How to protest ASUS privacy invasion in US.

[rickyzhang]

I'm not a happy camper now that I know my privacy is being invaded by ASUS.

I found two ways to fight back if you live in US:

1. File a formal consumer complaint in FTC. https://www.ftc.gov. Below is the section of "what happened" in the complaint.

I’m writing to you with regard to my concerns towards the privacy of US citizen being invaded by network devices manufactured by foreign countries. I’m a IT profession. Recently I upgraded my ASUS home wireless router which is a popular Taiwan brand in America but manufactured in mainland China. I noticed that I was forced to accept their End User License Agreement that let them collect and send my private information to their server. For sure, I’m not happy about this. I already paid the hardware with my hard-earned money. But I still have to trade my privacy for additional software features. ASUS didn't tell me such aggreement before I made my purchase decision. That is totally unacceptable.​

2. Write to your representatives in your district. Below is my template.

Dear Senator/Congressman,


I’m writing to you with regard to my concerns towards the privacy of US citizen being invaded by network devices manufactured by foreign countries.


I’m a IT profession. Recently I upgraded my ASUS home wireless router which is a popular Taiwan brand in America but manufactured in mainland China. I noticed that I was forced to accept their End User License Agreement that let them collect and send my private information to their server. For sure, I’m not happy about this. I already paid the hardware with my hard-earned money. But I still have to trade my privacy for additional software features. That is totally unacceptable.


I spent my time in looking for a wireless router which is Made in USA. But I found NONE.


The wireless router is the most important part of network infrastructure at home. Anyone with evil intents owning this gateway could do so many unimaginable bad things against our great country.


To enhance our cyber securities at home, I propose that we should pass the law that requires all network equipment vendor selling in USA submit their source code and hardware design. Our government should setup an agency review them and perform security risk assessment.


We have National Highway Traffic Safety Administration (NHTSA) to regulate traffic safety. In 21st century, we should setup a similar law and enforcement to protect our cyber security as well. Now, I can’t find any help from any government agency to address my cyber security concerns at home. We don’t have any law like Europe GDPR to protect our citizen’s privacy.


Please act with urgency.


Sincerely yours,


XXX​

 

[Mutzli]

Don't use Trendmicro.

I’m a IT profession. Recently I upgraded my ASUS home wireless router which is a popular Taiwan brand in America but manufactured in mainland China. I noticed that I was forced to accept their End User License Agreement that let them collect and send my private information to their server. For sure, I’m not happy about this. I already paid the hardware with my hard-earned money. But I still have to trade my privacy for additional software features. That is totally unacceptable.

Well, don't accept the Trendmicro terms and it won't use your telemetry data to identify any rouge websites. BTW. This is not an Asus router only user term. Other brands that integrate router based protection have similar user agreements. Now if they would release the source code for this I bet you it won't take more than a few days before it's highjacked for other evel purposes. The way I see it, it's all about Privacy vs. Protection, what's more important to you?

 

[AndreiV]

Nobody is invading anything, this has been explained too many times here already.

You either accept the EULA and use the TrendMicro features or you decline the EULA , don't use those features and nothing is collected.

The data collected is not going to identify you in any case.


https://www.snbforums.com/threads/384-6-now-sharing-data-to-trend-micro.48202/page-7#post-506001

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1120473.aspx


Presumably you never use any websites? Never connect to anything that uses a CDN service, never use any form of cloud service ?
Your antivirus sytem doesn't ever contact the internet or send packets to the AV company servers for inspection?
Seriously,the browser you installed and use to surf the internet gives away more information than AiProtection.

 

[thelonelycoder]

The way I see it, it's all about Privacy vs. Protection, what's more important to you?

@Adamm and I agree (without me asking him first ) that our scripts cover a lot of of what that trending micro terminus does.

 

[Blinkyz]

Please act with urgency.

Lol this is to funny.... Stop paranoia and dont accept EULA, thats it

 

[Sanna1967]

Not this again !
Sorry, but where have you been for 3 years. This is in the asus code since that time is it's CLOSED source. There is nothing to do .
This is a gamick from Asus and TrendMicro. If it scares you, do not use it .

 

[rickyzhang]

Sorry guys, I don't know that until recently. Because it prompt me to click the EULA.

I bet it is GDPR that makes ASUS make in public.

I don't think this is funny. This either-or attitude is unacceptable. Because when I made my purchase in ASUS router, they didn't tell me in advance.

 

[martinr]

....This either-or attitude is unacceptable. Because when I made my purchase in ASUS router, they didn't tell me in advance.

Is that not a little unrealistic? Suppose you bought it on Amazon, is it reasonable to expect that there would be a warning such as: “Please note, should you wish to use any of the optional AIProtection module features on this router, you will need to accept an EULA. Nevertheless, the router will function perfectly without AIProtection.”?
Is that not unrealistic?

In the UK, your rights when making a purchase online are such that you can return the item for any reason whatsoever within 14 days. Do you have similar rights?

 

[gattaca]

My .02. None of the "home" router manufacturers can afford to provide all these extra FW/Inspection services at these price points by writing their own code. So they partner with Trend Micro and others to integrate their services. Netgear got kicked a year or so ago too about turning on too much sharing.

My gut says that if home users wants more control then then moving from home to commercial products or perhaps something like pfSENSE would be the next step. I agree with you that we have no "USA-Made" home routers at the home router price points. I've got a buddy who swears by Mikrotik Routers - that's all he will use. They were a bit too complex for my brain. I've done no research into the pros and cons. Peace.

https://mikrotik.com/

https://www.csoonline.com/article/3...re-to-nighthawk-r7000-routers-disable-it.html

 

[rickyzhang]

Every medicine commercial in US will explain all the side effects. I didn't know their privacy invasion thing until I owned the ASUS router form more than 4 years.

 

[AndreiV]

Every medicine commercial in US will explain all the side effects. I didn't know their privacy invasion thing until I owned the ASUS router form more than 4 years.

So you missed :

WiFi Router with AiProtection network security powered by Trend Micro

which is on all the advertising , router packaging and user manuals?

 

[rickyzhang]

No, it didn't have AiProtection feature in my ASUS RT-AC66U. So I'm pretty sure it was not advertised in package or user manual at the time I bought it couple years ago.

Again, you missed the point. They should not enforce ether-or EULA. Neither they should send my privacy.

I'd love to ask for full refund from ASUS. I already filed a complaint in FTC in US and wrote to my senator.

 

[ColinTaylor]

No, it didn't have AiProtection feature in my ASUS RT-AC66U. So I'm pretty sure it was not advertised in package or user manual at the time I bought it couple years ago.

What!? Are you seriously complaining that about the optional AiProtection features requiring you to agree to an EULA for features that were added after you purchased the router?

 

[AndreiV]

I am beginning to think this is a big wind up.

1) I have huge sense of deja vu , I am sure we had an identical thread @ 12 months ago.

2) What are you whining about ? You now state you have an ASUS RT-AC66U which doesn't have TrendMico / AiProtection . (edit : ASUS RT-AC66U -B1 does have Ai Protection and yes the information is right there.)

 

[gattaca]

Have you investigated the mikrotik's? As I stated earlier, almost any home oriented router that's going to offer anything like is in the optional ASUS items via TrendMicro will be partnering with a 3rd party to supply those features.

If you want full control of everything on the "safe" side of the FW with packet inspections etc.. then something like sophos home edition or XG or sonicwalls may be the better option. I played with Sophos XG home for a while and found it a bit too complex for my non-networking SME brain.

The final option is to find a home router maker you trust who's NOT partnering and go with that. IMHO, there are only two major home routers makers I'd use today: ASUS and Netgear. You need someone who will promptly apply patches and has a stable product. Those 2 knock a lot of home players off the map.

BTW, adding skynet to ASUS/Merlin via AMTM gives you the opportunity to exert a lot more control over with whom and where your router is talking to. And since this code is independent of ASUS, you can lock down all traffic to countries or other entities. IDK any other home-based router that comes even close to what skynet does. Just my .02. Peace.

https://www.sophos.com/en-us/products/free-tools/sophos-xg-firewall-home-edition.aspx

https://www.trustradius.com/products/sonicwall-tz/competitors

This may be helpful to your quest -> https://www.tomsguide.com/us/router-security-report,news-28875.html

 

[RMerlin]

Trend Micro cannot tell you if a website you are visiting is malicious if you won't tell them what website you are trying to access... Just like any website you visit will receive your IP address because that's simply how networking works.

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1120473.aspx

You are free to reject the EULA if this is not acceptable to you. And if after rejecting the EULA you're not satisfied with the product, return it and move on to another product.

 

[rickyzhang]

@gattaca, Thanks for your tips. I will look into an alternative.

@AnderIv You don't see my points. I NEVER ask for AiProtection. I don't want my privacy information being collected and sent. When I bought it 4 years ago, it did NOT print it on the package. Period.

@RMerlin In stock version FW, reject/withdraw EULA means it take away not only AiProtection (which I don't want) but also rest of software features. See below the list of software features:

Administration - ASUS NOTICE( for privacy )

Please note that users are required to agree to share information before using DDNS, Remote Connection (ASUS Router APP、Lyra APP、AiCloud、AiDisk), AiProtection, Traffic analyzer, Apps analyzer, Adaptive QoS, Game Boost and Web history. At any time, users can search for the contents of the terms at this page or stop sharing the information with other parties by choosing Withdraw.​

I definitely want to return my ASUS router.

But does any wireless AC home router provide reliable basic AP feature? I will build a pfsense router connected to cable modem and find a AC router as access point.

 

[gattaca]

@gattaca, Thanks for your tips. I will look into an alternative.
But does any wireless AC home router provide reliable basic AP feature? I will build a pfsense router connected to cable modem and find a AC router as access point.

Once you set the ASUS (even your RT-AC66U) as an Access Point, all the firewall/routing/Ai* features are turned off. So you can build a pfSENSE or any other type of setup and hang your older ASUS off it as an AP. I'd still prefer to get FW updates but it's a lot less critical when the AP is not your front door.

 

[ColinTaylor]

So what router do you have exactly? The RT-AC66U from 4 years ago has never supported any of the features you've mentioned.

 

[AndreiV]

@AnderIv You don't see my points. I NEVER ask for AiProtection. I don't want my privacy information being collected and sent. When I bought it 4 years ago, it did NOT print it on the package. Period.

I have not missed anything, what is very clear is that you have no idea what you are talking about.

If you don't want to use TrendMicro AiProtection DON'T TURN IT ON !

If you don't accept the EULA and do not run it then NOTHING can be collected.

And as I said before , a 4 year old RT-AC66U doesn't even have TrendMicro, it doesn't exist in that model.