Netgear "Fixes" Router with Phone-Home Features That Record IP, MAC Address

Discussion in 'HardForum Tech News' started by Megalith, May 22, 2017.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    13,004
    Joined:
    Aug 20, 2006
    This happens to be the same router I am using, of course. I installed Netgear’s latest R7000 firmware the other day, expecting bug and/or security fixes, but the only thing added was an invasive “Router Analytics Data Collection” option that sends sensitive data directly to the company. This seems like a disaster waiting to happen, since a potential exploit could allow for interception. I don’t get why they are introducing this now, and for this specific model, actually. Some users say they can’t even turn it off---on my end, the options are grayed out but the radio buttons still work, so something is definitely buggy.

    Netgear NightHawk R7000 users who ran last week's firmware upgrade need to check their settings, because the company added a remote data collection feature to the units. “Such data may include information regarding the router’s running status, number of devices connected to the router, types of connections, LAN/WAN status, WiFi bands and channels, IP address, MAC address, serial number, and similar technical data about the use and functioning of the router, as well as its WiFi network.” The good news is that you can turn it off: the instructions are here. It's probably unlikely that any significant number of users will do so, given the number of people who never get around to changing their default passwords.
     
  2. the-one1

    the-one1 2[H]4U

    Messages:
    2,982
    Joined:
    Jan 16, 2003
    Unless Netgear is providing support with the device, there is NO reason why they should collect any data.
     
  3. grtitan

    grtitan Telemetry is Spying on ME!

    Messages:
    1,266
    Joined:
    Mar 18, 2011
    First rule of buying a router, make sure that there are alternative firmwares for it.

    Try Vortex, its very good. (http://xvtx.ru/xwrt/index.htm)

    But to be safe, get an old PC and install Pfsense and set the R7000 (with Vortex) to AP mode.

    Soon, we will have to go back to pen and paper, given that everything will be talking back to some damn manufacturer.
     
    Darunion, Maxx_Power, HoffY and 3 others like this.
  4. charold

    charold Limp Gawd

    Messages:
    314
    Joined:
    Sep 7, 2011
    The last update I ran on my R7000 was buggy and I reverted back. Tried open source firmware but that dropped my WiFi speeds enough to go back to stock firmware, and rolled back to an older release. Looks like I'm not upgrading to this either.... I'm about ready to leave this with my roommate when I move out and move to Ubiquiti equipment or something similar like pfsense for my router. This crap is getting ridiculous.
     
  5. Ur_Mom

    Ur_Mom I'm Not Serious

    Messages:
    19,760
    Joined:
    May 15, 2006
    What is their reasoning for this? I think they'll backtrack (or at least backtrack the visibility of the 'feature'). There is no reason for them to be doing this much data collection.

    Who needs Big Brother in the shadows? We'll just hand over our private data anyway....
     
  6. Zardoz

    Zardoz 2[H]4U

    Messages:
    3,251
    Joined:
    Aug 27, 2000
    And here is another resin I dont buy netgear.
     
  7. 11EBSCREW

    11EBSCREW n00b

    Messages:
    16
    Joined:
    Nov 14, 2014
    I ditched the factory firmware long ago and run Tomato. But, for those that keep factory firmware this is pretty shitty.
     
  8. Makaveli@BETA

    Makaveli@BETA 2[H]4U

    Messages:
    2,305
    Joined:
    Mar 24, 2004
    This ^^^^ get off the junk stock firmware.

    Been using Vortex for over a year great firmware port of merlin's for this router.
     
    grtitan likes this.
  9. 11EBSCREW

    11EBSCREW n00b

    Messages:
    16
    Joined:
    Nov 14, 2014
    How does it compare to Tomato? Haven't had to touch mine in about a year, figure it's time to mess with sometime :)
     
  10. grtitan

    grtitan Telemetry is Spying on ME!

    Messages:
    1,266
    Joined:
    Mar 18, 2011
    I havent had a chance to test tomato on mine, but if I remember correctly, the wifi speeds or latency, are worse on tomato or some other issue, but I remember that it was an annoying bug that keep coming back release after release.

    I also think that Tomato lacks the "stealth mode" that turns off all the router lights.

    Haven't read their forums in a while, so maybe I need to take a look.
     
    Last edited: May 22, 2017
  11. Makaveli@BETA

    Makaveli@BETA 2[H]4U

    Messages:
    2,305
    Joined:
    Mar 24, 2004
    I haven't used Tomato on mine so can't give an opinion on that.

    I know most people go to the vortex/merlin firmware because it has great hardware acceleration for faster internet connections. Not sure how that is in Tomato currently.

    For stability and features its been great. And Vortex/Merlin update the firmware on a regular basic with security updates etc.

    I have no complaints.

    http://www.linksysinfo.org/index.php?threads/asuswrt-merlin-on-netgear-r7000.71108/

    If you want to get up to date on the port and its history read this whole thread.
     
  12. gxp500

    gxp500 Gawd

    Messages:
    867
    Joined:
    Mar 4, 2015
    Its called improving your product, companies want to know how their products are being used, whats going right or wrong with it, so they must collect this data otherwise how else will they know? Of course this should be opt-in and not the other way around or at least offer some incentive. Ever notice why you get some survey after emailing a company about something? They're trying to improve their product/service.
     
  13. Ur_Mom

    Ur_Mom I'm Not Serious

    Messages:
    19,760
    Joined:
    May 15, 2006
    With a MAC address, wifi SSID? Crash data, bandwidth usage, etc., yes. MAC addresses, SSID's, etc., no. MAC address, I can see a bit (maybe just take the first 3 for the manufacturers ID for different issues with various wireless NIC's).

    It's too much info, IMO. Tame is down a bit and then I'd accept it was to improve the product.
     
    windianrecords likes this.
  14. mdburkey

    mdburkey Limp Gawd

    Messages:
    498
    Joined:
    Jan 19, 2007
    I use Tomato Shibby on the R7000 and have had no trouble with it. That said, I haven't specifically tested the WiFi interface for latency, as my primary interest has been in the fact that PPTP and OpenVPN are pre-installed on it.
     
  15. grtitan

    grtitan Telemetry is Spying on ME!

    Messages:
    1,266
    Joined:
    Mar 18, 2011
    Can you please check if they added an option to turn all the router's lights?

    Also, can check if Affraid DDNS is built in?

    On Vortex/Merlin, you have to manually add that entry.
     
  16. steakman1971

    steakman1971 2[H]4U

    Messages:
    2,433
    Joined:
    Nov 22, 2005
    I switched to pfSense and use an Ubiquiti wifi router now. I'm not a network guy, so pfSense has been a learning project for me. I've had a lot of fun, but not for the fainthearted.
    Didn't Netgear have an unpatched security flaw sometime last year in their routers? I was using a Nighthawk a few years ago and thought it was fine for my use at the time. However, wanted to play with pfSense to learn more about it. (Now, I need a new server to run it - mine is on a dual core Xeon. Total overkill.)
     
  17. burritoincognito

    burritoincognito Gawd

    Messages:
    761
    Joined:
    Sep 17, 2012
    I'm using Tomato 1.38 by Shibby on mine. Workes perfectly. I've got 2 guest networks, a captive portal for guests to sign into, etc. No issues for the past year or so.


    also, I am not seeing anything about lights, or affraid. But, there is a custom option.

    I want to upgrade to Ubiquiti / pfsense just on principle, but these are doing everything I'd have to spend a lot of money to replicate the functionality of.
     
    Last edited: May 22, 2017
  18. mdburkey

    mdburkey Limp Gawd

    Messages:
    498
    Joined:
    Jan 19, 2007
    I don't see either option.
     
  19. mdburkey

    mdburkey Limp Gawd

    Messages:
    498
    Joined:
    Jan 19, 2007
    pfSense is a great router/firewall project.

    Ubiquiti.....well, I have mixed feelings about them. I've played with the Edge Router series a bit before (and a friend uses them extensively) and, while they seem quite functional, the UI and configuration steps seem "half done" to me (which has often been the case in past Ubiquiti stuff I've played with as well). I've worked with some of the Unifi gear before too, and while it works, setup was always a royal pain in the rear and I always had slightly quirky issues come up occasionally.

    For large scale WiFi networks with offsite management, I've had better luck with OpenMesh/Cloudtrax than I ever did with Ubiquiti's products.
     
  20. grtitan

    grtitan Telemetry is Spying on ME!

    Messages:
    1,266
    Joined:
    Mar 18, 2011
    Thanks. I deployed an Ubiquiti AP and is nice, but for it to be fully functional, you need their software running 24/7 on a computer.

    Some people create a VM on Amazon just for this though.

    Thanks.
     
  21. Chuklr

    Chuklr Gawd

    Messages:
    737
    Joined:
    Nov 1, 2009
  22. shspvr

    shspvr Gawd

    Messages:
    735
    Joined:
    Nov 22, 2009
    Vortex is just rip of Asus Merlin so next time buy Asus not Netgear
     
  23. GoodBoy

    GoodBoy [H]ard|Gawd

    Messages:
    1,453
    Joined:
    Nov 29, 2004
    Do yourself a favor and stop buying these crappy consumer grade routers.

    I got a Microtik about 2 months ago and it's great. It's got enterprise level features and capabilities, and as priced in the middle of the pricing for consumer routers:
    https://smile.amazon.com/Mikrotik-R...=UTF8&qid=1495487533&sr=8-4&keywords=mikrotik

    It is a bit more difficult to configure some firewall rules, but with a little reading you can do it.
     
  24. Matrixfy

    Matrixfy n00b

    Messages:
    41
    Joined:
    Apr 9, 2017
    Wow. I've been using one of these Nighthawks for my access point for years, but I haven't been updating the firmware - I left it on whatever it came with. Turns out I should pay more attention to it. Thankfully I just turned it down in favour of a couple of Linksys EA6500's meshed together using some flavour of open source firmware - I forget which (DD-WRT?). I've seen a couple of odd network drops since, but they're short, and the vastly increased coverage has been more than worth it.

    I've also been using pfsense as the router, running on a nifty little Intel engineering sample (a fanless 4 core atom box). There are rumors that the local ISP might be going gigabit, though, so I may need to upgrade that too :/ It's been beyond rock solid for everything I've ever thrown at it thus far.
     
  25. OregonLAN

    OregonLAN 2[H]4U

    Messages:
    2,627
    Joined:
    Mar 20, 2001
    I tried a couple versions of DDWRT with the R7000 early on, but I was less than impressed with the WiFi performance of 802.11ac. Now, I use PFSense running on a VM configured with NIC pass-through. It has been rock solid for years. For Wi-Fi, I use a couple Ubiquiti AC Pros in different parts of the house. The Unifi controller is hosted on a separate VM.
     
  26. grtitan

    grtitan Telemetry is Spying on ME!

    Messages:
    1,266
    Joined:
    Mar 18, 2011
    I know, but when the R7000 came out, there was no equivalent router out in the market on those days and next time, i will not buy any more toy routers, it will be a pfsense, microtik, sophos or something similar.
     
    Last edited: May 23, 2017
  27. SvenBent

    SvenBent 2[H]4U

    Messages:
    3,045
    Joined:
    Sep 13, 2008
    afte the disaster of secuity issues in the R7000 i went ahead and isntalled tomato firmware.
    it evne natively supports encrypt DNS request. SO way better for privacy than the crappy netgear firmware.

    Im really consideriing putting netgear on my blacklist with gigabyte motherbaord and kingstond SSD's, after this stunt.
     
  28. bigstusexy

    bigstusexy 2[H]4U

    Messages:
    3,146
    Joined:
    Jan 28, 2002
    I understand regular users but we are power users! Why are we still buying this stuff and not separating routers and access points?
     
  29. ob1

    ob1 2[H]4U

    Messages:
    2,274
    Joined:
    Apr 17, 2000
    So what about the X8 and X10? Is there a merlin version out there for those two? Also, usually the 8500 or X8 doesn't come up on the fault lists, which is odd. Or maybe it does, just not listed in the text...
     
  30. TechLarry

    TechLarry Can't find the G Spot

    Messages:
    30,141
    Joined:
    Aug 9, 2005
    I upgraded yesterday and indeed saw those options and disabled them.

    Why is Netgear so intent on destroying what is probably one of the best routers ever made?

    It is the WRT54 of modern times.
     
  31. TechLarry

    TechLarry Can't find the G Spot

    Messages:
    30,141
    Joined:
    Aug 9, 2005
    How is the routing performance with Tomato? I just got gigabit and though the R7000 should be able to flow 940 mbit/sec, I'm only seeing about half that.
     
  32. TechLarry

    TechLarry Can't find the G Spot

    Messages:
    30,141
    Joined:
    Aug 9, 2005
    Is that available with all gigabit ports? I don't get why anyone would bother with 100 mbit ports these days.
     
  33. TechLarry

    TechLarry Can't find the G Spot

    Messages:
    30,141
    Joined:
    Aug 9, 2005
    Is Vortex the best firmware for the R7000 ? I've never dove into the alternate firmware thing before, but I might be ready to now. I did always like ASUS firmwarz.
     
  34. grtitan

    grtitan Telemetry is Spying on ME!

    Messages:
    1,266
    Joined:
    Mar 18, 2011
    My best experience with alternative firmwares has always been with OpenWRT, but the wifi controller in the R7000 doesnt have any opensource drivers, so there isnt a proper version for it.

    DDWRT is a convoluted mess and I never had the chance to test any of the Tomatos since last time I checked, there was something missing or not working properly with the R7000.

    After I installed Vortex/Merlin, I have being satisfied with it, except for one thing, they dont include an entry for Afraid DDNS, you have to manually enter it.
     
  35. TechLarry

    TechLarry Can't find the G Spot

    Messages:
    30,141
    Joined:
    Aug 9, 2005
    So, wireless doesn't work ?
     
  36. grtitan

    grtitan Telemetry is Spying on ME!

    Messages:
    1,266
    Joined:
    Mar 18, 2011
    Not under OpenWRT, great on DDWRT and Vortex and if I remember correctly, with some latency issues under Tomato, but I could be wrong on that last one.
     
  37. SvenBent

    SvenBent 2[H]4U

    Messages:
    3,045
    Joined:
    Sep 13, 2008
    I have no issues but Im also not behind a 1gbit line... :(
     
  38. TechLarry

    TechLarry Can't find the G Spot

    Messages:
    30,141
    Joined:
    Aug 9, 2005
    So, everything with Wireless is fine under Vortex, right? Full AC support and all?
     
  39. grtitan

    grtitan Telemetry is Spying on ME!

    Messages:
    1,266
    Joined:
    Mar 18, 2011
    I dont have a way to test AC, but my understanding is that they are using the proprietary broadcom drivers, so the functionality should be the same as stock.
     
  40. GrayWolf

    GrayWolf n00b

    Messages:
    11
    Joined:
    Jun 29, 2007
    Only the Netgear firmware can give you full Gigabit WAN speeds due to their proprietary method of Cut-Through-Forwarding.

    https://community.netgear.com/t5/Ni...-Through-Forwarding-feature-quot/td-p/1080686

    Last time I checked, third party firmware could not access/use CTF on the R7000. This is one of those times where I'd love to be shown that the third party devs have worked that out. I have kept stock firmware for that reason for a while now.

    Edit: If you're on stock firmware and seeing 50% or less of your Gigabit ISP's rated bandwidth, I'd check to see if you can disable QoS on the router.