 Ubiquiti adds phone home to the access point firmware. This was a little bit concerning when I seen this. And I started reading before I went to bed. And thank you for everyone who tagged me on Twitter in this. And other people had messaged me on this and has posted on my forums. And yes, as a advocate of a lot of Unify Ubiquiti equipment, this is a big concern. And the concern really comes down to it was not opt in. It was, you upgrade your firmware, now we collect your data. What data do they collect? Well, that's where things get a little bit fuzzy. We'll dig into that in a second. Now there's a lot of commentary on GDPR. I am not a subject matter expert on that particular topic. It's just not the realm I live in. So I will skip any of the GDPR comments because I cannot validate them one way or another. But we will talk about things I do know about which is packet tracing. Now I dug into a little bit about what data it's sending and I'm not clear, but we'll start with the official post. So UI official urgent please answer. And someone had posted this and they were tagging other Unify people here saying, hey, we wanna know what happened because our devices are contacting trace.svc.ui.com. I also thought it was weird. I don't know, I don't have an archive of this particular forum post, but apparently that one's deleted. But I'll leave links to all these other places. It's being discussed over on Hacker News and of course over here on Reddit. Now Unify, someone from Unify UI, Mike D, did reply. And his statement on this is, we have started to gather crashes and other critical events strictly for the purpose of improving our products. Any data as collected as common is completely anonymized, GDRP compliant, transmitted using end-to-end encryption and encrypted at rest. So there is no on-off switch, but there are no penalties for blocking internet access to the device, dropping traffic to this host and or blocking via DNS. If there are any questions that's related, I may suggest that you look at our end user agreement terms, service, privacy policy, readily available, treat on website. And obviously I'm not gonna read through those right now. Now, someone did say when they blocked it, they had a problem with a memory leak and the device was crashing and running out of memory and that was fixed in the 4061 firmware. So if you do block it, make sure you're on the latest firmware. So they were saying you can, they're fine with that, but this kind of makes the only way to opt out actually sync-holding the DNS of where this goes, which like I said, that's very concerning. And I'm really disappointed because I've participated in plenty of things in the Linux world where they say, hey, would you like to, and I'll use Debbie in the example, participate in our package survey. And yes, I would like to participate in package survey, that'd be great because I like to give data to companies to help out. I feel, and I could be wrong, that they do do this anonymous scene, GDBR compliant because well, the risk because they're an international company is huge. And obviously their shareholders don't really want them to put at risk. And I don't know what data they would really mine because trying to exfiltrate mass amounts of data while it could be done from an access point, I don't know. I mean, obviously they could just gather MAC addresses, gather devices and start gathering stats. I don't know if they'd really want to do that, but I did some some packet tracing so I at least get an idea of the volume of data that's being exfiltrated without our permission per se. So I'm a little disappointed and I think what he didn't doing is because as a product and someone we, you know, as someone we really like these products, we've had a lot of clients who like this because they can self host everything internal without having a bunch of random connections leaving the network. And obviously that's less true with these devices. So I will show that I have two different access points and we're going to talk about how I actually captured some data. So the one we call the air rectangle, air rectangle is a base station XG. It's running 4.0.66 firmware here. And this new, better Wi-Fi is our nano HD and it's running also 4.0.66.10832. So it's running latest firmware. Now I did some testing and rebooting on these and set up packet tracing on here. And I also created some rules and was watching and resetting these rules to show the data being collected, how many kilobytes of data. It's very small amounts of data going to this. Now how do we figure out what unified trace is? Well, it's those IP addresses. First we'll start with you do a dig, dig.trace.svc.ui.com. Here's the IP addresses. Then we go in over to pf.sense and we created an alias called unified trace. And what I did was anything that goes there, I want to know about it on my network and create a very specific log. And I want to see the states and number of kilobytes going over there. Also, I took and did full packet tracing on each one of these devices. One packet traces for the nano, one packet traces for the base station XG. We'll go over here. Here's the nano and this is a nano reboot. So the nano wakes up after a reboot and says, let me IGVMP v2, then do some arping and figures out DNS in this ping. And says, okay, here I am, I'm awake and goes back and forth. And away we go. No response found. There's a couple ICMP and then joins. Now, you don't see the joining data because I was only filtering for things leaving the building. They're on the same network. So the controller is on the same network so I did not packet trace any of that. So this is just the packet trace for what I went to. And please note, it didn't try to go to that URL, the service URL. Here, this is where it does trace.svc.ui.com. It's the first thing it does when it wakes up. So this is a full packet trace of the base station. So the nano doesn't do it, the base station does. And I don't know what the circumstances that make this occur or which models it's in yet, but I did test two separate models. And this one does go to, first thing it does is query this, goes through, does some query response, query response. And then we have some data being sent back and forth. And there's not a lot of data. So when you get to the application, part of this, the application, it doesn't send much. So not that it's in anything as I'm justifying, I'm just saying it doesn't send much. So at least, so to speak, stands up some of the statements by UnifyOfficial that there's not a lot of data being sent. It's just very specific anonymized data. So I'm not seeing it. I have a few devices connected to it. And it doesn't send that much. And it just doesn't unboot. Cause after it boots, it just goes into arping and doing its normal thing. So this was only done on boot. And as you can see, even, you know, that many kilobytes has resetting the devices. And it's only in reset they are sending. So as you can see, there's currently zero active states with that particular filter on there. So it's not like doing it consistently. It seems to do it like a restart. And maybe if you crash it, but it's still concerning cause it was not something, you know, I updated a firmware to fix whatever is on the list of firmware. What I didn't see in the list of firmware here in the 406610832 firmware was that we're going to start sending out data. So that's where the bigger problem is they had an option saying, hey, you're going to opt into this or you have to opt out and I wish it was opt in. But of course, no one would ever change the default and ever send it. So if they're collecting data, they would probably forced to be opt out, not saying it's right. I'm just saying it's probably what would happen. But I think an option to do so would be nice. Rather than the option to go, well, go sinkhole it. That's, you know, but it's not in the, that I can see in the red. I mean, someone found somewhere where Unify actually published that they were doing it before it became an outrage in the forums that would be interesting. But it's still disappointing that they're, you know, doing this. I mean, I do and would like to participate in letting Unify know that there's a problem and make better firmware. So this would be great. I'd like to tell you guys about better firmware for the device. That would be awesome. But what I can't, you know, really wrap my head around is why unannounced they would do this. And it's certainly not like they wouldn't get noticed because a lot of network engineering people use this. A lot of companies use this. And when we find something new, especially one of the wifi devices directly going out, it may trip some of our tools that we use to go, hey, new connections, where are they going? So, you know, like I said, the packet traces not every device seems to do it. I don't have a whole list of what does or what does not. And I will also comment that, you know, it does appear to be fully encrypted. So at least it's only being shared with our friends at Ubiquiti, whatever it is they're sharing over there and Unify Mike here, his statement, you know, I don't feel that they're in a variously evil company like people may want to portray over this. But, you know, hey, whatever, hopefully this in the future gets better when they don't do things like, you know, do this unannounced and maybe they'll come back on this. They've come back on other things before, you know, then they, I think they do listen to the community to an extent because they want to keep the company moving forward, listening to the community and feedback, like all of you that are participating in this post and commenting on this is probably getting attention over at Unify and hopefully make someone there go, hey, look at this. And of course, that's the pitch they have to the shareholders that said, hey, why don't you gather some stats and they're going, hey, guess what? It may make us sell us products and guess what shareholders are make less money. And a shareholder goes, oh, okay, you know, I guess we have to listen to you guys because, you know, we like the one the product sells because that's how we make money. I don't know how this will play out. I just want to bring attention to it right now. And like I said, I don't know. I'm going to go with the assumption because there's such a big company that they are doing things to your compliance. But then again, Chief Parish is super fuzzy. It's such a new law that it's going to be fuzzy to sort all that out. And I don't have, like I said, the qualifications or the legal background to really comment on the GDPR implementation of this, whether or not they're compliant or not. But I am concerned when a company in general, the bigger picture thing is them deciding to add to the firmware that it contacts and sends some type of data out about crash reports. Would be nice. Like I said, wouldn't mind sending it if you ask me. But when you don't ask me, I just get a little concerned here about it. So those are my thoughts and thanks. And once again, thanks for having to brought this up. It's something I'm going to keep an eye on and be able to update a video if this changes. All right, thanks. And thank you for making it to the end of the video. If you liked this video, please give it a thumbs up. If you'd like to see more content from the channel, hit the subscribe button and hit the bell icon if you'd like YouTube to notify you when new videos come out. If you'd like to hire us, head over to laurancesystems.com fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on. If you want to carry on the discussion, head over to forums.laurancesystems.com where we can carry on the discussion about this video, other videos or other tech topics in general, even suggestions for new videos that are accepted right there on our forums, which are free. Also, if you'd like to help the channel in other ways, head over to our affiliate page. We have a lot of great tech offers for you. And once again, thanks for watching and see you next time.