Looking for feedback: Anyone considering AiCloud important to them?

[KevTech]

Never used it in the twelve years I have used Asus routers.

 

[Piotrek]

Removing the service or keeping the service makes no difference to us if he never used it to begin with

Exactly.
It doesn't matter.
It doesn't improve security.
So why remove it?

On the other hand users with no experience who are high risk to themselves will have the choice of staying on stock or using better alternatives within Merlin

Why do you want to decide for them?
Let them decide whether they want to continue using AiCloud or turn it off.

 

[DJones]

Exactly.
It doesn't matter.
It doesn't improve security.
So why remove it?

Why do you want to decide for them?
Let them decide whether they want to continue using AiCloud or turn it off.

I feel like I’m going in circles because some people don’t agree with my answer. That’s fine. Yes keeping it off is as effective as removing it or a company patching the issues. I don’t really care if a user wreaks their router or turns it into a botnet or infects other devices. These things happen regardless of if you’re proactive about security or not. You can only mitigate against vulnerabilities because there will always be flaws not yet discovered or yet to be coded into new things. Ultimately as long as it’s not my devices it’s not my problem.

However is that really a good way to look at a problem. I’d honestly be damn thankful if someone took proactive steps to keep my devices safe if a feature is inherently flawed. Look at smb v1 it’s no longer enabled by default in most operating systems because it’s less secure than the alternatives. Sure you can reenable it and I’m not against that. But with this situation RMerlin has already commented a few things that I’m basing my opinions on.

1. Hiding AiCloud might not be possible because if it’s enabled and you update to a version with the AiCloud service hidden then you won’t effectively be able to change setting or turn it off or people will assume it’s gone. If he can hide it or toggle it on/off I’m fine with that as it was my first suggestion if you read the threads second comment.

2. A warning maybe possible, but is it going to be effective as stated by RMerlin. Again I’m not against this

3. Disabling the AiCloud Service at compile comes with some pros and cons. Yes this will prevent users from using the service unless built with the functionality enabled. Well it doesn’t inherently make it impossible to make firmware with it reenabled as RMerlin stated users don’t even read the changelog so why would they read documentation to re-enable it. So well yes removing it prevents any future problems that might resurface with AiCloud it’s the BIG choice RMerlin is asking user about unless alternatives can be proposed or users that do use the service vocally advocate for keeping AiCloud.

Despite people thinking I’m for simply tearing it out of the system if you actually read the thread and my posts that isn’t the case. I’ve read and presented alternatives to advocate for users that use AiCloud. I’m just running out of ideas. In fact I want to hear from people that use the service, but there hasn’t been much talk of users that do use it. And I can only justify it so much, since I have stated I don’t use it, and believe it will only bring further issues relying on ASUS. It’s ultimately not my problem however I’m trying to have a constructive discussion even though being on one side of the fence. So unless RMerlin wants me to keep discussions out of here and only hear from one side I don’t care to be silenced if what I say brings some relevant discussion to the conversation.

Hell I even shared this post on multiple sites to inform users of a problem, and to gain some feedback for RMerlin in the hope that people that do use the service will give him the feedback he actually is looking for. Because those of us that don’t use it isn’t the people he wants to hear from.

Ultimately it’s not my call. It’s RMerlins, I’m just discussing why I think it should be removed based on my opinion and what options their are.

If users want to give pro examples for keeping it literally speak up. All I’ve heard is.

-I use it but I’m too lazy to change,
-It will affect my workflow if it’s gone
-It will cause people in support to ping RMerlin and post about it gone.
-Users should have the choice.
-Removing it might make it seem inferior to Asuswrt because it has less features now.

These are valid but.. out the users that have commented it’s mostly I don’t use it and I don’t care… useful. Doesn’t make me think it’s a relevant feature. Others have proposed alternatives and I’m for them if better then then keep or remove.

If he decides to keep it I won’t lose sleep worrying about it or the users. But I at least tried to address it.

 

[Tech9]

Why do you feel the need to share you opinion 10 times about a feature you don’t use anyway?

 

[DJones]

Why do you feel the need to share you opinion 10 times about a feature you don’t use anyway?

Jesus.. I don’t. People reply to me I reply back. Or I have a suggestion or something to comment on. Trust me I’d rather not chase my tail so to speak.

I could just shut up. But why should I? My opinions might not change but why shouldn’t I have a conversation that focuses on someone’s point.

I really don’t feel like I’m the problem here.

 

[Analog-1]

I really don’t feel like I’m the problem here.

RELAX !!

 

[DJones]

RELAX !!

I’m quite relaxed. I have no desire to argue with anyone.

 

[Tech9]

The problem was solved already with firmware updates to both Asuswrt and Asuswrt-Merlin. No need to categorize, penalize and restrict users. They may want to run their routers with firewall disabled. There were cases like this... to "improve" the gaming. Their router, their choices.

 

[visortgw]

The problem was solved already with firmware updates to both Asuswrt and Asuswrt-Merlin. No need to categorize, penalize and restrict users. They may want to run their routers with firewall disabled. There were cases like this... to "improve" the gaming. Their router, their choices.

And what Asus router with what version of Merlin firmware are you using these days?

 

[Tech9]

And what Asus router with what version of Merlin firmware are you using these days?

None. I made my choice. Just another non-AiCloud user like 95% of the responders in this thread.

Reminder:

I am more concerned in people who actually DO use it

I'm balancing the views only. You can vote to remove the WAN port in Asuswrt-Merlin, don't care.

 

[visortgw]

None. I made my choice. Just another non-AiCloud user like 95% of the responders in this thread.

Reminder:

I'm not sure why all of the ongoing anti-Asus rhetoric and confrontation with actual Merlin users is necessary.

 

[Tech9]

I'm not sure why all of the ongoing anti-Asus rhetoric

It's called selective reading. Asus fixed the issue and even updated EoL models. My comment on this is here:

Malware damaging ASUS routers?

thanks never used any icloud services i keep it as simple as possible , less chance of problems

www.snbforums.com

The specific user you are standing behind removed the signature saying "I'm not an expert" and started expressing expert opinions about how Asuswrt-Merlin features have to be restricted to protect "people that will shoot themselves". I find it offensive to large majority of Asuswrt-Merlin users. This firmware is not intended for "experts". It has something for everyone in it. In case you're not sure about something personal - PM.

 

[DJones]

It's called selective reading. Asus fixed the issue and even updated EoL models. My comment on this is here:

Malware damaging ASUS routers?

thanks never used any icloud services i keep it as simple as possible , less chance of problems

www.snbforums.com

The specific user you are standing behind removed the signature saying "I'm not an expert" and started expressing expert opinions about how Asuswrt-Merlin features have to be restricted to protect "people that will shoot themselves". I find it offensive to large majority of Asuswrt-Merlin users. This firmware is not intended for "experts". It has something for everyone in it. In case you're not sure about something else personal - my PM is working.

Let me be perfectly clear I did remove my signature something I might add was only put there by me because of the last time you made a stink about my knowledge. I don’t really care if your offended or irritated by the fact I removed my signature or anything I said. Your a smart guy I have respect for the time you do give to support users. I however don’t have to agree with you or follow your advice. If you want to continue this discussion I’m fine with that however I think we both have better things to do.

 

[Tech9]

I'm done here. @RMerlin will decide what to do. His firmware, choices and responsibility to current and future users.

 

[RMerlin]

The problem was solved already with firmware updates to both Asuswrt and Asuswrt-Merlin. No need to categorize, penalize and restrict users. They may want to run their routers with firewall disabled. There were cases like this... to "improve" the gaming. Their router, their choices.

The reason why I'm opening the discussion this time however is that it's the third or fourth major security issue specific to AiCloud over the years since it was added, and this time the consequences were far more serious than previous times. So, I am questioning its continued existence more than before. Twice in the last year I've had to issue an out-of-bounds "emergency" release just for it, and both times I had to download stock firmware images to extract the necessary components from 6-8 different router firmwares as I can't patch that part of the code myself through an Asus-provided patch. I am lucky that the lighttpd modules are platform-specific, but not model-specific, so the modules from the RT-AX88U, for instance, can be reused for all bcm4908 models.

Its security track record is simply negative enough for me to be having the reflexion on whether it should continue to exist within Asuswrt-Merlin, as this has happened multiple times already, and I have no reason to believe it will be the last. AiCloud still uses the 2016 release of lighttpd.

Just to reiterate my earlier posts: I have not made any decision one way or the other at this time. I am merely gathering user feedback.

 

[alchemy]

9 pages?
I was going to edit to say but thought it was pretty obvious... if someone wants to use an antiquated stock feature they can still use stock firmware.
I appreacite @RMerlin taking time to gather user feeback!
If they decide it's more trouble than it's worth to maintain an unused/unknown (potential security risk) feature, I support their decision!

 

[swejuggalo]

I think the main problem here is that maintaining and emergency patching this whenever required takes time from more important things. And most likely for extremely few people.

 

[XIII]

The last thing Merlin firmware needs is information circulating that it's got less features than stock Asus, i.e. inferior.

“Less features, but more secure” actually sounds good to me (if you don’t use the missing features ), but it’s of course totally up to RMerlin to decide how to “market”/position his firmware/“product”. It’s nice of him to consult us a “focus group”.

(I don’t use AiCloud and never have; don’t even know whether I spelled it right…)

 

[DaveRS]

I have never used it, no loss here.

 

[amigohd]

Not using it. Never did.