@Fae FYI 

@Fae 

Why should i 'take it easy' when these sites are connecting unauthorized back to HQ? I don't use your cloud services on the grounds of the many breaches that have taken place globally and is clearly an entry point into ones network. Now, there have been 500 attempts in the last 24 hrs to connect back. 

If people want to use cloud services, thats their choice, not mine and therefore I (and many others) should have the option to completely opt out, esp when we don't use TP-LINK online cloud services AND when I purchased these items there was no mention on signing up to 'phone home' products!

@Fae 

Bumpty bump bump ^

tagging along.   I'm also a bit annoyed by the fact I need to have cloud acces enabled to do a mere efficient way to update my various devices. 

There is no destinction about what the could access entails.     imho cloud access could benefit from certain toggles so user can control and manage their network like they see fit and then Pugs can also go on with his life :)

-opt in :  FW update checks only   (nothing further is pulled the TP link account is only used to pull/push the bare minimum) 

-opt in :  Discovery  (I don't know what discovery means with your wording ) *  but until today I never used the TP could portal I only used the toggle on my controller and my hardware controller 'existed' there with some data. 

-opt in ;  This controller can recieve configuration/executed activities from TP cloud services  , the full shebang cloud enabledness. 

this opt ins  should NOT be configurable by option 2&3  except my local configuration,  so when you would enter the cloud credentials locally you would set this

so like I said I never logged onto the cloud portal site until just now. I did however toggled cloud access because updating FW manually became tiresome , and international and localize tp links sides differences made this even more difficult. 

today I for the first time connected to the TP cloud services and I could see my off line controller with the following data 

Anyway Pugs claim of GDPR ,  GDPR is not about calling back to domains.  Its about what happens with personal data and if the person is are aware about what happens with the data.  and if you can control it  etc... 

https://gdpr-info.eu/issues/personal-data/ 

I just tried that , then you enable the cloud access at controller side ,  you just reload the TP cloud site and bam ,    redirecting and bam , I can control my controller.    so there is a certain GDPR ness the moment you use the account on the controller side. 

Anyway I immedaitely toggled the switch to off again and pressed 'forget on TP cloud and my controller was gone again <= I'm Happy I geuss it will remain like that until I toggle my controller sided toggle again ,   I guess I will sadly do the slow and painfull manaul  updates) 

but to indulge Pugs ,  why can't I only choose the option to not 'phone home' and forego the option of discovery and control ? 

Why can't there be an option for FW retrieval without extra data above,   

so again a FW check only option without discovery would be very nice. 

@mehmeh Thing is, couple of firmware revisions earlier this wasn't happening, They have embedded this since, say 6 months ago. Before that, I believe it worked perfectly anyway. The 'dev' entry points is just that, otherwise why name it that way! They seem to be, being a bit quiet on this.

It also happened couple of years ago where myself and a guy who used to frequent here, found the software connecting back to a domain that clearly the devs had left in!!!

2 out of the top 3 blocks in the last 24 hrs, TP-LINK why? GDPR or not it's unacceptable for those whom do not use these features nor want their devices potentially being compromised via a online backdoor

@mehmeh By the way, prior to the big firmware upgrades, we could all update through the software WITHOUT a cloud account, just as you have asked for in the last 2 paragraphs.

Personally, I think people nowadays are too indisposed/strong disinclination about software phoning home and possibly insecure back doors back into your network. Just taking a look at what my firewall is blocking right now (100s of blacklists and top 30 day rolling attackers) backs it all up and what ports are they using to make a connection?

So yeah I like to give a little of my life pointing it out and thats why I use open source, ad blockers, FW rules, CalyxOS and try to have nowt to do with Google and so forth etc wherever possible.

@Pugs 

to clarify I'm on your side.   I just I found your statement call back is GDPR entry point a bit strong.

I just tried to provide context 

I do agree , there should be options to handle this better 

that's why I proposed levels of opt in 

completely disable the callback , its indeed worrying that if cloud access is disabled they call back 

minimum for FW upgrade version only ,

should be distinguishable from 'full could access' , which clearly can't be done now.