Cisco Pushing 'Cloud Connect' Router Firmware, Allows Web History Tracking 351
Myrv writes "Reports have started popping up that Cisco is pushing out and automatically (without permission) installing their new Cloud Connect firmware on consumer routers. The new firmware removes the user's ability to login and administer the router locally. You now must configure the router using Cisco's Cloud connect service. If that wasn't bad enough, the fine print for this new service allows Cisco to track your complete internet history. Currently, it appears the only way to disable the Cloud Connect service is to unplug your router from the internet."
Re:Upgrade Instructions for Cisco Clients (Score:5, Informative)
FU No Thanks (Score:5, Informative)
http://www.cisco.com/web/siteassets/legal/connect_cloud_supp.html [cisco.com]
I especially like how they get to keep your Internet history. Why do you think this is a good idea Cisco?
Your new Cloud Connect contract ...When you use the Service, we may keep track of certain information related to your use of the Service, including but not limited to the status and health of your network and networked products; which apps relating to the Service you are using; which features you are using within the Service infrastructure; network traffic (e.g., megabytes per hour); Internet history; how frequently you encounter errors on the Service system and other related information ("Other Information"). We use this Other Information to help us quickly and efficiently respond to inquiries and requests, and to enhance or administer our overall Service for our customers. We may also use this Other Information for traffic analysis (for example, determining when the most customers are using the Service) and to determine which features within the Service are most or least effective or useful to you. In addition, we may periodically transmit system information to our servers in order to optimize your overall experience with the Service. We may share aggregated and anonymous user experience information with service providers, contractors or other third parties to assist us with improving the Service and user experience, but any shared information will be consistent with Cisco's overall Privacy Statement and will not identify you personally in any way....
It's not that hard. (Score:4, Informative)
Buy your router from this enormous list which covers a huge range of budgets:
http://wiki.openwrt.org/toh/start [openwrt.org]
Re-Flash it and be done with these folk. This newer firmware is much friendlier than the original OpenWrt you may have tried years back, and if you don't like what it's doing, you get a command prompt and make it do exactly what you want.
Re:Upgrade Instructions for Cisco Clients (Score:3, Informative)
Not supported (yet). Last time I checked, the original Tomato has not produced any further updates or additional supported routers. It's really about TomatoUSB (which is also somewhat outdated) and all the forks (Vics-a-geek, Shibby, Openlinksys, etc) that came from that tree. I've been running those firmware almost immediately out of the box as soon as the router model was supported.
Re:Something missing (Score:5, Informative)
As the summary mentions, if you disconnect from the Internet then you can log in locally. However, it looks like most settings are disabled when logging in this way - you presumably have just enough control to get it to reconnect to the Overlords.
Clarifications and Confirmations (Score:5, Informative)
* The Cloud firmware is ONLY for EA2700, EA3500, E4200v2 (not v1) and EA4500 routers. Older routers (E4200v1 or older) will not see this update. These routers shipped with information explaining that Cloud would be released this summer and update to the Cloud firmware when it was released.
* You can prevent this update by turning off "Automatic Updates" in your router. However if you didn't already do this then YES ... disconnect from the Internet before you do anything else. Then go in and turn off the Automatic Updates. Then you can reconnect. Warning: If you've already been upgraded it currently isn't possible to downgrade to the older firmware.
* If you have updated ... you CAN do -some- local router configuration without having internet access. Just go to http://routers/ [routers] LAN IP address]/ while it is disconnected and you will be prompted for the router's local password (usually this will mirror your WiFi password). You will be limited to editing the network settings (LAN, WiFi, etc) and security settings (router password, VPN, firewall, DMZ). Parental controls, Guest Access QoS and USB storage won't be accessible until you are able to log in while the router is online (you'll use your CiscoConnectCloud.com login at this point).
NOTE: If you have an EA2700, EA3500 or EA4500 that shipped with the OLDER firmware (every router out there so far, the new firmware shouldn't appear in new routers for a couple more weeks) and have not set it up yet and WANT the older firmware ... do NOT use the CD setup. Configure it using the traditional web UI while NOT connected to the Internet and turn off Automatic Updates. Again ... this is only for people who do NOT want the Cloud firmware capabilities.
* Just an FYI ... the Cisco Connect Cloud concept allows people to manage and view their home network from anywhere on the internet so long as their router has a connection to the internet. Mobile apps allow your phone to control your home network (manage guest settings, see who is online right now, etc). Additionally it enables a plugin mobile application architecture that our partners can leverage to allow remotely managed network applications. It is an entirely new direction and yes ... it has some kinks ... the biggest ones being forcing this on the user and then limiting their ability to manage their device without it being on the internet. ...
So ... I anticipate a flood of groans about all of this, and I don't disagree with a fair amount of them. Let me make some things clear:
a) Yes, I work for Cisco Linksys.
b) No, I am not speaking directly for Cisco in this post nor am I posting on their behalf (I just wanted to get some quick assistance out there to the people who read this).
c) No, I do not work for the groups (PM, Engineering) that made the decisions to do this update automatically, to not allow you to downgrade, and to not allow you access to your full configuration capability while the router is offline. Which means I can try and funnel your feedback to those groups but I can not force anyone to implement any of it.
d) While I don't like the situations mentioned above in item "c)" ... I -do- like the CiscoConnectCloud.com concept and feel that Cisco will improve it significantly over time.
e) I completely ... 100% ... recognize that the /. audience most likely prefers things like DD-WRT, Tomato, etc (though some will really like the mobile Cloud concept, I do, and I've been around the block a few times at this point). Cisco Linksys is definitely moving more towards the average consumer market instead of the tech adopter market with these products.
f) We do still sell non-Cloud routers, like the E900, E1200 and E2500
Re:Upgrade Instructions for Cisco Clients (Score:5, Informative)
The option to install firmware yourself is greyed out on routers after the "upgrade". I have read that if you call Cisco and complain they will allow you to roll back to a previous firmware (without Cloud Connect) at which point you can manually upgrade to non-Cisco firmware.
Cisco/Linksys weren't that good anyway (Score:5, Informative)
Cisco had limited what Linksys routers could do as to discourage corporate sales.
There are many better choices than Linksys these days.
The N900 is pretty nice, along with dozens. They're cheap (you can get decent non-cisco routers for $30 on sale)
Just use something else.
Re:Upgrade Instructions for Cisco Clients (Score:5, Informative)
At least 3 of the routers affected (EA3500, EA4500, E4200v2) are using Marvell chipsets. Not sure about the EA2700. Which means that, unless someone decides to add chipset support, DD-WRT doesn't run on these routers.
Re:FU No Thanks (Score:5, Informative)
Dont forget section 4 of the Terms of Sevice!
4. Your Responsibilities as a Cisco Connect Cloud User
You are responsible for any data that is sent or received by you and/or any other party in connection with your access to and/or use of the Service used in connection with your account. You agree that Cisco will not be liable to you or any others for any loss or damages due to your use of the Service.
As a condition of your use of the Service, you agree that your use of the Service in accordance with the terms and conditions of this Agreement is permitted under and will comply with the applicable laws of the country where you use the Service. You agree not to use or permit the use of the Service: (i) to invade another's privacy; (ii) for obscene, pornographic, or offensive purposes; (iii) to infringe another's rights, including but not limited to any intellectual property rights; (iv) to upload, email or otherwise transmit or make available any unsolicited or unauthorized advertising, promotional materials, spam, junk mail or any other form of solicitation; (v) to transmit or otherwise make available any code or virus, or perform any activity, that could harm or interfere with any device, software, network or service (including this Service); or (vi) to violate, or encourage any conduct that would violate any applicable law or regulation or give rise to civil or criminal liability.
While we are not responsible for any content or data that you choose to access or otherwise use in connection with the Service, we reserve the right to take such action as we (i) deem necessary or (ii) are otherwise required to take by a third party or court of competent jurisdiction, in each case in relation to your access or use or misuse of such content or data. Such action may include, without limitation, discontinuing your use of the Service immediately without prior notice to you, and without refund or compensation to you.
You will indemnify and hold us and Cisco Systems Inc. and its affiliates harmless against any claims, losses or damages arising from any threatened, repudiatory or actual breach by you of the covenants set out in this Section.
As part of the Service, You will be required to create a password that will enable You to use the Service. Your email address and password will be used to validate Your identity in order to access the Service. When You choose a password, choose a unique combination of letters and numbers unrelated to Your or someone else’s identity or to any information that is publicly available or that may be needed by us to provide the Service to You or to others. If you share information related to the Service with others or allow others to access the Service using Your email address and password, you have no expectation of privacy or confidentiality in the personal information you may intentionally or unintentionally disclose. Therefore, please avoid giving access to these materials to others. You agree to notify Cisco immediately of any unauthorized use of your account or password, or any other breach of security.
Re:Carriers? (Score:5, Informative)
This only affects a very small number (4) of the Linksys consumer routers and only the ones currently on the shelves. Not big Cisco routers, not Cisco SPVTG routers, not Cisco SMB routers and not even all Linksys routers.
Re:Clarifications and Confirmations (Score:5, Informative)
Re:Upgrade Instructions for Cisco Clients (Score:5, Informative)
Re:Clarifications and Confirmations (Score:5, Informative)
The information on effected models is incomplete.
My e1000 and e3000 (not listed as Cloud Connect compatible) will no longer allow direct connection and configuration while connected to the internet. They will not accept a connection from the LAN if there is a live cable on the WAN port.
Re:Upgrade Instructions for STUPID OWNERS (Score:5, Informative)
Well, when I read this story I immediately logged into my router, and fortunately was not unexpectedly greeted by their cloud. It's still reporting the same firmware version that I last upgraded to. So you should also have no worries.
Re:Upgrade Instructions for STUPID OWNERS (Score:2, Informative)
Reread it. I said "ANYONE HERE". That means slashdot readers who don't check their own security settings should be ashamed, not "normal people".
Verizon has been doing it for ages. (Score:5, Informative)
Re:Upgrade Instructions for Cisco Clients (Score:4, Informative)
Yup. Currently running Shibby's latest (095) All-In-One build on my Cisco E4200v1. It's a good N router and Shibby's firmware is super stable with support for IPv6, USB & VPN among other things.
Check it out:
http://tomato.groov.pl/ [groov.pl]
SMOOTHWALL EXPRESS (Score:2, Informative)
Um, why are you guys screwing around with consumer grade crap anyway?
Take an old PC (Can even be a micro PC, provided it has more than one NIC) Put 2 NICs in it and install Smoothwall Express [smoothwall.org] onto it.
Since Smoothwall is a Linux-based open source operating system, the old PC will become a nice, easy to configure, open source firewall/router alternative system, and easily more powerful than the standard SOHO crap that Cisco is slinging.
I've been running it for 10 years (with regular OS upgrades) on an old gateway 450mhz Pentium 2 PC. It's a trusty old warhorse that keeps on cranking and is WAY overpowered for the job. (Smoothwall will run on a 486DX. I know, I've done it.)
How many crappy SOHO routers have YOU gone through in that time?
Re:SMOOTHWALL EXPRESS (Score:4, Informative)
I would imagine.
Less privacy and control too. So which would you rather have, a slightly lower electric bill, or control of your internet history?
Savings or freedom. Your choice.