Slashdot Mirror
Cisco Pushing 'Cloud Connect' Router Firmware, Allows Web History Tracking
Myrv writes "Reports have started popping up that Cisco is pushing out and automatically (without permission) installing their new Cloud Connect firmware on consumer routers. The new firmware removes the user's ability to login and administer the router locally. You now must configure the router using Cisco's Cloud connect service. If that wasn't bad enough, the fine print for this new service allows Cisco to track your complete internet history. Currently, it appears the only way to disable the Cloud Connect service is to unplug your router from the internet."
1. Unplug router
2. Open garbage can lid
3. Insert router
4. Close garbage can lid
5. Purchase new router
That shit? Fuck it.
Have to disconnect my router.
Their they're doing there hair.
that's all I can say really. This sounds worse than sony's disabling of features in a firmware update. Only this one you can't just not do. (and deal with the consequences of not being up to date)
But I bet this one gets sufficient backlash to require them to backpedal. Significantly altering the behavior of a purchased product by remote control, without opt-out. Arguably illegal?
I work for the Department of Redundancy Department.
http://www.cisco.com/web/siteassets/legal/connect_cloud_supp.html
I especially like how they get to keep your Internet history. Why do you think this is a good idea Cisco?
Your new Cloud Connect contract ...When you use the Service, we may keep track of certain information related to your use of the Service, including but not limited to the status and health of your network and networked products; which apps relating to the Service you are using; which features you are using within the Service infrastructure; network traffic (e.g., megabytes per hour); Internet history; how frequently you encounter errors on the Service system and other related information ("Other Information"). We use this Other Information to help us quickly and efficiently respond to inquiries and requests, and to enhance or administer our overall Service for our customers. We may also use this Other Information for traffic analysis (for example, determining when the most customers are using the Service) and to determine which features within the Service are most or least effective or useful to you. In addition, we may periodically transmit system information to our servers in order to optimize your overall experience with the Service. We may share aggregated and anonymous user experience information with service providers, contractors or other third parties to assist us with improving the Service and user experience, but any shared information will be consistent with Cisco's overall Privacy Statement and will not identify you personally in any way....
Buy your router from this enormous list which covers a huge range of budgets:
http://wiki.openwrt.org/toh/start
Re-Flash it and be done with these folk. This newer firmware is much friendlier than the original OpenWrt you may have tried years back, and if you don't like what it's doing, you get a command prompt and make it do exactly what you want.
Does this mean that Cisco routers, by default, have a backdoor enabled that allows the router to phone home for updates and for Cisco to send them back? None of the routers I've ever used (granted, it's been a while since I've used stock firmware) have ever had any sort of "automatic updates", much less one that's turned on by default.
Although this is pure speculation, but I have reasonable suspicion as a former employee of Cisco, that this really plays well with law enforcement and other three letter government agencies, having the ability to track all Internet activities. That's all I have to offer on this subject. Be careful.
That's a large field. Is this just the home routers (the old linksys stuff?) I can't see them doing this on enterprise or core routers. The solution is to put it in bridge mode if it's an ADSL router and do your own NAT, etc. with a BSD/Linux box of some type. Run Zeroshell if you want a nice GUI.
Really, this is slashdot. Leave the provider installs and help desks to the punters. If you're reading this there is no reason you should be running what the ILEC initially installed.
Cisco is getting weird. On one side (enterprise) you have to pay through the nose for updates, on the other (home) you can't avoid them.
Before we get our panties all in a bunch, let's wait for some packet sniffs to see what is really going on. Just because the lawyers put it in the EULA, doesn't mean the coders wrote it.
-- I have a private email server in my basement.
Wooo, a gigantic web-based backdoor with unknown remote login methods and an interception of all internet history tied directly to my company's cisco account with all our personally identifiable information?! WHERE CAN I GET ONE?! And by one, I mean the phone number for the account cancellation department.
By the way, my company actually runs some awful piece of crap from Cyberoam but now I'm slightly happier about that. Thanks, cisco.
As the summary mentions, if you disconnect from the Internet then you can log in locally. However, it looks like most settings are disabled when logging in this way - you presumably have just enough control to get it to reconnect to the Overlords.
when my linksys dies i won't buy one of your products. i'll probably just buy one of the Apple routers. the cost is about the same as your overpriced crap but they will work better with the icrap i already have at home.
i've tried the cheapo routers and they seem flaky
* The Cloud firmware is ONLY for EA2700, EA3500, E4200v2 (not v1) and EA4500 routers. Older routers (E4200v1 or older) will not see this update. These routers shipped with information explaining that Cloud would be released this summer and update to the Cloud firmware when it was released.
* You can prevent this update by turning off "Automatic Updates" in your router. However if you didn't already do this then YES ... disconnect from the Internet before you do anything else. Then go in and turn off the Automatic Updates. Then you can reconnect. Warning: If you've already been upgraded it currently isn't possible to downgrade to the older firmware.
* If you have updated ... you CAN do -some- local router configuration without having internet access. Just go to http://routers/ LAN IP address]/ while it is disconnected and you will be prompted for the router's local password (usually this will mirror your WiFi password). You will be limited to editing the network settings (LAN, WiFi, etc) and security settings (router password, VPN, firewall, DMZ). Parental controls, Guest Access QoS and USB storage won't be accessible until you are able to log in while the router is online (you'll use your CiscoConnectCloud.com login at this point).
NOTE: If you have an EA2700, EA3500 or EA4500 that shipped with the OLDER firmware (every router out there so far, the new firmware shouldn't appear in new routers for a couple more weeks) and have not set it up yet and WANT the older firmware ... do NOT use the CD setup. Configure it using the traditional web UI while NOT connected to the Internet and turn off Automatic Updates. Again ... this is only for people who do NOT want the Cloud firmware capabilities.
* Just an FYI ... the Cisco Connect Cloud concept allows people to manage and view their home network from anywhere on the internet so long as their router has a connection to the internet. Mobile apps allow your phone to control your home network (manage guest settings, see who is online right now, etc). Additionally it enables a plugin mobile application architecture that our partners can leverage to allow remotely managed network applications. It is an entirely new direction and yes ... it has some kinks ... the biggest ones being forcing this on the user and then limiting their ability to manage their device without it being on the internet. ...
So ... I anticipate a flood of groans about all of this, and I don't disagree with a fair amount of them. Let me make some things clear:
a) Yes, I work for Cisco Linksys.
b) No, I am not speaking directly for Cisco in this post nor am I posting on their behalf (I just wanted to get some quick assistance out there to the people who read this).
c) No, I do not work for the groups (PM, Engineering) that made the decisions to do this update automatically, to not allow you to downgrade, and to not allow you access to your full configuration capability while the router is offline. Which means I can try and funnel your feedback to those groups but I can not force anyone to implement any of it.
d) While I don't like the situations mentioned above in item "c)" ... I -do- like the CiscoConnectCloud.com concept and feel that Cisco will improve it significantly over time.
e) I completely ... 100% ... recognize that the /. audience most likely prefers things like DD-WRT, Tomato, etc (though some will really like the mobile Cloud concept, I do, and I've been around the block a few times at this point). Cisco Linksys is definitely moving more towards the average consumer market instead of the tech adopter market with these products.
f) We do still sell non-Cloud routers, like the E900, E1200 and E2500
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
Cisco had limited what Linksys routers could do as to discourage corporate sales.
There are many better choices than Linksys these days.
The N900 is pretty nice, along with dozens. They're cheap (you can get decent non-cisco routers for $30 on sale)
Just use something else.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
Install DD-WRT. Many Cisco routers are supported.
This only affects a very small number (4) of the Linksys consumer routers and only the ones currently on the shelves. Not big Cisco routers, not Cisco SPVTG routers, not Cisco SMB routers and not even all Linksys routers.
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
If you are not connected to the internet, your router will allow you to connect to it directly and perform manual configuration... but many options are no longer configurable directly. You will still need to connect via "Cloud Connect" to configure the rest of your settings.
"You want to know how to help your kids? Leave them the fuck alone." -George Carlin
So who just plugs in a firewall/router and starts using it out of the box without changing the password and checking over all the settings?
Under the Administration / Management tab, you'll find a radio button clearly marked "Remote Management", and beneath that settings for Remote Upgrade. The day I installed it I discovered remote management was enabled by default, so I immediately set it to disabled. I remember thinking "My god, that's f*ing stupid! Who would ever want to expose router management to the wild side?" Apparently this answers my question.
Anyway, for anyone here who is outraged that their router has been pwnd by Cisco, SHAME ON YOU for not securing your own damn router yourself before hanging it on the intarwebs!
John
get one of these hardware boxes:
http://soekris.com/
and run openwall (or whatever you want) on it.
it keeps the money OUT of cisco's hands in both hardware and software. you can trust your hardware (no motivation to do evil spy things on generic pc style hardware) and you can trust your software. no one will force something on you, this way.
my soekris box has been running non-stop (other than moves) for years, literally, 5 years or more. no blown caps, no blown power suplies, no 'china syndrome' electrolytics that are on ALL cisco, netgear, etc style circuit boards) and software that just plain works.
tomato firmware (and similar) are cool, but they require vendor hardware and at this point, I'd just assume NOT give cisco ANY (!) of my money for any hardware of any kind.
--
"It is now safe to switch off your computer."
The last time I posted how Cisco uses their routers to sell our privacy people responded that they were just complying with laws, which I question deeply because of the EXTENT to which they improve and market their eavesdropping capability, and how they constantly boast having a lead in the market in this area, appearing to go far beyond the law.
Now we have this? Really? Someone care to argue they are just complying with CALEA to avoid being sent to guatanamo bay?
Open Standards Portal
This is typical of the short-term thinking that is all too common among corporations today. They're throwing away their credibility with professional users – you know, the ones who buy the expensive Cisco gear that generates most of their profits – so they can grab a few quick bucks by data-mining the consumer market. How many network administrators are going to hear about this and rule out Cisco for future consideration? Keep in mind that the silent and unprompted nature of the update implies that there already was a back door into the routers, even before this recent change. And I don't think that Cisco can cleanly separate its credibility in the home and enterprise markets, even if this is what they're planning to do.
Let me explain about trust...
Help stamp out iliturcy.
Er, so Cisco is cheap and reasonably reliable while Juniper is obscenely expensive and notoriously unreliable?
This is for consumer grade Linksys junk, not enterprise. Cisco may be dumb, but hopefully not THAT dumb
Home users may not know that Cisco = Linksys, but network administrators do. And I don't think most people are going to be very confident that a company that already screwed over one large portion of its user base in this way wouldn't do the same to the other part if it thought it could get away with it.
I set up networks for home/small business locally and have always recommended Linksys routers, along with Tomato firmware. I also come from a 20+ year background of network support, where I ALWAYS used/recommended Cisco. I was pretty happy when Cisco acquired Linksys, and until NOW, had been reasonably pleased with where Cisco was taking Linksys. THIS Orwellian crap by Cisco terminates ANY recommendation by me for ANYTHING from Cisco. Yeah.. I realize I'm but one, but from what I'm seeing here on Slashdot and elsewhere, this move by Cisco is gonna stop ANYONE with any brains from using/recommending Cisco in the future.. Hope it was worth it, you morons in the Cisco executive suite...
Anybody got a source for used WRT54GL's?? (besides eBay, that is)
THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
I'll never buy another Linksys product. I don't want remote administration from the public internet side of a router.
I already use Sonic.net DSL, one of the last of the independent ISPs - no filtering, no proxying, net-neutral, no quotas. Just bits.
its called a test bed, if their scheme is successful, they push it to other devices. 4 years after all products are on the automatic scheme, they charge for upgrade subscriptions.
I especially like how they get to keep your Internet history.
This also means they are using bandwidth quota with out notifying the end users before doing so.
Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
I remember when there was enough hate toward microsoft that we had protests in front of the MS offices (windows refund EULA events and such).
there have been other protests with people carrying signs (etc) when we feel we've been wronged and need to make our view clear to the corps.
I wonder if people feel bad enough about this to organize a day where we take our ciscos, bring them to some parking lot and destroy them. get the press to cover it and explain WHY we are doing it.
maybe even do it in the parking lots of best buy, frys, microcenter and places that sell cisco gear to consumers.
wouldn't that be grand?! imagine group 'burn-ins' (lol) where we destroy the cisco gear, thus saving unsuspecting end users from having to deal with this crap. and mostly it would be to make a statement and get some press coverage. unless there is public visibility in this, cisco won't be shamed enough.
--
"It is now safe to switch off your computer."
All routers supplied by Verizon for FiOS service has a WAN side log-in port open, and they install firmware upgrades and you can do nothing about it. If you want FiOS you have to let them do whatever they want with the bits coming of the router at their end.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I'm gonna guess that a router uses less electricity.
I would imagine.
Less privacy and control too. So which would you rather have, a slightly lower electric bill, or control of your internet history?
Savings or freedom. Your choice.
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
> I guess this is one company to add to my blacklist...
Cisco has been on mine for over a decade. Linksys wasn't until today, even after Cisco bought them out.
Seriously, name me another software company that refuses security and critical bug fixes without an ongoing service contract? NO fracking way. Had a couple of their products donated by the Gates Foundation, great reliable hardware. Odd, usable but baroque configuration system. But anything you want to connect to or insert into one is priced like they were a defense contractor and the company itself is horrid. So of course 'everyone' uses their stuff. Intelligent life in space? How 'bout we search for Earthly Intelligence first, K?
Democrat delenda est
The 7204VXR is not only safer and faster, but it functions as a space heater as well!
Barely. At 375W it's not enough to heat my spare bedroom, which is tiny (7x10'). I'd suggest you try a couple of 12K's loaded with STM-64 linecards so you can regulate heat output by enabling or disabling cards. Keep in mind that for maximum power output you need a loopback fiber to keep the lasers on at maximum power.