[R7800] RAE, cloudfront ??? Netgear snitch?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

HELLO_wORLD

Senior Member
I noticed that I have something named Rae that was downloaded and installed. It seems to be related to Netgear, but what is it?
I have readycloud, mediaserver, upnp, transmission, traffic meter, etc... disabled
In tmp:
Code:
[email protected]:/tmp$ ls -la rae*
-rw-r--r--    1 root     root           32 Apr 15 03:13 rae_md5
-rw-r--r--    1 root     root           19 Apr 15 03:13 rae_name
-rw-r--r--    1 root     root          461 Apr 15 05:01 rae_ping_result
-rw-r--r--    1 root     root            0 Apr 15 05:01 rae_ping_result_error
-rw-r--r--    1 root     root            8 Apr 15 03:13 rae_version
[email protected]:/tmp$ cat rae*
D048E665AB23E5BA15FEB07D3C0242DDRAE_R7800_V1.0.0.12PING d3jdtixm7cvu7y.cloudfront.net (13.224.227.2): 56 data bytes
64 bytes from 13.224.227.2: icmp_seq=0 ttl=237 time=29.5 ms
64 bytes from 13.224.227.2: icmp_seq=1 ttl=237 time=30.0 ms
64 bytes from 13.224.227.2: icmp_seq=2 ttl=237 time=29.7 ms
64 bytes from 13.224.227.2: icmp_seq=3 ttl=237 time=30.1 ms

--- d3jdtixm7cvu7y.cloudfront.net ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 29.5/29.8/30.1 ms
1.0.0.12
In /usr:
Code:
[email protected]:/usr$ ls -la rae*
-rw-r--r--    1 root     root       633598 Apr 15 03:14 rae.tar.gz
And after untaring on a folder in usb:
Code:
[email protected]:/tmp/mnt/sda1/RAE$ ls
RAE_Policy.json  policy_version   rae_version      usr
[email protected]:/tmp/mnt/sda1/RAE$ cat *
{
        "raePolicyVersion":             "V0.1",
        "stage": "prod",
        "reportMethod": "IoT",
        "dailyUpdateMethod": "1",
        "updaterInternal":   "1440",
        "routerInfo":           "1440",
        "routerConfig":         "1440",
        "readyShare":           "1440",
        "mediaDevice":          "1440",
        "connectedDevice":      "1440",
        "wifiAnalytics":        "360",
        "trafficMeter":     "1440",
        "eventLogPolicy": [
                {
                        "cpuThresholdHigh":             "90",
                        "cpuThresholdDuration": "60"
                },
                {              
                        "memoryUtilizationsHigh":               "90",
                        "memoryUtilizationsDuration":   "60"
                }
        ]
}
V0.11.0.0.12cat: read error: Is a directory
[email protected]:/tmp/mnt/sda1/RAE$ cd usr/sbin/
[email protected]:/tmp/mnt/sda1/RAE/usr/sbin$ ls
aws-iot                   data_collector            subscribe_publish_sample
Is that a snitch?
 

HELLO_wORLD

Senior Member
Thank you.
I think you are right.

Now, I don’t like that some data are sent without my consent.
And this was updated by itself.

top shows a ra process as well as a aws-iot (Amazon analytics). I killed both processes... I would like to find how they are launched to prevent them to be loaded. This is disturbing that there is no mention or control over that on web GUI.

I would like to find a way to safely uninstall that totally.

I think the "RA" in "RAE" stands for "router analytics". Search for "rae" on the OpenWRT page for the R7800, and you will see references to it in the OEM Bootlog section. That URL is:

https://openwrt.org/toh/netgear/r7800

What it actually does is another question!
 
Last edited:

R. Gerrits

Senior Member
perhaps it is controlled by this toggle:
Router Analytics Data Collection
Enable collection of router analytics data that will help NETGEAR improve our services and products.

on the GUI -> Advanced -> Firmware Update page
 

HELLO_wORLD

Senior Member
In advanced / Adminstration / Firmware Update?
I don’t have that. I only have this (and it is disabled):
Router Auto Firmware Update
Enable router to automatically update to future firmware. This keeps your router up to date with the latest features and security fixes.
Select one of the following options:
I Agree
I Disagree
perhaps it is controlled by this toggle:
Router Analytics Data Collection
Enable collection of router analytics data that will help NETGEAR improve our services and products.

on the GUI -> Advanced -> Firmware Update page
 

R. Gerrits

Senior Member
I'm running latest Voxel firmware. You?
I checked the webpage scripts -> that toggle on my end controls the nvram variable "agree_collect_TC"
(0=disabled)

But I don't know if there's any script or process on the router actually looks at that variable.
Perhaps on stock firmware there is?
 

kamoj

Very Senior Member
OK, found it...
You have the nvram variable: new_sold_board=1
So apparently Netgear forces new routers to "phone home"!
You can change it:
Code:
nvram unset new_sold_board
 
Last edited:

HELLO_wORLD

Senior Member
OK, found it...
You have the nvram variable: new_sold_board=1
So apparently Netgear forces new routers to phone home!
You can try to change it:
Code:
nvram unset new_sold_board
Thank you!

Holy ***!
It worked and I now have the setting. That means that in some routers with this setting enabled by default, users don’t even have the choice to accept or refuse data collection and being sent and used by NG via Amazon Analytics!
I really don’t like that, and I am not even sure it is legal in Europe with GDPR law...
 
Last edited:

HELLO_wORLD

Senior Member
Ok, I found more about it
There is a init.d script named aws related with RAE and aws-iot
I used the command disable that is killing all related processes, but they are respawned quickly.
I even made a backup of /usr/sbin/aws-iot and replaced it by a script doing nothing, but overnight, it was replaced by the original aws-iot!
So something is not only launching aws-iot but also making sure the binary executable is not altered.
However, RAE stays off since I was able to change that setting, and web GUI stays visible.

Apparently, from the source code of /etc/init.d/aws it is a part of openwrt?
What is the purpose of that AWS in our router? It is collecting data (cpu, memory), but why? Is it calling home somewhere? Can we get rid of it?
 

HELLO_wORLD

Senior Member
new_sold_board is unset, and it allows GUI to show RA option (and it works, so that’s great)
Commented the new_sold_board in boot. Thank you!

However, aws is never turned off. Is it running for you? ( ps | grep aws )

Suggestion: Change "new_sold_board=1" to "new_sold_board=0" in the boot script.
PS
I'll remove the possibility to hide the GUI to disable it, and add a function to completely disable it in coming add-on.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top