If you have been following my router reviewsโand you likely have, considering you're reading thisโyou'll note that I have increasingly mentioned the "online privacy risks" notion.
The case of eero must have been the crescendo on this front. As I mentioned in those posts, I was so concerned about the privacy risks that I often felt hesitant to plug these devices into my home network for real-world testing.
Over the years, I've received many messages on the subject. Many expressed concerns and asked for advice. Others, for some reason, got defensive and personal, calling me names at worst or accusing me of "being biased" at best. It's pretty extreme.
Let me break it to you: I was indeed biased in my decision not to test certain devices. Privacy is all about being biasedโwe only let that special someone in, so to speak. Online privacy, though, has little to do with personal preferences. It's more about awareness.
In this post, I'll explain my view on online privacy and the risks of losing it (when using a Wi-Fi router) in simple terms. Whether you agree with me or not, it can be a fun read on a slow news day.
Dong's note: I first published this post on July 9, 2022, and updated it on January 24, 2024, with the latest relevant information and a FAQ section.
(Real-life) privacy: It’s a matter of degree
To understand online privacy, let's get on the same page on what privacy means in real life. By that, I don't mean what the dictionary says.
This subject is complicated, and I'm no shrink. So, keep in mind that everything below is written with a deliberate oversimplification to demonstrate the general idea of online privacy. It might or might not apply to everyone at all or at the same level.
Privacy: The norm
In my crude opinion, real-life privacy, applicable to this post's topic, is a matter of exposing ourselves to a degree that doesn't irk or offend any involved parties.
It's about being appropriate, which includes the desire to be left alone and the ability to leave others alone.
As such, privacy is nuanced. Let's be a little more specific.
Behind closed doors, anything goes; you do what you want. Alone, you can walk around shirtless, in your underwear, going commando, or even naked. If you're in a relationship, it's probably OK to skinny-dip in a private pool when your partner is aroundโyou'd hope so anyway. The more intimate the setting, the less privacy applies to the involved parties.
Out of the door, you generally expect to be anonymous to folks you see on the streets, just like they are to you. Generally, you might acknowledge their existence with a smile, a "Hello, how are you?" or a nod and expect the same in return.
Sometimes you might even try to strike up a friendly conversation, introduce yourself, and learn a bit about a stranger. The whole thing may turn into a new friendship or nothing. But everyone goes on their merry way.
To ensure that you don't reveal too much about yourself or bother others, you don't wear your credit card, ID, social security number, or even your name on the back of your shirt, which also means you keep your clothes on.
Sometimes, you need to reveal yourself a bit more, such as when you walk into a store and buy something. Now, you identify yourself via your credit or ID card but only to the party who handles the transaction.
All the while, you know, via visual, that there's nobody following you, watching what you're doing, or how you spend your money. The vendors know what you buy, but only within their particular shop.
In other words, though you've been exposed to the outside world, your privacy is intact because you're comfortable with the exposure.
Privacy breach: It’s the unexpected
Once in a while, stuff happens.
Like when you're having a me-time in your room and the police barge in because they have a "no-knock" warrant and make a mistake on the address.
Or that time when you walked out of the grocery store only to find your car broken in.
Or when you're busy writing on a deadline in your home office, and your wife walks in asking you to hold your infant baby for an hour because she has "something important" to do.
The last example is a bit of a stretch, but in those cases, you feel bothered or even violated, and rightfully so. It's the level of (unexpected) exposure you're uncomfortable facing.
And it can also happen the other way around. A couple of years ago, I stumbled into a section of the Naturist Beach in Brighton (UK). It made me feel uneasy, and took me a long time to unsee what I saw.
Wondering or confused about what "naturist" means? My case at the time, exactly!
Again, privacy is a matter of being exposed appropriately. As long as the involved parties are comfortable, it's OKโit's not a privacy issue.
It’s in the awareness
But to be comfortable or uncomfortable, we first must be aware of what's going on through our senses. And that's generally a given in real life, where things are, well, real.
In any case, when we're not aware, privacy, or the lack thereof, is almost always a security matterโit's now a risk. Would you walk around your home naked if you know someoneโnot anyone in particularโis peeping? I wouldn't.
And that brings us to online privacy.
Privacy risks occur when you're unaware of your exposure.
Online privacy: Ignorance is (not) bliss
In the cyber world, the notion of general privacy above applies, but the element of awareness doesn't.
That's because everything on your screen is literally fake. And there's always more stuff than what is shown.
We rarely know the complete picture of what's happening behind the scenesโa lot of it is technical and boring, anyway. Let's take a specific example regarding your personal information via the simple act of visiting a website.
Privacy risks: There’s always hidden stuff
You're reading this page and probably find it interesting.
But of course! Thank you! And it gets better!
You might not be aware that you've given away your IP address when you visit any website or access any online service. It's true.
That's if you know the idea of an IP address, which you might not have until now.
From the IP, I, the website owner, can find out where you come from, how long you've been on the site, how often you've visited it, etc.
Not long or often enough, mind you!
And that's fine. So far, that's similar to when you've entered a store. You're still anonymous.
Now, if you have an account with DKT, such as a subscriber, I'd also know your name and email addressโyou're no longer anonymous. But that's still OK. That's like you've decided to buy something at the store using a credit card. You trust me enough.
But here's where things start to get scary:
Your home Wi-Fi router "knows" all that, too. In fact, it can monitor everything you do online, including the websites you've visited and your other activities, such as shopping, streaming, chatting, texting, and so on.
So, if you (accidentally) send a naked picture of yourself to another party, that picture goes through your router. When you have a live chat with your partner, the entire section goes through the router.
In short, everything you do online goes through a router, likely the one you have at home. The router is the gateway to the Internet, so to speak.
Before you get all freaked out: Not everything that goes through the router can be viewed or read by a third partyโat least not easilyโsince data can be encrypted. But the router always has the metadata of all information passing through it.
Many routers allow you to manage what it keeps tabs on and for how long, but you must be the ownerโor the controller, to be more preciseโto be able to do that.
If you use a router that doesn't allow direct access to how it works or limited access, you don't know what it really does with your information. And if you use a router made by a company that forces you to log in via an account with its server before you can manage your network, your privacy is generally at the mercy of that company.
In this case, it's like you actively report your every move to a third party. And this is the scariest part: That happens completely without your direct knowledge. There's no visual, warning, or ID checking, not a fist bump or a wink. It's total unawareness.
The gist is that your home router plays a huge part in your online privacy (and security.) Not all routers are created equal, but if a router is compromised or controlled by a third partyโby design or accidentโyou and your entire family are at risk of being monitored, scammed, or manipulated. Privacy is among those risks.
If your home router is compromisedโby design or otherwiseโyour entire family are at risk of being monitored, scammed, or manipulated. Privacy is among those risks.
It's worth noting that the behind-the-scene items I described above are just examples of things that happen when you visit a website. At any given time, there are more parties out there standing by to spy on you, especially when you use a VPN service or a special DNS server.
Online privacy: It’s also a matter of degree
I've received many messages from folks saying that data collection is common and happens with all vendors. "There's no privacy, anyway," they alluded to.
While that might be true, it's always in the degree.
Most networking vendors offer options where users can use their products completely without getting connected to the vendorโoften, that's the default. It's only when you choose to turn on and use certain features, like online protection or QoS, that you would have to log in with an account or risk sharing data with a remote party.
Generally, all online protection or any traffic-related features require data sharing. It's like in real life, you can't have protection without somebody (like a bodyguard) watching over you.
Most importantly, popular networking vendors like Asus, Netgear, TP-Link, Ubiquiti, etc., are independent and relatively small companies. Consequently, their data collection and the collected data are somewhat limited in scope and pervasiveness. Sometimes, that's purely for technical purposes. Still, data collection is never a good thing.
On the other hand, Amazon (which owns eero) and Google (the owner of the Google Nest Wifi brand) have lots of data on their users in different aspectsโAmazon is not a networking company. So, for example, if you're an Amazon Prime user and use an eero router, your exposure (to Amazon) is much higher than if you have a router from another networking vendor.
Come to think about it, the only reason Amazon bought eero in early 2019 might have been because it wanted the user data the then-boutique networking company had designed its routers to collect. It wanted to hook deeper into the home, so to speak.
Tips on Online Privacy
Fragmenting your exposure by using different services or products for different needs to keep online privacy and security risks low.
The more deeply you get into an "ecosystem"โthose of Amazon, Apple, Google, or Facebookโthe more likely your privacy is compromised, no matter how you feel or believe.
If you want to stay somewhat anonymous, use different (email) accounts for different (sets of) devices or services.
Convenience is generally the antithesis of online privacy.
Here's the most important thing: If you want to keep something completely private, don't put it on the Internet!
Again, privacy is a matter of degree. Make sure you read each company's privacy policy before opening up your network activities. The more vague or general the policy is, the less you should trust the company on this front.
Click the link to read the privacy policy of Asus, eero, Netgear, Synology, TP-Link, TRENDnet, and Ubiquiti.
It's worth noting that these policies are designed primarily to protect the company legally. They are not necessarily an accurate indication of what the company will or will not do with your data. And a company itself can be hacked; that has happened.
We've been talking degrees, but this is absolutely true: Whoever controls your router can monitor everything you do online. It's only a matter of what they choose to do with that power and to what degree.
Online privacy: Frequently asked questions
Update: Since I first published this post, I've gotten many questions about online privacy and security. Below are a few of them and my answers.
Does my Internet service provider (ISP) spy on me?
Technically, an Internet Service Provider can spy on its users, but whether or not it does depends on when that makes sense financially. There are two scenarios.
When you use just the terminal device (ONT or modem)
The first one is when you use a terminal deviceโan Internet receiver such as a cable modem or a Fiber-optic ONTโand a standard router of your choice. In this case, the ISP has no practical reason to spy on you. It's a matter of profit.
Since a terminal device is a catch-all device, it lets information in and out at the subscribed rate without specificity.
Consequently, generally, the ISP only knows the owner of the account who pays for the service, the MAC address of the router, and the Internet traffic that flows through the accountโspecifically, through the WAN IP address registered to the terminal device.
The ISP does not know which person or device uses which part of the trafficโthat specificity is shielded by the router. An Internet connection is almost always shared between multiple parties. Without knowing which party does what, the information an ISP can collect from the account is of little value.
If the ISP wants to find out more, it'll have to put in more resources and target a particular subscriber's account. But that doesn't make sense financially.
ISPs, like all companies, are in the business to make money, not to satisfy random curiosity.
When you use an ISP-provided gateway
The second scenario is when you use an ISP-provided gateway, which is a combination terminal device (modem, Fiber ONT, etc.) and a Wi-Fi router in a single box.
If you don't know what a gateway is, as opposed to a standard Wi-Fi router, check out this post on networking basics.
Now, it's a different ball game. In this case, the ISP would find it much easier to collect in-depth information from the account.
That's because, as mentioned above, everything you do will go through the router part of the gateway. Most importantly, all devices connected to the gateway will register with their unique MAC addressesโeach's online traffic will be separated and categorized accordingly.
That's not to mention many gatewaysโsuch as Comcast's xFi lineup, which is often advertised as delivering a "layer of advanced security"โallow you to "control" or "manage" your network via a login account and mobile app. The app has different profiles for each or a group of connected clients. Now, the ISP can know exactly who does what among that bulk of traffic that passes through the WAN IP address without having to move a hairโagain, you're the one who actively reports your and your loved ones' every move.
Using a gateway provided by your ISP doesn't necessarily mean your ISP spies on you. But to repeat the point above, whoever controls your router can easily monitor your online activities. By the way, you can get a retail gateway, such as the ARRIS SURFboard G54, to avoid this.
Big ISPs generally want you to use their gateways, which are often accompanied by a mobile app associated with a login account. I'd say there are some ulterior motives.
Extra: I use a Cable modem and my own router but still get the DMCA notification from Comcast when I download a movie. What gives?
First and foremost, stop downloading pirated content! Secondly, that's none of my business.
A DMCA, short for Digital Millennium Copy Right Act, notice is what an ISP might send to a subscriber when it detects illegal downloads of copyrighted content via the subscriber's WAN IP.
The notice states what was detected and when and asks the user to find the content within their network and delete it. That's it.
If you get such notices, that doesn't mean the ISP spies on you. It's quite simple. Imagine your WAN IP is a freeway. We have this crude analogy:
When you stand on an overpass, you can easily see the traffic underneath. You can tell cars from trucks, bikes from cars, and more. You can even point out vehicles violating traffic laws, such as driving on the shoulder or in the wrong lane. But you have no idea how to identify that automobile (against others of the same make, model, and paint color) or the driver.
That's the level of "spying" the ISP does when sending out that notice.
Read the DMCA notice carefully, and you'll note that the ISP doesn't accuse the account owner of doing anything wrongโit can't prove that.
Just because an Internet connection has been used for illegal purposes doesn't mean the owner is responsible. And it's generally impossible to prove (beyond a reasonable doubt) who did it. Again, an Internet connection can be shared between many people, sometimes without the owner's knowledge or approval. That happens quite often.
However, if the subscriber uses the ISP's gateway, their situation might be a bit more precarious. Using the same freeway analogy, your observation of the traffic in this case is similar to that of someone working for a tollbooth with cameras, license plate readers, etc., instead of someone standing on the overpass. You can pinpoint exactly which vehicle that violates the traffic laws. Still, even so, proving that someone has done something illegal online still requires a lot of work.
In any case, it's never a good idea to download illegal content. You might end up with unpleasant surprises.
I use a VPN, so I’m safe?
Sort of, but not necessarily.
If you're physically in one place and want to appear on the Internet as if you're somewhere else, a VPN is the best tool. So, using a VPN will help you avoid those pesky DMCA notices above, albeit at the expense of markedly reduced download speed.
But the notion that virtual private networks (VPNs) are good for privacy or security is about as true as the falsehood that ISPs always spy on their users.
I detailed VPNs in this post, but generally, VPNs have little or nothing to do with security or privacy. It's just a matter of convenience or location spoofing. Privacy or security might or might not apply.
Using a VPN is a double-edged sword. You're at the mercy of the VPN providers, and in most, if not all, cases, they spy on you (while your ISP doesn't).
Specifically, when you're home and use your office VPN, your boss can spy on you. If you use a third-party VPN serviceโthere are many of themโthat service will likely collect your online activities and sell the information to advertisers.
The point is, if you believe a VPN keeps you safe, you're fooling yourself. That depends. The question is a bit irrelevant since, again, VPNs have little or nothing to do with online security or privacy.
When you hear a VPN provider invoke online privacy or security to prop up its service, it's likely lying to you.
My router has auto firmware updates and regular security patches, so it’s better than those that don’t, right?
Frequent firmware updates and security patches are other nonsense that certain hardware vendors use to promote their products. But let's get one thing straight: Security patches mean the product is bad. Good hardware (or firmware) shouldn't need any security patches. That makes sense, no?
The point is there's nothing glorious in having security patches. It's a nuisance at bestโyour network is unavailable during a firmware updateโand not something anyone should brag about. In fact, if your device needs patches frequently, you should get rid of itโit's about as good as a vulnerable device with no patch. Clearly, those patches don't work.
If your bathtub keeps leaking, you'll get rid of it or hire a new plumber. Having to get it patched regularlyโno matter how easily each timeโis in no way a good indication of the tub's or the patching work's quality.
But this is a matter of degree. No hardware can be completely free of vulnerabilities, so once in a while, a patch is required. Still, the auto-firmware update removes the user's freedom to choose. What if you don't want to update? Or if you want to do that based on your own timeline?
Auto-firmware updating allows the vendor to add, remove, or change things in a home network without the user having any say. Often, that comes with a notice of changes in the "User Agreement" that most users would just agree to since they have no choice anyway.
How would you feel if somebody, no matter how good a person, kept coming to your home and making changes, no matter how "wonderful" the improvement, with a complete disregard for your opinion?
Having no freedom to choose is the worst vulnerability.
Good hardware should give users options, and many routers indeed allow users to turn the auto update on or off, among other things. Some hardware even allows for manual firmware updates, the use of older firmware versions, or even open-source alternatives, such as Merlin or DD-WRT.
In any case, security patches have little to do with the quality of a productโthey are irrelevantโand auto-firmware updating only means convenience at best. As mentioned earlier, convenience is the antithesis of online privacy.
The takeaway
On the subject of online privacy, I've heard many saying that they "have nothing to hide," so it doesn't matter. That's like saying it's OK to streak as long as you're unaware or comfortable with exposing yourself in public, which is illegal in certain areas. Still, I'm nobody to judge.
Unlike running naked, there are real consequences to getting overexposed in the cyber world. It's hard to imagine anyone can be comfortable with nasty surprises.
Our social circles are similar to an onion with layers that define different levels of intimacy. No matter how open-minded or comfortable you are inside your skin, you might not want to have that instant meaningless zero degree of separation with a stranger whose intention is to benefit themselves at your expense.
And that might be what's happening right now, to different degrees, depending on which router you're using, regardless of whether or not you're aware of or happy with it.
First time reader here. Thank you for your article. The time and expertise is well thought out.
I’ll admit I didn’t give the article my fullest attention, but if I were to summarize;
There is no full proof method of really ‘protecting’ your use of the inter webs regardless of any router or ISP one utilizes? Exception(s) being stay away from a router that forces you to log into their data sucking online registration software websites and if you can actually find a router that allows some end user control functionality such as turning off ‘data sharing’, than go for it.
We’re looking to upgrade to a mesh system to get better coverage around our house. I want to limit my flow of zero’s and one’s to third party subsidiaries through these routers of companies that essentially say we’re not responsible for what happens once it hits those overseas data centers. Perhaps there is no way around that though.
Any overall product recommendations?
Check out this post Adam, it’ll give you all the pointers you need on picking a mesh system. After that here are my recommendations, depending on your situation. There’s no one-size-fits-all product. Good luck!
Fascinating ‘splainer, thank you. While I do not consider myself particularly security or tech savvy, I do have some knowledge. Which leads me to a little confusion regarding your comments about account login and webpage to manage a router and each user having a separate account. Please note, the following questions are sincere and in no way are intended as argumentative (beyond the interpretation of any query of the unknown being an ‘argument’). The questions are intended to discern errors in my assumption of the references you use, and/or understand the variances of meaning we each apply to the generalized terminology used.
Don’t all routers, including DD-WRT, utilize a web-based, admin account login?
In regard to ISP provided hardware, in context only to the above point and not the collateral questions of security, I have used both private owned and ISP-provided (xFinity) Modem/Router hardware. I am the account holder and only member of the household managing the service. No other member or visiting friend has access- so how is the ISP able to narrow the field to knowing which member is doing what?
What influence does router behind router have in privacy and security, especially in ISP-owned hardware?
Some (at least one) VPN markets itself as zero-log maintenance. Am I to infer from your comments that this is a lie, or at a minimum, a heavy embellishment of a limited fact?
I am sincere in this question as a user of the ‘one’ I have grown suspicious of frequent updates, increased (and unrequested) ‘bells and whistles’ in the software, while it has seemingly invested no resources in fixing an included app channeling feature has never worked.
There is a last item regarding the VPN in question which I am not certain how to interpret: on the one hand it would imply that it does not in fact keep logs, but on the other hand it seems overly invasive, and possibly loophole to its claim. In order to solicit ANY level of support from customer service the app immediately pulls forwards ‘diagnostics’ from the users device. I have dealt with customer service that will occasionally request such, and they usually have the user manually assemble the package and upload. Is this just a ‘painless shortcut’ for efficiency-sake. There is an option for the user to manually run diagnostics. I did this once hoping to be able to see what was being sent. It does not give that option, it just runs and sends the report automatically.
If I read you correctly, what I have described above should set off at least half a dozen red flags. It has set off some. But I no longer solicit support, nor use any of the ‘bells & whistles’, and manage usage randomly. I am uncertain if this has any impact, but it feels like it should.
Thanks for adding to the conversation, and giving me new thoughts to ponder.
Peace.
JoeQP
Next time, number your questions, Joseph. I’ll address them based on the order you asked.
A login account with the vendor, not just a login account with the built-in local webserver. They are two diferent things. More here.
If the ISP knows that you’re the ONLY one using the connection then it can totally tie alll activitties to you. But the ISP does not know that. However, if you use the xfinity app and login with your Comcast account, such as on your phone, and then use the app to mange different devices, such as the “security” features, then the information is clear to the vendor as to who (which devices and their owner) use what. And an Xfinity gateway is always tied to your Comcast account.
That dpends on how much you trust the VPN provider, that’s betwween you and them. (That’s like a vow in a marriage, which might or might not be upheld by either party.)
As mentioned, privacy and security are nuanced, not black and white.
Hope this helps.
Hi there,
Thanks so much for all of the information in this space. I’ve found it much more valuable than many tech sites.
Regarding securing my cyber activity, I think I understand how to secure my own network, starting with not using a router that requires a login account. I also think I know when I’m at a website that is secured by looking at the url for “https” and the lock and shield icon to the left.
What I’m uncertain of is this: Let’s say I’ve taken the recommended steps to secure my local network and I’ve connected to a very secure site. Still, what about the data as it travels between myself and the site? Is there something else I need to do to ensure its security on its trip back and forth?
I thought a vpn would hide it under just these conditions, but then I read your vpn article and was dissuaded, realizing I’d just be showing my traffic to the owners of the vpn server.
What is the best way to secure the traffic during the entire trip between a secure network and a secure website?
Thanks so much,
David
The “s” in https means that the information travelling between two parties can’t be read or view by a third party, David. That’s like you write a letter in code before mailing so that the text can’t be read by anyone who hold the actual letter during the mailing process. All they know is where the letter comes from and where it arrives at.
As you have noted, VPN has nothing to do with security but 100% with traffic managementโprivacy implied.
Still, security is nuanced, the only way to 100% secure anything is not to have use it at all. So if you want to web traffic to be 100% secure, turn off your computer and your router and take a hike in the woods (but then you might get attacked by a tiger.) Nothing will work if you think in terms of black and white.
Thanks for the info. I always wondered what specifically that ‘s’ did for me!
David
๐
While you have some good points I think you also have some erroneous thinking
– while auto updates can be irrelevant, there are many new vulnerabilities found. Getting patched for these *is* important. Delays leave you very vulnerable. Itโs like ignoring car recalls. Most are meaningless but some can kill.
– large companies have more data, but they are also more highly regulated and have far better security teams than small operators (good security people are very highly compensated and expensive). Their risks are much higher so they (must) have stronger internal controls. {..}
– lots of fragmentation can be like having many (possibly insecure) doors to your house. One breach can lead to others.
Personally, I donโt trust small brands and always turn on auto updates.
Let’s focus on the good points. Give them a good read! ๐
Trusting a brand and giving it your personal information because it is big is generally foolish, tho.
Hi Dong,
You often mention tplink in privacy notes. Is there a privacy issue for say the tplink deco BE65, if you only use it for ap mode only. So not the router function, since i use pfsense for that. Just need it for wireless mesh and as a wifi access point.
I know one area of concern is you have to login to a tplink account in order to manage the device. So in this way i’m sure they can tie your ip to that device. But to my understanding, you only login when administering the device, but rest of the time you don’t have to open the app to login correct?
But if you don’t use the router mode, are safe from the other questionable stuff like the chance of them possibly spying on your website surfs etc?
Like there is a feature that they give you for free (whether you want it or not, since there is no disable). Which inspects and protect u from bad sites or some such. I assumed this is disabled when using wireless ap mod? is that a correct assumption?
Anyway my point here is, are the privacy concerns you have for tplink deco not a problem when using as ap mode only? or does it still have the same level of privacy concerns?
The AP mode is less intrusive but it doesn’t cut off the connection between the hardware and the vendor, Moogle. Like a bridge that’s always there whether you’re crossing the river or not, the use of the connection is at the mercy of the vendor and all that implies.
I put a privacy note in virtually all products where the issue can be a concern.
Dong, really good article. In the case of using your own Router (e.g. an Asus) and connecting to an ONT, when you say:
“Consequently, generally, the ISP only knows the owner of the account who pays for the service, the MAC address of the router, and the Internet traffic that flows through the accountโspecifically, through the WAN IP address registered to the terminal device.
The ISP does not know which person or device uses which part of the trafficโthat specificity is shielded by the router. An Internet connection is almost always shared between multiple parties. Without knowing which party does what, the information an ISP can collect from the account is of little value.”
1. Does that mean the ISP cannot see the exact websites your household visits within the internet traffic?
2. Can third parties – be they of a government persuasion or hackers, scammers etc – see your exact web traffic remotely simply by knowing your IP address, or would someone actually have to monitor in real time internet traffic of a particular customer at an ISP (or else have physical access to the Router having logged in with your own password at your property)?
3. I wonder if you could also clarify something that I seem to see conflicting information on. Can third parties actually trace your location based on you accessing a website from a particular IP at your own home or business then?
I totally get what you mean about VPNs because like you said that would put someone at the mercy of a VPN provider.
1. They can see that but they have no idea who (which device) within your home network access that website, so the information is sort of useless, considering folks share their Internet access with others, like the neighbors, all the time. Also, they can’t know what a device does on the website.
2. No. That party has to get a hold of your router, your particular device, or your DNS server.
3. A third party can know your location (ball park) via your WAN IP address as shown in the screenshot of this part.
Very good article.
Dong, regarding ISPs, in the first scenario, would it be the same if you have an ONT and an ISP supplied Router (which doesn’t use a mobile app)? As in the Router is a separate device (not an all in one gateway) connected by Ethernet cable to the ONT which is a square box on the wall. Here in the UK, the ONT is installed by one of the wholesalers who build the network and ISPs sell services using their infrastructure.
I have wired my home with Ethernet and connected my ISP Router to a purchased Switch and have an ASUS mesh system (using wired backhaul) running as Access points for wireless devices. But the ISP Router is still connected to my main ONT doing all the Routing (I turned the Wifi on this Router to Off).
Should the ISP Router be taken out of the equation entirely then? To reiterate, it doesn’t use any Mobile app or special Login account for any remote management. There’s just the Admin password to log in via a Computer on the network to manage Settings.
Why do you still want to use the ISP router? You can connect your Asus directly to the ONT to avoid a complicated setup. If it’s a standalone router, your privacy is OK, but there’s no point in keeping it there.
My ISP is Charter/Spectrum. Prior to their new release of separate modem/router equipment, they used a gateway in which the end user had complete access to the router settings.
The new equipment doesn’t allow that detailed access, only general settings. Although the new router is superior to the old one, it makes me wonder why the ISP limited its access. I can’t believe users were causing so many problems by changing settings that it got out of hand. What are your thoughts?
Maybe the new hardware only allows for that by the OEM vendor, John. As mentioned in the FAQs above, if the new router requires a login account with the ISP before you can manage it, then you should be concerned about your privacy.
Great article Dong, and so important for every household. The marketing alone that can be targeted to our kids is crucial, as they become older there is an entire persona built on them. College, trade schools, clothes, devices, etc. can all be pushed heavily into our lives. I am on Xfinity and for now using their gateway with Asus routers, only because they keep claiming I cannot use my own modem on the 2,000 mbps plan (even know I know we can), if anyone has had success with using your own modem let me know!
All supported DOCSIS 3.1 Multi-Gig modems can handle up to 2.5Gbps, Joey. More here.
I never understood why people use VPNs unless it’s just for spoofing or warez, those little companies could never protect you as an ISP could and you are giving up your payment info/identity directly to these little companies that couldn’t fight a small case for you. I rather have the ISP be the middleman.
You got it, Jonathan. I talked more about that in the post about VPN. I’d blame the fake “security” notion and the ads and the affiliation of online media that propagate it.
Hi Dong,
Thanks for all the great articles.
In discussing privacy and data security, do we need to worry about being profiled not just by hardware manufacturers, but by governments who lay claim to any data they collect? For example, if I lived in the US would buying a Netgear or ASUS router be a better decision than TP-Link?
That’s a personal decision, Seth. If the US gov has reasons to monitor you, they can no matter which router you use. All hardware has to be certified by the US regulatory bodies before they can be sold in the country. I’d worry more about online services, like Tiktok.
As always great article. Currently I am on the Xfinity 1200 plan, with a Netgear modem that only goes to 1000, also my router is a TR-AC87R (very out of date) and starting to have issues. I would like to upgrade to the new Xfinity X2 Gibit plan but they force you to use their Xfi Gateway. I am very concerned with security, I like using my own hardware (also have VPN). I admit to being somewhat paranoid of Xfinity spying on me. My question, with security and privacy as my main concern: am I just being paranoid should I just go ahead and upgrade the plan and accept the Xfi Gateway, or stick with my current 1200 plan and upgrade my modem and router?
I appreciate your thoughts.
I’d recommend staying with using your hardware, David. 1.2Gbps is plenty — you’ll likely get 1.4Gbps when used a Multi-Gig modem and router.
Thanks Dong, if I stick with my current plan I still need to upgrade Hardware as the modem is buggy and only goes to 1 Gig and Router is starting to require near daily reboots.
Get one of the modems or routers I linked earlier. They’ll work out great! Good luck! ๐
Edit: Maybe I just get the Xfi Gateway and my own router and use the bridge mode?
https://www.xfinity.com/support/articles/wireless-gateway-enable-disable-bridge-mode
That works until Comcast decides to disable, or no longer support the bridge mode. That has happened.
> Letโs get one thing straight: Security patches mean the product is bad. Good hardware (or firmware) shouldnโt need any security patches. (That makes sense, no?)
I appreciated most of your article but have an issue with this section. There are always going to be new security issues discovered in a world of open source software, and there will always be a need to patch them in a world of botnets that can sweep the internet for such vulnerabilities. Android and iOS receive monthly patches for such issues, not necessarily because Google or Apple dropped the ball in implementation (though that can be the case too) but because the reality we live in is that there are common libraries that regularly have new vulnerabilities registered and fixed. Linux, Windows, and Mac are regularly patched for the same reason. Our routers are the one device we own that will receive the vast brunt of attacks given their persistent internet connections and frankly because most router manufacturers are not patching regularly so it is more likely that problems that were fixed long ago are still present on a good number of routers. All that to say: I firmly disagree that any router that is not receiving regular security updates is good, and that routers that do receive them are bad. It’s the opposite.
You read into it, Peter, yet missed the point entirely. I only meant that if there’s a need for a security patch, then the hardware is bad. That applies to *all* of them. The point here is that there’s nothing glorious or bragging-worthly about security patches. Some hardware (and software) have more vulnerabilities than others; that’s always been the case.
But yes, if the hardware has vulnerability and no patch, then that’s even worse (this is the notion I didn’t mention.) Make sure you read the entire post, not one or two sentences, and then make assumptions.
Hi Dong,
Thanks for the great info. I would like to shorten the range to my apartment. I live on the third floor, but my wifi reaches and is accessible on the third floor. Someone in my building is hacking me. How can I shorten my wifi range?
I would appreciate your help.
I wouldn’t worry about some extra range, Nesa. Just make sure you have a good password for your Wi-Fi network — change it if you think it’s been leaked. Some routers, such as those from Asus, Netgear, Synology, or TP-Link have an option for you to lower the broadcasting power, but still, that’s not necessary. But if you’re super paranoid, then you just have to stop using Wi-Fi at all. There’s no way to contain radio signals precisely within an area.
Amazon Alexa on Asus ET12 router?
Aloha Dong, yes just got my single ET12 unit and excited setting it up and saw a login for Amazon Alexa skill.
Glad I didnt log in because of what I read in your article mentioning the Eero from Amazon. I do have a few Alexa speakers around the home and a Ecobee Premium with Alexa I already am logged in to.
What is your advice on all these logged in devices? I am looking to add a door bell camera and exterior cameras. I always like to self monitor but it looks like no matter what you get if you are connected to the internet my old VPN really does nothing for privacy.
As always Mahalo for keeping us Teched Up.
Taz
I’d not use Alexa for the router. I mentioned that once a long time ago in the review of the Blue Cave. (https://dongknows.com/asus-blue-cave-router-review/).
There’s no absolute privacy, it’s about the degree and how to fragment your exposure as mentioned in the Tips above.
Hi! Excellent article topic! Thanks for keeping it simple. I am curious as to where or if using an apple HomeKit router fits into all of this. Is there much added benefit when choosing this? Can the same level of privacy be achieved through settings changes on another router? I have seemingly plenty of HomeKit questions, and high hopes that it will one day make sharing or hiding personal information more transparent and easier protect. Is it all that it seems to be and more, or is it apple putting its magical marketing spin on it. Maybe a good future article to break down what it is and isnโt? Thanks!
Anything that you have to log in with an account to use will spy on you, Frank. So fragment your devices to minimize the exposure, as mentioned in the tips.
Thank you, I donโt exactly know what that means to fragment my devices. Is that for example shop on my iPad and not on my phone? Is there a setting to change on my router that does this. Sorry, unfortunately Iโm out of my league when it comes to this kind of thing and a lot of this goes over my head.
I explained that in the second paragraph of the tips. But that means don’t use the same ecosystem for everything. It’s nuanced. For example, you can use an Apple iPad and a Google phone, a smart lock from one company and an IP camera from another. etc.
To be honest, you’re part of the demographics most vulnerable to vendor data collection, etc. Take some time to do some serious reading. You’ll get above it.
Dong, as usual, you tell it like it is. Thanks for the easy to follow primer on privacy. It really does boil down to convenience v privacy. I’ve been telling people that for years. There’s really no such thing as privacy anymore. But being careful seems prudent to me.
One more thought – Medical information.
I think medical information should be shared more than it is. (And it’s getting better with on line health care sharing between providers and their patients. Also between providers and other providers (that are preapproved by the patient.)
Health Care Providers need to know our medical history. But I can never remember every surgery that I’ve had, or every illness, or the dates of my last vaccination or tetanus shot etc. It would eliminated the problems and errors with forgetting these things or telling one provider one thing and another provider another. It would also reduce the number of questionnaires that you have to fill out every time you see a doctor or visit a walk in clinic or go to the ER.
I’m sure some people will adamantly disagree, but it make good sense to me. Safeguards would have to be in place for the patient to still be the ultimate “controller” of their own data.
Just my 2 cents.
And PS – I either do or don’t like walking around naked in my house … it depends on who’s watching. ๐
Sure, Edgar. I’m glad you caught my drift. Hope you get to walk around the house naked comfortably more often than not. ๐
As for medical information, I think it’s OK to share it anonymously. Revealing your medical record with your ID attached can put you in grave danger from unscrupulous parties. And it’s actually hard to avoid the latter.
Wonderful and necessary information Dong. We need to educate our family and friends and look out for our Elders who arent as tech savvy and most vulnerable.
As far as medical information. How do we share it and protect it like its the last drop of water on Earth. Being a military family. No matter where we go around the world as long as we see a military facility they have records from day 1 over 20 plus years ago. Their systems are getting better but in the past didnt play nice with other systems in the Federal government from different Vendors. Those Vendors make millions on those contracts for not proven or fully working systems. Go figure.
What will the future look like? Will we all be micro chipped to ensure we are who we are and where we are supposed to be.
The rights of privacy weighed against being able to protect and save lives. Unfortunately it seems the main spying and privacy breeches are for financial or political gain.
For us Tech lovers we should all protect our routers and data, just like we lock our doors at night and keep our kids away from strangers.
Mahalo,
Taz
You like running naked. We got it, Dong! J/K. Thanks for the great content and the no-bullshit approach!
Ha! So you’re that peeping Tom!
Thanks, Tom. ๐