Home » Technology » TP-Link routers under the radar for sending customer data without permission

TP-Link routers under the radar for sending customer data without permission

TP-Link routers apparently send customer data to the software vendor Avira without the user’s consent. As early as May last year, there were allegations that TP-Link was ignoring user settings in this regard. At that point, the group promised an update. Now, after criticism from a user, it has become clear that TP-Link – as it appears – is still sending user data to Avira for analysis without being prompted.

On Reddit he has Discoverers have fully described the incident He explained that his router, a TP-Link Archer AX3000, sent much of his data to the Avira “SafeThings servers”. More than 80,000 applications were made within 24 hours. “I recently activated a DNS gateway to see requests from my router and network devices. I was surprised to receive over 80,000 requests in 24 hours to an Avira “Safe Things” subdomain *.safethings.avira.com ( far more than any other server) could detect.”

SafeThings is a cloud-based threat intelligence platform that analyzes user traffic. Avira explains the SafeThings service as follows: “Avira SafeThings is a cloud-based behavioral threat intelligence platform that is connected to a service provider’s home router. It allows a connected home to be managed securely without fear of compromised IoT devices.

Service providers take advantage of comprehensive reporting management options via the SafeThings Insights and Management Center API. Consumers gain visibility and complete control over their home devices through a custom mobile app.” TP-Link has been working with Avira for several years to offer various web security solutions for products such as WiFi routers and repeaters. Called “HomeCare” or “HomeShield”, these features are designed to protect users’ connected devices from cyber-attacks and other online threats.

While Avira claims that users have full control over their devices, it shows the user on Reddit that the service is still running on its own despite not being subscribed and having all related options disabled on their device. “I have completely disabled the Avira/Home Shield services (I didn’t even subscribe to the paid service for them). The router doesn’t care and still sends all the traffic for ‘analysis'”. This behavior is not new. In May they had XDA Developers website already criticized the transmission volume in a test report on the TP-Link Deco X68. Even then it was said that the service was actually turned off in the settings.

Fix announced but delayed

When asked by XDA, TP-Link said at the time that a future update would fix the issue: “A firmware update is in the works that will disable this feature when no Avira network features are enabled in the app, but there is” Not an estimated timeline for that yet.” But so far nothing has happened. If you want to check whether your own TP-Link router exhibits such unwanted transmission behavior, you can use a DNS gateway to monitor the network traffic.


Jimmy Arthur

I am a writer/editor at Research Snipers RS-NEWS and it’s been 3 years working with the company. My specialties are technology and business.