[jerf]

That's part of what I was trying to sweep under the rug, because there's a ton of details and caveats. In particular, while I'm sure it's possible, I personally do not have the hardware to intercept between the cable modem and its network.

However, for the smart TV, broadly speaking, they can disguise what the traffic is, but they are not capable of disguising that there is traffic, and without engaging in outright deception can't disguise where the traffic is going. (I mean that caveat about outright deception... it is theoretically feasible, of course.) (If the TV is wired-only, I'd have to insert my computer between the TV and the router. This is a few minutes with Linux routing commands. If it's wireless I just sniff the wireless.)

And many of the cases we are talking about are cases where the mere presence of traffic, or traffic in a certain shape ("a continuous 4kilobit stream" -> audio stream), is intrinsically suspicious. Netflix pouring megabytes into my console when I ask for a movie is not surprising; constant leaks coming out of my cell phone when I'm not actively using it would be, whereas occasional bursts to Google Play servers or my corporate email server wouldn't be. The topic of "metadata" is one that comes up a lot in these discussions, and here's an example of where that can play in our advantage for once... you can tell a lot just by looking at a stream's basic characteristics, no matter how encrypted the internals may be.