You Don't Own What You Buy, Part 15,332: Cisco Forces Questionable New Firmware On Routers

from the not-cool dept

One of the things that we keep learning in a connected, digital age, is that what you think you "bought" you often don't really own. Companies who sell you products seem to feel a certain freedom to unilaterally change the terms of your purchase, after the fact. I'm reminded of Sony removing key features on the PS3, though there are plenty of other examples. A new one is the story of Cisco, pushing out a firmware update to routers without customer approval and (even worse) having that firmware update block people from logging in directly to their own routers. Apparently, if you don't like it... er... too bad.
Cisco has started automatically pushing the company's new "Cloud Connect" firmware update to consumer routers -- without customer approval. Annoyed users note that the update won't let consumers directly log into their routers anymore -- they have to register for a new Cloud Connect account. The only way to revert to directly accessing the device you paid for? You have to unplug it from the Internet.
Oh, and registering for such an account means you have to agree to give up your data so that Cisco can sell it. As per the terms:
...we may keep track of certain information related to your use of the Service, including but not limited to the status and health of your network and networked products; which apps relating to the Service you are using; which features you are using within the Service infrastructure; network traffic (e.g., megabytes per hour); Internet history; how frequently you encounter errors on the Service system and other related information ("Other Information"). We use this Other Information to help us quickly and efficiently respond to inquiries and requests, and to enhance or administer our overall Service for our customers.

We may also use this Other Information for traffic analysis (for example, determining when the most customers are using the Service) and to determine which features within the Service are most or least effective or useful to you. In addition, we may periodically transmit system information to our servers in order to optimize your overall experience with the Service. We may share aggregated and anonymous user experience information with service providers, contractors or other third parties...
Seems like a good way to drive people into buying routers from other companies. I can see how a "cloud service" could have value, but it should be presented to users as a choice, where the actual benefit to them (if there is one) is clearly presented. Instead, this rollout seems designed solely to benefit Cisco and its partners, rather than the people who bought (or so they thought) their routers.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: firmware, hacking, routers
Companies: cisco


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    The eejit (profile), 2 Jul 2012 @ 9:53am

    ...seems weak.

    Cisco, please go away with your imaginary intelligence.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 2 Jul 2012 @ 9:59am

    fuck outta here, Cisco.

    link to this | view in thread ]

  3. icon
    DinDaddy (profile), 2 Jul 2012 @ 10:01am

    Was there a term in the original EULA for the router firmware allowing this? If not, it would be back to the store (or small claims if necessary) for me.

    link to this | view in thread ]

  4. icon
    Rikuo (profile), 2 Jul 2012 @ 10:02am

    Bait and switch, anyone? They sell you a router, used to connect multiple devices to the internet, then force an update that allows them to share your information...all without your permission.

    link to this | view in thread ]

  5. icon
    Lowestofthekeys (profile), 2 Jul 2012 @ 10:03am

    I enjoy how transparent they are. They "may" share your information. Class act, Cisco.

    On the off-topic, I wonder if this is jostling Taplin's scruffy beard.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 2 Jul 2012 @ 10:05am

    ... because cloud security is so much more secure...

    Hey at least if I forget my password I can find it on the Internet.

    link to this | view in thread ]

  7. icon
    The Infamous Joe (profile), 2 Jul 2012 @ 10:06am

    Eh.

    Can you install DD-WRT or Tomato on a Cisco router? If so, why haven't you already? In any event, do it now.

    link to this | view in thread ]

  8. icon
    A Dan (profile), 2 Jul 2012 @ 10:12am

    Re:

    This was actually an on-the-box feature, from what I've read, that these routers would receive a free upgrade to the new "Cloud Connect" firmware when it was available. So it seems right that they would receive it.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 2 Jul 2012 @ 10:16am

    this is what happens when companies are allowed, via stupid decisions from ignorant judges, to change the terms and conditions of an item, after it has been purchased and when those changes are forced on to buyers with no choice other than the one the company wants, save using a different item, which is usually not an option because the particular service wont work. good choice Cisco and many tnx!!

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 2 Jul 2012 @ 10:16am

    Re: Eh.

    So far it looks like only the newer consumer Cisco/Linksys routers (which do not support Tomato and are therefore not worth it anyway) are exposed to this risk.

    http://home.cisco.com/en-us/cloud

    But if I had an older Cisco/Linksys with their original firmware, I would go to Tomato immediately before they figure out how to hose past successes with present stupidity.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 2 Jul 2012 @ 10:19am

    Open Source

    More reason to move to Open Source products (Redhat comes to mind, not sure they have routing capabilities).

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 2 Jul 2012 @ 10:21am

    Having recently had to purchase a replacement wireless router, let me just say how happy I am not to have bought one of Cisco's.
    Looks like they'd prefer me to continue not giving them money in the future as well! I hope that works out for them.

    link to this | view in thread ]

  13. icon
    Rikuo (profile), 2 Jul 2012 @ 10:23am

    Re: Re:

    Did the box also mention the sharing of information?

    link to this | view in thread ]

  14. identicon
    John Doe, 2 Jul 2012 @ 10:23am

    I hate how "connected" everything is today

    I love my smartphone, tablet and computers as much as anyone. I have Facebook, Google+ and twitter accounts. But I am growing more and more leery of all the connectedness. I don't need my router spying on me, I don't need my thermostat spying on me, I don't need my refrigerator spying on me and I don't need my phone, Facebook, Google or anyone else spying on me. I know we give up something to use these services but things are getting out of hand and only getting worse.

    How long before there is a revolution of people cutting the cord from all devices, not just their cable?

    link to this | view in thread ]

  15. identicon
    Indy, 2 Jul 2012 @ 10:23am

    Re: Eh.

    Tried DDWRT but only had experimental support for my Buffalo router. It brought far worse stability than the native image.

    link to this | view in thread ]

  16. icon
    Rikuo (profile), 2 Jul 2012 @ 10:25am

    Re:

    "because the particular service wont work"

    Really? You can only use your net connection with a Cisco router? While I of course think this is a shit move on their part, the customer does have all the freedom in the world to take them to Small Claims court and to switch to a different router. This would be a different matter entirely if this were the ISP doing this.

    link to this | view in thread ]

  17. icon
    Designerfx (profile), 2 Jul 2012 @ 10:28am

    Re:

    transparent? it gets better.

    http://blogs.cisco.com/home/answering-our-customers-questions-about-cisco-connect-cloud/

    If the tone isn't "screw you all" enough in their response to the PR fallout the "commenting is locked" part of the post should tell you enough right there.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 2 Jul 2012 @ 10:46am

    Re: Re:

    I know some ISPs require certain router brands, e.g. ATT & 2wire. Not sure if anyone requires Cisco but its not outside the realm of the possible.

    link to this | view in thread ]

  19. icon
    Josh in CharlotteNC (profile), 2 Jul 2012 @ 10:46am

    Re:

    That'll do a load of good, since its rare that regular users login to their router - except when their internet connection is down.

    link to this | view in thread ]

  20. icon
    Matthew E. Cooper (profile), 2 Jul 2012 @ 10:47am

    Exploitable Back Door?

    I realize that Cisco is probably one of the better companies as far as securing a back door like this from hackers, but theoretically, what if someone did manage to figure out how to exploit this to load their own custom firmware onto these devices? Given the possibilities, I can't imagine that there are not a lot of disreputable folks seeking to do just that.

    BTW, thanks Cisco for increasing my workload on an already busy week. I also doubt that the MSP I work for is ever going to buy another Linksys/Cisco router for the four dozen small businesses we manage moving forward. Just a flash in the pan, I'm sure, but how many other IT management companies are going to feel the same way?

    link to this | view in thread ]

  21. icon
    TasMot (profile), 2 Jul 2012 @ 10:50am

    I bet they won't pay for my bandwidth overages either.

    I need a new router. My old Linksys is starting to be a little flaky. So, now, I will be going with re-purposing an old computer to pfSense. I had already started looking into how to set up a USB boot version of pfSense (and it can be done). So now, it will move up in priority. It used to be that Linksys had the most feature full routers and switches for the best price. They seriously started going downhill when the C-word company bought them. That C-word company seems to have taken the the worst of the corporate force-it-down-your-throat mentality and applied to consumers who have a choice to go elsewhere. From now on, my little piece of the world will receive recommendations to buy anything but C**** routers and switches so that they don't have their private info sold to the world. Having my network data monitored, collected and aggregated just doesn't do anything for me. If nothing else, it will use up my bandwidth to send it to them. In another one of those f***ing corporate money grabs, Comcast now has bandwidth caps. If my usage goes over I get charged more (and I'm betting that C**** won't repay me for the usage overages that they caused). I already block access to as many ad sites as I can, but I need to get to the router site for debugging issues. I guess I'm glad I ordered a TRENDNet gigabit switch now (24 port $109.00) for my house (and yes, I really do need a 24 port switch at home). I used to only buy Linksys. Now, they will be the only entry on my "don't buy from them" list.

    link to this | view in thread ]

  22. identicon
    DogBreath, 2 Jul 2012 @ 10:54am

    The day will soon come when this is the standard:

    Welcome to the "Always On" router. If your internet connection is down or our DRM servers are down, and your router is unable to validate that you are an "authorized licensed user" of our firmware product, your router hardware will stop working. Any business/local/home intranet communication functionality will cease to operate until the router can be reestablish a DRM authorization so you can use the hardware that you already paid for.

    Or, if we decide to no longer support your particular router model, you will also lose all functionality. In that case you will need to buy a new router.

    Thank you for your support (and your money, please pay again).

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 2 Jul 2012 @ 11:00am

    Re: Re:

    That'll do a load of good, since its rare that regular users login to their router - except when their internet connection is down.

    Haha too true. So to check my public side connection I'll have to go to my neighbors', use their Internet connection to find my password, and sneaker-net it back to my house. All while keeping my cable co. support representative on hold.

    And the circle of justice is complete.

    link to this | view in thread ]

  24. icon
    Anonymous Coward of Esteemed Trolling (profile), 2 Jul 2012 @ 11:05am

    Great Cisco Firewall of China : Status Expansion

    Oh noes.... Another reason to despise CISCO !
    Selling Routers to China, for the ‘Great Firewall’, wasn't enough to deserve spite.
    I wonder who this surveillance system is marketed to ?
    Who is buying it ?
    And who are the victims to be spied on ? (wait... that's us )


    ""We may share aggregated and anonymous user experience information with service providers, contractors or other third parties...""

    Looks like code for...
    All your privacy are belong to Cisco *(people who buy it from Cisco)
    Who are they selling that to again?

    link to this | view in thread ]

  25. icon
    Anonymous Coward of Esteemed Trolling (profile), 2 Jul 2012 @ 11:08am

    The Great Cisco Firewall of China

    Every person in China approves that message.

    Thanks to Cisco, no one will ever hear them say it.

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 2 Jul 2012 @ 11:13am

    All belongs to cisco, until their update system or key is compromised.

    link to this | view in thread ]

  27. identicon
    Adam, 2 Jul 2012 @ 11:16am

    Worth their salt?

    Anyone buying tech equipment should know to stay away from "consumer" products if they expect some amount of control over what they buy. I personally own a CISCO 1900 series and 2700 series route and switch. Sure it's way more then what I need to run 10 devices in a networked home. But I don't have to worry about this crap.

    link to this | view in thread ]

  28. identicon
    Dreddsnik, 2 Jul 2012 @ 11:21am

    Re: Re: Re:

    ATT can 'require' certain routers all they want. Any router will still work with any of their modem only options. I've been doing residential DSL installations in my area for nearly as long as DSL has been available. I have yet to see a router that won't work for ATT DSL. They just won't help you set it up.

    link to this | view in thread ]

  29. icon
    Vidiot (profile), 2 Jul 2012 @ 11:23am

    Corporate IT dealbreaker

    Overly-broad terms like these may be easier on Cisco's law department, but most corporate IT'ers would be prevented by their own law departments from using equipment known to reveal network info, usage, history and so on. Seems like a more concrete version of the smartphone camera/mic controversy... they're telling us that they will definitely use that data, not a maybe/might.
    http://www.techdirt.com/blog/wireless/articles/20110417/21485513927/smartphone-apps-qu ietly-using-phone-microphones-cameras-to-gather-data.shtml

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 2 Jul 2012 @ 11:24am

    How about xbox and being forced to update your firmware for new features like netflix, and neglecting to mention the term change stating we cant gang up on lawsuits against microsoft?

    or something like that

    Stay classy

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 2 Jul 2012 @ 11:27am

    Do they have RIAA/MPAA approved filtering software so they can tell when any traffic includes copyrighted material? Then Subpoena Cloud(tm) can auto-fill the IP address and serve you through the router!

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 2 Jul 2012 @ 11:31am

    Re: Great Cisco Firewall of China : Status Expansion

    Who are they selling that to again?

    China? RIAA? a Brazilian Cartel? According to their EULA, anyone they dam well please.

    link to this | view in thread ]

  33. icon
    LVDave (profile), 2 Jul 2012 @ 11:33am

    So long Cisco, you just couldn't resist, could ya?

    Ever since the early 90s, when I became involved with network support in my day-jobs, I'd always bought/recommended/wrote PRs for Cisco equipment. Now I'm semi-retired, doing part-time consulting for small businesses/home users. Until this, I had always recommended Cisco/Linksys for home users, and Cisco's small business Integrated Networking routers/firewall products for small business. This stops NOW.. Yes, I realize I'm only one.. But if you stop and think about how many "me's" there are in tech-dom, who do EXACTLY the same things I do, and are just as fed up with this kind of b.s. activity by corporations, you'll see that "recommender backlash" has a VERY good chance of putting a severe dent into Ciscos bottom line. Once a company has lost its credibility, its close to impossible to get it back, ESPECIALLY with tech companies who, even though they probably won't admit it, rely on recommendations by knowledgable techies who just happen to have LONG memories... Like maybe SONY?? Real stupid, Cisco, for you to emulate Sony...

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 2 Jul 2012 @ 11:48am

    How long until someone makes a Tomato-equivalent for these routers? Or am I being optimistic in assuming that if you unplug these things from the internet, you can load new firmware onto them?

    link to this | view in thread ]

  35. icon
    weneedhelp (profile), 2 Jul 2012 @ 11:49am

    Let em know

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 2 Jul 2012 @ 11:58am

    Re: Re: Eh.

    link to this | view in thread ]

  37. identicon
    Paul Renault, 2 Jul 2012 @ 11:58am

    So.:... Was: Re: Re:

    If enough people call "the Linksys customer support line at 1-800-326-7114. One of our agents will walk you through the process." that'll learn'em to ask first.

    link to this | view in thread ]

  38. icon
    harbingerofdoom (profile), 2 Jul 2012 @ 11:58am

    Re: Eh.

    go to their site, you can look up your make/model and see if it runs it.

    personally?
    wrt54gs running ddwrt for about 5 years now. have never needed to replace it and its rock solid.

    link to this | view in thread ]

  39. icon
    Hephaestus (profile), 2 Jul 2012 @ 12:03pm

    Both Cisco (router) and Facebook's (cellphone phone book) getting into your system and changing things via EULA seems like computer trespass to me.

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 2 Jul 2012 @ 12:11pm

    Re: Re:

    "Cisco Connect Cloud does not actively track, collect or store personal info or usage data for any other purposes, nor is it transmitted to third parties."

    Really?

    "We may share aggregated and anonymous user experience information with service providers, contractors or other third parties..."

    link to this | view in thread ]

  41. icon
    Anonymous Coward of Esteemed Trolling (profile), 2 Jul 2012 @ 12:13pm

    usually I would rejoyce you for it !

    What was your plan ?
    Subscriptions to spam or the box filled up to auto deletion ?
    Cause you do know.... Cisco don't give a shit about PR ? (like Carreon)
    An angry email will do fuck all to change them.
    Unfortunately......
    Even subscriptions or filling the email box will likely fail.(it's Cisco)
    They did screw over EVERY single Chinese internet user.


    Interesting fact:
    There are way moaar internet users in China, than there are people in the U.S.A

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 2 Jul 2012 @ 12:18pm

    Re: Corporate IT dealbreaker

    I might be a little paranoid, but if Cisco can sell my network configuration to third parties that seems like a significant security risk no matter how anonymous it may be.

    link to this | view in thread ]

  43. icon
    John Fenderson (profile), 2 Jul 2012 @ 12:23pm

    What I don't understand...

    I just replaced two WAPs in my home, and intentionally avoided Cisco because of this.

    What I don't understand, though, is what benefit comes from this functionality? Easy remote administration of these routers has been possible out of the box for many years without involving a third-party server, so that's not the benefit.

    If you have so many of these things that you need a central server to manage them all conveniently, then what you have isn't a consumer installation at all -- it's an enterprise deployment, and these devices aren't meant for you and won't make your life easier, so that can't be the benefit.

    As near as I can see, this cloud router stuff brings no benefit at all, let alone enough to outweigh the drawback.

    I also can't for the life of me figure out what their target market is, unless it's people who are dumb enough to think that "cloud" always means better.

    link to this | view in thread ]

  44. icon
    Anonymous Coward of Esteemed Trolling (profile), 2 Jul 2012 @ 12:37pm

    buy a loophole.

    no "seems" about it...
    Trust your instinct, you are 100% correct.
    It's who they are selling the intercepted data to, that is the real question.
    Could be Obama, could be the banks, could be the oil companies, anyone who can gain something from spying on you.

    Corporate governments are great for non-human people.
    Who cares if Cisco spy on people, they paid the politicians already.

    About $2 million every year. ( the cost of your privacy to politicians )
    http://www.opensecrets.org/lobby/clientsum.php?id=D000000374

    link to this | view in thread ]

  45. icon
    A Dan (profile), 2 Jul 2012 @ 12:43pm

    Re: Re: Re:

    Unfortunately, I don't exactly what the box says. They seem to have been promoting it as a feature, though.

    Here's an article about the router family:
    http://news.cnet.com/8301-17938_105-57409483-1/cisco-launches-app-enabled-router/

    "The new Linksys EA4500, EA3500, and EA2700 routers are available now and cost $199, $139, and $99, respectively. Cisco promises that a full range of its cloud-enabled services will be available by June."

    It sounds like they kept their promise.

    And here's an Amazon product page:
    http://www.amazon.com/Linksys-EA2700-App-Enabled-Dual-Band-Wireless-N/dp/B007IL72CI/

    "Cisc o Connect Cloud (Coming Summer 2012) - Over time, continue to get new apps and capabilities that will enrich your connected lifestyle"

    link to this | view in thread ]

  46. identicon
    Anonymous Coward, 2 Jul 2012 @ 12:44pm

    Re: Re: Corporate IT dealbreaker

    Not paranoid, this is CISPA in code, but without an implication for better security.

    link to this | view in thread ]

  47. icon
    The Spork (profile), 2 Jul 2012 @ 12:48pm

    It's not Cisco's (firmware developer) fault on this one.

    The CCC (Commanding Corporate Crony) Aka the CEO's fault. from what I've been hearing on the grapevine, the firmware developers fought against the "Cisco Cloud" BS for years. unfortunately (yet again) the higher-ups overruled them.

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 2 Jul 2012 @ 12:51pm

    Re: What I don't understand...

    If you go to their site, you see they want to run apps on your router! Who wants to run a fucking app on a router!? Don't they understand what routers do?

    link to this | view in thread ]

  49. icon
    A Dan (profile), 2 Jul 2012 @ 12:52pm

    Re: Re: Re: Eh.

    They come with two versions of firmware: the dd-wrt version and the "User-Friendly" version. I had very poor results with my recently-purchased router, especially compared to my old reliable WHR-G54S.

    link to this | view in thread ]

  50. identicon
    Anonymous Coward, 2 Jul 2012 @ 1:01pm

    Did Cisco change the terms? I can't find the cited text anywhere in it, but according to google http://www.cisco.com/web/siteassets/legal/connect_cloud_supp.html is the site that it came from.

    link to this | view in thread ]

  51. identicon
    Anonymous Coward, 2 Jul 2012 @ 1:22pm

    Re: What I don't understand...

    If you go to their site, you see they want to run apps on your router! Who wants to run a fucking app on a router!? Don't they understand what routers do?

    link to this | view in thread ]

  52. icon
    weneedhelp (profile), 2 Jul 2012 @ 1:23pm

    Re: Re: Eh.

    I use 3 to cover my property and since setting them up they have been amazing. I never have to touch them.

    I was thinking about upgrading to N, but after this, and I am sure the others will follow, ill just keep em. Thanks for keeping money in my pocket Cisco. Now to go try and grab a couple off of ebay.

    link to this | view in thread ]

  53. icon
    weneedhelp (profile), 2 Jul 2012 @ 1:30pm

    Re: usually I would rejoyce you for it !

    "What was your plan ?"

    Provide an outlet for pissed off users. It may mean nothing. But damn it felt so good [smoking cigarette.]

    They may blow it off, but if you take an account that is used to getting say 1000 emails a day and triple it, someone will notice.

    link to this | view in thread ]

  54. icon
    Get off my cyber-lawn! (profile), 2 Jul 2012 @ 1:48pm

    Cisco must have a drive-thru....cause they F*CK you at the drive-thru!

    Isn't Cisco the one that also starts the clock on your 90 day "support agreement" the day they sell the unit to the big box store and if the 90 day period expires even before you purchase the unit.....oh well?

    link to this | view in thread ]

  55. identicon
    Anonymous Coward, 2 Jul 2012 @ 1:52pm

    Re: I hate how "connected" everything is today

    Needs to be a one day black out...turn off your Internet, your smart phone data,your tablet etc...Maybe someone will wake up!

    link to this | view in thread ]

  56. icon
    Anonymous Coward of Esteemed Trolling (profile), 2 Jul 2012 @ 1:56pm

    Got to try

    Maybe I have completely lost faith in humanity.
    I mean...I really can't see Cisco giving a shit.
    You can, and that's great, at least you are trying.(unlike me)
    Honestly, I hope you are right and I am wrong.

    But please don't let my opinion take away from your valued contribution.
    If you are right, Cisco might listen and change, for the better of humanity.

    And to other peeps lurking this thread..... email Cisco ( go go go)

    link to this | view in thread ]

  57. identicon
    Anonymous Coward, 2 Jul 2012 @ 1:58pm

    Re: Great Cisco Firewall of China : Status Expansion

    wonder how the Chinese feel about sharing all their data with the world.

    Just a guess but isn't Cisco's stuff made in China anyway?

    link to this | view in thread ]

  58. icon
    John Fenderson (profile), 2 Jul 2012 @ 2:00pm

    Re:

    According to this article: http://www.extremetech.com/computing/132142-ciscos-cloud-vision-mandatory-monetized-and-killed-at-th eir-discretion they did indeed pull the offending paragraph form their terms. The article points out, however, that they can add it back in anytime they want (like after the furor dies down.)

    Cisco cannot be trusted, and their entire product line should be avoided.

    link to this | view in thread ]

  59. identicon
    Rich Kulawiec, 2 Jul 2012 @ 2:12pm

    This is spyware

    If attackers/abusers had done this, they'd be blacklisted by now and there would be calls for legal action against them. Cisco -- in the most cowardly fashion imaginable -- is hiding behind obscure legalese to justify hijacking users' property and turning it into an intelligence gathering operation designed to harvest user data for sale to unknown third parties. This is absolutely despicable behavior.

    And it's a very good reason for replacing your firmware with open-source software -- which isn't perfect, of course, but at least gives you some assurance that YOUR hardware won't be silently manipulated by a corporation that cares nothing for your privacy, your network integrity, or your operation.

    Now here's the question: how long until Cisco pushes this spyware onto enterprise routers? C'mon, it has to be obvious to everyone that they want to: the only question is how and when they're going to try to pull it off.

    link to this | view in thread ]

  60. icon
    John Fenderson (profile), 2 Jul 2012 @ 2:16pm

    Re: It's not Cisco's (firmware developer) fault on this one.

    Not sure what your point is here. Even if it's 100% because of the CEO, that doesn't make it any less Cisco's fault. In fact, it makes it more so because it indicates it's a conscious move taken despite warnings from those insiders who know better.

    link to this | view in thread ]

  61. identicon
    William, 2 Jul 2012 @ 2:19pm

    Re: Eh.

    Not any more. Their latest routers use Marvell chipsets which are incompatible with DD-WRT and Tomato.

    link to this | view in thread ]

  62. identicon
    Anonymous Coward, 2 Jul 2012 @ 2:24pm

    Cisco as IP police?

    I like how the "Cisco Connect Cloud Terms of Service" just happens to include
    "As a condition of your use of the Service, you agree that your use of the Service in accordance with the terms and conditions of this Agreement is permitted under and will comply with the applicable laws of the country where you use the Service. You agree not to use or permit the use of the Service:... (iii) to infringe another's rights, including but not limited to any intellectual property rights... (vi) to violate, or encourage any conduct that would violate any applicable law or regulation or give rise to civil or criminal liability."
    followed by
    "While we are not responsible for any content or data that you choose to access or otherwise use in connection with the Service, we reserve the right to take such action as we (i) deem necessary or (ii) are otherwise required to take by a third party or court of competent jurisdiction, in each case in relation to your access or use or misuse of such content or data. Such action may include, without limitation, discontinuing your use of the Service immediately without prior notice to you, and without refund or compensation to you."
    Add to this the line from Cisco Cloud Connect Privacy Supplement
    "Cisco may collect and store detailed information regarding your network configuration and usage"
    and we have a nice way of taking people offline for potential IP infringement.

    link to this | view in thread ]

  63. identicon
    Anonymous Coward, 2 Jul 2012 @ 2:25pm

    I've had it with all the spying. Used to think Cisco was fairly good stuff. Hearing this here, makes sure I will never again be a customer of Cisco. Simply, my money is a vote for what I believe in, product or company-wise. I spend it that way too.

    Cisco has reached the list of 'never buy' products. At this point they will have to show me something else that really means something. Taking down a paragraph or two with plans to possibility re-instated it later, tells me all I need to know. Since people often refer to me on equipment and products to buy, I promise Cisco will feel the pinch from more than just one.

    link to this | view in thread ]

  64. icon
    Paul Renault (profile), 2 Jul 2012 @ 2:30pm

    Re: Re: Re:

    It doesn't actively track/collect/store. It does it passively. I'll concede that maybe it's passive-agressive...

    link to this | view in thread ]

  65. icon
    TtfnJohn (profile), 2 Jul 2012 @ 2:32pm

    Re: Re: Re:

    Once the DSL signal is past the telco or cableco dataset it's none of their damn business what you hook up to it, They just won't support it at their help line.

    ISP's will and do provide wireless router or router/dataset combinations that they've rebranded mostly ATT and 2Wire. They get to share the "sale" with ATT and 2Wire when they do that. I have no idea if 2Wire is as bad as it was when it first appeared but until I found out I will never, ever, have one.

    Sad, you know. Cisco gear, till this, used to be a bit old fashioned and crotchety but it ran forever. Oh, the price of progress.

    link to this | view in thread ]

  66. icon
    TtfnJohn (profile), 2 Jul 2012 @ 2:47pm

    Re: Got to try

    Good luck. They're only doing what everyone else in the business is doing which is downloading and implementing software and firmware upgrades to save you time and money. You know the line. "For you own good".

    Ditto with this one.

    The tone of Cisco's posting is one of a PR department caught with its pants down and with no way out of what's already happened. BUT I'd say that the that this "press release" posting changes the terms and conditions statement that they can share everything but the pictures you take of yourself in the shower to that they can't share a bloody thing. Not that it will change anything. But I'd be sure to let Cisco know via email that you keep a copy of that that's your interpretation now if you chose and keep it.
    Bloody hell!

    link to this | view in thread ]

  67. icon
    TtfnJohn (profile), 2 Jul 2012 @ 3:18pm

    Re: No but this letter might get something from them.

    It isn't immediately obvious because these things get written by lawyers but I'll bet dollars to donuts that what they're talking about is storing so called infringing material in their cloud. The same applies to the criminal and civil liability clause. Both are more popularly known as CYA.

    The role of collecting configuration data is for support as is usage to a small extent. Though it would be nice if they actually got off their butt and said that. From some 35 years of supporting telco data and voice stuff it it was always better to know configuration of gear than not so that I could get in the back door and have a look because some 80% of the time a trouble call on a key system or switchboard was some change the customer made that caused the problem. For data that's closer to 100%.

    Anyway, here's nice sample email:
    Dear Cisco,
    I feel your pain at swallowing both legs up to your hips but can you imagine mine at not being able to log into my router now. Not to mention some of the bad wording in the Terms and Conditions of Use that seemed to leave me wide open to you sharing everything about me with the world.
    I appreciate the clarification on your blog at:
    http://blogs.cisco.com/home/answering-our-customers-questions-about-cisco-connect-cloud/
    that cleared up some of my concerns however you may be assured that from this point forward I will no longer use Cisco devices in my home or recommend them for any other home or small business. You have lost the good will that you've built up over 30 years with me and a number of others who I've spoken with and we all agree that no matter the technical advantages of your routers we can no longer use or recommend a router whose maker chooses to treat its customers and users in such a cavalier manner.

    Attached is my receipt for my router and plug ins for each of my computing devices including smartphones and I expect a cheque in return as a full refund as the router and all Linksys devices in my home will be put in recycle in an unusable condition to prevent anyone else from suffering through this.

    Yours Truly
    One Immensely Pissed Off Ex Customer.

    link to this | view in thread ]

  68. icon
    John Fenderson (profile), 2 Jul 2012 @ 3:50pm

    Re: Re:

    If I read that on the box, I would assume that it meant the upgrade would be made available to me, not that it would be automatically installed.

    link to this | view in thread ]

  69. identicon
    Anonymous Coward, 2 Jul 2012 @ 4:48pm

    Cisco, fuck you!

    link to this | view in thread ]

  70. identicon
    Anonymous Coward, 2 Jul 2012 @ 4:57pm

    Because the Feds Said

    The is in preparation for the new NSA Spy center being built in Utah.
    The Government needs to have these type of systems in place and the Furor subsided by the time they're open for business...Just Sayin.

    link to this | view in thread ]

  71. identicon
    Anonymous Coward, 2 Jul 2012 @ 5:52pm

    Re: Re: I hate how "connected" everything is today

    ^This is the answer to a lot more than our govt. spying on us.

    The easiest way to stop this busted machine is to give up your so called comforts and stop using everything they control.

    It would only need to last for several days to a month. Then the rebuilding can take place. The system needs to die so that a better one can take its place. Death is lifes change agent.

    link to this | view in thread ]

  72. identicon
    Lawrence D'Oliveiro, 2 Jul 2012 @ 6:21pm

    Re: (...not sure they have routing capabilities).

    Routing is a standard feature of the Linux kernel. Just turn on IP forwarding, and then manage filtering with iptables.

    link to this | view in thread ]

  73. icon
    Jesse (profile), 2 Jul 2012 @ 8:59pm

    Re: Re: Re:

    Sounds like someone needs some DD-WRT.

    link to this | view in thread ]

  74. identicon
    kitsune361, 2 Jul 2012 @ 10:08pm

    Well, it's kinda an improvement.

    At least it isn't like some of their enterprise stuff, that requires $1000 service contracts to download upgrades/updates.

    It's too bad dd-wrt won't run on these new routers.

    And as far as "running apps on your router" I have a few routers w/ OpenWRT I do just that with... but they're *my* apps adding what functionality I want to my router.

    Looked up a review or two, and it seems to me that they want to do for the router what Apple and Android did for the phone with this "app" thing.

    link to this | view in thread ]

  75. icon
    WysiWyg (profile), 3 Jul 2012 @ 12:02am

    Re: Re: Re: Re:

    Funny, I don't see anything about not being able to administer your router locally or them having access to your data.

    link to this | view in thread ]

  76. icon
    WysiWyg (profile), 3 Jul 2012 @ 12:08am

    Re: Re: (...not sure they have routing capabilities).

    Because nothing bad could ever come from a beginner trying to set up their own iptables. ;-)

    link to this | view in thread ]

  77. identicon
    t., 3 Jul 2012 @ 1:01am

    cisco router update

    I just sent them a nasty email since the comments on the blog post are closed. I did notice though, they added an "opt out" option on their blog. I think the damage is done, though.

    link to this | view in thread ]

  78. identicon
    Anonymous Coward, 3 Jul 2012 @ 1:48am

    Bullshit I just threw my Cisco made router in the fucking trash. I'll never support their products again since they support the idea of killing privacy.

    Something so invasive SHOULD BE OPT IN **NOT!! OPT OUT** It will be a cold day in hell before I ever even consider buying any product connected to Cisco.

    I'm so pissed off right now :( The idea of recording data by default enrages me. The idea that a bunch of people are going to have no idea they are doing it enrages me even more.

    What can I say?..

    Fuck you Cisco! I hope you greedy communist fuckers go bankrupt.

    link to this | view in thread ]

  79. identicon
    Anonymous Coward With A Unique Writing Style, 3 Jul 2012 @ 7:45am

    Re: Re: Re: Re:

    I've had AT&T DSL for about a decade now. With a more modern 2Wire router being given to us when we cancelled then signed up for DSL services again about 6 years ago. The first router was, in my opinion, great. Minimal hassle to setup and secure. AT&T wanted to charge me $200 to have a tech come to my home and do it, I laughed and told them no thanks. Did it myself in under a minute. When it broke (about a year ago), the rep on the line was nice enough to send out a replacement for free (despite stating that AT&T's current policy, about a year ago was that a customer had to pay to replace the router and it would've been like $100-150). Since then no problems.

    Although recently, we had a random out of nowhere thunderstorm (WITH HUGE HAIL, which is rare for South Texas) and I lost service for a day. When it came back, somewhat, I couldn't connect and when I called they tried to blame me (an IT guy) for not setting it up right or doing something I shouldn't be doing and a ton of other excuses/stuff they said was my fault. I told them that since my neighborhood first got DSL service they had always been at fault for our problems. Laying the lines and then just tossing almost no dirt on them, which led to them being cut by someone's lawnmower. Burying the line in the ditch that until two years ago had no out (so when it flooded, it would fill and take out the neighborhood's service until it was drained by the city and had time to dry) and so on. I then hung up on them and reconnected my router and it worked, with a catch. Now I had to set it up from scratch (not the router but my service) and AT&T installed a ton of crapware on my laptop just to get my connection going again (all settings preserved from before). I just uninstalled it all and have been good to go since.

    Out of all the routers I've setup in my life, 2Wire has always been the easiest to setup/use. With Linksys acting up a lot, but only if used in conunction with older (pre-2Wire) AT&T DSL routers. Cisco I usually recommend as it's mostly hookup and you're set (if you run the disc, which many people forget to do). Recently I've tried out the Amped products (for work) and have been more than pleased with those, the range is insane. But they are kind of pricey (as in $120+ for pretty much all their products).

    link to this | view in thread ]

  80. identicon
    Anonymous Coward, 3 Jul 2012 @ 8:06am

    And I think I'll be sticking with Debian.

    link to this | view in thread ]

  81. icon
    A Dan (profile), 5 Jul 2012 @ 2:07pm

    Re: Re: Re: Re: Re:

    But isn't that what "Cloud" means?

    (I don't tend to trust cloud services.)

    link to this | view in thread ]

  82. icon
    R.H. (profile), 10 Oct 2012 @ 9:25pm

    Re: Re: Re: Re:

    That or Tomato. I haven't seen a new stable build of dd-wrt in a while. When I upgraded (laterally moved?) from a Linksys WRT610N to a Linksys E3000, I installed a modified build of TomatoUSB on day one after spending the previous week researching the various custom firmwares available. I may be in the minority but, I still liked Linksys' hardware but both my future purchases and my recommendations for others will probably be Netgear for a while because of this one.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.