Merlin closed source parts and privacy questions

[tektech]

I am thinking about getting an Asus router and putting Merlin on it. I have some questions:

1) What parts of Merlin are closed source or what closed source functionality is not replaced by Merlin?

2) I read there could be privacy concerns where an Asus router can send information about my activities to third parties especially with AiProtection and QOS features (

https://www.reddit.com/r/ASUS/comments/18km7sm/why_do_asus_router_users_still_have_to_upload

) and that some of those functions are closed source.

If I turn these features off, will it stop such activity? Are there any other features to turn off it I want my privacy situation to be such that Asus and Asus router firmware will not add any privacy risks outside the normal ones of using the Internet with any router? I am currently a user of DD-WRT on Netgear R7000 looking for an upgrade.

Thanks

 

[Tech9]

If I turn these features off, will it stop such activity?

All Trend Micro engine related features are turned off by default.

If you want to use AiProtection, Adaptive QoS, Game Boost, Web History, Traffic Statistics, Parental Controls - you have to agree to data sharing with Trend Micro. Unfortunately, Asus router users find out about this detail only after purchasing the device. With no data sharing to 3rd party all widely advertised as advantage features are basically out. Asuswrt-Merlin doesn't change this, comes from Asus upstream and stays as it is.

 

[tektech]

3) Is the only privacy concern with the Trend Micro features?
4) DD-WRT will total my WAN traffic daily and monthly in a bar graph with total upload and total download. Can Asus do this kind of simple tally without Trend Micro?
5) DD-WRT can set a fixed data rate limit per client through a simple QOS feature. Can Asus do this without Trend Micro at a similar basic level?

and

1) Any comments on What parts of Merlin are closed source?

 

[Tech9]

Is the only privacy concern with the Trend Micro features?

Trend Micro (if agreed to, optional) and Asus (for firmware updates, default) do data collection.

Can Asus do this kind of simple tally without Trend Micro?

Yes, Asuswrt-Merlin has enhanced Traffic Monitor with save to USB drive option of daily/monthly data.

Can Asus do this without Trend Micro at a similar basic level?

Yes, it's called Traditional QoS, but it's incompatible with NAT acceleration and even modern routers can't do 500Mbps WAN-LAN without it. Also quite often Traditional QoS is found broken upstream in Asuswrt base and may or may not work as expected.

Any comments on What parts of Merlin are closed source?

All Trend Micro components, all AiMesh related functionality, wireless drivers, proprietary device drivers, etc. many things. Of course only RMerlin himself can provide exactly accurate information on what can and can't be touched/modified in Asuswrt base.

 

[tektech]

Asus (for firmware updates, default) do data collection.

What kind of data is collected here? Do I get away from this collection in switching to Merlin and applying future updates of Merlin?

All Trend Micro components, all AiMesh related functionality, wireless drivers, proprietary device drivers, etc. many things.

Of these closed source elements, are the privacy concerns limited to the Trend Micro components? Is there any unnecesary data collection involved with the operation of the other closed source elements?

 

[Tech9]

What kind of data is collected here?

Official information is here:

Terms of Use Notice / Privacy Policy - Privacy Policy

www.asus.com

Is there any unnecesary data collection involved with the operation of the other closed source elements?

I'm not aware of any other data collection happening.

Discussion about Asus new data collection agreement here:

ASUS Firmware update privacy policy?

I just upgraded my GT-AX-6000 to the latest ASUS firmware and was hit with the following splash screen upon trying to log in. It claims if I don't agree to it I won't get firmware or security updates anymore. Is this the Trend Micro agreement? I don't want to agree to that as I don't use it...

www.snbforums.com

As far as I know it pops up in Asuswrt-Merlin as well, the user can disagree, what happens after - I don't know. In stock Asuswrt there is a statement firmware still can be upgraded automatically and this means they still collect some router related formation regardless of user's agree/disagree choice.

 

[Analog-1]

What kind of data is collected here? Do I get away from this collection in switching to Merlin and applying future updates of Merlin?

As stated there is NO data collection unless you agree to it. Asus or Merlin.

 

[Tech9]

I wouldn't stress myself that much about what Trend Micro and Asus collect. This is how it works, user data is the currency for specific services. I'm pretty sure connected clients collect much more data and send it regularly to Apple, Google, Microsoft, etc. Extreme privacy concerns - better stay off-line.

 

[tektech]

I wouldn't stress myself that much about what Trend Micro and Asus collect. .... I'm pretty sure connected clients collect much more data and send it regularly to Apple, Google, Microsoft, etc.

I specifically do NOT want the router adding to these other data collections by causing data collection in and of itself. Can I avoid that with Asus, or should I just stick with DD-WRT or something else? I would like to be able to upgrade from my Wifi 5/gigabit ports to Wifi 6E/7/multigig ports without adding new data collection.

 

[Analog-1]

I specifically do NOT want the router adding to these other data collections by causing data collection in and of itself. Can I avoid that with Asus, or should I just stick with DD-WRT

What makes you think DD-WRT is not collecting your data. Look it's 2024 data collection is a way of life now days. The only way to stop it is stay disconnected from the internet. Is that an option for you ?? I would be MUCH more concerned about Windows 11 24H2 upcoming this fall It's chalked full of data collection and any Apple or Android phone then a Asus router.

 

[Tech9]

Wifi 6E/7/multigig ports without adding new data collection

If we assume revoking Asus and Trend Micro agreement plus Asuswrt-Merlin firmware compatibility your current choice is limited to GT-AXE16000, GT-BE96U and GT-BE98U Pro. Sorry, but at this price I would rather think about different equipment, not AIO disposable or beta tester hardware.

Take a look at GL.iNet GL-MT6000. Not Wi-Fi 6E/7, but relatively cheap and can run vanilla OpenWrt. May be a good upgrade option for you.

Flint 2 (GL-MT6000) | High-Performance VPN Router

Experience blazing-fast VPN speeds and full OpenWrt customization with Flint 2, our best Wi-Fi 6 router yet. A new realm of power, freedom, and security.

www.gl-inet.com

 

[tektech]

GT-AXE16000, GT-BE96U and GT-BE98U Pro

Yes, I am looking at these.

Sorry, but at this price I would rather think about different equipment

What equipment would you suggest to get 6E or 7 and multigig Ethernet ports? Would like open source software to be involved.

Take a look at GL.iNet GL-MT6000. Not Wi-Fi 6E/7

This is less of an upgrade than I am looking for.

 

[jerry6]

What kind of data is collected here? Do I get away from this collection in switching to Merlin and applying future updates of Merlin?



Of these closed source elements, are the privacy concerns limited to the Trend Micro components? Is there any unnecesary data collection involved with the operation of the other closed source elements?

who cares about what little data trend and Asus collect , you probably use a cell phone that collects every move every sound you make , why worry about what little trend and asus collect . your car probably collects more data about your life .

 

[anatomist3]

who cares about what little data trend and Asus collect

Maybe not you, but I (and I presume OP) do.

you probably use a cell phone that collects every move every sound you make

Nope. I mean, yeah, sure, you may be tracked by your cell service provider while your phone is connected to their network, but this doesn't mean they are able to access information on your device or what you do over private networks. I use a Pixel running GrapheneOS and keep things properly sandboxed, meaning that no, Google/Samsung/whoever can't track me outside of very specific ways in which I've actively chosen to opt into it.

I wasn't a always believer in it, but honestly, it works fantastically well and with what I consider to be shockingly minimal compromises in terms of functionality.

your car probably collects more data about your life .

Unfortunately, unlike Android, there's not really any choices for new car owners. Luckily people are still buying and selling cars that are decades old, although I agree that this is going to continue to be a bigger and bigger problem.

However, I think the biggest problem is people with defeatist attitudes who think we shouldn't even try.

 

[jerry6]

Maybe not you, but I (and I presume OP) do.

Nope. I mean, yeah, sure, you may be tracked by your cell service provider while your phone is connected to their network, but this doesn't mean they are able to access information on your device or what you do over private networks. I use a Pixel running GrapheneOS and keep things properly sandboxed, meaning that no, Google/Samsung/whoever can't track me outside of very specific ways in which I've actively chosen to opt into it.

I wasn't a always believer in it, but honestly, it works fantastically well and with what I consider to be shockingly minimal compromises in terms of functionality.

Unfortunately, unlike Android, there's not really any choices for new car owners. Luckily people are still buying and selling cars that are decades old, although I agree that this is going to continue to be a bigger and bigger problem.

However, I think the biggest problem is people with defeatist attitudes who think we shouldn't even try.

sorry but the chips in your phone identify you no matter how you sandbox whatever , my cars are 18 years old and 50 years old and have no cell phone , not defeatist just don;t care because I keep my life as Flintstone as can be

 

[Tech9]

we shouldn't even try

If you are online and want to use popular services - they will also know that you are trying.