Privacy

33268 readers

921 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Security and privacy concerns with Ubiquiti devices (lemmy.dbzer0.com)

submitted 22 hours ago by Trincapinones@lemmy.dbzer0.com to c/privacy@lemmy.ml

7 comments fedilink hide all child comments

I've been looking to improve the home network in my home lab. It seems that Ubiquiti has everything I could want in their various products.

However, it seems too good to be true. How much snooping does the router/firewall/APs do on my traffic? If you have a similar case, what has been your experience with Ubiquiti?

top 7 comments

sorted by: hot top controversial new old

[–] greyfox@lemmy.world 4 points 14 hours ago (1 children)

All of the "snooping" is self contained. You run the network controller either locally on a PC, or on one of their dedicated pieces of hardware (dream machine/cloud key).

All of the devices connect directly to your network controller, no cloud connections. You can have devices outside of your network connected to your network controller (layer 3 adoption), but that requires port forwarding so again it is a direct connection to you.

You can enable cloud access to your network controller's admin interface which appears to be some sort of reverse tunnel (no port forwarding needed), but it is not required. It does come in handy though.

As far as what "snooping" there is, there is basic client tracking (what IP/mac/hostnames) to show what is connected to your network. The firewall can track basics like bandwidth/throughout, and you can enable deep packet inspection which classifies internet destinations (streaming/Amazon/Netflix sort of categories). I don't think that classification reaches out to the internet but that probably needs to be confirmed.

All of their devices have an SSH service which you can login to and you have pretty wide access to look around the system. Who knows what the binaries are doing though.

I know some of their WISP (AirMAX) hardware for long distance links has automatic crash reporting built in which is opt out. There is a pop up to let you know when you first login. No mention of that on the normal Unifi hardware, but they might have it running in the background.

I really like their APs and having your entire network in the network controller is really nice for visibility but my preference is to build my own firewall that I have more control over and then Unifi APs for wireless. If I were concerned about the APs giving out data, I know I could cut that off at the firewall easily.

A lot of the Unifi APs can have OpenWRT flashed on them, but the latest Wifi7 APs might be too locked down.

[–] Trincapinones@lemmy.dbzer0.com 2 points 5 hours ago (1 children)

Thanks for the detailed description, I was actually planning to replace my ISP's router with pfsense/opnsense (I still don't know which one to choose) so knowing that I can block them from accessing the internet completely gives me some peace of mind.

[–] lemonuri@lemmy.ml 4 points 2 hours ago

100% Opnsense. I used to run pfsense for a couple of years but there project was bought by a for profit. Enshitification ensued. They still released their code as per open source licence, but it was not up to closer inspection as it could no longer be used to built the distro from source. They banned perfectly fine hardware from using pfsense as it could not provide hardware acceleration for open-vpn (Aes-ni). The fork opnsense is to be preferred.

[–] lemonuri@lemmy.ml 10 points 21 hours ago (1 children)

If you are looking for a future proof, snooping free and secure solution for home routers, there is most likely no way around installing open source firmware like openwrt. I would just pick a device with good openwrt support, some ubiquity models have that, if I remember correctly. But there are many alternatives by different manufacturers. I would just chose one with good hardware specs in your price range, install openwrt and call it a day.

[–] Trincapinones@lemmy.dbzer0.com 0 points 6 hours ago

I know the project and the work they do is excellent, but I had read that it is not “production ready” and I was looking for something that was more set it and forget it, but I could be wrong, I know practically nothing about it.

[–] online@programming.dev 5 points 21 hours ago (1 children)

Ubiquiti is business oriented, not consumer. It'd be very foolish for them to snoop on the traffic of their business customers.

Ubiquiti is also a traded company. Their stock would crater in lieu of such news.

As a consumer, besides reliability, privacy is another main reason to paying extra for enterprise gear.

[–] Trincapinones@lemmy.dbzer0.com 0 points 6 hours ago

It makes sense what you say, I would actually have to read their privacy policy but I haven't had the time to read something that heavy.