Saturday, March 12th 2022
TP-Link Said to be Sharing all Router Traffic with Third Party
These days, routers are quite complex devices that are doing much more than just routing data and are often the main security device on a home network. As such, we've seen a surge in third party services such as Asus' AIProtection that runs software from Trend Micro and Netgear Armor in cooperation with Bitdefender. Chinese TP-Link is likewise offering similar services, some in partnership with Trend Micro and some with Avira. It now appears that TP-Link's HomeCare service—that the company is offering in partnership with Avira—is sending data to Avira even when disabled in the UI, based on a thread over at Reddit.
The standard Avira features are meant to offer protection against malicious content, network intrusions and even against infected devices on the network that are said to be quarantined from other devices on the network. It also incorporates some basic parental control features, such as automatic content filtering and time controls. However, in this case, the issue isn't the functionality itself, but the fact that there apparently is no way to turn off the HomeCare feature, since even when seemingly disabled in the UI of the affected routers, it sends data to Avira. It seems to be a fairly large amount of data being sent as well, with the initial poster claiming over 80,000 requests in a 24 hour period. According to a review of a TP-Link product over on XDA-Developers from May last year, TP-Link said that they were working on a firmware update that would allow the Avira service to be turned off permanently.
However, it seems like no such option has materialized in close to a year since that comment from TP-Link and although it seems the data that is being sent is intended for Avira to use to improve their services, it also seems to go against the European GDPR rules to send user data to a third party, especially without the users consent. Back to Reddit, the poster contacted TP-Link, who claimed that the data sent was to check if the owner of the router had an active service with Avira or not, but this sounds rather preposterous considering that it wouldn't require 80,000 requests per day. To put it in a different context, that's close to once a second.
Multiple people on Reddit have chimed in saying that they're seeing exactly the same thing. Trying to block the requests isn't an option either, as this causes the routers in question to get stuck in a retry loop, which in turn leads to CPU usage spikes and causes issues with the general usage of the routers in question. Other users tried signing up for the trial of the paid-for service, but didn't see any changes in behavior, regardless if the service was enabled or disabled. The only slightly positive note on all of this is that Avira is a German company and could potentially be forced to amend how its service works based on the European GDPR regulation. However, it would still be up to TP-Link to issue a firmware release to the 13 or so routers that run the Avira service. Most of the routers are recent 802.11ax/WiFi 6 models and about half are part of TP-Link's Deco series of mesh systems.
Sources:
Reddit, TP-Link HomeCare, XDA-Developers
The standard Avira features are meant to offer protection against malicious content, network intrusions and even against infected devices on the network that are said to be quarantined from other devices on the network. It also incorporates some basic parental control features, such as automatic content filtering and time controls. However, in this case, the issue isn't the functionality itself, but the fact that there apparently is no way to turn off the HomeCare feature, since even when seemingly disabled in the UI of the affected routers, it sends data to Avira. It seems to be a fairly large amount of data being sent as well, with the initial poster claiming over 80,000 requests in a 24 hour period. According to a review of a TP-Link product over on XDA-Developers from May last year, TP-Link said that they were working on a firmware update that would allow the Avira service to be turned off permanently.
Multiple people on Reddit have chimed in saying that they're seeing exactly the same thing. Trying to block the requests isn't an option either, as this causes the routers in question to get stuck in a retry loop, which in turn leads to CPU usage spikes and causes issues with the general usage of the routers in question. Other users tried signing up for the trial of the paid-for service, but didn't see any changes in behavior, regardless if the service was enabled or disabled. The only slightly positive note on all of this is that Avira is a German company and could potentially be forced to amend how its service works based on the European GDPR regulation. However, it would still be up to TP-Link to issue a firmware release to the 13 or so routers that run the Avira service. Most of the routers are recent 802.11ax/WiFi 6 models and about half are part of TP-Link's Deco series of mesh systems.
90 Comments on TP-Link Said to be Sharing all Router Traffic with Third Party
I am now in fact waiting for the other shoe to drop whereby Intel, AMD, Corsair, Dell, HP and our bevy of other fine friends of proprietary hardware are jumping on the spyware bandwagon as well. Incorporating their own hardware spying-dosages throughout their entire product line. In effect thus inviting extra income opportunities and unleashing their greed even more so on the unsuspecting public? Perhaps soon it will come to a point where I will just roll over and play dead because there is nothing I can do about it! Thoughts?
I have a retired R7000 that its on. Currently using an Asus AX88U with merlin on it.
It really lets me appreciate the work so many people put into GNU/Linux, FreeBSD etc. and projects using it.
Voxel is recompiling Netgear firmware while adding some bells and whistles and also updating all the add on packages that sometimes are sorely out of date in netgears own firmware releases.
XVortex is porting Merlin to R7000 and a few other devices.
Indeed, i did not remember correctly, thanks for correction.
But still read the TOS if you wanna use it, you may surprise else.
And I know that the 7800 runs Voxel's firmware. You and I have have spoken many times on linksysinfo.org.
Well, maybe Cisco and Extreme are a bit overkill for the average home user...
Inb4, please don't even mention pfSense here.TOS = POS! These are so broad and vague that you might as well skip reading them alltogether. They are purposefully tailored in a way, such that manufacturers waive ANY and EVERY responsibility for damages and controversies that can or may occur when using the products.
That's the modern way for 'Fùck you, if you want to use our products, you have to agree to be royally screwed. Oh, you want to use someone else's products? Shame, they are doing exactly the same.'
TP-Phone-Home,….
Isn't this more apt?
Anyway,
it seems to me that all the AX-5x line has some sort of HomeShield/HomeCare feature, so the AX53 probably does too.EDIT: Confirmed, HomeShield is there too.Regarding returns, I don't know. You'd have to find a router of a different brand/model, for starters. The repeater should be fine, though.
To make sure that logging was occurring despite the settings were off, after posting on this thread earlier I cleared the logs (I had about 30 entries or so in there at the time), making sure that everything was disabled. Come on now, I turned the security filters off because I don't want the router logging every domain that anyone within my network might have visited, and I _definitely_ don't want the antivirus services.
The router is currently running:
[ICODE]Firmware Version: 1.0.11 Build 20210730 rel.54485(5553) Hardware Version: Archer AX50 v1.0[/ICODE]
... I gotta chuck this thing off a cliff when I have some time.
If yes, it's doing it.
Ones with slightly lower specifications were on the hardware list but no sign of mine, so I hit up the forum asked the developers section and within 24 hours someone had tweaked firmware for mine ...(how good a community is that).
Anyway I have no idea what I'm doing and there's a high chance I won't have a working GUI so I'll have to do everything via SSH but I'm gonna do it!! New firmware here I come.