TP-Link routers and Deco Wi-Fi mesh systems caught sharing traffic with third-party vendors
TP-Link is known for producing all manner of network devices, such as routers and Wi-Fi mesh systems. For a while now, TP-Link has partnered with Avira to offer HomeCare and HomeShield, a pair of software solutions that TP-Link claims provides network protection and robust parental controls, among other features. However, it turns out that TP-Link products are also sending all traffic to third-party vendors.
Ironically, the company recently tweeted that it cares about consumer rights, despite not addressing concerns voiced by the likes of TechPowerUp, XDA Developers and u/ArmoredCavalry on Reddit. According to the latter, XDA Developers and u/ArmoredCavalry noticed that recent TP-Link products constantly send network requests to Avira domains and even ifconfig.me, a website used to identify public IP addresses.
While one may expect TP-Link products to do at least the former having subscribed to HomeCare and HomeShield, XDA Developers and u/ArmoredCavalry have demonstrated that this occurs without a membership to either functionality. In other words, TP-Link routers and Decos will attempt to contact Avira domains whether you want them to or not. Currently, there is no way to disable HomeCare or HomeShield within TP-Link apps, either.
Incidentally, XDA Developers quotes TP-Link as having said last year that:
...the network activity is due to “the Avira cloud data base [distinguishing] whether [the network request is] secure data or malware.” A firmware update is in the works that will turn this functionality off if no Avira network features are enabled in the app, but there is no estimated timeline for that yet.
In our experience, we have not noticed Deco X60 units pinging Avira domains as XDA Developers and u/ArmoredCavalry have. For reference, we checked for Avira network traffic using NextDNS. TP-Link has not publicly commented on the matter yet, but we will update this article if it does.