On-Prem

Networks

You spoke, we didn't listen: Ubiquiti says UniFi routers will beam performance data back to mothership automatically

And good luck opting out of that one


Ubiquiti Networks is once again under fire for rewriting its telemetry policy after previously changing how its UniFi routers collect data without telling anyone.

These latest changes are mentioned in a new help document on the US manufacturer's website. The documentation differentiates between "personal data", which includes everything that identifies a specific individual, and "other data", which is everything else.

The page states that while users can continue to eschew having their "personal data" collected, their "other data" – anonymous performance and crash information – will be "automatically reported".

This is a shift from Ubiquiti's last statement on data collection three months ago, which promised an opt-out button for all data collection in upcoming versions of its firmware.

A Ubiquiti representative confirmed in a forum post that the new changes will come into effect in firmware version 4.1 and onward, which isn't officially out yet, and that users can stop "other data" being automatically collected by manually editing a config file.

So, in short, you'll be able to choose whether you want to send personal info, but you'll have to edit a configuration file to prevent other data being sent. Which isn't quite the same as an opt-out-of-everything button, which is why folks are so upset.

70% of Windows 10 users are totally happy with our big telemetry slurp, beams Microsoft

READ MORE

"Yes, it should be updated when we go to public release, it's on our radar," the Ubiquiti forum rep wrote, and by it, they mean the wording in the software's user interface controlling the device's analytics. "But I can't guarantee it will be updated in time."

The drama unfolded when netizens grabbed their pitchforks and headed for the company's forums to air their grievances. "Come on UBNT," said user leonardogyn. "PLEASE do not insist on making it hard (or impossible) to fully and easily disable sending of Analytics data. I understand it's a great tool for you, but PLEASE consider that's [sic] ultimately us, the users, that *must* have the option to choose to participate on it."

The same user also pointed out that, even when the "Analytics" opt-out button is selected in the 5.13.9 beta controller software, Ubiquiti is still collecting some data. The person called the opt-out option "a misleading one, not to say a complete lie".

Other users were similarly outraged. "This was pretty much the straw that broke the camel's back, to be honest," said elcid89. "I only use Unifi here at the house, but between the ongoing development instability, frenetic product range, and lack of responsiveness from staff, I've been considering junking it for a while now. This made the decision for me – switching over to Cisco."

One user said that the firmware was still sending their data to two addresses even after they modified the config file.

Ubiquiti did not respond to The Register's requests for comments or clarification. ®

Send us news
59 Comments
Get our Weekly newsletter

UK Home Office tenders £5m for a supplier to help it greenlight IT projects. Yes, you read that correctly

Procurement raises questions over supplier creating its own sales pipeline within govt

The UK's Home Office is tendering to recruit a supplier to help manage the selection of its IT projects, leading to concerns over conflict of interest.

The notice published in the public sector Digital Marketplace is seeking a company to help deliver and operate the "discovery-as-a-service" capability for the "Innovation - Law Enforcement" (I-LE) function within the Police and Public Protection Technology Portfolio (PPPT), with a £5m contract on the table.

The snappy moniker – DaaS – alludes to the discovery phase in the UK government's IT project service manual. Discovery, it says, means learning about users and what they're trying to achieve; constraints the project faces in making changes to how the service is run because, for example, of technology or legislation; and the underlying policy intent the project is set to address and so on.

Continue reading

Brit authorities could legally do an FBI and scrub malware from compromised boxen without your knowledge

Would move for The Greater Good™ actually be good, though?

Comment UK authorities could lawfully copy the FBI and forcibly remove web shells from compromised Microsoft Exchange server deployments – but some members of the British infosec industry are remarkably quiet about whether this would be a good thing.

In the middle of last week the American authorities made waves after deleting web shells from Exchange Server deployments compromised in the Hafnium attacks. The agency had gone to the US federal courts for permission, which it received.

The entire infosec world had been bellowing at IT admins to update and mitigate the vulns, which were being exploited by skilled and malicious people who found the remote-code-execution bug. Nonetheless, some laggards still hadn't bothered – and with compromised boxen providing a useful base for criminals to launch further attacks from, evidently the FBI felt the wider risk was too great not to step in.

Continue reading

Truth and consequences for enterprise AI as EU know who goes legal: GDPR of everything from chatbots to machine learning

Regulations On A European Approach For Artificial Intelligence

One of the Brexit bonuses we’ve been enjoying since January 1st is that we have abandoned our influence within the world’s regulatory superpower.

America and China may have industrial and military dominance, but by placing a decent proportion of global economic activity under the world’s strongest regulatory regime, the EU forces the pace for everyone else. GDPR commands respect around the world.

So when the draft "Regulation On A European Approach For Artificial Intelligence" leaked earlier this week, it made quite the splash - and not just because it’s the size of a novella. It goes to town on AI just as fiercely as GDPR did on data, proposing chains of responsibility, defining "high risk AI" that gets the full force of the regs, proposing multi-million euro fines for non-compliance, and defining a whole set of harmful behaviours and limits to what AI can do with individuals and in general.

Continue reading

Debian devs decide best response to Richard Stallman controversy is … nothing

Two-week vote dismissed options to back or sack controversial FOSS figure

The Debian developer community has decided to say nothing about the new controversy surrounding Richard Stallman relection to the board at the Free Software Foundation.

The decision to say nothing came after a call for the project to support an open letter that called for Stallman’s removal from all leadership positions in the free software community and the removal of the entire Free Software Foundation for enabling Stallman.

Stallman resigned from the Foundation in 2019 after making incredibly insensitive remarks, in which he questioned whether the term “sexual assault” was applicable in the case of a woman who, aged 17, was coerced to have sex with MIT professor Marvin Minksy.

Continue reading

You want a reboot? I'll give you a reboot! Happy now?

Two windows, one tetchy techie – what could possibly go wrong?

Who, me? Today's tale from The Register's Who, Me? files is a reminder that a momentary loss of focus is all that is required to trigger a potentially catastrophic error.

Our contributor, Regomised as "Sam", regaled us with a story from a mere five years ago when he was still a fresh-faced worker doing time as second-line support at the service desk of a large motorcycle broker.

He had been called into the office on a Sunday to deal with a problem with the systems. "My boss," he said, with a less than fresh-faced weariness, "was nagging me about something another colleague did (as she saw everything as my fault) and she wanted me to restart a training server of the main brokerage platform because the restore had failed."

Continue reading

Adobe co-founder and PostScript co-creator Charles Geschke passes, aged 81

Mathematician and massive figure in digital publishing lives on in every PDF

Charles Geschke, co-founder of Adobe and co-creator of PostScript - and a reason this story is visually appealing - died Friday, April 16, at the age of 81.

Adobe CEO Shantanu Narayan sent an announcement of Geschke’s passing to staff that included this tribute from his collaborator of five decades, John Warnock:

Continue reading

Pakistan cut off Facebook, Twitter, WhatsApp, and Telegram – for just four hours

To stop protests by far-right party that wants France’s ambassador expelled

Pakistan shut down several social networks within its borders on Friday but lifted the ban after around four hours.

The nation’s Telecommunication Authority announced the ban, effective immediately, with the following explanation:

Continue reading

India appoints ‘IP Guru’ to push nation towards IPv6

Three-pronged adoption drive includes cut-price courseware

India has launched a national IPv6 drive.

A joint initiative of the nation’s Ministry of Electronics & Information Technology and Ministry of Department of Telecommunications, the effort will be run out of the National Internet Exchange of India (NIXI) and aims to educate locals about the benefits of IPv6.

An IPv6 Expert Panel – branded “IP Guru” – has been appointed, with a remit to “extend support to all the Indian entities who are finding it technically challenging to migrate and adopt IPv6.” The Panel has been tasked with “identifying & hiring [an] agency that will help end customer by providing necessary technical support to adopt IPv6.”

Continue reading

Linus Torvalds reluctantly issues one more release candidate for Linux kernel 5.12

We gotta do this again? Really? Oh, alright then. But this eight release candidates thing is not great

Linux kernel development boss Linus Torvalds has reluctantly issued an eighth release candidate for version 5.12 of the FOSS OS.

“Ok, so it's been _fairly_ calm this past week, but it hasn't been the kind of dead calm I would have taken to mean "no rc8 necessary,” Torvalds wrote in his customary Sunday afternoon (US time) update on the state of kernel development.

“So here we are, with an extra rc to make sure things are all settled down. It's not _that_ rare: this is the fifth time in the 5.x series we've ended up with an rc8, but I have to admit that I prefer it when a release doesn't end up needing that extra week,” he added.

Continue reading

Seeing a robot dog tagging along with NYPD officers after an arrest stuns New Yorkers

Plus: 'First civil lawsuit' against police for incorrect facial recognition match in wrongful collaring, and more

In brief Bystanders in New York City were stunned this week when cops left a public housing complex with a handcuffed man and a robot law enforcement dog trotting after them.

The four-legged machine – shown below – was built by Boston Dynamics, and has been dispatched to crime scenes across the American metropolis since October, according to Gothamist.

Continue reading

Google's FLoC flies into headwinds as internet ad industry braces for instability

Reinventing web advertising tech at a time of heightened privacy concern proves difficult

Analysis With Google testing its FLoC ad technology in preparation for the planned elimination of third-party cookies next year, uncertainty about potential problems and growing legal support for privacy is shaking up the digital ad industry.

The move away from third-party cookies will have significant financial impact on the ad industry, and the internet ecosystem that depends on advertising – assuming you accept studies that credit third-party cookies with meaningful [PDF] rather than minimal [PDF] revenue.

"Our analysis suggests that the publishing industry will have to replace up to $10 billion in ad revenue with a combination of first-party data gathered through a combination of paywalls and required registrations, and updated contextual targeting and probabilistic audience modeling (analytics that incorporate an array of unknown elements)," said consultancy McKinsey in a recent report.

Continue reading