webcam and microphone. If Silverlight is accessing your webcam and microphone without your consent, deactivate the access immediately and report the problem to Netflix and Microsoft. Please come back and share your findings here. Hopefully, this open web cam occurrence is just an isolated incident.

14 comments:

Ken Smith said...

You'll be pleased to know that (a) Silverlight prompts users with a big, ugly dialog box before it will enable either a webcam or a microphone (kinda like how Flash does it, but uglier and bigger), and (b) even that dialog box has to be in response to a user initiated action, like clicking a button. I suppose there might be some sort of bug where this doesn't happen in every circumstances, but I kinda doubt it, and you can bet that if MS was made aware of a bug like that, they would fix it ASAP.

Andrew said...

I believe the person who originally reported this to Netflix Underground did click on something. I say that based on the past 7 years of repairing home users Windows systems. The average customer do not seem to posses the common sense required to use a Windows OS. They are always neglecting to stop and read pop-up windows and are click happy. No matter what pops up they immediately click OK without first checking what they are saying ok to.

Bill Kaiser said...

If you start Silverlight then go to the webcam/mic mode tab, well, yes, it does display a live image. However, like the previous poster mentioned, you had to jump through a couple of hoops to allow this.

Just turn your webcam away from you and the room for some piece of mind...

Yihooo said...

hmm.....

Anonymous said...

How can anyone put up with the invasiveness of Microsoft's Sivlerlight. Not only do they monitor our Netflix interactions, but they follow our web footprints everywhere! It's in their "Usage Agreement & Privacy". Not surprising for Microsoft, but Netflix agreeing to it? Sorry, Netflix, but we're out!

Miguel Cortes said...

I found your site precisely because I stumbled across this same situation last night. I right-clicked my netflix screen, chose the Silverlight option, and found under the "Webcam/Microphone" tab myself staring back at me over my screen, and an active sound level meter. There is no option to turn this off, except disabling the mic and webcam. The webcam is now off, mic still running because it is tied into my netbook's audio system. What scares me is that the tab on the Silverlight options window claims this is where one can "Choose Silverlight's default capture devices." WHY does SL need to CAPTURE anything from Netflix? My cam's LED/active light is not on, yet it is actively streaming video and audio of me in front of my computer. To where? To whom? I see Ken Smith's post above, from almost a year ago, says that Silverlight has "a big, ugly dialog box." It doesn't. I just signed up with Netflix last month, and was never prompted to allow this. I find it a serious breach of my privacy. Mr. Smith, are you associated with MS? There is NO OPTION BOX. MS must be aware of how their software operates, and have not in the ten or more months since his posting taken any steps to remove this feature.

PS, it took me two hours of searching the web to find this forum. Your blog is the only website 'within reach' that has ANY information on this. I'm deleting my Netflix account immediately... following the exciting conclusion of this supernatural thriller, picked for me by Netflix based on my preferences, and possibly any conversations I had in front of my computer.

MS needs to ask people before tapping into their webcams, and I will contact them next to complain, probably to no avail...

Miguel Cortes said...

I must correct my post: it is closer to a year and a half since Mr. Smith's comment, and nearly ten months since the last posting before mine. And still Netflix/Silverlight operates freely in such a low, low manner. Once I contact Netflix and demand a total refund, I will post here what their response is in re: questioning about invasion of privacy.

Anonymous said...

Just right clicked accidently on the screen while watching net flix.

Was curious about the silverlight box so clicked on it. Saw web cam/mic so I clicked on it to see what was up. Found myself looking at myself.

Seriously pissed off. Someone spent a lot of time creating this app so you can't say its not for use.

Throwing it the finger while I unplug the webcam.

Thought I'd let someone know its real.

Anonymous said...

Microsoft automatic upgrade on my computer this morning included silverlight - which I'd never heard of before (try to stay true to my luddite roots...) - but when I clicked on the program to my surprise I saw a real time video of myself and a screen showing that my microphone is also activated. I don't have netflix - though I did at one time a few years back. Very unhappy about this - was able to delete the silverlight program from my computer, but have no way of knowing if all is cleared. I used my microsoft security essentials to run (another) check for 'bugs etc' - but since the download came from microsoft there is nothing unusual detected. Shame on microsoft for taking advantage of my trust in them and invading my privacy.

Anonymous said...

Just Noticed this in task manager, silverlite indeed activated my webcam and microphone. BS!..

Anonymous said...

I was having issues with Netflix playback, and I right-clicked to see if I could tweak any settings. I looked at the tabs for Silverlight, and saw that Silverlight was auto-capturing my mic. I could see the audio bar going up and down from the audio of the show I was watching. I then spoke and watched my voice impact the audio bar. It was definitely accessing my microphone.

I would never purposefully allow Silverlight to use my microphone. No pop-up box ever asked me if I wanted to allow this. And I do pay attention when software asks me if I want to allow things. It probably would've accessed my webcam without my permission too, but I have it disabled.

Anonymous said...

Ok, so it's 2015. I was doing a deep-clean of my netbook and found Microsoft Softlight taking up about 253MB of space. I had no clue what Silverlight is or what it does and after going on their website, wasn't really convinced I needed it. I don't watch Netflix movies for one thing. It's possible it was already installed when I bought the netbook secondhand nearly 3 years ago.

Anyway, I made up my mind to uninstall it, with the knowledge that I might set myself up for endless update recommendation dialog boxes (although I think my settings don't allow for that somehow - updates are automatic). But before I took the plunge of uninstalling, I nosied into it and found a tab marked 'webcam/mic'. And the audio bar was flickering. The webcam was just a black rectangle but that's because... I've taped up the camera. (But when I peeled off the tape, yes, it was capturing a live image).

So that's how I got here to this website and webpage.

I clicked the other tabs and under 'Application storage' I find that 'The following Web sites are using application storage on [my] computer' under which are listed 3 websites (all taking up 1 MB), NONE of which I've visited. One of them is Lloyds TSB (not sure if it's their official site though). I'm not with Lloyds TSB nor am I about to open any account with them so I'm pretty sure I've not been to that site at least.

Didn't anyone complain to Netflix/Silverlight/Microsoft and if so, what was the response? Or are we just Davids shooting peas at Goliath?

It's very creepy, and very Orwellian.

Anonymous said...

FYI Silverlight on NFlix exhibits exactly the same malware behavior today in 2016, without warning or user permission.


The required install for watching NFlix videos automatically permits Silverlight access to webcam and mic's live images and sound according to their control panel. Such use is supposed to be sandboxed or opt-in with warnings, but somehow isn't for "trusted" applications (read: apps made by major corporations that MS likes).

Silverlight is dead software which NFlix was supposed to have replaced with HTML5 improved video streaming years ago, but they're still complaining the available DRM doesn't work right yet. Plainly RIAA millionaire's "rights" being protected is much more important than you having an live A/V bugging device in your bedroom. Where audio/video captures go if anywhere is unknown, who sees and stores them likewise, they may stay local or may be archived.

Fixes:
QuickJava extension for Firefox stops Silverlight without uninstalling, so just switch it on only when you need it.
Always cover a webcam with black tape when not in use or unplug desktop webcams, the in-use light may be under software control, hacks are always possible.
If you don't use a built-in webcam at all then disable it: in most older Windows versions under control panel, in Win 7 under -device manager-imaging devices and either disable or uninstall the camera.
For locally stored images/sound and other Silverlight data, CCleaner removes them if set to do so, this can be automatic as well.
Of course if you don't log-the-hell-OUT of NFlix when done watching, and clear all data on browser exit as you should. you risk whatever they want to record of all your online activity.
Microphones can be disabled by right-clicking the speaker icon in the lower right corner, choose recording devices, pick internal microphone-properties and disable.

It's more trouble to protect yourself but nobody else will do so, not the hardware vendors, the software vendors, nor the government.

Read, learn, act.

Or just wait for exposure in the next "totally unexpected", "we had no idea" massive data breach, they're running about every 3 months now.

Anonymous said...

Just ran into this comment section due to searching for answers about Silverlight. I'm a Netflix user & had to run the Silverlight update last night in order to still be able to view videos/movies while using Netflix etc... The update downloaded just fine & the Silverlight program started running without any real problems. However, I was about half way through watching a program & noticed that the light to the camera on my mac was turned on...As in my camera was active. Since all I did was update Silverlight & did not do anything to access or enable the camera on my mac, I do not agree with everyone assuming, (operator error.) After I noticed the camera was active on my computer, I obviously opened system preferences & started checking into things. Needless to say, the moment I started checking &/or opened the isight camera settings & digging through the activity monitor, the camera shut down on it's own.

Until this happened to me personally, I as well would have said, (operator error) was to blame & that the user simply activated it unknowingly. Aka...Someone was just being a lil paranoid. Now...Simply put, I've had to manually disable the mic & camera while watching anything on Netflix or while using anything that uses Silverlight. Btw...Check out the Silverlight privacy statement & agreement. It does cover this topic briefly & clearly does state within the agreement, (by agreeing to the terms, you give them permission to access you camera & mic systems for a number of reasons & they get to decided about the reasons themselves etc....)

Simply put, the wording of the privacy statement is more than concerning in itself. If you need Silverlight for Netflix as I do....DISABLE the camera & mic on your computer. Now days, it's simply the smartest thing to do if you own any type of computer or device with a built in camera or mic.