What's new

SIX months since Merlin included updated Asus GPL - what's cooking at Asus ???

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
What Trend Micro use the collected data for?
Who said they were collecting data?

The EULA talks about potential personal info being shared with them because to use their website reputation service, you have to send them the URL for lookups against their database, for instance.

The EULA also talks about email-related data, which visibly does not apply to Asuswrt as there are no SMTP/POP/IMAP filtering feature in AiProtection. EULA is devised to be wide-encompassing, most likely to cover other services that aren't used by Asuswrt.

To this day, nobody has ever provided actual evidence as to what information was "shared" with them. Everyone is basing it on a EULA, which is a legal document, not a technical writeup.

If Trend Micro's goal was to gather as much user information as possible, why did they object to their engine being used on non-Asus routers, leading to the current situation where people compiling code from my repo cannot have fully working Trend Micro features anymore?
 
Who said they were collecting data?

No one knows what they collect. There is no definitive disclosure for Asuswrt specifically. The EULA gives them the right to collect whatever they need. I personally don’t know. What I know is what they want me to agree to.

I don’t know what Trend or other companies object to. Big chunk of Trend business is in China. This is where the most fakes and copyright violations come from. Let them deal with it and wish them good luck. When you scratch an itchy spot too much it starts hurting.

A question: Why Browsing History requires Trend EULA in Asuswrt? It can be done locally, no problem.
 
There were legal concerns for the previous GPL and we were asked to remove them.
We build a new process to solve the legal issues in the past months. The new GPL for AX and AC models are under review.
If there are no other new issues, we will release the new GPL.
I'm wishing you guys all the best and that everything goes well, and I'll be excited to, see the future releases when they are ready.
 
A question: Why Browsing History requires Trend EULA in Asuswrt? It can be done locally, no problem.
Because it's handled by the same engine. The EULA is tied to the engine as a whole, not to specific features.

Same thing with Adaptive QoS. Classification is done using locally downloaded signature files.
 
Because it's handled by the same engine.

I know. As per Global Privacy Notice (page 10) it provides access to:

- URLs, Domains and IP addresses of websites visited
- Behaviours of Product users

Data Collection Daemon (DCD) is closed source component, I believe. They can collect this information as well, if they want to. This is not much different than what Google does.
 
I know. As per Global Privacy Notice (page 10) it provides access to:

- URLs, Domains and IP addresses of websites visited
- Behaviours of Product users

Data Collection Daemon (DCD) is closed source component, I believe. They can collect this information as well, if they want to. This is not much different than what Google does.
If you want to watch dcd, restart it with logging to syslog.
Code:
killall dcd
dcd -i 3600 -p 43200 -b -d /tmp/bwdpi/ -l 7 &
Code:
Oct  9 22:32:09 dcd[21324]: [tmfbe_start_service(247)] Feedback server = ntd-asus-2014b-en.fbs20.trendmicro.com:443
If there was max exfiltration of personal data, you should be able to monitor outbound traffic to that URL.
 
It opens the possibility to collect such data, @dave14305. This specific option can be done without Trend Micro involvement.
 
If you want to watch dcd, restart it with logging to syslog.
Code:
killall dcd
dcd -i 3600 -p 43200 -b -d /tmp/bwdpi/ -l 7 &
Code:
Oct  9 22:32:09 dcd[21324]: [tmfbe_start_service(247)] Feedback server = ntd-asus-2014b-en.fbs20.trendmicro.com:443
If there was max exfiltration of personal data, you should be able to monitor outbound traffic to that URL.
If the traffic is TLS how would you monitor the contents of outgoing packets?
 
If the traffic is TLS how would you monitor the contents of outgoing packets?
You can’t see the contents, but the packet sizes and quantity of packets would hint at how much is being transferred.

As a general comment about this thread: we Asus owners love to hate on our beloved Asus routers. I love you but why can’t you be more like…
 
You can’t see the contents, but the packet sizes and quantity of packets would hint at how much is being transferred.

As a general comment about this thread: we Asus owners love to hate on our beloved Asus routers. I love you but why can’t you be more like…
Enthusiasts are never happy. I try to be a casual enthusiast and enjoy life more these days.
 
So Asuswrt without Wifi, AiMesh, AiProtection, Adaptive QoS, Tuxera HFS and NTFS support...

Just run OpenWRT.
OpenWRT's lack of 802.11ax support is why I switched to Asus routers for my AX purchase. I had used and built OpenWRT for my old routers, including a kernel upgrade to 5.4 in my last build, but looking today at their website, it looks they have AX support for just two (unknown-to-me brand) routers (might have missed some, but ...).
 
OpenWRT's lack of 802.11ax support is why I switched to Asus routers for my AX purchase. I had used and built OpenWRT for my old routers, including a kernel upgrade to 5.4 in my last build, but looking today at their website, it looks they have AX support for just two (unknown-to-me brand) routers (might have missed some, but ...).
And Asuswrt without proprietary Broadcom driver would also mean no wifi at all.

People need to start pushing Broadcom and Qualcomm to stop being paranoid about their "IP" and to start providing open source drivers for the Linux kernel.
 
I send an email to the email adres RMerlin provided, and they send me this. I have a AX88U.

The source code is not available for this particular model due to security related concerns. Sorry
 
I send an email to the email adres RMerlin provided, and they send me this. I have a AX88U.
The source code is not available for this particular model due to security related concerns. Sorry
Translation: their code is easily hacked, so it's closed.
 
Last edited:
Is their code subject to the terms of any open source licenses?

It's always people who have little or no understanding of security that think hiding things improves security. The source code will not help "hackers" if your product is secure. If it weren't a fact, things like OpenSSL and GPG wouldn't even be possible.
 
I'm starting to think that Asus is doing some sort of overhaul to the firmware itself as well as adding cake to adaptive QoS on supported model, but they can't tell is yet because it's not finished and we have to wait.

That's just my theory.
 
I'm starting to think third party firmware options are fading away, unfortunately. OpenWRT, FreshTomato - only on older model routers. Asuswrt-Merlin - the only option for Asus routers from now on. I don't know what level of support @Voxel gets from Netgear, if any.
 
I don't know what level of support @Voxel gets from Netgear, if any.

Voxel gets ZERO cooperation from Netgear. He has stated that Netgear is actually hostile toward him and his efforts. I don't know if it matters that Netgear outsources their firmware development (Delta Networks) as compared to Asus which does it internally.
 
Status
Not open for further replies.
Similar threads
Thread starter Title Forum Replies Date
E 'Fatal Signal Six' Rises From the Dead Asuswrt-Merlin 12

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top