Connecting to n-devs-smb.tplinkcloud.com AND n-deventry-smb.tplinkcloud.com - UNACCEPTABLE
My OPNSense FW is blocking connection back to
n-devs-smb.tplinkcloud.com
n-deventry-smb.tplinkcloud.com
This is unacceptable to have this calling home and it looks like using smb across the internet, clearly unsafe and since I don not use cloud based is a breach in GDPR since I have not authorised said software from connecting to these domains. Also looks like developer entry points!!
Please advise that this will be taken out on the next firmware upgrade or of required, then only those whom choose to use cloud based solution\updates and so forth.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi All,
The following EAP firmware version released last week (on June 9, 2022) have added support to disable cloud-connection behavior.
EAP245_V3_5.0.6 Build 20220429
EAP225_V3_5.0.9 Build 20220429
EAP225-Outdoor_V1_5.0.9 Build 20220429
EAP265HD_V1_5.0.6_Build 20220429
More new firmware will be released afterwards, stay tuned for updates.
Note:
1. The button to disable cloud-connection behavior is added on Omada Controller v5.3.1 and on Standalone GUI.
2. The OC200/OC300 with controller v5.3.1 is delayed due to a major bug (it's not existed in the software controller v5.3.1), will be released soon once the bug it's fixed. Please wait patiently. Thank you for your great patience and understanding.
Update:
The OC200/OC300 with Controller v5.3.1 has been released on July 25, 2022. Please check for an update.
BTW, this topic post will be actively updated to notify the latest firmware release for Omada Controller, welcome to subscribe!
- Copy Link
- Report Inappropriate Content
Hello @Skavoovie
- For Omada Controller v5.7 or earlier version:
Please go to Settings > Controller, find Allow Data Collection at the very bottom and toggle it off, then Save.
In addition, with Controller / Devices Update Notification or Upgrade Schedule enabled, the controller will query the cloud for controller / device firmware updates. If you don't want your controller/device to query the cloud, please go to Maintenance and Services separately to verify they are not enabled.
- For Omada Controller v5.8 and later version:
In Global View, go to Settings > Controller Settings to disable Controller / Devices Update Notification at User Interface, and find Allow Data Collection at the very bottom and toggle it off, then Save.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Fae FYI
- Copy Link
- Report Inappropriate Content
Dear @Pugs,
Pugs wrote
My OPNSense FW is blocking connection back to
n-devs-smb.tplinkcloud.com
n-deventry-smb.tplinkcloud.com
This is unacceptable to have this calling home and it looks like using smb across the internet, clearly unsafe and since I don not use cloud based is a breach in GDPR since I have not authorised said software from connecting to these domains. Also looks like developer entry points!!
I'd like to clarify that the "smb" in the URLs above refers to "Small and Medium Business", which doesn't refer to the SMB protocol for file sharing. If you are worrying that the Omada devices are sending private files to the above URLs, please take it easy, this will never happen.
In fact, the URLs above are subdomain names of Omada Cloud Portal, and Omada devices connecting these URLs is ONLY used for Omada Cloud-based Controller to discovery Omada devices, which is not malicious connection nor with the intent to invade privacy.
- Copy Link
- Report Inappropriate Content
Why should i 'take it easy' when these sites are connecting unauthorized back to HQ? I don't use your cloud services on the grounds of the many breaches that have taken place globally and is clearly an entry point into ones network. Now, there have been 500 attempts in the last 24 hrs to connect back.
If people want to use cloud services, thats their choice, not mine and therefore I (and many others) should have the option to completely opt out, esp when we don't use TP-LINK online cloud services AND when I purchased these items there was no mention on signing up to 'phone home' products!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
tagging along. I'm also a bit annoyed by the fact I need to have cloud acces enabled to do a mere efficient way to update my various devices.
There is no destinction about what the could access entails. imho cloud access could benefit from certain toggles so user can control and manage their network like they see fit and then Pugs can also go on with his life :)
-opt in : FW update checks only (nothing further is pulled the TP link account is only used to pull/push the bare minimum)
-opt in : Discovery (I don't know what discovery means with your wording ) * but until today I never used the TP could portal I only used the toggle on my controller and my hardware controller 'existed' there with some data.
-opt in ; This controller can recieve configuration/executed activities from TP cloud services , the full shebang cloud enabledness.
this opt ins should NOT be configurable by option 2&3 except my local configuration, so when you would enter the cloud credentials locally you would set this
so like I said I never logged onto the cloud portal site until just now. I did however toggled cloud access because updating FW manually became tiresome , and international and localize tp links sides differences made this even more difficult.
today I for the first time connected to the TP cloud services and I could see my off line controller with the following data
HOST | Type | MAC ADDRESS | STATUS | SITES | DEVICES | CLIENTS | ALERTS | VERSION | FIRMWARE |
---|
Anyway Pugs claim of GDPR , GDPR is not about calling back to domains. Its about what happens with personal data and if the person is are aware about what happens with the data. and if you can control it etc...
https://gdpr-info.eu/issues/personal-data/
I just tried that , then you enable the cloud access at controller side , you just reload the TP cloud site and bam , redirecting and bam , I can control my controller. so there is a certain GDPR ness the moment you use the account on the controller side.
Anyway I immedaitely toggled the switch to off again and pressed 'forget on TP cloud and my controller was gone again <= I'm Happy I geuss it will remain like that until I toggle my controller sided toggle again , I guess I will sadly do the slow and painfull manaul updates)
but to indulge Pugs , why can't I only choose the option to not 'phone home' and forego the option of discovery and control ?
Why can't there be an option for FW retrieval without extra data above,
so again a FW check only option without discovery would be very nice.
- Copy Link
- Report Inappropriate Content
@mehmeh Thing is, couple of firmware revisions earlier this wasn't happening, They have embedded this since, say 6 months ago. Before that, I believe it worked perfectly anyway. The 'dev' entry points is just that, otherwise why name it that way! They seem to be, being a bit quiet on this.
It also happened couple of years ago where myself and a guy who used to frequent here, found the software connecting back to a domain that clearly the devs had left in!!!
2 out of the top 3 blocks in the last 24 hrs, TP-LINK why? GDPR or not it's unacceptable for those whom do not use these features nor want their devices potentially being compromised via a online backdoor
- Copy Link
- Report Inappropriate Content
@mehmeh By the way, prior to the big firmware upgrades, we could all update through the software WITHOUT a cloud account, just as you have asked for in the last 2 paragraphs.
Personally, I think people nowadays are too indisposed/strong disinclination about software phoning home and possibly insecure back doors back into your network. Just taking a look at what my firewall is blocking right now (100s of blacklists and top 30 day rolling attackers) backs it all up and what ports are they using to make a connection?
So yeah I like to give a little of my life pointing it out and thats why I use open source, ad blockers, FW rules, CalyxOS and try to have nowt to do with Google and so forth etc wherever possible.
- Copy Link
- Report Inappropriate Content
to clarify I'm on your side. I just I found your statement call back is GDPR entry point a bit strong.
I just tried to provide context
I do agree , there should be options to handle this better
that's why I proposed levels of opt in
completely disable the callback , its indeed worrying that if cloud access is disabled they call back
minimum for FW upgrade version only ,
should be distinguishable from 'full could access' , which clearly can't be done now.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 4
Views: 8530
Replies: 50