What's new

History of the web

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Portalnet

Regular Contributor
Hello, what's the capacity of the History tab? of how many maximum days can there be entries?
Are these history entries saved to RAM or somewhere on non-volatile memory?
 
Trend Micro's web history data is saved in jffs, which means it persists across reboots.

Traffic Monitor's data is saved to RAM by default, but the Asuswrt-Merlin firmware allows you to change it to another location.
 
So Web History is a Trend Micro application, not Asus? And at the same time it has a closed code, it cannot be modified or improved?
 
So Web History is a Trend Micro application, not Asus? And at the same time it has a closed code, it cannot be modified or improved?
Bingo! You can see which ones are from Trend Micro on this page http://192.168.50.1/Advanced_Privacy.asp.

It's unclear to me how long they will log, since I don't rely on these closed source components to log my data, I personally use dnsmasq to log dns log requests.

But for Trend Micro's traffic analytics, I've heard they only hold 30MB of data.


But you can make a link to point the directory in JFFS that holds the data to a USB driver, or somewhere else, this requires a custom script, which is hard to do with Asuswrt, you need to use Asuswrt-Merlin.
 
Last edited:
It uses TrendMicro engine for unknown reason and is perhaps closed source.
Maybe because it's domain records are not DNS based, I tested it before and in my browser with DNS over HTTPS enabled, Trend Micro was still able to accurately identify the domains I was visiting, I guess they did via SNI.
 
I don't know. It somehow works in FreshTomato without TrendMicro and with DNS interception + DoT.
 
Trend Micro's web history data is saved in jffs, which means it persists across reboots.

Traffic Monitor's data is saved to RAM by default, but the Asuswrt-Merlin firmware allows you to change it to another location.
Do you know if this data is transferred to TrendMicro at all. Even when on VPN, they can see your web history
 
Do you know if this data is transferred to TrendMicro at all. Even when on VPN, they can see your web history
I haven't looked into it, but a year ago I looked into Trend Micro's Malicious Sites Blocking feature, which sends a request to Trend Micro servers every time you visit a URL.

The requests are encrypted with SSL, which I cannot decrypt, but there are quite a few requests per day.

When I tried to block the request URL and IP address sent to Trend Micro, Malicious Sites Blocking completely failed, it no longer blocked any sites, including known malicious sites.

In addition, Malicious Sites Blocking feature checks all websites that the router VPN client passes through.

Encrypted DNS at the client level doesn't help, they must be using SNI to determine the URL to visit.

What annoys me is that if there are signatures downloaded locally, i.e. a list of malicious websites, why do I have to contact Trend Micro's servers every time I visit a website? There's no reason to do this, it's entirely possible to run the function locally.
 
What annoys me is that if there are signatures downloaded locally, i.e. a list of malicious websites, why do I have to contact Trend Micro's servers every time I visit a website?

No one can tell for sure what it does, but the local engine with signatures file perhaps does exactly what it says - it looks for specific signatures in your files and browsing history. When a match is found, the URL goes to TrendMicro for further analysis. As per EULA, they can collect files as well, not only URLs. Data collection daemon obviously collects data. Your data is used for their paid services development and improvement. Security is the product they sell.

There's no reason to do this, it's entirely possible to run the function locally.

There is no reason for TrendMicro to provide this service to you for free. They obviously want something from you.
 
When a match is found, the URL goes to TrendMicro for further analysis.
In fact, every time a website is visited, relevant data is sent to Trend Micro, not just known malicious websites, I mean all.

But malicious content blocking doesn't work every time, while I was testing, I remember when a malicious site was first discovered, it would allow traffic through once (perhaps to get the full packet), and then only on the second visit will be blocked, but it will still contact Trend Micro's servers every time.

This domain and IP address are the Trend Micro server that I recorded. I added it to the filter list of the firewall.
Code:
rgom10-asus-en.url.trendmicro.com 104.94.237.177

There is no reason for TrendMicro to provide this service to you for free. They obviously want something from you.
Or money from Asus.
I don't like guessing because it's pointless. Only Trend Micro can explain what they did, and their EULA doesn't provide a direct answer, instead fueling speculation.

Of course, it might be possible to add a self-signed root certificate to decrypt the SSL traffic and figure out what data is being sent to Trend Micro, but I don't want to do that and it's easier for me to turn it off.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top