Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

New ASUS router firmware now requires a user to be 16y or older and will restrict features and even security upgrades if you opt out

https://lemmy.ca/pictrs/image/eca98b3d-41b5-497b-bafb-f8b444b8bc0f.jpeg

ASUS rolled out an update to its firmware (3.0.0.6.102_34791) that now requires users to be over the age of 16 and to send a slew of metrics and data back to ASUS. If you do not agree or do not check the box to verify you are 16y or older, you cannot use the router. At this time, I’m not sure if ASUS has meant to disable the router for anyone under 16 or if it’s a bug.

You can opt out at any time but lose access to a slew of features:

Please note that users are required to agree to share their information before using DDNS, Remote Connection
(ASUS Router APP, Lyra APP. AiCloud, AiDisk), AiProtection, Traffic analyzer, Apps analyzer, Adaptive QoS, Game Boost and Web history. At any time, users can search the contents of the terms at this page or stop sharing their information with other parties by choosing Withdraw.

Moreover, ASUS disables automatic firmware updates and worse, all security upgrades unless you opt into the data sharing. Security upgrades perform the following:

Security upgrade incorporates security measures that continuously update its security file and scans to protect against malware, malicious scripts, and emerging threats in order to secure the router and ensure system stability. Some upgrades addressing important security issues or meeting legal/regulatory requirements will still be downloaded and installed automatically, even if "Security Upgrade" is turned off.

Edit: I have personally contacted their CEO's office, but if others would like to voice their disapproval as well, here is a link: https://www.asus.com/us/support/article/787/

Scolding0513 ,

never use stock router firmware

amir_s89 ,

Any other open source alternative you recommend?

0x2d ,

openwrt

matron1049 ,

Usually it's OpenWRT

ayaya ,
@ayaya@lemdro.id avatar

There is also FreshTomato if your router has Broadcom wifi chipset like mine does.

possiblylinux127 ,
@possiblylinux127@lemmy.zip avatar

Broadcom sucks I would avoid it at all costs.

Scolding0513 ,

openwrt or ddwrt

kilgore_trout ,
@kilgore_trout@feddit.it avatar

On ASUS routers, the best choices are OpenWRT or Asuswrt-Merlin.

ladfrombrad ,
@ladfrombrad@lemdro.id avatar

You know, I'd 99% of the time agree with you but has anyone else tried out the little (travel?) routers from GL-iNet?

https://lemdro.id/pictrs/image/4ea49495-52da-436c-b75d-fefeab6b2e04.jpeg

Their default router interface ain't half bad at all, and if you do need to use Luci you can simply do that too

https://lemdro.id/pictrs/image/9be3b24b-2e71-402a-b0db-3d1f23fb6a05.jpeg

I bought a couple of them for a family member and they haven't poked me once for help with them.

Scolding0513 ,

i dont blame you. GL-inet routers have always seemed so cool to me. always wanted to get one.

paired with the blue merle firmware it would be a godlike setup

https://github.com/srlabs/blue-merle

but i think blue merle is not being maintained anymore.. is there any other firmware with similar functionality? like imei rotation, mac randomizer, etc? that you know of, even for similar hardware

ladfrombrad ,
@ladfrombrad@lemdro.id avatar

Fraid not.

I recall worrying about MAC address tracking one time and using Chainfire's MAC privacy app, but that's a non factor now since they're randomised by default on Android on the most recent versions.

Scolding0513 ,

imei rotation would be the best feature

Xanis ,

Give it a minute: Tech Jesus and his Nexus friends are having a great time with ASUS recently. I'm sincerely looking forward to how far they take things.

EveryMuffinIsNowEncrypted ,
@EveryMuffinIsNowEncrypted@lemmy.blahaj.zone avatar

Who is this "Tech Jesus"?

Kazumara ,

Stephen Burke, Editor-in-Chief and founder of Gamers Nexus. They do computer hardware reviews, consumer advocacy and sometimes even investigative journalism. Steve has a majestic mane, earning him that nickname.

See https://gamersnexus.net/ and https://www.youtube.com/@GamersNexus

EveryMuffinIsNowEncrypted ,
@EveryMuffinIsNowEncrypted@lemmy.blahaj.zone avatar

Ah, fair enough.

possiblylinux127 ,
@possiblylinux127@lemmy.zip avatar

1000002474

Hello there

EveryMuffinIsNowEncrypted ,
@EveryMuffinIsNowEncrypted@lemmy.blahaj.zone avatar

Lol.

scottmeme ,

Is Asus just asking to have a shitload of lawsuits?

GolfNovemberUniform ,
@GolfNovemberUniform@lemmy.ml avatar

Yes.

ultratiem OP ,
@ultratiem@lemmy.ca avatar

It doesn’t seem like they give a shit. This is the company that strong armed NexusGaming with their repairs and have scammed a slew of people thru their warranty system.

If you search for “ASUS repair scam” they have a sorted history of this kind of douchery.

PseudorandomNoise ,
@PseudorandomNoise@lemmy.world avatar

Watching the GN video was insane because I had that exact same experience with ASUS 10 years ago. Back when they made the Nexus 7. I had to RMA 3 of those dam things and each time I had to go through that song and dance with the RMA forms. I think when the 4th one failed I just gave up, recycled it, and moved on from this company as a whole.

Looks like nothing's changed, which means this way of treating their customers is endemic at this point. They're a lost cause.

ultratiem OP ,
@ultratiem@lemmy.ca avatar

That's brutal that they get away with that crap. I will never buy anything ASUS branded again. They are on my embargo list now, right under Sony, which I haven't purchased a single thing from them for about 18 years since they screwed me out of repairs on my phone. Only way IMO.

zod000 ,

My experience was similar, but I gave up after my first RMA because I saw everyone else going through the same thing. The N7 started as such a delight and ended up as one of worst product experiences.

Davel23 ,

I think the word you're looking for is "sordid".

ultratiem OP ,
@ultratiem@lemmy.ca avatar

Sometimes I take spellcheck for granite.

voodooattack ,

It’s a slippery slope.

EveryMuffinIsNowEncrypted ,
@EveryMuffinIsNowEncrypted@lemmy.blahaj.zone avatar

Wait, that's not a typo...

ultratiem OP ,
@ultratiem@lemmy.ca avatar

Neither are mine. Grammatical mistakes are not typos.

EveryMuffinIsNowEncrypted ,
@EveryMuffinIsNowEncrypted@lemmy.blahaj.zone avatar

I iz confuzzled now.

halcyoncmdr ,
@halcyoncmdr@lemmy.world avatar

And in return Gamers Nexus is teaching all of their viewers what their consumer rights are, and how to report fraudulent activity to the proper regulatory authorities. This isn't the first time Gamers Nexus has gotten regulatory agencies involved with computer part manufacturers fucking over customers, and the history of those incidents didn't go very well for other companies involved.

On the other hand Gamers Nexus has also gone out of their way to point out companies that have done the right thing when issues came up, to make sure those companies are getting kudos for NOT fucking over consumers. Because sadly that's all we really want.

If the FTC gets enough complaints to warrant the manpower to investigate ASUS warranty fraud, there is no doubt in my mind that they're gonna be fucked based on what we've seen so far.

RobotToaster ,
@RobotToaster@mander.xyz avatar

How many 14 year olds can afford a lawyer?

Gsus4 ,
@Gsus4@mander.xyz avatar

No need, they can just lie :)

ultratiem OP ,
@ultratiem@lemmy.ca avatar

All you need is one lawyer in this case to handle the class action lawsuit that would follow. There is power in numbers.

halcyoncmdr ,
@halcyoncmdr@lemmy.world avatar

A class action lawsuit with a related FTC warranty fraud investigation is a pretty tough thing to fight.

TheFinn ,

The data sharing persists even with merlin. I get a prompt about it as soon as I tried to enable those advanced features. I still get updates though.

ultratiem OP ,
@ultratiem@lemmy.ca avatar

That was the case before the update, but they didn’t bar security updates and firmware upgrades or not let you even into the router without consent. I had those disabled but the update makes opting in mandatory.

TheFinn ,

https://www.snbforums.com/threads/withdraw-privacy-permission-disables-features.90169/

ipkpjersi ,

Merlin

That thread isn't about Merlin firmware?

TheFinn ,

Here are some screenshots from my router administration pages. Notice the "Powered by Asuswrt-Merlin".

In the first image you can see that I have a particular feature disabled.

https://discuss.tchncs.de/pictrs/image/33208ef2-0147-4796-bc13-31fba4a2d711.png

When I toggle it on I receive a warning that my information will be collected by Trend Micro.

https://discuss.tchncs.de/pictrs/image/27072ac6-3c8a-4740-bf87-7dbb415cf7de.png

I included another screenshot showing the location where I would withdraw my consent to having my data collected, were I to actually use the advanced features of the router, that I thought I was paying for at the point of sale. Instead I was apparently paying for the privilege of having the option dangled in front of me, behind an agreement for yet another, separate company to collect my family's data.

https://discuss.tchncs.de/pictrs/image/eea62340-2e82-4e02-b3e2-00f5e21f54d9.png

ipkpjersi ,

Yeah but that's not new, that has existed for years even in Merlin firmware. People were saying that this affects Merlin but I'm not seeing any indication of it yet.

Yes I know ASUS is shitty and evil, and it sucks that those features are gated behind abandoning your privacy, but I was saying that part isn't new, and I don't think this new stuff affects Merlin yet.

We'll see how it all plays out, though.

TheFinn ,

Sorry about that. I guess I completely missed your point that you were referring to data sharing only via the new "agreement" getting foisted on people. Fingers crossed it doesn't get into Merlin.

geoma ,

Asus went the bad way. Check out louis rossman vídeos about asus, héroes one of them. https://www.youtube.com/watch?v=NHQqKi9NcTs
It is a company to be avoided. It went the non ethical way.

FoD ,

Every other company seems to charge for parental controls. It's so stupid, I don't need another fee just because I have a child in my life.

I wanted to degoogle, so I looked for a new router and ended up with an Asus.

VeryImportantUser ,

It went the non ethical way.

Sadly, you can swap Asus with pretty much any popular company's name and it still holds true.

winkerjadams ,

Gamers nexus mentioned two decent brands (arctic and fractal) in their most recent video about Asus.

https://www.youtube.com/watch?v=uYdtpU8FKO8 around the 11:11 mark

But yes, sadly most popular companies seem to be garbage nowadays.

geoma ,

Yes... But some more than others

narc0tic_bird ,
@narc0tic_bird@lemm.ee avatar

Should I need a new motherboard, which vendor would you guys recommend that's not crap (as a company)? Gigabyte? GamersNexus had a few very negative reports on MSI as well.

sgh ,

IMO, ASRock.

Considering that they're probably the only mobo manufacturer that officially supports using consumer AM4 CPUs on a server (see ASRock Rack), and always supported ECC ram on all AM4 motherboards - and that I haven't had anything negative happen with any of their products so far (at work) - I personally would choose ASRock next.

Haven't had the chance to try them for AM5 yet, sadly.

narc0tic_bird ,
@narc0tic_bird@lemm.ee avatar

I had an ASRock X570 Taichi once. It had a great feature set, but unfortunately every few cold boots the BIOS would completely forget all settings and reset everything to default. This may have been related to my memory's XMP profile, but the same memory ran just fine with XMP and the exact same CPU on a much older ASUS X370 Crosshair VI Hero. So I eventually switched to the ASUS ROG Strix B550-E, which was/is a very good board I would say. So naturally, I went with the ASUS ROG Strix B650E-E when I switched to AM5, and while the board is generally stable, the Intel NIC has issues the way ASUS configured it (see my reply to the other commenter).

ultratiem OP ,
@ultratiem@lemmy.ca avatar

Yeah gigabyte is solid. I was quite happy with the Aorus line up. I have never bought MSI because I’ve always felt them to be cheap and dodgy. So not surprised NG was having issues with them.

MightyCuriosity ,

I hate gigabyte with a passion. The 980Ti Gaming G1 has explosion issues (literally) including mine and some other people. They didn't step up. Then there's the PSU debacle. There was an r/fuckgigabyte for a reason. I think just AsRock is left?

narc0tic_bird ,
@narc0tic_bird@lemm.ee avatar

The GIGABYTE B650E AORUS Master looks quite interesting with its 4 PCIe 5.0 x4 NVMe slots. I eventually settled for the ASUS ROG Strix B650E-E though when I got my Ryzen 7000 CPU at the beginning of last year, but if I got to choose again it wouldn't be an ASUS board.

The mainboard I have is mostly fine (great even, in terms of general stability), but ASUS fucked up their version of the firmware or power management of the Intel 2.5 GbE adapter so it can just completely die after a few hours under Linux, and sometimes get the connection speed wrong under Windows. A workaround under Linux is to disable PCIe power management entirely in the Linux kernel parameters (pcie_aspm.policy=performance pcie_port_pm=off), but that's hardly ideal. I don't see myself spending hundreds of dollars on a new mainboard just because of this issue though. ASUS fails to even acknowledge the issue.

Wilzax ,

Top level comment to remind the Open WRT fanboys that this ASUS router uses a Broadcom chipset, which is not supported on OpenWRT. Been seeing it recommended by a lot of replies to comments when it won't be helpful in this case, since Broadcom chips don't have open drivers

ultratiem OP ,
@ultratiem@lemmy.ca avatar

Yeah I’ve stayed out of those because it’s just felt like a knee jerk without actually even reading anything. “Someone said something critical about a router firmware, quick put OpenWRT on blast!” 😏

moonpiedumplings ,

However, freshtomato is another router firmware, that isn't as feature rich or well supported as opwnwrt, but is focused on supporting broadcom chipsets.

https://www.freshtomato.org/

https://wiki.freshtomato.org/doku.php/hardware_compatibility

I flashed it to my netgear router with a broadcom chipset, it works wonderfully!

kilgore_trout ,
@kilgore_trout@feddit.it avatar

If you own a router from ASUS and find OpenWRT too difficult:

install Asuswrt-Merlin

TheFinn ,

The data sharing happens on merlin too

kilgore_trout ,
@kilgore_trout@feddit.it avatar

It builds on devices' source code published by ASUS. The is no data sharing with ASUS.

Merlin's privacy disclosure:

The only outbound connection made with me by this firmware is when the firmware checks for availability of a new version.

TheFinn ,

https://www.snbforums.com/threads/withdraw-privacy-permission-disables-features.90169/

kilgore_trout ,
@kilgore_trout@feddit.it avatar

That thread is about the official firmware as distributed by ASUS.

TheFinn ,

Here are some screenshots from my router administration pages. Notice the "Powered by Asuswrt-Merlin".

In the first image you can see that I have a particular feature disabled.

https://discuss.tchncs.de/pictrs/image/33208ef2-0147-4796-bc13-31fba4a2d711.png

When I toggle it on I receive a warning that my information will be collected by Trend Micro.

https://discuss.tchncs.de/pictrs/image/27072ac6-3c8a-4740-bf87-7dbb415cf7de.png

I included another screenshot showing the location where I would withdraw my consent to having my data collected, were I to actually use the advanced features of the router, that I thought I was paying for at the point of sale. Instead I was apparently paying for the privilege of having the option dangled in front of me, behind an agreement for yet another, separate company to collect my family's data.

https://discuss.tchncs.de/pictrs/image/eea62340-2e82-4e02-b3e2-00f5e21f54d9.png

dukatos ,

All you need is Protectli with OPNsense and cheap TP-Link in AP mode.

ultratiem OP ,
@ultratiem@lemmy.ca avatar

I just write letters to the websites I interact with. I get a good deal on stamps.

delirious_owl ,
@delirious_owl@discuss.online avatar

I don't think that would have enough RAM

umbrella ,
@umbrella@lemmy.ml avatar

openwrt is pretty nice

PM_Your_Nudes_Please ,

Unfortunately, lots of ASUS routers (especially the “gamer” oriented ones) use Broadcom chipsets. Broadcom support is severely lacking, (because Broadcom has refused to allow open source drivers) so in many cases switching to openwrt will severely cripple the router. Even basic shit like WiFi will stop working, because there isn’t a WiFi driver available.

umbrella ,
@umbrella@lemmy.ml avatar

this is dissapointing. the enshitification of asus in general has been dissapointing...

bloodfart ,

Fresh tomato does Broadcom.

possiblylinux127 ,
@possiblylinux127@lemmy.zip avatar

OpenWRT is better for a lot of reasons. It isn't as user friendly but if you know a little networking you will be fine. The big thing is that automatic updates aren't a thing so make sure you manually update.

SaltySalamander ,
@SaltySalamander@fedia.io avatar

OpenWRT is pretty user friendly, in my experience.

possiblylinux127 ,
@possiblylinux127@lemmy.zip avatar

It isn't half bad but it does use a lot of terminology and can be overwhelming because it has so many options

BorgDrone ,

It isn't half bad but it does use a lot of terminology

That’s why it’s user friendly. Try configuring one of those “user friendly” consumer grade crap routers. Due to the use non-standard descriptions in a misguided effort to be user friendly no one actually has any clue what settings actually do.

possiblylinux127 , (edited )
@possiblylinux127@lemmy.zip avatar

Good point but most people don't have a good networking background. That's why some companies ship openWRT with custom skins

BorgDrone ,

But with those ‘user friendly’ UI’s no one knows what they’re doing. The user doesn’t know regardless and now the expert they ask for help has no clue either.

possiblylinux127 ,
@possiblylinux127@lemmy.zip avatar

I disagree. It automatically sets up location and a password which is a big step. You keep clicking next until you are done

BorgDrone ,

That works great until it doesn’t, and then you’re fucked.

PM_Your_Nudes_Please ,

Good point but most people do have a good networking background.

Relevant xkcd

https://lemmy.world/pictrs/image/0508d1ac-1ad6-4f0c-af91-7be75ccdf576.png

I know the target demographic for a privacy community will likely have a good networking background. But “most” is likely an overstatement. I think most people don’t even know what a router does, much less how to configure one.

possiblylinux127 ,
@possiblylinux127@lemmy.zip avatar

I made a typo.

So that's why everyone is getting triggered

fluckx ,

I guess I'm not updating my routers anymore then.
Sucks though. It seemed to be the only Asus product that wasn't garbage.

ultratiem OP ,
@ultratiem@lemmy.ca avatar

That sucks too because you miss out security fixes. I would rather run a secure and up to date firmware that leaks data to ASUS than one with known security exploits. If those were my only options.

fluckx ,

I'd rather update it as well. But the routers are behind my ISP router and aren't externally accessible. The attack surface is smaller in that regard. I'm not happy with the thought of an unpatched router. Maybe I can hold out long enough for merlin to support my routers.

I dont think the latest few updates I did mentioned any security updates. Only bugfixes.

I'll tackle the problem when it presents itself I guess.

Lemmchen ,

I'm sure asuswrt-merlin won't have this nonsense.

fluckx ,

Routers aren't supported by merlin unfortunately :(

Lemmchen ,

Do you mean modems?

fluckx ,

I mean my Asus router models aren't supported by merlin. Only 1 of them functions as an actual router.

possiblylinux127 ,
@possiblylinux127@lemmy.zip avatar

Look into OpenWRT. It is more complex to setup but it is a Swiss army knife.

PM_Your_Nudes_Please ,

Sadly, many ASUS routers use Broadcom chipsets, which has major compatibility issues with openwrt. Notably, Broadcom has refused to allow open source drivers, and OpenWRT only uses open source. So installing any kind of OpenWRT on a Broadcom router will effectively cripple it, because even basic functions like WiFi will be unavailable due to the lack of drivers.

Breve ,

If anyone is looking for an alternative firmware, check out Fresh Tomato: https://freshtomato.org/

DevCat ,
@DevCat@lemmy.world avatar

If I bought one of their routers and this came up, I would simply be returning it and giving the person at the counter a printout as to why. Sorry, but this router is not "suitable for purpose". Look up that phrase and "merchantability".

makingStuffForFun ,
@makingStuffForFun@lemmy.ml avatar

Agree. Straight back for refund. In Australia we can legally choose the manufacturer, or the retailer. I'd go straight to Asus, to give them the message directly.

Fubarberry ,
@Fubarberry@sopuli.xyz avatar

Trying to refund through Asus will result in them dragging their feet, being as unhelpful as possible, or claiming you damaged the product.

Taleya ,

Which will result in federal agencies going straight up their arse.

Many countries outside the US have actual consumer protections

Fubarberry ,
@Fubarberry@sopuli.xyz avatar

I would hope so, but Asus has been doing things like this for at least 10+ years which makes me doubtful that anything will change soon.

makingStuffForFun ,
@makingStuffForFun@lemmy.ml avatar

I've been down that road with Samsung. One mention of our consumer laws, with a link to the contact form where I can report them, and refund issued immediately. Australia has good laws. People just need to flex em.

ultratiem OP ,
@ultratiem@lemmy.ca avatar

I would rather not have less options in this world and force companies not to be dicks. I guess to each their own. My router is also 2y old so no returns available.

DevCat ,
@DevCat@lemmy.world avatar

For the downvoters, in the US:

https://www.findlaw.com/consumer/consumer-transactions/what-is-the-warranty-of-merchantability.html

The implied warranty of merchantability guarantees that a product sold to you will work for its intended purposes. In other words, it means you can expect a toaster to toast your bread. If it doesn't, you have legal protection against losing money on a product that doesn't work.

If you bought the router expecting it to work as advertised, you may make a claim if it doesn't. They would have to spell out ahead of time what the limitations and requirements are in order to avoid trouble.

ultratiem OP ,
@ultratiem@lemmy.ca avatar

You have no claim. The update does not disable the router and even if you opt out, the router itself still functions, except with a few additional features missing. Telemetry and data collection does not void a warranty. There is no claim here.

WolfLink ,

Protecting your network from internet-bound threats is one of the most important jobs of a router, and that involves receiving security updates. Once your router no longer receives security updates, you should stop using it.

DevCat ,
@DevCat@lemmy.world avatar

That would be for the legal system to decide. If you purchased it for a specific advertised feature, and that feature was disabled unless unspoken terms were agreed to, you would have a case.

PM_Your_Nudes_Please ,

That depends on how the product is marketed. If the product has any of those disabled features on the box and doesn’t outright say you need to send them telemetry data to use it, then you could argue that you bought it for that feature and can’t use it.

For instance, maybe I want to use the VPN feature, so I bought a router that supports that. And now I’m locked out of that feature unless I agree to a miles long privacy policy and sharing my telemetry data.

Plus, the lack of security updates is, at best, extremely concerning. The firewall’s primary function is to act as a first line of defense against attacks coming in via WAN. They have locked those security updates behind the telemetry sharing, and therefore it can’t even be used as a proper firewall.

eveninghere ,

THE YEAR OF OPENWRT!

/s not /s

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacy@lemmy.ml
  • random
  • incremental_games
  • meta
  • All magazines
    •