Several users report that TP-Link routers share data about traffic and browsing behavior with third-party providers even without explicit consent. Especially the HomeCare function, which is operated together with the anti-virus software provider Avira, apparently collects and shares a lot of data.
TP-Link router: user reports about data sharing pile up
On the Reddit forum platform, reports of exasperated users of TP-Link routers reporting the sharing of their traffic data with third-party vendors are piling up – even if this was not explicitly agreed to. On Saturday, the website TechPowerUp reported on the problem, and numerous affected people also came forward in the comments.
Specifically, newer models of the manufacturer are affected, which together with the provider of anti-virus software Avira offer the so-called HomeCare function. It is supposed to open up the possibility for the routers to offer protection against threats from the Internet. At the same time, there are also other features such as a parental control function that restricts the transmission of certain content.
However, both functions send all data to third-party providers. Even when users disable these features in the user interface of TP-Link routers.
80,000 queries in 24 hours
A Reddit user checked the corresponding traffic and found that over 80,000 data traffic queries were made within 24 hours. According to the customer support, these are supposed to be exclusively for querying the subscription status, which seemed Spanish to the redditor.
“At the same time, the rate of queries is not constant. It is higher when my internet traffic is higher. To me, this lack of response from TP-Link is as concerning as the queries themselves.”
Blocking data transmission to third-party providers is also not very promising, as the user continues. This would lead to a retry loop, which would massively increase the CPU load of the router. At the same time, the router’s normal functions would suffer.
According to TechPowerUp, especially newer TP-Link routers with the current WiFi 802.11ax standard are affected by the problem. Around 50 percent of the affected devices are from the manufacturer’s Deco series. Combined with the lack of insight and transparency, the manufacturer could still face trouble in terms of the Primary Data Protection Regulation (GDPR).