ASUS rolled out an update to its firmware (3.0.0.6.102_34791) that now requires users to be over the age of 16 and to send a slew of metrics and data back to ASUS. If you do not agree or do not check the box to verify you are 16y or older, you cannot use the router. At this time, I’m not sure if ASUS has meant to disable the router for anyone under 16 or if it’s a bug.
You can opt out at any time but lose access to a slew of features:
Please note that users are required to agree to share their information before using DDNS, Remote Connection (ASUS Router APP, Lyra APP. AiCloud, AiDisk), AiProtection, Traffic analyzer, Apps analyzer, Adaptive QoS, Game Boost and Web history. At any time, users can search the contents of the terms at this page or stop sharing their information with other parties by choosing Withdraw.
Moreover, ASUS disables automatic firmware updates and worse, all security upgrades unless you opt into the data sharing. Security upgrades perform the following:
Security upgrade incorporates security measures that continuously update its security file and scans to protect against malware, malicious scripts, and emerging threats in order to secure the router and ensure system stability. Some upgrades addressing important security issues or meeting legal/regulatory requirements will still be downloaded and installed automatically, even if “Security Upgrade” is turned off.
Edit: I have personally contacted their CEO’s office, but if others would like to voice their disapproval as well, here is a link: https://www.asus.com/us/support/article/787/
This is sickening.
People should use alternative routers and software such as OpenWRT, DDWRT, and Gl.iNet routers
Yeah. When I bought my ASUS router I was looking into OpenWRT supported routers but they are really hard to come by (at least in NA) and quite dated. Router manufacturers really don’t want to have their telemetry removed.
One of those tiny low power PCs with OpenSense is a good alternative, but a bit more work. The only downside is that you need a separate switch and wifi access point.
THE YEAR OF OPENWRT!
/s not /s
Asus went the bad way. Check out louis rossman vídeos about asus, héroes one of them. https://www.youtube.com/watch?v=NHQqKi9NcTs It is a company to be avoided. It went the non ethical way.
Every other company seems to charge for parental controls. It’s so stupid, I don’t need another fee just because I have a child in my life.
I wanted to degoogle, so I looked for a new router and ended up with an Asus.
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=NHQqKi9NcTs
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
It went the non ethical way.
Sadly, you can swap Asus with pretty much any popular company’s name and it still holds true.
Gamers nexus mentioned two decent brands (arctic and fractal) in their most recent video about Asus.
https://www.youtube.com/watch?v=uYdtpU8FKO8 around the 11:11 mark
But yes, sadly most popular companies seem to be garbage nowadays.
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=uYdtpU8FKO8
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Yes… But some more than others
openwrt is pretty nice
Unfortunately, lots of ASUS routers (especially the “gamer” oriented ones) use Broadcom chipsets. Broadcom support is severely lacking, (because Broadcom has refused to allow open source drivers) so in many cases switching to openwrt will severely cripple the router. Even basic shit like WiFi will stop working, because there isn’t a WiFi driver available.
Fresh tomato does Broadcom.
this is dissapointing. the enshitification of asus in general has been dissapointing…
I guess I’m not updating my routers anymore then. Sucks though. It seemed to be the only Asus product that wasn’t garbage.
That sucks too because you miss out security fixes. I would rather run a secure and up to date firmware that leaks data to ASUS than one with known security exploits. If those were my only options.
I’d rather update it as well. But the routers are behind my ISP router and aren’t externally accessible. The attack surface is smaller in that regard. I’m not happy with the thought of an unpatched router. Maybe I can hold out long enough for merlin to support my routers.
I dont think the latest few updates I did mentioned any security updates. Only bugfixes.
I’ll tackle the problem when it presents itself I guess.
Look into OpenWRT. It is more complex to setup but it is a Swiss army knife.
Sadly, many ASUS routers use Broadcom chipsets, which has major compatibility issues with openwrt. Notably, Broadcom has refused to allow open source drivers, and OpenWRT only uses open source. So installing any kind of OpenWRT on a Broadcom router will effectively cripple it, because even basic functions like WiFi will be unavailable due to the lack of drivers.
I’m sure asuswrt-merlin won’t have this nonsense.
Routers aren’t supported by merlin unfortunately :(
Do you mean modems?
I mean my Asus router models aren’t supported by merlin. Only 1 of them functions as an actual router.
I mean if you’re using their servers for all of that cloud management can you really expect them not to take a look? You can buy a router and install open source firmware that doesn’t scrub your data or keep giving money to giant corporations that put profits over customers.
Asus would do good in hiring a real lawyer. Parents accept, kid uses router, data collected of child, illegal. So easy to rip them a new one.
FYI the open source OpenWRT based Banana Pi R3 AX 4x4 is a thing. Don’t buy closed source Routers/APs on purpose.
You can just buy a off the shelf router and flash OpenWRT many devices are supported. If you want to be sure just look it up before you buy.
If anyone is looking for an alternative firmware, check out Fresh Tomato: https://freshtomato.org/
Top level comment to remind the Open WRT fanboys that this ASUS router uses a Broadcom chipset, which is not supported on OpenWRT. Been seeing it recommended by a lot of replies to comments when it won’t be helpful in this case, since Broadcom chips don’t have open drivers
Yeah I’ve stayed out of those because it’s just felt like a knee jerk without actually even reading anything. “Someone said something critical about a router firmware, quick put OpenWRT on blast!” 😏
However, freshtomato is another router firmware, that isn’t as feature rich or well supported as opwnwrt, but is focused on supporting broadcom chipsets.
https://wiki.freshtomato.org/doku.php/hardware_compatibility
I flashed it to my netgear router with a broadcom chipset, it works wonderfully!
OpenWRT is better for a lot of reasons. It isn’t as user friendly but if you know a little networking you will be fine. The big thing is that automatic updates aren’t a thing so make sure you manually update.
OpenWRT is pretty user friendly, in my experience.
It isn’t half bad but it does use a lot of terminology and can be overwhelming because it has so many options
It isn’t half bad but it does use a lot of terminology
That’s why it’s user friendly. Try configuring one of those “user friendly” consumer grade crap routers. Due to the use non-standard descriptions in a misguided effort to be user friendly no one actually has any clue what settings actually do.
Good point but most people don’t have a good networking background. That’s why some companies ship openWRT with custom skins
Good point but most people do have a good networking background.
I know the target demographic for a privacy community will likely have a good networking background. But “most” is likely an overstatement. I think most people don’t even know what a router does, much less how to configure one.
I made a typo.
So that’s why everyone is getting triggered
But with those ‘user friendly’ UI’s no one knows what they’re doing. The user doesn’t know regardless and now the expert they ask for help has no clue either.
I disagree. It automatically sets up location and a password which is a big step. You keep clicking next until you are done
That works great until it doesn’t, and then you’re fucked.
The last thing I want is my router sharing information with other parties.
I worry about that more than I should. But yeah, that is the central hub that everything goes thru. I actually don’t even want it to ping Asus’s update servers because I can’t be sure what kind of data is being sent.
I moved to Merlin firmware and hoping that doesn’t have any telemetry. Unfortunately OpenWRT doesn’t support wifi 6/6E routers and even the rare ones it does support, aren’t really the greatest.
I want the asus hardware, just not their shitty software.
But yeah, that is the central hub that everything goes thru
Does vpn help with this?
No.
The list of supported WiFi 6-capable routers has a good number of entries.
What kind of bandwidth needs do you even have, that WiFi5 is insufficient for, but WiFi6 is?
Yes it’s my fault for needing wifi 6 🤪
never use stock router firmware
Any other open source alternative you recommend?
openwrt or ddwrt
openwrt
Usually it’s OpenWRT
There is also FreshTomato if your router has Broadcom wifi chipset like mine does.
Broadcom sucks I would avoid it at all costs.
On ASUS routers, the best choices are OpenWRT or Asuswrt-Merlin.
You know, I’d 99% of the time agree with you but has anyone else tried out the little (travel?) routers from GL-iNet?
Their default router interface ain’t half bad at all, and if you do need to use Luci you can simply do that too
I bought a couple of them for a family member and they haven’t poked me once for help with them.
i dont blame you. GL-inet routers have always seemed so cool to me. always wanted to get one.
paired with the blue merle firmware it would be a godlike setup
https://github.com/srlabs/blue-merle
but i think blue merle is not being maintained anymore… is there any other firmware with similar functionality? like imei rotation, mac randomizer, etc? that you know of, even for similar hardware
Fraid not.
I recall worrying about MAC address tracking one time and using Chainfire’s MAC privacy app, but that’s a non factor now since they’re randomised by default on Android on the most recent versions.
imei rotation would be the best feature
Because nobody has ever lied on one of these lol. Still criminally stupid of ASUS though.
This isn’t pornhub buddy. This is a setting on a purchased product. Also, lying has nothing to do with collecting telemetry or forcing customers into it. You may want to realign your priorities.
They don’t care if you’re under 16. They have to ask if they want to collect and sell your data. This is a big red sign that says “WE’RE WATCHING EVERYTHING THAT GOES THROUGH YOUR NETWORK AND SELLING IT TO WHOEVER WILL PAY US!”
Yeah I don’t get why so many focus on “well, just lie and say you’re under 16.” Literally nothing to do with the state of affairs.
The data sharing persists even with merlin. I get a prompt about it as soon as I tried to enable those advanced features. I still get updates though.
That was the case before the update, but they didn’t bar security updates and firmware upgrades or not let you even into the router without consent. I had those disabled but the update makes opting in mandatory.
Merlin
That thread isn’t about Merlin firmware?
Here are some screenshots from my router administration pages. Notice the “Powered by Asuswrt-Merlin”.
In the first image you can see that I have a particular feature disabled.
When I toggle it on I receive a warning that my information will be collected by Trend Micro.
I included another screenshot showing the location where I would withdraw my consent to having my data collected, were I to actually use the advanced features of the router, that I thought I was paying for at the point of sale. Instead I was apparently paying for the privilege of having the option dangled in front of me, behind an agreement for yet another, separate company to collect my family’s data.
Yeah but that’s not new, that has existed for years even in Merlin firmware. People were saying that this affects Merlin but I’m not seeing any indication of it yet.
Yes I know ASUS is shitty and evil, and it sucks that those features are gated behind abandoning your privacy, but I was saying that part isn’t new, and I don’t think this new stuff affects Merlin yet.
We’ll see how it all plays out, though.
Sorry about that. I guess I completely missed your point that you were referring to data sharing only via the new “agreement” getting foisted on people. Fingers crossed it doesn’t get into Merlin.
