Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it?

This post was originally published on this site

You didn’t ask for it, we didn’t tell you about it, but hey, it clears GDPR so what you gonna do?

Ubiquiti Networks is fending off customer complaints after emitting a firmware update that caused its UniFi wireless routers to quietly phone HQ with telemetry.

It all kicked off when the US-based manufacturer confirmed that a software update released this month programmed the devices to establish secure connections back to Ubiquiti servers and report information on Wi-Fi router performance and crashes.

Ubiquiti told customers all of the information is being handled securely, and has been cleared to comply with GDPR, Europe’s data privacy rules. Punters are upset they weren’t warned of the change.

“We have started to gather crashes and other critical events strictly for the purpose of improving our products,” the hardware maker said. “Any data collected is completely anonymized, GDPR compliant, transmitted using end-to-end encryption and encrypted at rest. The collection of this data does not and should not ever impact performance of devices.”

fail_parking_meter_648

In its current state, Ubiquiti’s EdgeSwitch won’t have much of an edge on anyone

READ MORE

The assurance was of little consolation to UniFi owners who bristled at the idea of any of their data being collected, particularly without any notification nor permission. In particular, enterprise customers were less than thrilled to learn diagnostic data was being exfiltrated off their network.

“Undisclosed backdooring of my network is completely unacceptable and will result in no longer recommending, using, or selling of Ubiquiti gear,” remarked one netizen using the alias Private_.

“I realize that UBNT is too big to care about the few tens of $K per year that I generate for them, but I want to formally and clearly disclose my privacy policy/EULA, so that we understand each other. This is a stealth network intrusion and I don’t/won’t accept it.”

Ubiquiti has offered an olive branch of sorts to its upset customers, as the biz said there are plans in place to release another firmware update that will allow customers to opt out of the data collection. No release date has been given, and Ubiquiti did not respond to a request for comment on the matter.

In the meantime, however, punters are going to have to deal with knowing that Ubiquiti will be slurping some of their data, and that is not going over particularly well. One mitigation is to use DNS or IP address filtering to block connections from the devices to Ubiquiti’s servers, though this may interfere with the equipment’s operation.

“Despite our good experiences with the hardware and our clients’ satisfaction, this is absolutely a step too far,” said user sillyrat. “We’re through buying Ubiquiti products unless and until they go back to doing only what we set them up to do.” ®

Thanks to Reg reader Kevin Campbell for the tip.

Sponsored: Technical Overview: Exasol Peek Under the Hood

Leave a Reply

Your email address will not be published. Required fields are marked *

November 7, 2019