These days, routers are quite complex devices that are doing much more than just routing data and are often the main security device on a home network. As such, we've seen a surge in third party services such as Asus' AIProtection that runs software from Trend Micro and Netgear Armor in cooperation with Bitdefender. Chinese TP-Link is likewise offering similar services, some in partnership with Trend Micro and some with Avira. It now appears that TP-Link's HomeCare service—that the company is offering in partnership with Avira—is sending data to Avira even when disabled in the UI, based on a thread over at Reddit.

The standard Avira features are meant to offer protection against malicious content, network intrusions and even against infected devices on the network that are said to be quarantined from other devices on the network. It also incorporates some basic parental control features, such as automatic content filtering and time controls. However, in this case, the issue isn't the functionality itself, but the fact that there apparently is no way to turn off the HomeCare feature, since even when seemingly disabled in the UI of the affected routers, it sends data to Avira. It seems to be a fairly large amount of data being sent as well, with the initial poster claiming over 80,000 requests in a 24 hour period. According to a review of a TP-Link product over on XDA-Developers from May last year, TP-Link said that they were working on a firmware update that would allow the Avira service to be turned off permanently.However, it seems like no such option has materialized in close to a year since that comment from TP-Link and although it seems the data that is being sent is intended for Avira to use to improve their services, it also seems to go against the European GDPR rules to send user data to a third party, especially without the users consent. Back to Reddit, the poster contacted TP-Link, who claimed that the data sent was to check if the owner of the router had an active service with Avira or not, but this sounds rather preposterous considering that it wouldn't require 80,000 requests per day. To put it in a different context, that's close to once a second.

Multiple people on Reddit have chimed in saying that they're seeing exactly the same thing. Trying to block the requests isn't an option either, as this causes the routers in question to get stuck in a retry loop, which in turn leads to CPU usage spikes and causes issues with the general usage of the routers in question. Other users tried signing up for the trial of the paid-for service, but didn't see any changes in behavior, regardless if the service was enabled or disabled. The only slightly positive note on all of this is that Avira is a German company and could potentially be forced to amend how its service works based on the European GDPR regulation. However, it would still be up to TP-Link to issue a firmware release to the 13 or so routers that run the Avira service. Most of the routers are recent 802.11ax/WiFi 6 models and about half are part of TP-Link's Deco series of mesh systems.