TP-Link routers share user data with third parties without your permission

TP-Link shares information with Avira even with features disabled

It’s been a long time since TP link collaborates with avira to provide various web security solutions with their products such as Wi-Fi routers. These features, like HomeCare or HomeShield, are intended to protect users’ connected devices from cyber attacks and various online threats.

However, a Reddit user realized that his router, a TP-Link Archer AX3000, you were sending large amounts of your data to the Avira SafeThings servers. The Redditor says that in 24 hours over 80,000 requests were placed and wrote the following:

I recently enabled a DNS gateway so I can see requests from my router and network devices. I was surprised to find over 80,000 requests (in 24 hours) for an Avira “Safe Things” subdomain * (far more than any other server).

For those wondering, SafeThings is a cloud-based threat intelligence platform that analyzes user traffic. But here is how Avira defines SafeThings:

Avira SafeThings is a cloud-based behavioral threat intelligence platform that interfaces with a service provider’s home router. It enables a connected home to operate securely without fear of compromised IoT devices. Service providers benefit from comprehensive report management options withyou are SafeThings Insights and the Management Center API. Consumers gain complete visibility and control over their home devices through a personalized mobile app.

While Avira claims that users will have control over their devices, Redditor claims that the service continues to run on its own even if they haven’t subscribed to it and all those associated options are disabled on their devices. The writes the following:

I have Avira/Home Shield services completely disabled (I wasn’t even subscribed to their paid service). The router doesn’t care and sends ALL of its traffic to be “analyzed” anyway.

Interestingly, this behavior has already been confirmed by XDA, which found that the TP-Link Deco X68 had this problem, as it sent data even when the service was disabled. TP-Link said at the time that future firmware would fix the issue, but XDA was apparently unaware of such an occurrence.

TP link

XDA review says:

TP-Link says network activity is due to “Avira’s cloud database [distinguindo] if [a solicitação de rede é] secure data or malware”. A firmware update is in the works to disable this feature if no Avira network feature is enabled in the app, but there is still no estimated timeline for this.

If you want to check if your own TP-Link routers have this behavior, you can use a DNS gateway to check it.


Already left your like on our facebook page? Get all the information first hand. Also follow us on Google News, just select us from your favorites by clicking on the star.

Add Comment