ASUS rolled out an update to its firmware (3.0.0.6.102_34791) that now requires users to be over the age of 16 and to send a slew of metrics and data back to ASUS. If you do not agree or do not check the box to verify you are 16y or older, you cannot use the router. At this time, I’m not sure if ASUS has meant to disable the router for anyone under 16 or if it’s a bug.
You can opt out at any time but lose access to a slew of features:
Please note that users are required to agree to share their information before using DDNS, Remote Connection (ASUS Router APP, Lyra APP. AiCloud, AiDisk), AiProtection, Traffic analyzer, Apps analyzer, Adaptive QoS, Game Boost and Web history. At any time, users can search the contents of the terms at this page or stop sharing their information with other parties by choosing Withdraw.
Moreover, ASUS disables automatic firmware updates and worse, all security upgrades unless you opt into the data sharing. Security upgrades perform the following:
Security upgrade incorporates security measures that continuously update its security file and scans to protect against malware, malicious scripts, and emerging threats in order to secure the router and ensure system stability. Some upgrades addressing important security issues or meeting legal/regulatory requirements will still be downloaded and installed automatically, even if “Security Upgrade” is turned off.
Edit: I have personally contacted their CEO’s office, but if others would like to voice their disapproval as well, here is a link: https://www.asus.com/us/support/article/787/
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
Top level comment to remind the Open WRT fanboys that this ASUS router uses a Broadcom chipset, which is not supported on OpenWRT. Been seeing it recommended by a lot of replies to comments when it won’t be helpful in this case, since Broadcom chips don’t have open drivers
However, freshtomato is another router firmware, that isn’t as feature rich or well supported as opwnwrt, but is focused on supporting broadcom chipsets.
https://www.freshtomato.org/
https://wiki.freshtomato.org/doku.php/hardware_compatibility
I flashed it to my netgear router with a broadcom chipset, it works wonderfully!
Yeah I’ve stayed out of those because it’s just felt like a knee jerk without actually even reading anything. “Someone said something critical about a router firmware, quick put OpenWRT on blast!” 😏
Should I need a new motherboard, which vendor would you guys recommend that’s not crap (as a company)? Gigabyte? GamersNexus had a few very negative reports on MSI as well.
Yeah gigabyte is solid. I was quite happy with the Aorus line up. I have never bought MSI because I’ve always felt them to be cheap and dodgy. So not surprised NG was having issues with them.
The GIGABYTE B650E AORUS Master looks quite interesting with its 4 PCIe 5.0 x4 NVMe slots. I eventually settled for the ASUS ROG Strix B650E-E though when I got my Ryzen 7000 CPU at the beginning of last year, but if I got to choose again it wouldn’t be an ASUS board.
The mainboard I have is mostly fine (great even, in terms of general stability), but ASUS fucked up their version of the firmware or power management of the Intel 2.5 GbE adapter so it can just completely die after a few hours under Linux, and sometimes get the connection speed wrong under Windows. A workaround under Linux is to disable PCIe power management entirely in the Linux kernel parameters (
pcie_aspm.policy=performance pcie_port_pm=off
), but that’s hardly ideal. I don’t see myself spending hundreds of dollars on a new mainboard just because of this issue though. ASUS fails to even acknowledge the issue.I hate gigabyte with a passion. The 980Ti Gaming G1 has explosion issues (literally) including mine and some other people. They didn’t step up. Then there’s the PSU debacle. There was an r/fuckgigabyte for a reason. I think just AsRock is left?
IMO, ASRock.
Considering that they’re probably the only mobo manufacturer that officially supports using consumer AM4 CPUs on a server (see ASRock Rack), and always supported ECC ram on all AM4 motherboards - and that I haven’t had anything negative happen with any of their products so far (at work) - I personally would choose ASRock next.
Haven’t had the chance to try them for AM5 yet, sadly.
I had an ASRock X570 Taichi once. It had a great feature set, but unfortunately every few cold boots the BIOS would completely forget all settings and reset everything to default. This may have been related to my memory’s XMP profile, but the same memory ran just fine with XMP and the exact same CPU on a much older ASUS X370 Crosshair VI Hero. So I eventually switched to the ASUS ROG Strix B550-E, which was/is a very good board I would say. So naturally, I went with the ASUS ROG Strix B650E-E when I switched to AM5, and while the board is generally stable, the Intel NIC has issues the way ASUS configured it (see my reply to the other commenter).
If anyone is looking for an alternative firmware, check out Fresh Tomato: https://freshtomato.org/
The data sharing persists even with merlin. I get a prompt about it as soon as I tried to enable those advanced features. I still get updates though.
That was the case before the update, but they didn’t bar security updates and firmware upgrades or not let you even into the router without consent. I had those disabled but the update makes opting in mandatory.
https://www.snbforums.com/threads/withdraw-privacy-permission-disables-features.90169/
That thread isn’t about Merlin firmware?
Here are some screenshots from my router administration pages. Notice the “Powered by Asuswrt-Merlin”.
In the first image you can see that I have a particular feature disabled.
When I toggle it on I receive a warning that my information will be collected by Trend Micro.
I included another screenshot showing the location where I would withdraw my consent to having my data collected, were I to actually use the advanced features of the router, that I thought I was paying for at the point of sale. Instead I was apparently paying for the privilege of having the option dangled in front of me, behind an agreement for yet another, separate company to collect my family’s data.
Yeah but that’s not new, that has existed for years even in Merlin firmware. People were saying that this affects Merlin but I’m not seeing any indication of it yet.
Yes I know ASUS is shitty and evil, and it sucks that those features are gated behind abandoning your privacy, but I was saying that part isn’t new, and I don’t think this new stuff affects Merlin yet.
We’ll see how it all plays out, though.
Sorry about that. I guess I completely missed your point that you were referring to data sharing only via the new “agreement” getting foisted on people. Fingers crossed it doesn’t get into Merlin.
THE YEAR OF OPENWRT!
/s not /s
openwrt is pretty nice
Unfortunately, lots of ASUS routers (especially the “gamer” oriented ones) use Broadcom chipsets. Broadcom support is severely lacking, (because Broadcom has refused to allow open source drivers) so in many cases switching to openwrt will severely cripple the router. Even basic shit like WiFi will stop working, because there isn’t a WiFi driver available.
Fresh tomato does Broadcom.
this is dissapointing. the enshitification of asus in general has been dissapointing…
All you need is Protectli with OPNsense and cheap TP-Link in AP mode.
I don’t think that would have enough RAM
I just write letters to the websites I interact with. I get a good deal on stamps.
Asus would do good in hiring a real lawyer. Parents accept, kid uses router, data collected of child, illegal. So easy to rip them a new one.
If you own a router from ASUS and find OpenWRT too difficult:
install Asuswrt-Merlin
The data sharing happens on merlin too
It builds on devices’ source code published by ASUS. The is no data sharing with ASUS.
Merlin’s privacy disclosure:
https://www.snbforums.com/threads/withdraw-privacy-permission-disables-features.90169/
That thread is about the official firmware as distributed by ASUS.
Here are some screenshots from my router administration pages. Notice the “Powered by Asuswrt-Merlin”.
In the first image you can see that I have a particular feature disabled.
When I toggle it on I receive a warning that my information will be collected by Trend Micro.
I included another screenshot showing the location where I would withdraw my consent to having my data collected, were I to actually use the advanced features of the router, that I thought I was paying for at the point of sale. Instead I was apparently paying for the privilege of having the option dangled in front of me, behind an agreement for yet another, separate company to collect my family’s data.
OpenWRT is better for a lot of reasons. It isn’t as user friendly but if you know a little networking you will be fine. The big thing is that automatic updates aren’t a thing so make sure you manually update.
OpenWRT is pretty user friendly, in my experience.
It isn’t half bad but it does use a lot of terminology and can be overwhelming because it has so many options
That’s why it’s user friendly. Try configuring one of those “user friendly” consumer grade crap routers. Due to the use non-standard descriptions in a misguided effort to be user friendly no one actually has any clue what settings actually do.
Good point but most people don’t have a good networking background. That’s why some companies ship openWRT with custom skins
Relevant xkcd
I know the target demographic for a privacy community will likely have a good networking background. But “most” is likely an overstatement. I think most people don’t even know what a router does, much less how to configure one.
I made a typo.
So that’s why everyone is getting triggered
But with those ‘user friendly’ UI’s no one knows what they’re doing. The user doesn’t know regardless and now the expert they ask for help has no clue either.
I disagree. It automatically sets up location and a password which is a big step. You keep clicking next until you are done
That works great until it doesn’t, and then you’re fucked.
Next DEFCON is in two months, can’t wait to see them get absolutely pwned.
I’m seeing a few comments suggesting OpenWRT, which is what I use and love: the correct response to this level of capitalist tomfoolery should absolutely be to 1. buy hardware that supports FOSS out of the box, or 2. install FOSS firmware.
BUT: OpenWRT isn’t for everyone. Installation on supported devices is usually pretty easy, but it does require being invested in setup, maintenance, and understanding of the software. There is little built-in handholding, and most setup beyond basic functions requires reading the docs and wiki; sometimes, some functionality requires running commands directly on the device rather than the LuCI web-interface.
This kind of understanding and investment should be the end-goal of all privacy-oriented tech users. Technology is complicated, and each layer of handholding that devs add also necessarily obfuscates behind-the-scenes functionality, which runs counter to privacy and security. That being said, the barrier for entry to privacy-respecting tech shouldn’t be “a masters in CompSci,” and thus any alternative to major tech brands is still a step up from just accepting what they give you. Just be aware that your current firmware may be a stepping stone towards software freedom, instead of a stopping point.
Asus went the bad way. Check out louis rossman vídeos about asus, héroes one of them. https://www.youtube.com/watch?v=NHQqKi9NcTs It is a company to be avoided. It went the non ethical way.
Sadly, you can swap Asus with pretty much any popular company’s name and it still holds true.
Yes… But some more than others
Gamers nexus mentioned two decent brands (arctic and fractal) in their most recent video about Asus.
https://www.youtube.com/watch?v=uYdtpU8FKO8 around the 11:11 mark
But yes, sadly most popular companies seem to be garbage nowadays.
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=uYdtpU8FKO8
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Every other company seems to charge for parental controls. It’s so stupid, I don’t need another fee just because I have a child in my life.
I wanted to degoogle, so I looked for a new router and ended up with an Asus.
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=NHQqKi9NcTs
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Good thing openWRT works on those
FYI the open source OpenWRT based Banana Pi R3 AX 4x4 is a thing. Don’t buy closed source Routers/APs on purpose.
You can just buy a off the shelf router and flash OpenWRT many devices are supported. If you want to be sure just look it up before you buy.