Saturday, March 12th 2022

TP-Link Said to be Sharing all Router Traffic with Third Party

These days, routers are quite complex devices that are doing much more than just routing data and are often the main security device on a home network. As such, we've seen a surge in third party services such as Asus' AIProtection that runs software from Trend Micro and Netgear Armor in cooperation with Bitdefender. Chinese TP-Link is likewise offering similar services, some in partnership with Trend Micro and some with Avira. It now appears that TP-Link's HomeCare service—that the company is offering in partnership with Avira—is sending data to Avira even when disabled in the UI, based on a thread over at Reddit.

The standard Avira features are meant to offer protection against malicious content, network intrusions and even against infected devices on the network that are said to be quarantined from other devices on the network. It also incorporates some basic parental control features, such as automatic content filtering and time controls. However, in this case, the issue isn't the functionality itself, but the fact that there apparently is no way to turn off the HomeCare feature, since even when seemingly disabled in the UI of the affected routers, it sends data to Avira. It seems to be a fairly large amount of data being sent as well, with the initial poster claiming over 80,000 requests in a 24 hour period. According to a review of a TP-Link product over on XDA-Developers from May last year, TP-Link said that they were working on a firmware update that would allow the Avira service to be turned off permanently.
However, it seems like no such option has materialized in close to a year since that comment from TP-Link and although it seems the data that is being sent is intended for Avira to use to improve their services, it also seems to go against the European GDPR rules to send user data to a third party, especially without the users consent. Back to Reddit, the poster contacted TP-Link, who claimed that the data sent was to check if the owner of the router had an active service with Avira or not, but this sounds rather preposterous considering that it wouldn't require 80,000 requests per day. To put it in a different context, that's close to once a second.

Multiple people on Reddit have chimed in saying that they're seeing exactly the same thing. Trying to block the requests isn't an option either, as this causes the routers in question to get stuck in a retry loop, which in turn leads to CPU usage spikes and causes issues with the general usage of the routers in question. Other users tried signing up for the trial of the paid-for service, but didn't see any changes in behavior, regardless if the service was enabled or disabled. The only slightly positive note on all of this is that Avira is a German company and could potentially be forced to amend how its service works based on the European GDPR regulation. However, it would still be up to TP-Link to issue a firmware release to the 13 or so routers that run the Avira service. Most of the routers are recent 802.11ax/WiFi 6 models and about half are part of TP-Link's Deco series of mesh systems.
Sources: Reddit, TP-Link HomeCare, XDA-Developers
Add your own comment

90 Comments on TP-Link Said to be Sharing all Router Traffic with Third Party

#1
zlobby
Yeah, and I'm the crazy one buying expensive gear from reputable vendors...
Posted on Reply
#2
TheLostSwede
News Editor
zlobbyYeah, and I'm the crazy one buying expensive gear from reputable vendors...
In fairness to TP-Link, their hardware isn't all that different from their competitors.
However, I would never, as I've said before here, use one of their devices with the default software on it, as a router facing the internet.
I put OpenWRT on both of my TP-Link devices and both of them are working better with OpenWRT than they did with the TP-Link firmware.
Posted on Reply
#3
Assimilator
It now appears that TP-Link's HomeCare service that the company is offering in partnership with Avira, is sending data to Avira, if when disabled, based on a thread over at Reddit.
@TheLostSwede this sentence makes no grammatical sense.
Posted on Reply
#4
VSG
Editor, Reviews & News
Assimilator@TheLostSwede this sentence makes no grammatical sense.
Edited that sentence for better reading.
Posted on Reply
#5
ExcuseMeWtf
I remember the time when Avira was actually good and go to antivirus package. It was is Win9x days though...
Posted on Reply
#6
TheUn4seen
Last time I remember Avira being good was before the year 2006, when it didn't exist as a mainstream product.
They are now owned by Norton, after being sold to a shady investment company. What do you expect? If you buy consumer trash you're the product, the device is only there to extract value from you.
Posted on Reply
#8
Xuper
I have TP-link W8960N .does it affect ?
Posted on Reply
#9
zlobby
XuperI have TP-link W8960N .does it affect ?
Put OpenWRT on it, or better ditch it. :D
Posted on Reply
#10
TheLostSwede
News Editor
XuperI have TP-link W8960N .does it affect ?
It shouldn't have any kind of software like this on it, as it's an antique by now ;)
zlobbyPut OpenWRT on it, or better ditch it. :D
I doubt that would work, as it's got an ADSL2+ modem built in.
Posted on Reply
#11
thegnome
Well pretty sketchy, good thing TP-Link is only good for the cheaper end of the router market. Would probably go for Asus or Netgear once some new standards roll out.
Posted on Reply
#12
FreedomEclipse
~Technological Technocrat~
zlobbyYeah, and I'm the crazy one buying expensive gear from reputable vendors...
Do you really think Netgear, Linksys, Asus etc etc dont have backdoors to your router or collect your data anonymously and share with 3rd parties? Of course they do.
Posted on Reply
#13
Assimilator
FreedomEclipseDo you really think Netgear, Linksys, Asus etc etc dont have backdoors to your router or collect your data anonymously and share with 3rd parties? Of course they do.
No, they don't. If they did, people would've noticed it and called them out for it.
Posted on Reply
#14
zlobby
AssimilatorNo, they don't. If they did, people would've noticed it and called them out for it.
Yet even a quick search through most vulnerability databases reveal a shocking amount of flaws in their software. While it's all mostly patched by now, it trully shows how much these vendors 'care' about the security of their products. They do care about the brand image all right, but not real security per se.
TheLostSwedeIt shouldn't have any kind of software like this on it, as it's an antique by now ;)


I doubt that would work, as it's got an ADSL2+ modem built in.
Come on, you know by now that I'm a sucker for networking gear (and any gear for that matter), and I just get an urge to hate bad security practices/zero security by design.
Posted on Reply
#15
Assimilator
zlobbyYet even a quick search through most vulnerability databases reveal a shocking amount of flaws in their software.
That's nowhere near the same thing as the firmware being deliberately written to report users' browsing habits. Don't spread FUD by incorrectly conflating the two.
Posted on Reply
#16
bonehead123
TheLostSwedeIn fairness to TP-Link, their hardware isn't all that different from their competitors.
However, I would never, as I've said before here, use one of their devices with the default software on it, as a router facing the internet.
I put OpenWRT on both of my TP-Link devices and both of them are working better with OpenWRT than they did with the TP-Link firmware
In all fairness to them, many many years ago, I have found toilet paper's products, both hard & soft, to be just that, butt-wiper grade stuff....and have not touched them since and won't now either....

Almost every router vendor has had some issues here & there, both hardware, firmware, and software-wise, however, their attention to fixing them has been relatively good overall.

Over the past 8-10 years or so, I have found Netgear's (consumer) stuff to be somewhat better in this regard.

The fact the open-source firmware works better on tp's crap is both a testament to the OSS community, and big, black, bloody eye for tp IMHO :D
Posted on Reply
#17
Auxityne
Well, they must have forgotten my particular model (Archer AX4400) because my DNS gateway shows no traffic to Avira. At all. Of any kind.

And pre-emptively blocking that domain results in no performance issues.
Posted on Reply
#18
zlobby
AssimilatorThat's nowhere near the same thing as the firmware being deliberately written to report users' browsing habits. Don't spread FUD by incorrectly conflating the two.
Eh, sometimes developers just forget some administrative access. Who can blame them?
Posted on Reply
#19
Verpal
AuxityneWell, they must have forgotten my particular model (Archer AX4400) because my DNS gateway shows no traffic to Avira. At all. Of any kind.

And pre-emptively blocking that domain results in no performance issues.
Only those ''High end'' router with home care service shoved in have the privilege of being deemed important enough for telemetry.
Posted on Reply
#20
lexluthermiester
ExcuseMeWtfI remember the time when Avira was actually good and go to antivirus package. It was is Win9x days though...
It still is. One of the best. While I disagree with and find unacceptable TP-Link sharing peoples data, at least Avira is a reasonably trustworthy company. They could have been sharing with Symantec or some other pathetically awful company.

Forget they had been bought by NLL..
Posted on Reply
#21
Dr. Dro
I have an Archer AX50, apparently it has the Trend Micro version of the HomeCare software. It is disabled, but it would be highly appreciated of TP-Link to come clean and issue FW updates to all affected devices. Their hardware is affordable and has been relatively reliable to me, so it would be a shame to lose them to shenanigans like this.
Posted on Reply
#22
Voluman
Well, Avira has bought by AVG if i remember correctly (or vicaversa). AVG had in the TOS, that they share data with 3rd party, i think Avira had it too. So it's not a big surprise for me if that is true in some way.
Posted on Reply
#23
Steevo
The only thing I trust TP Link for is Ethernet over power adapters, they are invisible and everything sent on the network has to go through a router that reports it.
Posted on Reply
#24
windwhirl
lexluthermiesterAvira is a reasonably trustworthy company. They could have been sharing with Symantec or some other pathetically awful company.
VolumanWell, Avira has bought by AVG if i remember correctly (or vicaversa). AVG had in the TOS, that they share data with 3rd party, i think Avira had it too. So it's not a big surprise for me if that is true in some way.
Avira was bought by NortonLifeLock (formerly Symantec's consumer business) last year. For the record, Symantec's enterprise business was sold to Broadcom a while before that. And it seems Broadcom later sold part of that to Accenture (whoever they may be).

AVG was bought by Avast back in 2016.

And now, Avast and Norton are set to merge into one company later this year, provided all the paperwork goes well.

So yeah, if you didn't like any of those companies, all the others mentioned are probably tainted too in your view.

Edit: Ah, if you liked CCleaner, that's part of Piriform, which is part of Avast. So I guess that's something else to look at.
Posted on Reply
#25
lexluthermiester
VolumanWell, Avira has bought by AVG if i remember correctly (or vicaversa).
That is absolutely not correct. You're thinking of the NortonLifeLock buyout. Not that it's any better, but Avira is still operating as an independent subsidiary so their product lineup is still a quality offering.
windwhirlAvira was bought by NortonLifeLock (formerly Symantec's consumer business) last year.
Ninja'd! :laugh:
Posted on Reply
Add your own comment
Dec 21st, 2024 13:09 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts