AI Protection and other privacy policies

[Mogsy]

Today I decided to withdraw all privacy notice and have Ai Protection disabled. I've never seen any hit from that, not once. I have Skynet+Diversion installed. Anyone else using Ai Protection that getting logs? Not sure if it is wise to disable it, but I think Skynet + Diversion will do fine.

 

[EmeraldDeer]

I use FlexQoS. FlexQoS uses the AiProtection engine for categorization of network traffic.

I would not expect AiProtection to catch much because it should be caught beforehand, by the browser, for instance.

While I think it is good to take steps to protect one's privacy, disabling AiProtection is not one of them. I would compare it to sending all of your network traffic through a VPN - silly, and a misunderstanding stemming from the motives of the folks who tend to give privacy advice.

 

[RMerlin]

Malicious Website Protection does block stuff from time to time here, so it`s working.

 

[Mogsy]

Malicious Website Protection does block stuff from time to time here, so it`s working.

When I had it on I run tests with Trend Micro Web Reputation features (Test the Web Reputation feature - Trend Micro). It worked, at least I saw blocking/warning page. But there was no entry in the WebUI log/counter.

 

[Mogsy]

Malicious Website Protection does block stuff from time to time here, so it`s working.

Ok it works
I guess with many add ons + browser plugins, everything is filtered before reaching Ai Protection.

 

[Tech9]

In my experience - mostly useless full of false positives. Safe Browsing used with modern browsers is much better. This is not true IPS system and it can't be on this hardware and Gigabit speeds. Does nothing with HTTPS and on-device VPN, as expected. Browsers catch bad sites before AiProtection. It turns Asus router users into information source, used by TrendMicro to improve their paid services.

 

[Treadler]

In my experience - mostly useless full of false positives. Safe Browsing used with modern browsers is much better. This is not true IPS system and it can't be on this hardware and Gigabit speeds. Does nothing with HTTPS and on-device VPN, as expected. Browsers catch bad sites before AiProtection. It turns Asus router users into information source, used by TrendMicro to improve their paid services.

This is an interesting & revealing Aiprotect test…..

 

[Tech9]

I have to disable Safe Browsing in browser to trigger AiProtection block screen. The browser sees both HTTPS and VPN traffic.

 

[Treadler]

I have to disable Safe Browsing in browser to trigger AiProtection block screen. The browser sees both HTTPS and VPN traffic.

So, are you of the view that Aiprotect can examine https traffic, or not?
The utube I linked to indicates http only, IMHO, not much use if that’s the case……

 

[Tech9]

AiProtection does nothing, if the traffic is encrypted. In business firewalls you have to run SSL proxy to decrypt HTTPS traffic and then run it through Suricata/Snort common IDS/IPS. Otherwise IDS/IPS also does nothing with encrypted traffic. And the above approach has some issues and limitations. Good thing when you run Suricata/Snort is it runs locally without sharing data to 3rd party company. AiProtection is service for data. Not sure if Asus pays TrendMicro or TrendMicro pays Asus to harvest data from router users. Free for the life of the product? Sure!

 

[RMerlin]

AiProtection does nothing, if the traffic is encrypted. In business firewalls you have to run SSL proxy to decrypt HTTPS traffic and then run it through

AIProtection does block websites even over https. Try it yourself using one of the Trend Micro test URLs:

DCX

The vast majority of websites don`t support ESNI, therefore the HTTP URL is not encrypted.

It also does block attacks. Just yesterday someone in another thread posted about how AiProtection was blocking an SSH brute force attack against his network (and AiProtection actually logged the attempts). I've also had it block brute force attacks against an RDP I had temporarily open for someone who needed remote access to a VM on my network.

So no, AiProtectionm isn`t just placebo aimed at gathering user data. It does offer a valuable layer of protection.

 

[Tech9]

AIProtection does block websites even over https.

URL based, not traffic inspection. Filtered DNS do the same thing.

It does offer a valuable layer of protection.

It does offer something, but nothing close to Asus' advertisements. It does take something as well, but no word about it until activated. I did read carefully both TrendMicro Privacy Policy and Privacy and Personal Data Collection Disclosure and what exactly TrendMicro collects is not clear at all. AiProtection is not even mentioned as TrendMicro product. The crashing dcd in Asuswrt is closed source, not clear what it collects. Not clear for me why TrendMicro is involved in Web History as well. It doesn't need TrendMicro. Makes me think TrendMicro needs user's Web History.

 

[RMerlin]

and what exactly TrendMicro collects is not clear at all.

When is it ever. Lawyer speak isn`t intended to inform end users, it`s intended solely to protect the asses of the company Otherwise, they would be written in plain English that does not require a law degree to understand.

 

[Tech9]

it`s intended solely to protect the asses of the company

Exactly. It basically says the user agrees to a very long list of collected data, whatever applies for different TrendMicro products.

 

[Tech9]

I want to add AiProtection is not harmful to users, but also not as useful as Asus makes users believe. About data collection - everyone does it. There is no privacy online. We have to agree to it, otherwise we can't use common services part of our life. Google, Apple, Microsoft perhaps know more about me than my wife. They also know my exact location better than my wife and more often updated. A cabin in the woods is one possible solution and it reminds me of the fun we had in this thread:

VPNMON - POLL: Who is your preferred VPN provider?

A local dropbear will find you. While reading a book by candlelight, and having cut the hardline with a big set of wirecutters... lol

www.snbforums.com

 

[Treadler]

I have to disable Safe Browsing in browser to trigger AiProtection block screen. The browser sees both HTTPS and VPN traffic.

So, are you of the view that Aiprotect can examine https traffic, or not?
The utube I linked to indicates http only, IMHO, not much use it that’s the case……

AIProtection does block websites even over https. Try it yourself using one of the Trend Micro test URLs:

DCX

The vast majority of websites don`t support ESNI, therefore the HTTP URL is not encrypted.

It also does block attacks. Just yesterday someone in another thread posted about how AiProtection was blocking an SSH brute force attack against his network (and AiProtection actually logged the attempts). I've also had it block brute force attacks against an RDP I had temporarily open for someone who needed remote access to a VM on my network.

So no, AiProtectionm isn`t just placebo aimed at gathering user data. It does offer a valuable layer of protection.

So, the built in router firewall would/would not help against a SSH brute force attack?

 

[RMerlin]

So, the built in router firewall would/would not help against a SSH brute force attack?

No. If you open/forward an ssh port, then the firewall will let any client connect to it. Only the responding server, or an IPS like AiProtection can help protect against that.

 

[Treadler]

No. If you open/forward an ssh port, then the firewall will let any client connect to it. Only the responding server, or an IPS like AiProtection can help protect against that.

Thanks for that.

 

[RMerlin]

So, are you of the view that Aiprotect can examine https traffic, or not?
The utube I linked to indicates http only, IMHO, not much use it that’s the case……

HTTPS only encrypt the transferred data. The hostname is not encrypted, unless both the client and server support ESNI.

 

[Treadler]

HTTPS only encrypt the transferred data. The hostname is not encrypted, unless both the client and server support ESNI.

A widespread adoption of ESNI would hobble Aiprotect & maybe scripts like Diversion?