384.6 Now sharing data to Trend Micro?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.
Status
Not open for further replies.

bitmonster

Senior Member
Relying on a local signature file is no longer a reliable solution, the window of opportunity for a malware to slip in is too large.
Fair point I guess.

Tor is nothing special. Who would freely give up their bandwidth for a tor node/relay? The dark web didn't exactly keep the US government from tracking down people. Do you know which relays your traffic is going through?

And most vpn companies are some nameless entity with no real person or entity behind it (and as a result no accountability). The best it can do is move the data beyond the jurisdiction of your locality. Pia was shut down in Russia because they did not keep history and when their servers were taken over in Russia they had to change all of their encryption keys globally as a result. But who exactly is London Trust Media?

Secrecy and security are not the same thing. The same way being anti war and being for peace are not the same thing. The difference seems subtle, but they are very different.
Totally agree. But TOR at least encrypts across nodes within the network, and I understand the 'breaches' were not on the TOR network itself but on the client side, and TAILS OS would go a long way to eliminating that risk.

And it's free.

If someone from IP 1.2.3.4 accessed website www.smut.tld, do you really think anyone will care?
Ask people in nearly any Muslim country. Yes they care. And yes going to 'gaysmut.tld' could spell death. A Saudi Arabian journalist was recently executed. Turkey is going along the same route (and they are supposed to be secular). An atheist activist was executed last year in Pakistan. Malaysia routinely rounds up and punishes anyone even suspected of being 'atheist' - using guess what - browsing history and social media. The Indonesian defence minister declared that gay people are more of a threat than nuclear war - and wants them tracked. Indonesia (in Aceh) routinely publicly whips gay people or at least sends them to 're-education camps' - and even women caught in the company of any man she is not related to (they get whipped too). And they use - guess what - browsing history, chat logs, social media etc. Here in Australia we target them for other reasons (high spending tourists) - but not all countries are free. And even Australia is now going backwards in many ways - because people are asking less questions and protesting less.

So it relates to this. Just because we live in countries where we are no longer executed for such things, doesn't mean this is the norm across the world. And these countries are getting worse not better.

Stop being "offended" because a company is trying to lower the price of their service by using data that will never have any direct impact on your personal life.
It's not about being offended. It's about asking legitimate questions. It's no reflection on your and others hard work or the services provided in the product. I think it's healthy to ask questions.

It's just a forum - people are free to unsubscribe or ignore if they wish too - as long as we are not being rude or offensive?

One of my main reasons for using a VPN is also security, is there no point to using a VPN to stop things like a MiM attacks?
VPN offers no additional security unless you're talking about privacy and bypassing these "religiously enlightened" regimes mentioned above.

Fingerprinting, uniquely provided information
Good point too... There again TAILS is the only way around this if one is concerned (and in countries like above they should be).

So if your goal is to hide from the authorities (for whatever reason), a VPN provider is not going to protect you there.
Yep - agreed.

You're completely correct about lack of knowledge leading to paranoia.
Can do. But remember Hitler sailed in to power on the back of apathy and look how that wound up. When the economy was growing again few bothered to look in to what he was actually up to.

His reason was "because electricity and water don't mix".
Well in the days before improve electrical standards i.e. RCD current breakers - he had a point. Old fuses stopped overloading, not electrocution. Did anyone ask if he ever saw or heard of someone being electrocuted so had genuine fear? Rather than belittling his 'outdated views'. A modern RCD fuse would reduce that risk of course though (which all houses should now have).

I would rather have trend micro specifically call out what data they collect, why, and what they use it for.
^^^^^ This ^^^^^
This is all we're asking for. If it's legit that's fine - it's when companies don't really explain it or bury it in ten pages of dense legal text that it becomes an issue. Some companies explain things well and simply, and then have ten pages of legal text for those who care.

When i find some application like es file explorer that i've used for years and have paid for is collecting information even when not in use and sending it to servers in china that is a cause for concern. What is it collecting? Who is receiving the information? Did i give it root access?
>> Chinese phones have been found to have ad / spyware baked in to the firmware <<

Now while this firm 'claimed' it was only for 'advertising' and quality control purposes - it is worth remembering that Chinese law requires their companies to support intelligence gathering.

At the end of the day I agree with Merlin - unhealthy paranoia and mis-information does not help - but apathy certainly does not help either.

Just asking questions is not a reflection or automatic indictment on any company or the hard work of volunteers and other supporters. It's just about asking questions... No harm from that is there?

Just remember that it is the minority of the world that is actually free (and less so by the day) - while the majority of the world's population live either under Islamic theocracies or totalitarian regimes like China where any 'difference' or even 'divergent opinion' can spell death without even a basic trial.

What we all enjoy here is the exception, not the norm. So I am happy if people continue asking questions to keep it that way.

And yes all those Islamic and totalitarian regimes above would absolutely use the information discussed here if they could. Go to 'gaysmut.tld' in Saudi Arabia and you would expect the door to be kicked in within 24 hours.
 
Last edited:

Skeptical.me

Very Senior Member
Fair point I guess.



Totally agree. But TOR at least encrypts across nodes within the network, and I understand the 'breaches' were not on the TOR network itself but on the client side, and TAILS OS would go a long way to eliminating that risk.

And it's free.



Ask people in nearly any Muslim country. Yes they care. And yes going to 'gaysmut.tld' could spell death. A Saudi Arabian journalist was recently executed. Turkey is going along the same route (and they are supposed to be secular). An atheist activist was executed last year in Pakistan. Malaysia routinely rounds up and punishes anyone even suspected of being 'atheist' - using guess what - browsing history and social media. The Indonesian defence minister declared that gay people are more of a threat than nuclear war - and wants them tracked. Indonesia (in Aceh) routinely publicly whips gay people or at least sends them to 're-education camps' - and even women caught in the company of any man she is not related to (they get whipped too). And they use - guess what - browsing history, chat logs, social media etc. Here in Australia we target them for other reasons (high spending tourists) - but not all countries are free. And even Australia is now going backwards in many ways - because people are asking less questions and protesting less.

So it relates to this. Just because we live in countries where we are no longer executed for such things, doesn't mean this is the norm across the world. And these countries are getting worse not better.



It's not about being offended. It's about asking legitimate questions. It's no reflection on your and others hard work or the services provided in the product. I think it's healthy to ask questions.

It's just a forum - people are free to unsubscribe or ignore if they wish too - as long as we are not being rude or offensive?



VPN offers no additional security unless you're talking about privacy and bypassing these "religiously enlightened" regimes mentioned above.



Good point too... There again TAILS is the only way around this if one is concerned (and in countries like above they should be).



Yep - agreed.



Can do. But remember Hitler sailed in to power on the back of apathy and look how that wound up. When the economy was growing again few bothered to look in to what he was actually up to.



Well in the days before improve electrical standards i.e. RCD current breakers - he had a point. Old fuses stopped overloading, not electrocution. Did anyone ask if he ever saw or heard of someone being electrocuted so had genuine fear? Rather than belittling his 'outdated views'. A modern RCD fuse would reduce that risk of course though (which all houses should now have).



^^^^^ This ^^^^^
This is all we're asking for. If it's legit that's fine - it's when companies don't really explain it or bury it in ten pages of dense legal text that it becomes an issue. Some companies explain things well and simply, and then have ten pages of legal text for those who care.



>> Chinese phones have been found to have ad / spyware baked in to the firmware <<

Now while this firm 'claimed' it was only for 'advertising' and quality control purposes - it is worth remembering that Chinese law requires their companies to support intelligence gathering.

At the end of the day I agree with Merlin - unhealthy paranoia and mis-information does not help - but apathy certainly does not help either.

Just asking questions is not a reflection or automatic indictment on any company or the hard work of volunteers and other supporters. It's just about asking questions... No harm from that is there?

Just remember that it is the minority of the world that is actually free (and less so by the day) - while the majority of the world's population live either under Islamic theocracies or totalitarian regimes like China where any 'difference' or even 'divergent opinion' can spell death without even a basic trial.

What we all enjoy here is the exception, not the norm. So I am happy if people continue asking questions to keep it that way.

And yes all those Islamic and totalitarian regimes above would absolutely use the information discussed here if they could. Go to 'gaysmut.tld' in Saudi Arabia and you would expect the door to be kicked in within 24 hours.
To be honest I trust ProtonVPN over my ISP. According to ProtonVPN, AirVPN, and ExpressVPN they have a good reputation for clearing all logs. In Australia we have 2 year mandatory data retention. So there's that benefit. There's no way I trust my ISP lol

However, after reading all the replies today I feel like I've been mislead afrom those who advocate for privacy. And I had the wrong understanding of what a VPN actually does.

SNB is probably the best forum I've been to to learn about these things. And realize I've wasted $100's on VPN subscriptions lol
 

bitmonster

Senior Member
Glad we can help..

Just be mindful who own VPNs.. Try finding out who owns Nord VPN for example. I asked them several times and they refused to answer, just saying they're "based" in Panama which means squat.

At least the Australian government is a "known evil" I would trust more than most of these so called VPNs to be honest.

But do continue asking these questions. This is healthy.


Sent from my SM-G965F using Tapatalk
 

agilani

Very Senior Member
To be honest I trust ProtonVPN over my ISP. According to ProtonVPN, AirVPN, and ExpressVPN they have a good reputation for clearing all logs. In Australia we have 2 year mandatory data retention. So there's that benefit. There's no way I trust my ISP lol

However, after reading all the replies today I feel like I've been mislead afrom those who advocate for privacy. And I had the wrong understanding of what a VPN actually does.

SNB is probably the best forum I've been to to learn about these things. And realize I've wasted $100's on VPN subscriptions lol
I would trust my ISP more for real and LEGAL business. You are too trusting. Who is protonvpn ab? Is it really based in lithuania?
https://news.ycombinator.com/item?id=17258203

If they don't actually do any of the items they claim on the website, do you have any recourse? If they hijacked your dns would you know it or be able to do anything about it?

Again, the only benefit of a vpn service is to take data outside of the local jurisdiction. Only useful when you are trying to bypass...legal restrictions (in this context). Someone always knows what you are doing however. And by controlling your network, i can direct your traffic to a malicious site that has every unpublished exploit for RCE on your computers.

And if they are really providing "free" service, how are they getting "free" bandwidth?
 
Last edited:

TambourineMan

New Around Here
I am going to go back and read this entire thread more thoroughly in case I missed this, but my individual PC's use a VPN (PIA) so as I understand it everything is encrypted from the time it leaves one of my PCs and goes thru the router to the VPN server. If so, how could AIProtection/TrendMicro capture usernames, passwords, bank account numbers, text of emails, etc.? I am not even sure it can capture URLs but this is a minor concern for me.
 

RMerlin

Asuswrt-Merlin dev
AiProtection does not capture username, passwords, bank accounts numbers and so so. All it uses are visited URLs, for checking against the malicious website database.

And yes, if there is a VPN tunnel starting on your PC, then the Trend Micro engine won't be able to intercept your URLs, therefore also preventing its malicious website check from working.
 

TambourineMan

New Around Here
AiProtection does not capture username, passwords, bank accounts numbers and so so. All it uses are visited URLs, for checking against the malicious website database.

That's what I thought, but I *** think *** I read that it captured the text of emails which seems wrong as I think once the connection is made to most email servers it's an https connection so I don't know how a program on a router could do that. But no one should be sending sensitive info by email anyway but an email account is frequently used/required as a recovery for lost passwords on banking or other sensitive sites.

And yes, if there is a VPN tunnel starting on your PC, then the Trend Micro engine won't be able to intercept your URLs, therefore also preventing its malicious website check from working.
I don't really care about malicious website checking as I would only get there by accident anyway. I don't remember now why but I turned that off in Bitdefender Total Security so it that's all AIProtection does may be i should turn it off on my router. I like the traffic analyzer and the QoS.

What I mostly care about is doing any and all things to prevent ransomware as I would hate to loose family pix, videos and documents. I do backup them up but my fear is that the scumbuckets are clever enough to get to all my backups, although hopefully not to my SFTP linux server. I do not yet have good habit of keeping my external off line drive backups frequently up to date.

I was also reading about DNS privacy concerns but I guess my PIA VPN handles DNS leaking- which I had forgotten but re-discovered when I changed my Win10 setting from obtain DNS automatically to manual and PIA stopped working.
 

Skeptical.me

Very Senior Member
I noticed a number of things upon loading latest 384.6 (RT-AC3200) FirmWare with regard to privacy and more.

Please read, consider, discuss and help drive/demand greater safeguards consumer protections and users privacy. Thank You!

I'm becoming more and more wary of data sharing. Many say to turn off "AiProtection" services like IPS because TrendMicro (TM) now sees what your router sees, i.e. not a stand alone applet in router and not a one-way pull of threat definitions from TM to router but rather a two-way share of who knows what with TM.

The new policy says using any of these allows them to collect data from your router...
*AiProtection
*Traffic Analyzer
*Apps analyzer
*Adaptive QoS. !!!
*Game boost
*Game IPS
*Web history

The Administration/Privacy screen briefly explains the above and offers two links below for users to learn more about what is collected and how it is used:
1. TrendMicro Privacy Policy
2. Privacy and Personal Data Collection Disclosure
Sadly (as of today), the Data Collection Disclosure doesn't disclose how ASUS router app data is collected. fail

Third Party Apps/Adv Features usage from TM in a router is borderline acceptable in this new era of data sharing expectations, however QoS?

So now I'm forced to turn of "Adaptive QoS" and use "Manual QoS" to sustain some privacy/reduce snooping, and in doing so (wouldn't you know it) now HW acceleration is disabled as well.

So this now has me thinking of my original agreement of purchase.
*Was it disclosed/advertised that in order to use the many features that I justified to be worth the nearly $300 (1st yr of release) I paid that I would have to also/eventually share my private data/transmissions?
*Or disable the features/cripple my purchase/investment as the only means to Opt-Out?

Merlin is an awesome enhanced FM version! and I understand the spirit of this project. However if I'm forced to move to another firmware with more controls over modules (i.e. TM = off), can anyone refer me to other options? I can't seem to find any support with the usual suspects, i.e. DD-WRT for RT-AC3200.

For background/greater awareness, look up "Dark Pattern", new term for privacy deception and customer steering to get users to knowingly and unknowingly share data more freely.

An increasingly and concerned human w or w/o rights,

Enzo

You could always use Diversion and Skynet to block these ...

Code:
Trend Micro Addresses to Block

fbsv1.trendmicro.com

fbsv2.trendmicro.com

ntd-asus-2014b-en.fbs20.trendmicro.com

gslb1.fbs.trendmicro.com.akadns.net

rgom10-en.url.trendmicro.com

trendmicro.com.edgesuite.net

slb1.fbs.trendmicro.com.akadns.net

activeupdate.trendmicro.co.jp

backup21.url.trendmicro.com

wrs.trendmicro.com

e5110.dscd.akamaiedge.net

dlcdnets.asus.com

wideip-dlcdnets.isoi.asia

dlcdnets-ds.asus.com.edgekey.net
 

FreshJR

Very Senior Member
You could always use Diversion and Skynet to block these ...

Code:
Trend Micro Addresses to Block

fbsv1.trendmicro.com

fbsv2.trendmicro.com

ntd-asus-2014b-en.fbs20.trendmicro.com

gslb1.fbs.trendmicro.com.akadns.net

rgom10-en.url.trendmicro.com

trendmicro.com.edgesuite.net

slb1.fbs.trendmicro.com.akadns.net

activeupdate.trendmicro.co.jp

backup21.url.trendmicro.com

wrs.trendmicro.com

e5110.dscd.akamaiedge.net

dlcdnets.asus.com

wideip-dlcdnets.isoi.asia

dlcdnets-ds.asus.com.edgekey.net
Or simply stick that in etc/hosts

Will do the same thing.
 

Skeptical.me

Very Senior Member
Or simply stick that in etc/hosts

Will do the same thing.
So, to do that I would have to create a .txt file and place 0.0.0.0 in front of the addresses? (bit of a newb to hosts files, I've loaded plenty but haven't created one).

Edit: I see what you mean add it to the existing etc/hosts file?
 

FreshJR

Very Senior Member
So, to do that I would have to create a .txt file and place 0.0.0.0 in front of the addresses? (bit of a newb to hosts files, I've loaded plenty but haven't created one).
Yes but you wouldn’t be creating a text file.

You would be inserting that into the hosts file itself.

The hosts file is the blocklist.

To test if it works you would ping one of those domains from the router itself. I don’t think it will block the domains on the pcs connected to the router.
 

Skeptical.me

Very Senior Member
Yes but you wouldn’t be creating a text file.

You would be inserting that into the hosts file itself.

The hosts file is the blocklist.

To test if it works you would ping one of those domains from the router itself. I don’t think it will block the domains on the pcs connected to the router.
Done, thank you very much!
 

#TY

Senior Member
Wow, lots of info to process but this is a really good thread. I use ExpressVPN because they swear up and down that they are the Holy grail to privacy and anonymity.

Am I being naive in believing all of that?
They also happen to have a VPN server in the same jurisdiction where I live so I chose that in order to get the fastest speeds in addition to everything else they provide. Is this also wrong?
 

#TY

Senior Member
You could always use Diversion and Skynet to block these ...

Code:
Trend Micro Addresses to Block

fbsv1.trendmicro.com

fbsv2.trendmicro.com

ntd-asus-2014b-en.fbs20.trendmicro.com

gslb1.fbs.trendmicro.com.akadns.net

rgom10-en.url.trendmicro.com

trendmicro.com.edgesuite.net

slb1.fbs.trendmicro.com.akadns.net

activeupdate.trendmicro.co.jp

backup21.url.trendmicro.com

wrs.trendmicro.com

e5110.dscd.akamaiedge.net

dlcdnets.asus.com

wideip-dlcdnets.isoi.asia

dlcdnets-ds.asus.com.edgekey.net
- Is there a quick way to add all these in at once or do they need to be added one by one?
- Do they need to be added to BOTH Skynet and Diversion?
- If these domains are added, will turning on AIProtection offer the benefits without the phoning home? Or will it render it pointless to turn on?
 

skeal

Part of the Furniture
- Is there a quick way to add all these in at once or do they need to be added one by one?
- Do they need to be added to BOTH Skynet and Diversion?
- If these domains are added, will turning on AIProtection offer the benefits without the phoning home? Or will it render it pointless to turn on?
AI Protection and QOS will no longer work.;):)
EDIT: You can choose to opt out on the Privacy page. Then you don't have to do all the Diversion edits.
 

Skeptical.me

Very Senior Member
AI Protection and QOS will no longer work.;):)
EDIT: You can choose to opt out on the Privacy page. Then you don't have to do all the Diversion edits.

I'd have no issue with AiProtection if it didn't log websites and ip address data. If I'm wrong about that please correct me. I vaguely remember reading it somewhere.
 

AndreiV

Very Senior Member
I'd have no issue with AiProtection if it didn't log websites and ip address data. If I'm wrong about that please correct me. I vaguely remember reading it somewhere.

It's simple, you either use the AiCloud system (share the data) , the same as every other antivirus program available or you don't have AiProtection.

Even your browser does the same thing unless you turn off security, the URL's are checked against known bad actor lists.

It is not a question of logging anything, the data is intercepted, the packets are checked in the database and get rejected or allowed to arrive at your router.

This shows how it works (and has always done so since AiProtection was released.)

https://www.asus.com/support/FAQ/1012070
 

Skeptical.me

Very Senior Member
It's simple, you either use the AiCloud system (share the data) , the same as every other antivirus program available or you don't have AiProtection.

Even your browser does the same thing unless you turn off security, the URL's are checked against known bad actor lists.

It is not a question of logging anything, the data is intercepted, the packets are checked in the database and get rejected or allowed to arrive at your router.

This shows how it works (and has always done so since AiProtection was released.)

https://www.asus.com/support/FAQ/1012070
Like I wrote I was not fully aware of what TM actually did. And yes I have Safe Browsing switched off in my browsers.

I don't have AiProtection on.

Thanks for the link.
 

RMerlin

Asuswrt-Merlin dev
Trend Micro published a new Knowledge Base article that targets more specifically their protection suite used in routers like Asus. The URL is now used in newer firmware releases.

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1120473.aspx

Not a lot of details, as the article is generic enough that it refers you to your manufacturer as to how to disable specific features. But it should at least provide more concrete information as to what is being sent to their servers.
 
G

GuruGuy

Guest
Trend Micro published a new Knowledge Base article that targets more specifically their protection suite used in routers like Asus. The URL is now used in newer firmware releases.

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1120473.aspx

Not a lot of details, as the article is generic enough that it refers you to your manufacturer as to how to disable specific features. But it should at least provide more concrete information as to what is being sent to their servers.
  • Solution ID:1120473
  • Last Updated:May. 17, 2019 3:20 AM (PST)

Oddly enough, 4 days after the FXMSP Hack disclosure May 13th.
 
Status
Not open for further replies.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top