Question about AiProtection with OpenVPN

[onepush]

Does anyone know if:

1) You have vulnerability protection enabled - if this sends your data to one of Trend Micro's cloud services for analysis?

2) If so.. (and let's say if you had Web Protection enabled) ... does the network traffic get routed to Trend Micro's servers before it goes to your VPN, or after?

I'm not a huge fan of DPI, but Vulnerability Protection for the router itself seems nice. I'm just not sure where my traffic actually ends up.

 

[L&LD]

1) It has to, otherwise it can't 'protect'.

 

[onepush]

So, do you know if the traffic is sent to the Trend Micro servers before its sent to the VPN or after?

 

[L&LD]

So, do you know if the traffic is sent to the Trend Micro servers before its sent to the VPN or after?

My guess? I would say concurrently. And more technically correct, 'before'.

 

[onepush]

Hmm, so... that's disconcerting. I specifically use a VPN in order not to have my traffic monitored. A bit uncomfortable with my router doing deep packet inspection on my traffic like that. I wish there was some EULA on that page alerting you that Trend would be monitoring your traffic like so.

 

[L&LD]

Hmm, so... that's disconcerting. I specifically use a VPN in order not to have my traffic monitored. A bit uncomfortable with my router doing deep packet inspection on my traffic like that. I wish there was some EULA on that page alerting you that Trend would be monitoring your traffic like so.

How else would they be able to do what they claim to do?

 

[onepush]

The devil is in the details. To me, it's not an issue with them not being able to do what they claim to do. It's an issue with them not informing the end-user properly. For instance, under "Vulnerability Protection", it reads:

> Resolves common exploits within the router configuration. Protects the system and applications from exploits and vulnerabilities with Trend Micro Virtual Patch.

Virtual patch sounds like some sort of downloaded patch customized for the hardware. It doesn't seem to infer "Deep packet inspection on all traffic inbound/outbound". There's no EULA for this setting, no prompt or dialog warning telling users that their traffic will be monitored, analyzed, retained and forwarded to 3rd parties.

And, before you call me some paranoid quack, I'm not the only one a bit uncomfortable with the deeply integrated (and apparently difficult to opt-out of) security monitoring features:

https://www.reddit.com/r/HomeNetworking/comments/41v4rn/latest_merlin_build_38057_for_asus_routers/

https://www.reddit.com/r/privacy/comments/41i18x/asus_routers_ship_with_builtin_non_optout_trend/

http://www.techworld.com/security/asus-rt-ac68u-router-its-fast-but-it-also-secure-3620280/3/

 

[L&LD]

The devil is in the details. To me, it's not an issue with them not being able to do what they claim to do. It's an issue with them not informing the end-user properly. For instance, under "Vulnerability Protection", it reads:

> Resolves common exploits within the router configuration. Protects the system and applications from exploits and vulnerabilities with Trend Micro Virtual Patch.

Virtual patch sounds like some sort of downloaded patch customized for the hardware. It doesn't seem to infer "Deep packet inspection on all traffic inbound/outbound". There's no EULA for this setting, no prompt or dialog warning telling users that their traffic will be monitored, analyzed, retained and forwarded to 3rd parties.

And, before you call me some paranoid quack, I'm not the only one a bit uncomfortable with the deeply integrated (and apparently difficult to opt-out of) security monitoring features:

https://www.reddit.com/r/HomeNetworking/comments/41v4rn/latest_merlin_build_38057_for_asus_routers/

https://www.reddit.com/r/privacy/comments/41i18x/asus_routers_ship_with_builtin_non_optout_trend/

http://www.techworld.com/security/asus-rt-ac68u-router-its-fast-but-it-also-secure-3620280/3/

The issue of not informing end users is called buyer beware around here.

What is difficult to opt out of? Just don't enable it in the first place.

 

[onepush]

The issue of not informing end users is called buyer beware around here.

Is that the official motto?

Whether you find fault with this is neither here nor there. Some of us value privacy over functionality, and not giving the end-user a detailed description of where their personal data is going is an issue.

There should be a link somewhere on the AiProtection page allowing the user to read the EULA. There should be a better description under the options informing users that their traffic is going to first be forwarded to 3rd party servers.

I give props to whoever coined the term "Virtual Patch" to describe deep packet inspection on the entire networks traffic. Some great PR lingo right there.

 

[RMerlin]

The only traffic sent to their servers AFAIK are visited URLs if you enable malicious website protection - same WRS service that they use in their business class products.

Traffic classification and VP is done by a local signature file.

And there IS an EULA that you get asked to accept when you enable the first TM-related feature.

 

[onepush]

Hi Merlin,

Thanks for your input! I suppose I took this line out of context then:

• Vulnerability Prevention:
ASUS router will check each incoming packet to make sure no suspicious command included. If any invasive command or program detected, the router will block the connection between external visitor and the router.

When reading this: http://www.asus.com/us/support/FAQ/1008719/

As long as its a local signature file, I'm okay with that. I was under the impression that network traffic was being forwarded out to their servers.

Thanks for the clarification.