ASUS and TrendMicro Data Collection

I can’t even begin to tell you how many times I’ve gotten into a conversation about privacy, only to have the other person say “I have nothing to hide, so let them spy on me.” I don’t even bother arguing with them anymore, and usually just smile and nod as if I’m agreeing with them so they will just stop talking.

If you are one of those people, don’t bother reading this web page. There is nothing here for you. For those that do care, and know that way too much information is being collected from us by governments and tech giants, then stick around.

Here’s the straw that broke the proverbial camel’s back for me …

A few years ago, I bought an ASUS RT-AC1900P because it had what I perceived to be some pretty good web surfing protection. ASUS had teamed up with Trend Micro to provide content filtering, quality of services, and a few other cool features for a cheap price. It was very easy to set up as well. I loved the QoS capabilities, parental controls and being able to schedule downtime for internet connected devices (kids).

All was fine until I downloaded the newest firmware and installed it. After a reboot, I had to re-enable the content filtering and was prompted by an end user license agreement to which I had to accept, otherwise the functionality would be turned back off. After reading the first few sentences within the agreement, I was shocked. It talked about how they were openly collecting my data and sending it back to their servers for analysis. They were also sharing it with 3rd Party organizations. So, I did some additional searching on the internet and found the full user license agreement. You too can read it here: TrendMicro.

I’ll give them credit for not trying to disguise what they are doing with legalese, but I’m shocked anyone would agree to this. This is a cut-and-paste from their own website:

You provide the following types of information and personal data when you use and 
interact with our products and services, including customer support. The specific 
information and personal data that you provide will depend on the particular product 
or services used. Providing these types of information and personal data enables you 
to participate, share and leverage Trend Micro’s global database of threat related 
intelligence to rapidly identify and defend against potential threats within your 
unique network environment, as described in more detail below as well as enabling 
us to provide support that you request.

    (1) Product information, such as MAC address, device ID
    (2) Public IP address of the user’s gateway to the Internet
    (3) Mobile/PC environment
    (4) Metadata from suspicious executable files
    (5) URLs, Domains and IP addresses of websites visited
    (6) Metadata of client/device managed by gateway product
    (7) Application behaviors
    (8) Customer behavior
    (9) Information from suspicious e-mail, including sender and receiver 
    email address, and attachments
    10) Detected malicious file information
    11) Detected malicious network connection information
    12) Debug Logs
    13) Network Architecture/Topology
    14) Screen capture of errors


In essence, they can capture whatever they want off any of your devices, whenever they want.

I shut down all the services I had grown to love and never turned them back on. But then I got to wondering, are they still collecting data, or not? I performed a packet capture and there is still traffic going out to Trend Micro. I’m not sure if it’s query for firmware updates or still passing data. More testing needs to be done, but it is most certainly phoning home for something.

This ultimately led me on a journey to install the opensource and free firewall, IDS and IPS product called pfSense, along with the pfBlockerNG, DNS Blocker (DNSBL), and Suricata packages on an old computer I had lying around.

Here are the DNS entries for DNSBL (i.e.; these appear to be the addresses collecting your data at trend micro):

You wouldn’t believe how much of your private information is being transmitted back to Microsoft, Apple, Sumsung, advertising companies, Trend Micro, etc. You thought you secured Windows 10 by modifying the security options within Settings? Think again. Windows is still transmitting back to Microsoft a ton of information about what you do, visit, type, say and if you have a camera … see.

And that’s just scratching the surface.