384.6 Now sharing data to Trend Micro?

[RMerlin]

This is a generic EULA that Trend Micro applies to various products. A lot of what is written in that EULA doesn't even apply to Asuswrt... This is just lawyer speak to protect themselves against as many possible things as they can think of, without implying that all of these are actually happening. Take for instance:

• Keeping you informed about our products, services and promotions

Trend Micro has no way of doing so with Asuswrt's features, so they will most certainly not do any such thing...

The banned/deleted user and thread were done so because it was filled with a bunch of lunatic ravings and conspiracy claims with zero facts to back any of it, bordering on slandering.

This whole thing has been blown way out of proportion. Almost every single commercial software you guys use come with similar, wide-encompassing EULAs. The Trend Micro EULA doesn't imply anything nefarious. Yes, they do receive your visited URLs, because it's how they can actually check it against their Website Reputation Service when you enable AiProtection' malicious website blocking. It's how the service is implemented. If you have a problem with that, just don't enable that feature. Somewhere at TM's HQ a lawyer said: "unless you can be 100% sure that nothing of this can accidentally end up in a database or a logfile, let's put in the EULA that we may be logging URLs, so we can't be sued if a programmer accidentally logged the user input in a debug log.".

I bet that large portions of these EULAs are just copy/paste jobs done by legal departments. No harm for them in having wider claims than what is actually required.

 

[HowIFix]

This is 100% sure that there is nothing free in this life and if something is free then you are the product or are you involved in illicit things.

 

[AndreiV]

If we are going to respond in that way and go to that extreme and be so permissive defending a company that makes money thanks to our traffic, then Why buy an expensive router?, Why are we using VPN?, Why are we using Firewall?, Why are we using DNSCrypt DoT or DoH?.
If it does not matter that everyone knows what "family" pages I visit, how much money I have in my bank, well come new world order, we are at your services antichrist, put us the chip of the beast. Hallelujah!

You clearly need help.

You appear to suffer from extreme paranoia and/or have a very guilty conscience and a lot to hide .

You have a choice ...... use their service having read the open and honest EULA or not, Trend Micro are not hiding anything or doing anything wrong, there is nothing to defend.

Why do you expect ANY company to provide millions of people a FREE service ? Do you work for zero pay?

 

[HowIFix]

You clearly need help.

You appear to suffer from extreme paranoia and/or have a very guilty conscience and a lot to hide .

Not, I only answered your troll post with an opposite answer.

Why do you expect ANY company to provide millions of people a FREE service ? Do you work for zero pay?

Yes or that I have to pay and be sure of something that will not affect me in the future or in the present...

 

[RMerlin]

This is 100% sure that there is nothing free in this life and if something is free then you are the product or are you involved in illicit things.

Asus pays Trend Micro to use the TMDPI engine, and in turn they include the licensing fee in the price of the router. That's one of the reasons why an Asus router costs more than, say, a TP-Link with the exact same hardware specs. The router's price includes licensing costs for Trend Micro, Tuxera, WTFast, Cloudcheck, and so on.

 

[Moogle Stiltzkin]

hm.... how does the Asus AI Protection/trend micro compare to the Pfsense and Ubiquiti USG gateway? and do they too have this similar privacy concern.

 

[RMerlin]

hm.... how does the Asus AI Protection/trend micro compare to the Pfsense and Ubiquiti USG gateway? and do they too have this similar privacy concern.

Different services. Pfsense does not offer any URL blacklist check AFAIK, they only offer IPS/IDS based on local signature files.

No idea what Ubiquiti supports.

 

[sfx2000]

hm.... how does the Asus AI Protection/trend micro compare to the Pfsense and Ubiquiti USG gateway? and do they too have this similar privacy concern.

Apples and Oranges - pfSense has their stuff - and Asus has theirs...

The Trend Micro stuff works well enough - I've worked with Trend in the past, they're good people...

 

[Enzo]

It has been sharing data since day1. They are simply presenting the EULA again and are making it more accessible from the WebUI due to some new transparency laws in the EU.

So this is nothing new they are springing on you.

In prior firmware, you had to accept the EULA when you first turned on the feature, and it would stay enabled until the router was reset to defaults with the "initialize to factory defaults" button.

Feel free to regain more control via

"etc/hosts"

Thanks for reply FreshJR,

Yes I understand that there is a EULA in place. My main concern is that their own listed url/site explaining what they capture/how they use it is NOT specifically detailed via their Embedded Router Features.

 

[Enzo]

Your router is the last point of defense in the home network. I think everyone expects to have data mining at the end points, but not at the router. We should support the person who posted this and not argue about it. The whole benefit of open source software is to have software free of exactly this sort of data invasion.

Thanks @JWoo ,

It might be that the discussion got derailed a bit, and thats, fine... (Squirrel!)

I'm advocating awareness, transparency to scope creep of privacy violations.
Unless we call it out and demand more specifics/transparency, it will creep further, I assure you!

My point about QoS requiring an opt-in for data sharing was meant to surprise folks as it did me. I understand QoS is a complex feature but its also table steaks 20 years later, and to compound the option to NOT use it I have accepts lower performance via disabled HW acceleration?

++Just seems like another example of "steering" customers/users to make the choices that want you to...

Last weeks congressional hearings continue to illustrate that companies are continually exposed for doing more than they say with data and employ ambiguity as a strategy to operate in grey areas...


Enzo

 

[Enzo]

Was ever thus, agreement to EULA asked for as part of originally setting up our AiProtect enabled routers.
The option to accept, or reject, was always there as I remember?
If reject, yup, the TrendMicro stuff doesn’t work.

Later, with GPDR, the EULA stuff became more detailed. The end result is the same though.

The way I see it, if we want true privacy, we shouldn’t use the internet.
ISP (& or VPN provider, & or DNS server provider), already knows what we’re doing. TrendMicro just one more to trust (or not), & in return get security monitoring?

Appreciate your point @Treadler ,

I differ in that (I feel) we ALL have accepted some compromise and in doing so have a reasonable expectation of some privacy and at the least, a very specific disclosure as to how what specific data is captured and how the data is used.

Enzo

 

[Enzo]

This is a generic EULA that Trend Micro applies to various products. A lot of what is written in that EULA doesn't even apply to Asuswrt... This is just lawyer speak to protect themselves against as many possible things as they can think of, without implying that all of these are actually happening. Take for instance:



Trend Micro has no way of doing so with Asuswrt's features, so they will most certainly not do any such thing...

The banned/deleted user and thread were done so because it was filled with a bunch of lunatic ravings and conspiracy claims with zero facts to back any of it, bordering on slandering.

This whole thing has been blown way out of proportion. Almost every single commercial software you guys use come with similar, wide-encompassing EULAs. The Trend Micro EULA doesn't imply anything nefarious. Yes, they do receive your visited URLs, because it's how they can actually check it against their Website Reputation Service when you enable AiProtection' malicious website blocking. It's how the service is implemented. If you have a problem with that, just don't enable that feature. Somewhere at TM's HQ a lawyer said: "unless you can be 100% sure that nothing of this can accidentally end up in a database or a logfile, let's put in the EULA that we may be logging URLs, so we can't be sued if a programmer accidentally logged the user input in a debug log.".

I bet that large portions of these EULAs are just copy/paste jobs done by legal departments. No harm for them in having wider claims than what is actually required.

Yes @RMerlin ,

Agree with everything you say, it's boiler plate stuff.



Enzo

 

[Enzo]

Well said @Treadler when privacy outweighs security then it's time to unplug. There is freedom found in security friends. We all need to trust someone. Haven't heard Trend Micro in the news for selling our information. Seriously!

Hey @skeal ,

Here is an interesting development:

Trend Micro tools tossed from Apple's Mac App Store after spewing fans' browser histories
Data caught being siphoned off to outside server

https://www.theregister.co.uk/2018/09/10/trend_micro_apple_macos/

Demo:

#TrendMicro Apps Identified:
#DrCleaner
#DrAntivirus
#AppUninstall
#DrUnarchiver
#DrBattery
#Duplicate Finder

---------
@sfx2000 ,
"The Trend Micro stuff works well enough - I've worked with Trend in the past, they're good people..."

people change...
--------


p.s. For those I thought I saw that asked how to stop the data sharing...I've done a few things initially:
*Placed a few url filters w/in FW (siteforce.com, trendmicro.com) Not sure if they have some hard coded tunnel phoning home back to mother ship.
*Placed a few similar url wildcards into the Pi-hole device

Hope this helps

Enzo

 

[skeal]

Hey @skeal ,

Here is an interesting development:

Trend Micro tools tossed from Apple's Mac App Store after spewing fans' browser histories
Data caught being siphoned off to outside server

https://www.theregister.co.uk/2018/09/10/trend_micro_apple_macos/

--->> #DrCleaner, #DrAntivirus, and #AppUninstall

---------
@sfx2000 ,
"The Trend Micro stuff works well enough - I've worked with Trend in the past, they're good people..."

people change...
--------


p.s. For those I thought I saw that asked how to stop the data sharing...I've done a few things initially:
*Placed a few url filters w/in FW (siteforce.com, trendmicro.com) Not sure if they have some hard coded tunnel phoning home back to mother ship.
*Placed a few similar url wildcards into the Pi-hole device

Hope this helps

Enzo

To protect you from the sites you visit, TM must know about the sites you visit. If people want to call that siphoning I don't agree. Trend states that it will need your information, to make it work. You don't have to enable this, and further, the version available in the apple app store is nothing like the version we have on our routers. Thanks though for the update. Conspicuously missing is Trends response.

 

[Enzo]

Conspicuously missing is Trends response.

@skeal , Trends Response IS in the article listed. Here is the snipet:
***
Updated to add
Trend Micro has confirmed Wardle and Privacy First's fears are true, and that browser histories were collected as part of the code's installation. In a statement today, the biz said:

Dr Cleaner, Dr Cleaner Pro, Dr Antivirus, Dr Unarchiver, Dr Battery, and Duplicate Finder collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation. This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service). The data collected was explicitly identified to the customer in the data collection policy and is highlighted to the user during the install. The browser history data was uploaded to a US-based server hosted by AWS and managed/controlled by Trend Micro.
***
Trend is removing this, er, feature from its software, though.

 

[skeal]

@skeal , Trends Response IS in the article listed. Here is the snipet:
***
Updated to add
Trend Micro has confirmed Wardle and Privacy First's fears are true, and that browser histories were collected as part of the code's installation. In a statement today, the biz said:

Dr Cleaner, Dr Cleaner Pro, Dr Antivirus, Dr Unarchiver, Dr Battery, and Duplicate Finder collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation. This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service). The data collected was explicitly identified to the customer in the data collection policy and is highlighted to the user during the install. The browser history data was uploaded to a US-based server hosted by AWS and managed/controlled by Trend Micro.
***
Trend is removing this, er, feature from its software, though.

If they need that information for a good install, then after it is configured, if it truly is a one time thing, the data should be deleted. The response from TM is the expected response. I'm interested in how they proceed now. Thanks again for the information sir.

 

[ColinTaylor]

Here is an interesting development:

Already being discussed here.

 

[FreshJR]

The version available in the apple app store is nothing like the version we have on our routers.

It’s exactally the same in the sense that router trendmicro fowards each DNS lookup back home and the MAC trendmicro also fowards history, extracted from your web browser, back home.

Weather the end results are nefarious or not cannot be known, but those Dr.X apps overstepped the boundaries as to intended actions.

 

[Treadler]

Appreciate your point @Treadler ,

I differ in that (I feel) we ALL have accepted some compromise and in doing so have a reasonable expectation of some privacy and at the least, a very specific disclosure as to how what specific data is captured and how the data is used.

Enzo

Yes, in view of the latest reports re Trend Micro conduct, ‘transparency’ is/was perhaps a tad lacking......?

 

[telUK]

All these threads about Trend Micro keep giving me doubts about enabling it on my ac86u.

Do they collect things like passwords and card data?

Anyone been running it for a while without problems.

Thanks