If you have a modern Cisco or LinkSys router on your home network, you may have just given up a significant amount in the last “update” the company distributed. ESR has the details:
For those of you who have missed the news, last a few days Cisco pushed a firmware update to several of its most popular routers that bricked the device unless you signed up for Cisco’s “cloud” service. To sign up, you had to agree to the following restrictions:
When you use the Service, we may keep track of certain information related to your use of the Service, including but not limited to the status and health of your network and networked products; which apps relating to the Service you are using; which features you are using within the Service infrastructure; network traffic (e.g., megabytes per hour); internet history; how frequently you encounter errors on the Service system and other related information (“Other Information”).
So in order to continue using the hardware you bought and paid for and own, you have to agree to let Cisco snoop your browser history and monitor your traffic — a clickstream they would of course instantly turn around and sell to advertising agencies and other snoops. Those terms are so loose (“including but not limited to”) that they could legally read your email and sell that data too.
Disgusted enough yet? Wait, it gets better. The cloud terms of service also includes this gem:
You agree not to use or permit the use of the Service: (i) to invade another’s privacy; (ii) for obscene, pornographic, or offensive purposes; (iii) to infringe another’s rights, including but not limited to any intellectual property rights; (iv) to upload, email or otherwise transmit or make available any unsolicited or unauthorized advertising, promotional materials, spam, junk mail or any other form of solicitation; (v) to transmit or otherwise make available any code or virus, or perform any activity, that could harm or interfere with any device, software, network or service (including this Service); or (vi) to violate, or encourage any conduct that would violate any applicable law or regulation or give rise to civil or criminal liability.
Translated out of lawyerese, this gives Cisco the right to brick your router if you use it to view anything Cisco considers pornography, or do anything that it might consider IP theft — like, say, bit-torrenting a movie. Or even if you send anything it considers unsolicited advertising — which doesn’t have to mean bulk spam, see “any other form of solicitation”?
The sum of these paragraphs is: “We control your digital life. We can spy on you, we can filter your traffic, we can cut off your net access unilaterally if you do anything we don’t like, and you have no recourse.”
The idea of replacing your router with one that can load and run an open source rather than proprietary system just became a lot more enticing (such things do already exist, although not for all routers).
And if the router makers wise up and close off all their devices so you can’t slap on an open-source distro one _still_ has alternatives.
I favor a cheap, low-end PC with two NICs in the back as a router. Pop in a boot cd of router linux and you’re good to go.
Might be a little pricier, might be more expensive to run, but it’s mine.
Although I favor the masses in a contest like this – a horde of self-interested hackers will always beat company engineers. And there should be motivation to make a hacker-friendly product.
Comment by Brian Dunbar — July 5, 2012 @ 18:35
Hmm. Your “cheap PC as a router” would also need a dumb hub inside the home network to allow multiple connections, right? No wireless, but there are certainly lots of cheap wired hubs that could be used in that case. Sub-optimal for many, but better than letting Cisco/LinkSys be your jailer.
Comment by Nicholas — July 5, 2012 @ 20:34
would also need a dumb hub inside the home network to allow multiple connections, right?
It did ten years ago, the last time I used one that way. Wires running every which-way.
I’m wondering, now, if there isn’t something one could do with Linux and a wireless card to create your own WAP.
Comment by Brian Dunbar — July 6, 2012 @ 18:11
As Brian says, there’s precious few consumer-grade routers (even Cisco ones) that can’t have their firmware nuked and replaced by open source code (i.e. DD-WRT).
As a bonus, your router/WAP will last longer, too, because it won’t have the antenna power turned up to “fry yourself in 12-18 months” like the stock Cisco firmware always does. My current router (Cisco hardware with DD-WRT) is well into its 4th year of service and still going strong.
Comment by Chris Taylor — July 6, 2012 @ 23:00