Adding to/rehashing Noah’s @kernellinux excellent update on the Ubiquiti telemetry situation…
Ubiquiti is an ongoing abuser of the GPL, they hide GPL code, take active measures to try to prevent users from using custom firmware and they’re currently suing a company for modifying GPL code in their project which the company being sued can legally do.
They snuck in telemetry without telling users. Only after a huge backlash were they willing to come clean, declare what they were collecting and add an opt-out to the GUI buried in the settings.
Ask Noah Show (skip to 32:48): https://podcast.asknoahshow.com/153
Early telemetry packet trace: https://www.youtube.com/watch?v=_ypaZ2XaxhU
Ubiquiti’s new page on telemetry: https://help.ubnt.com/hc/en-us/articles/360038387413-UNMS-v1-Telemetry-and-Error-Reporting
Because one of the times telemetry is sent is on boot, a user has to insure the device doesn’t have Internet prior to upgrading in order to reach the GUI before it phones home.
They claim their telemetry is “generated without common device identifiers (e.g.IP/MAC addresses)”, there’s a claim they “may” be using the first 8 of the MAC addresses but I can’t find a good citation aside from the “may” claim.
At time of writing, by default Ubiquiti says the following telemetry is sent:
UNMS random ID, controller version and uptime.
UNMS server hardware parameters.
Device and system configurations and usage.
The number of devices, (Client) Sites and users.
The number of active/disconnected devices and outages sorted by device model and firmware version.
Are app keys used and if so, what is the date of when it was last used?
Is the mobile app used and if so, what is the date of when it was last used?
The numbers of clients, organizations, invoices, jobs, and tickets.
For UNMS controller version 1.0.x the following data is sent to us for the CRM module at all times:
CRM random ID, version, last login date, device and system configuration, and usage.