Is Asus privacy notice relevant to Asuswrt-Merlin?

[ttbf_n]

ASUS PRIVACY NOTICE

Please note that your information will be collected by ASUS router for firmware/security upgrades purposes. If you would like to disable sharing your information with ASUS router, please click[Withdraw]below.

Is this information collection relevant to Asuswrt-Merlin? Can Asus even update custom firmware?

Is it important to "Withdraw" and does it have any effect at all? Thanks.

 

[Ripshod]

ASUS PRIVACY NOTICE

Please note that your information will be collected by ASUS router for firmware/security upgrades purposes. If you would like to disable sharing your information with ASUS router, please click[Withdraw]below.

Is this information collection relevant to Asuswrt-Merlin? Can Asus even update custom firmware?

Is it important to "Withdraw" and does it have any effect at all? Thanks.

It's asus and RMerlin can't remove it. I could post a pageful of links, but I'm not that anal. See the search results:

Search results for query: Asus privacy notice

www.snbforums.com

 

[ttbf_n]

My point was that this issue IMO could be better handled. And it is an issue, because Asus collection appears to be quite invasive (unless it is already limited, which would be nice to know without digging the forum).

What is a reason for forcing data collection for DDNS, even if it is a custom DDNS with custom script? Can it be fixed? It should be only Asus DDNS that is disabled?

I would also hope that it is possible to clarify all the privacy issues (what Asus can collect and/or update) elsewhere than in a hundred posts in the firmware? At least one pinned post that explains everything?

Thanks.

 

[Ripshod]

My point was that this issue IMO could be better handled. And it is an issue, because Asus collection appears to be quite invasive (unless it is already limited, which would be nice to know without digging the forum).

What is a reason for forcing data collection for DDNS, even if it is a custom DDNS with custom script? Can it be fixed? It should be only Asus DDNS that is disabled?

I would also hope that it is possible to clarify all the privacy issues (what Asus can collect and/or update) elsewhere than in a hundred posts in the firmware? At least one pinned post that explains everything?

Thanks.

It's right here. You can withdraw from those by simply withdrawing your consent in Administration>Privacy at any time after the initial setup.
Most governments stipulate that manufacturers provide security updates even when we disable automatic updates, to prevent (an attempt at least) the building of botnets and such.
It's new, it's forced by government agencies, but no one is preventing us from withdrawing our consent. Even when we do withdraw things like asd still run and update. It's big brother taking care of us.

 

[bennor]

Can Asus even update custom firmware?

Generally, no. Apparently that portion of the code is disabled by RMerlin at compile time (or something like that).

Its important to understand there are two separate issues here, the firmware and the security (ASD/TrendMicro) stuff. As has been repeated ad nauseum in many other threads, nothing really has changed. This is the same data collection that has been going on for ages with Asus routers. What's changed is certain governments now mandate these notices upfront rather than Asus having the information deep in their EULA that no one bothers to read.

On stock Asus firmware, even when disabling the auto firmware update option, Asus indicated in the up front notice that they may still update the firmware.

PS: Here is what RMerlin indicated elsewhere when someone asked about auto firmware updating:

Asuswrt-Merlin does not connect to Asus' firmware update server. And the code that actually downloads and apply a stock firmware is disabled at compile time, and replaced by my own code which connects to my server to check for any available update (by downloading a small text file containing models and their versions), with no auto-upgrade functionality.

The update connections coming from Asus will be for the ASD malware detection signatures, and the Trend Micro signatures (if you accept Trend Micro's separate EULA).

 

[ttbf_n]

Most governments stipulate that manufacturers provide security updates even when we disable automatic updates, to prevent (an attempt at least) the building of botnets and such.

Ok, but from what is posted, this functionality to forcefully update is somewhat removed in Asuswrt-Merlin, but data collection remains. It also does not make any sense that information required to provide security updates would not be collected from minors to protect their privacy (!!?).
Anyway, missing DDNS functionality is somewhat "forcing" me to "agree" and I suspect it is specially crafted to force agreement. Not good, especially for a custom firmware?

 

[ttbf_n]

On stock Asus firmware, even when disabling the auto firmware update option, Asus indicated in the up front notice that they may still update the firmware.

This note remains in Asuswrt-Merlin.
I do not object data collection where it is necessary (ASD/TrendMicro), but it is clearly not necessary for custom DDNS, and hope it can be fixed somehow.

 

[Davidncali001]

You only agree to Trend Micro’s terms if you enable AiProtection, QoS, or similar features that inspect traffic.

 

[Ripshod]

You only agree to Trend Micro’s terms if you enable AiProtection, QoS, or similar features that inspect traffic.

3.0.0.6 or Merlin's 3006 firmware force you to accept two items in the initial setup stage (QIS). This is before the router is even set up.

 

[ttbf_n]

• Is it technically possible to deny Asus data collection in custom firmware if only custom DDNS is used and no Asus services?

• "Privacy notice" says: To protect your privacy, please proceed with the age check. If you are a child under the age of 16, to protect your privacy, generally we will not collect the above data in paragraph 1 through this Software/ Interface except when providing you with upgrades addressing important security issues or meeting legal/regulatory requirements as mentioned above in paragraph 3(1).
  I was not able to find this "age check", but would that be a valid way to deny data collection?

• There are other notes that appear either nonsense, or very worrying, like:
  ...DDNS (Dynamic Domain Name System for connecting ASUS Product(s) with changing or fixed IP address), remote access service that allows this Software and some third party services (Alexa/Google Assistant/IFTTT) to remotely connect to your ASUS Product(s),
  Which can be interpreted as using DDNS by itself allows (Alexa/Google Assistant/IFTTT) to connect to my router. If it does not mean that, it needs to be sorted.

 

[RMerlin]

I do not object data collection where it is necessary (ASD/TrendMicro), but it is clearly not necessary for custom DDNS, and hope it can be fixed somehow.

Asus's DDNS requires information such as your router's MAC and a private PIN. This is because their DDNS does not rely on a username and password to handle authentification, it does so through this information. A DDNS also requires your IP address (for obvious reasons).

That's the kind of "personal information" that are needed. Lawyers being involved, you end up with that kind of EULA. If you don't like that, then don't use Asus' own DDNS simply.

 

[ttbf_n]

Asus's DDNS requires information such as your router's MAC and a private PIN. This is because their DDNS does not rely on a username and password to handle authentification, it does so through this information. A DDNS also requires your IP address (for obvious reasons).

That's the kind of "personal information" that are needed. Lawyers being involved, you end up with that kind of EULA. If you don't like that, then don't use Asus' own DDNS simply.

Thanks, but my custom DDNS which does not require anything from Asus, also gets disabled if I withdraw data collection! That is my issue.

 

[Ripshod]

Thanks, but my custom DDNS which does not require anything from Asus, also gets disabled if I withdraw data collection! That is my issue.

Just re enable it. When i withdrew from all agreements it disabled my noip ddns. But I switchef ddns on again without agreeing to anything.

 

[ttbf_n]

Just re enable it. When i withdrew from all agreements it disabled my noip ddns. But I switchef ddns on again without agreeing to anything.

Thanks, indeed it worked! Not sure why I did not imagine to try it myself...