Ubiquiti: GPL abuse and telemetry

Adding to/rehashing Noah’s @kernellinux excellent update on the Ubiquiti telemetry situation…

Ubiquiti is an ongoing abuser of the GPL, they hide GPL code, take active measures to try to prevent users from using custom firmware and they’re currently suing a company for modifying GPL code in their project which the company being sued can legally do.

https://sfconservancy.org/blog/2019/oct/02/cambium-ubiquiti-gpl-violations/

They snuck in telemetry without telling users. Only after a huge backlash were they willing to come clean, declare what they were collecting and add an opt-out to the GUI buried in the settings.

Ask Noah Show (skip to 32:48): https://podcast.asknoahshow.com/153
Early telemetry packet trace: https://www.youtube.com/watch?v=_ypaZ2XaxhU
Ubiquiti’s new page on telemetry: https://help.ubnt.com/hc/en-us/articles/360038387413-UNMS-v1-Telemetry-and-Error-Reporting

Because one of the times telemetry is sent is on boot, a user has to insure the device doesn’t have Internet prior to upgrading in order to reach the GUI before it phones home.

They claim their telemetry is “generated without common device identifiers (e.g.IP/MAC addresses)”, there’s a claim they “may” be using the first 8 of the MAC addresses but I can’t find a good citation aside from the “may” claim.

https://www.reddit.com/r/HomeNetworking/comments/drfsr5/ubiquity_spying_feature_in_new_firmware_mandatory/

At time of writing, by default Ubiquiti says the following telemetry is sent:

Network module:
UNMS random ID, controller version and uptime.
UNMS server hardware parameters.
UNMS settings.
Device and system configurations and usage.
The number of devices, (Client) Sites and users.
The number of active/disconnected devices and outages sorted by device model and firmware version.

CRM module
Are app keys used and if so, what is the date of when it was last used?
Is the mobile app used and if so, what is the date of when it was last used?
The numbers of clients, organizations, invoices, jobs, and tickets.

For UNMS controller version 1.0.x the following data is sent to us for the CRM module at all times:
CRM random ID, version, last login date, device and system configuration, and usage.

2 Likes

Thanks for posting this. I’ll steer clear of this company.

Yes - it makes me wish I hadn’t bought the AP from them a few months ago…

I’ll post an instructional guide on how to switch Ubiquiti AP firmware to OpenWRT in a few days if i’m successful.

3 Likes

That would be awesome!

Thank you for this!

So… its Microtik from here on out?

I have an EdgeRouter12 (ER-12) which doesn’t appear on the supported hardware lists. I considered picking firmware meant for similar hardware with a MIPS64 chip but as the box is still sealed I think i’m better off selling it.

Devices OpenWRT recommends: https://openwrt.org/toh/views/toh_available_864
Devices OpenWRT supports: https://openwrt.org/toh/start

OpenWRT does support a lot of Ubiquiti hardware though: https://openwrt.org/toh/start?dataflt[Brand*~]=Ubiquiti

I found an old D-Link DIR-885L and gave it new life instead: OpenWRT general guide / D-Link DIR-885L