TP-Link devices send browser behavior data to third-party vendors regardless of whether they consent to it. Affected devices include TP-Link routers and Deco cellular Wi-Fi systems.
For several years, the manufacturer of network equipment TP-Link has been cooperating with Avira to ensure the security of Wi-Fi routers. The HomeCare and HomeShield features are designed to protect users from cyberattacks and other threats, but it seems that the companies’ collaboration also included the transfer of user data to Avira.
The owner managed to detect suspicious behavior only after he decided to observe the requests through a special DNS gateway. According to a Reddit user under the nickname ArmoredCavalry, in just one day his TP-Link Archer AX3000 router transferred a huge amount of data to the Avira SafeThings servers (*.safethings.avira.com ), even when he disabled the HomeCare service.
SafeThings is a cloud-based cyber threat prevention platform that evaluates user traffic. The service interacts with home routers to avoid compromising IoT devices. According to the idea, users should have full control over their home devices using a special application.
As the Neowin resource emphasizes, this behavior has already been observed earlier by specialists of the XDA-Developers resource with another TP-Link device, and then the new firmware had to fix the situation, it seems that nothing has changed since then. Neowin recommends following the example of ArmoredCavalry and also investigating the behavior of the router through the DNS gateway.