Skip to main content

I don’t know what to do about Roku

Phil Nickinson holding a Roku remote control over his eyes as the Roku screensaver plays behind him.
How much longer before you can no longer afford to use a Roku device? Phil Nickinson / Digital Trends

I’ve found myself thinking a lot about Roku this week. Or, rather, trying really hard not to think about Roku and all the ways it should be doing better.

The streaming platform and the company mostly need no introduction. It basically started as a low-cost way to stream Netflix and then grew into a wonderfully service-agnostic option. That is, it treated Netflix like it treated HBO. Or whatever other service had a “channel” (read: app) on the platform.

Roku was (and is) inexpensive to buy, and easy to use. And I’m just not sure I can recommend it anymore.

A few reasons for that. First, and perhaps the least worrisome, is that Roku is now more of an advertising platform first and a streaming platform second. Those things go hand in hand, sure. But make no mistake, it’s the ad part that’s running the show now. Of Roku’s two revenue buckets — devices (as in hardware) and platform (advertising and anything else) — one finished 2023 with about 510% more revenue than the other. That is, $2.994 billion versus $491 million. And only one of those segments turned a profit. I’ll let you figure out which was which.

Not to say that I love what Roku has become, but you can’t blame a business for making money. (And an ad-blocking scheme at least helps a little.)

I’m also not in the camp of folks freaking out recently over Roku’s Dispute Resolution Terms. It’s dangerous (and dumb) for anyone who’s not a lawyer to pretend to be a lawyer for the purposes of parsing the fine print of a user agreement. And while I’m not a huge fan of forced arbitration in principle, it’s also not realistic for a company to potentially have to fight lawsuit after lawsuit. It has to be able to protect itself and mitigate that sort of thing. Arbitration is one way.

The Roku arbitration opt-out clause, as read on a phone.
Is the Roku arbitration opt-out really that bad? And probably related: Are you a lawyer? Phil Nickinson / Digital Trends

The recent to-do has to do with the right-to-opt-out clause. You have 30 days to opt out of arbitration. You have to do so in writing, by mail. (As legal stuff is often done.) And you have to include a copy of your receipt. Folks are upset about that last part, as if they’ve never received a receipt for something they’ve purchased before, either online or in meatspace. And a whole month isn’t exactly a long time to hang on to something like that immediately after purchase.

Don’t get me wrong — it’s doubtful I’d think twice about a receipt from a $30 Roku device. If I picked up one up in a store, the receipt might be tossed out before I get home. But if I bought something online? It’ll likely be in my email forever. But in any event, it’s not unreasonable for Roku to require someone demanding to opt out of arbitration to prove that they actually purchased a product in the first place. That’s the most basic of requirements. Because if you can’t prove you actually bought the thing, then you have no reason to opt out of arbitration at all, right?

And I’d even be willing to not raise too much Cain over a recent security event in which 15,000-plus Roku accounts apparently got hit by a credential-stuffing attack. That’s an attack by which your username and password were leaked elsewhere, and then were used on some other service, just to see if they’d work. In this case, those logins also worked at Roku.

We cannot and must not blame the victim (that’s ultimately the account holder, not Roku), though it is a reminder that we should have unique passwords for every single service. Don’t reuse passwords, boys and girls. No, the blame goes to the hackers. Mostly.

It’s Roku’s response that really bothers me. In its letter notifying users of the data breach — something that some states require by law — Roku opens with the following: “We take our viewers’ privacy and security seriously.”

I’m not convinced it actually does, for one simple reason: Roku does not even have the option — let alone the requirement — for two-factor authentication on its accounts.

Roku needs to implement two-factor authentication. Yesterday.

In the year of our lord 2024, that is inexcusable. Every company should at least offer 2FA as an option. (It really should require it.) Amazon requires it if you log in to a Fire TV device. Google requires it if you log in to Android TV or Apple TV. Apple has it as part of its accounts processes.

The account section of the Roku website, as seen on a phone.
Roku’s account options are handy, so long as you don’t want to use two-factor authentication. Phil Nickinson / Digital Trends

I asked Roku about potentially offering 2FA at some point. It didn’t answer that question. Not about 2FA over text message. Or time-based software token. Or Passkeys. It did, however, give the following unattributed statement, which I’ll reproduce here in its entirety:

“Roku’s security team recently detected suspicious activity that indicated a limited number of Roku accounts were accessed by unauthorized actors using login credentials obtained from third-party sources (e.g., through data breaches of third-party services that are not related to Roku). In response, we took immediate steps to secure these accounts and are notifying affected customers. Roku is committed to maintaining our customers’ privacy and security, and we take this incident very seriously.”

So there’s that.

If Roku really took its 80 million monthly active users’ security seriously, it would at least offer two-factor authentication as an option. After a breach like this you’d think Roku might implement 2FA in addition to requiring password resets.

But it hasn’t yet. And I’m just not sure I can recommend anyone use Roku until it does.

(Note: A previous version of this column said that the 15,000-plus accounts represented about 19 percent of Roku’s 80 million monthly after users. Obviously that was not correct — it’s more like 0.018 percent. That’s much less worse, and I regret the error. But it does not change the need for two-factor authentication.)

Editors' Recommendations

Phil Nickinson
Section Editor, Audio/Video
Phil spent the 2000s making newspapers with the Pensacola (Fla.) News Journal, the 2010s with Android Central and then the…
I get more complaints about this tech than anything, but I can’t fix it

I’ve reviewed enough bleeding-edge gadgets to know that not everything works right the first time. When stuff doesn’t work, I’ll wait patiently for a firmware update. I’ll sit tight until there’s a patch. I’ll even wait for the next version to see if it works better. Generally, I like to give brands and the very smart people who work for them the benefit of the doubt.

But after 14 years, HDMI ARC remains one of the most frustrating features I’ve ever dealt with. The once-promising technology that lets AV components from any manufacturer magically talk to each other rarely seems to work as intended.

Read more
I had to try the Sonos Era 300 for myself and wasn’t ready for what happened
A Sonos Era 300 speaker.

This review has not at all gone according to plan. And I am not mad about it.

I’m a little late to the party, because, well, I kind of am! The new Sonos Era 300 speakers came out a couple of months ago, and along with them a rush of reviews —  mostly wildly positive — absolutely singing their praises. This includes our own Simon Cohen, whose opinion I trust. There are a lot of “game-changer” headlines out there, which I typically to dismiss as hyperbole. So I wanted to try the Era 300 for myself.

Read more
What is Tubi? Everything to know about the free streamer
The Tubi TV homepage on a desktop browser.

These days, there's a streaming service for practically everything. Many are not cheap, though, and it seems like the major streamers announce price hikes every few months. However, the growth of the big players is starting to plateau, with customers feeling maxed out and looking for other ways to watch while keeping more money in their pockets. For those reasons, it may be time for advertising video on demand (AVOD) and free ad-supported streaming television (FAST) services to shine. Services like Tubi, Pluto, the Roku Channel, and more recently, Google TV, among others, are starting to position themselves to be at the forefront of the surging streaming segments.

But we digress -- we're here to talk about one of those big players, Tubi, an AVOD/FAST (we'll refer to it as just free streaming going forward) service that boasts a catalog of more than 50,000 movies and TV shows, and 200 live TV channels -- for free. Definitely be sure to check out our list of the best shows on TV shows on Tubi.

Read more