ASUS Firmware update privacy policy?

[Morac]

I just upgraded my GT-AX-6000 to the latest ASUS firmware and was hit with the following splash screen upon trying to log in. It claims if I don't agree to it I won't get firmware or security updates anymore. Is this the Trend Micro agreement? I don't want to agree to that as I don't use it.

There is a link the notice, but it goes to a non-existent web page, http://www.asus.com/EN/Terms_of_Use_Notice_Privacy_Policy/Privacy_Policy

Any idea what this is? If I agree to it, can I still disagree to the Trend Micro notice?

I included the full text at the bottom.

ASUS PRIVACY NOTICE (for firmware/security upgrades)
Welcome to use ASUS router (“this router”)! Please read this Notice carefully:

1. In order to provide you with firmware and security upgrades on this router and to analyze user experience for the purpose of development and evaluation of new products and services of ASUS, by clicking “Agree” below, you agree to share your following data related to this router, including IP address, hashed MAC address, the country of manufacture, model name, firmware and software module version, manufacture date and version of hardware, firmware update data (such as execution method, time and numbers of firmware update), system status (such as usage status of fan, CPU, RAM, flash memory and voltage), numbers and time of boot-ups, the time and network you use to connect to this router, crash history, product name and code, login status of ASUS router app and the number of times of security events with ASUS.
2. Please kindly note: If you click “Disagree” below or disable the sharing of the above data with ASUS through “Administration” page, it may result in the inability to update to the latest firmware version and unable to receive the most up-to-date security protection on this router; However, to protect the security of your router and ensure the compliance with laws, for upgrades addressing important security issues or meeting legal/regulatory requirements, those upgrades will still be downloaded and installed automatically. In this case, ASUS will collect your IP address, hashed MAC address, the country of manufacture, model name, firmware and software module version, which is necessary data for ASUS to deliver these important upgrades to your router.
3. ASUS is committed to protecting and respecting your privacy; you may visit “Administration->Firmware Upgrade/ Privacy” page to enable/disable the sharing of your above data with ASUS at all times. To know more about how ASUS protects your privacy, please visit ASUS’ Privacy Policy. (ASUS’ Privacy Policy)

 

[Analog-1]

Again just say NO. Check yourself for firmware upgrades and install them yourself. Asus wants to automate the process along with mining your data. NO.

 

[Morac]

Reading the third provision, it sounds like this can be toggled off and on whenever I feel like it, so I can toggle it on to update I guess.

 

[Morac]

So to answer my own question. If you agree, it enables "auto firmware update", if you disagree it disables it.
Somewhat scary is that they say even if you disable it, Asus can still auto-update your firmware if they feel the risk is great enough.

 

[Justinh]

Is this the Trend Micro agreement?

No.

ASUS now has two types of updates for its own use: Firmware and a basic router security function known as ASD.

You are agreeing or disagreeing to having those things automatically update.

 

[Morac]

No.

ASUS now has two types of updates for its own use: Firmware and a basic router security function known as ASD.

You are agreeing or disagreeing to having those things automatically update.

It also seems to control security updates, which is a new toggle on the Firmware Update page. I'm not sure what those are but the description for it is:

Security upgrade incorporates security measures that continuously update its security file and scans to protect against malware, malicious scripts, and emerging threats in order to secure the router and ensure system stability. Some upgrades addressing important security issues or meeting legal/regulatory requirements will still be downloaded and installed automatically, even if “Security Upgrade” is turned off.

That sounds very much like what Trend Micro does. I also notices that all the toggles on the AIProtection page now show as on with the control disabled (so can't change it), even though AIProtection is off. I'm not sure what's going on there as it doesn't seem to actually be on, despite the router showing settings as on that shouldn't be.

 

[bennor]

The new privacy screen/information and forcing the user to choose was mentioned and posted to the RT-AX86U Pro 3006 firmware discussion over a week ago:
https://www.snbforums.com/threads/a...102_34312-2024-05-09.90015/page-2#post-906998

One can just select Disagree if they do not want to agree. The router will disable a number of settings (in particular the auto firmware and security updates).

 

[Tech9]

Somewhat scary is that they say even if you disable it, Asus can still auto-update your firmware if they feel the risk is great enough.

And where is their "feel" coming from if you disagree to data sharing? How do they know what firmware is your router running?

This thing was already there and perhaps for years. Now the manufacturers are pressed by new regulations and started posting disclosures.

 

[Morac]

And where is their "feel" coming from if you disagree to data sharing? How do they know what firmware is your router running?

This thing was already there and perhaps for years. Now the manufacturers are pressed by new regulations and started posting disclosures.

That’s the interesting thing, even if you disagree if they decide there is a significant enough threat out there it sound like they can remotely toggle auto-updates on. At least that’s the way the privacy notice is worded.

 

[Tech9]

In this case Asus will be still collecting your router's information regardless of your Agree or Disagree choice. The way they were doing it before without notifying you.

 

[Justinh]

It also seems to control security updates

I believe that is what I said ...

 

[aublumberg]

There is a link the notice, but it goes to a non-existent web page

There are several privacy policy pages on the ASUS website and I think this may be the correct link https://www.asus.com/terms_of_use_notice_privacy_policy/privacy_policy

 

[Tech9]

I think this may be the correct link

I like this one the most:

"Your age, gender, height, weight, body temperature, heart rate, blood pressure, movement of belly as well as certain data about your daily activities, for example, your step taken, calories burned, sleep patterns and diary records when you use our healthcare products and services."

Example of ROG Rapture style movement of belly in Asus user database:

 

[bennor]

That’s the interesting thing, even if you disagree if they decide there is a significant enough threat out there it sound like they can remotely toggle auto-updates on. At least that’s the way the privacy notice is worded.

Yes that is the way the notice is worded. While you can select "disagree" and "I understand the risk" and the router will disable "Auto Firmware Upgrade" and "Security Upgrade" settings; Asus however will still retain the ability to update the router when they feel its necessary (or at the request of some government official) despite having the two update options in the GUI disabled.

 

[Jbennett360]

So what's a security upgrade? If it's separate from a FW update?

 

[bennor]

So what's a security upgrade? If it's separate from a FW update?

The below screen capture is the relevant info on the Firmware Upgrade page on a RT-AX86U when one disagrees with the initial Asus privacy policy notice. Note what it indicates for Security Upgrade. Also note that both settings are disabled yet according to Asus, and as mentioned in the Firmware and Security Update description text, they can still update the router at their will.

 

[Jbennett360]

The below screen capture is the relevant info on the Firmware Upgrade page on a RT-AX86U when one disagrees with the initial Asus privacy policy notice. Note what it indicates for Security Upgrade. Also note that both settings are disabled yet according to Asus, and as mentioned in the Firmware and Security Update description text, they can still update the router at their will.

View attachment 58966

So updates for trend micro by the sounds of it

 

[Paliv]

So updates for trend micro by the sounds of it

No this is for the updates to the ASUS Security Daemon (ASD). The thing that bricked a ton of routers last fall.

 

[bennor]

So updates for trend micro by the sounds of it

No, sounds like the ASD updates that Asus pushes to their routers:
https://www.snbforums.com/threads/what-is-asd-process.76242/#post-729340
Per RMerlin:

It's not related to Trend Micro. It's a separate security daemon from Asus, that handle security-related issues on the router itself. They provide a special set of signature files specific to Asuswrt-Merlin that automatically gets downloaded from them.

Last year a corrupted ASD update caused all sorts of issues for Asus router users.
It took 48 hours, but the mystery of the mass Asus router outage is solved
Asus routers around the globe suffered a huge outage - here's what we know
There were a number of discussion threads about the ASD issue here in this forum that can be found using the forum search feature.

 

[Sasori7]

They also insist that you're over 16!
I thought I could reduce spying even more by just not checking that as well.