Notebookcheck Logo

TP-Link routers and Deco Wi-Fi mesh systems caught sharing traffic with third-party vendors

TP-Link has been caught sending network traffic to Avira without permission. (Image source: Digi.no)
TP-Link has been caught sending network traffic to Avira without permission. (Image source: Digi.no)
According to reports, TP-Link devices are sending data about browser behaviour to third-party providers regardless of whether people consent for them to do so. Affected devices include TP-Link routers and Deco Wi-Fi mesh systems.
Smart Home Business Fail Security

TP-Link is known for producing all manner of network devices, such as routers and Wi-Fi mesh systems. For a while now, TP-Link has partnered with Avira to offer HomeCare and HomeShield, a pair of software solutions that TP-Link claims provides network protection and robust parental controls, among other features. However, it turns out that TP-Link products are also sending all traffic to third-party vendors.

Ironically, the company recently tweeted that it cares about consumer rights, despite not addressing concerns voiced by the likes of TechPowerUp, XDA Developers and u/ArmoredCavalry on Reddit. According to the latter, XDA Developers and u/ArmoredCavalry noticed that recent TP-Link products constantly send network requests to Avira domains and even ifconfig.me, a website used to identify public IP addresses.

While one may expect TP-Link products to do at least the former having subscribed to HomeCare and HomeShield, XDA Developers and u/ArmoredCavalry have demonstrated that this occurs without a membership to either functionality. In other words, TP-Link routers and Decos will attempt to contact Avira domains whether you want them to or not. Currently, there is no way to disable HomeCare or HomeShield within TP-Link apps, either.

Incidentally, XDA Developers quotes TP-Link as having said last year that:

...the network activity is due to “the Avira cloud data base [distinguishing] whether [the network request is] secure data or malware.” A firmware update is in the works that will turn this functionality off if no Avira network features are enabled in the app, but there is no estimated timeline for that yet.

In our experience, we have not noticed Deco X60 units pinging Avira domains as XDA Developers and u/ArmoredCavalry have. For reference, we checked for Avira network traffic using NextDNS. TP-Link has not publicly commented on the matter yet, but we will update this article if it does.

Related Articles

The new Connect Vero W6m modules. (Source: Acer)
Acer Connect Vero W6m launches as a new 'eco-friendly' Wi-Fi 6E mesh router 05/26/2023
TP-Link AX1800 (Archer AX21) WiFi 6 Gigabit router (Source: TP-Link)
TP-Link AX1800 (Archer AX21) WiFi 6 Gigabit router now 30% off on Amazon 01/06/2023
The Deco XE75 tri-band mesh Wi-Fi system can deliver speeds of 5,400 Mbps. (Image source: TP-Link)
The TP-Link Wi-Fi 6E capable Deco XE75 mesh router is now available 04/12/2022
NFTs valued at around US$1.7 million have been stolen from the founder of DeFiance Capital. (Image source: Muhannad Ajjan via Unsplash)
NFTs worth US$1.7 million have been stolen from DeFiance Capital founder 03/22/2022
The Aqara Smart Thermostat S3 is compatible with Apple HomeKit. (Image source: Aqara)
The HomeKit compatible Aqara Smart Thermostat S3 will soon be available 03/20/2022
An update to Roomba devices, including the i3, brings new features to the device, such as room-specific cleaning preferences. (Image source: iRobot)
iRobot update brings new features to Roomba and Braava devices, doubling the intelligence of some models 03/19/2022
The Roborock T8 wet and dry vacuum has 4,200 Pa suction. (Image source: Roborock)
The Roborock T8 launches with 4,200 Pa of suction 03/19/2022
The Samsung Ultra Slim Soundbar is 1.6-inch (4.0 cm) deep. (Image source: Samsung)
Samsung releases the Ultra Slim Soundbar with Wireless True Dolby Atmos and Q-Symphony technology 03/19/2022
The Huawei Smart Door Lock Pro has 3D facial recognition. (Image source: Huawei)
Huawei launches the Smart Door Lock Pro powered by HarmonyOS 03/18/2022
IKEA has added two new smart blinds to its range. (Image source: IKEA)
Two new smart blinds are now available at IKEA, PRAKTLYSING and TREDANSEN 03/17/2022
The Lightbee Zigbee Switch has four customizable buttons. (Image source: Light Solutions)
The Lightbee Zigbee Switch is a new smart light switch for Philips Hue 03/16/2022
Ukrainian government is planning to potentially ship out sensitive data to a foreign country. (Image source: jarmoluk on Pixabay)
Ukrainian government plans to potentially transport sensitive data and servers to a different country 03/10/2022
Besides the Pixel 6, the Samsung Galaxy S22 also appears to be affected by the
Major vulnerability called "Dirty Pipe" found in Android 12 smartphones like the Pixel 6 and Galaxy S22 03/10/2022
Spectre is back. (Image Source: PC Gamer)
New Spectre vulnerability affects Intel Alder Lake and ARM processors 03/09/2022
Fiido's first-gen Beast. (Source: Fiido)
The Fiido Beast is a sit-stand, off-road electric scooter with an upcoming launch on Indiegogo 03/09/2022
Google intends to purchase Mandiant to bolster Google Cloud's cybersecurity capabilities. (Image: Unsplash)
Google to acquire cybersecurity firm, Mandiant, for US$5.4 billion 03/09/2022
Russian and Belarusian hackers reportedly target Ukraine and its allies. (Image source: Michael Geiger)
Russian and Belarusian hackers launch large scale phishing attacks against Ukrainian and European entities, reveals Google 03/08/2022
Samsung has admitted that source code used for its Galaxy devices was recently stolen. (Image source: Babak via Unsplash)
Samsung confirms hack while alleged bad actors leak 190GB of data from the breach 03/07/2022
The South American group of hackers called Lapsus$ has apparently leaked over 70,000 credentials of Nvidia employees (Image: Nvidia)
Ruthless hackers have leaked 71,355 email addresses and password hashes of Nvidia employees 03/05/2022
Intel's 12th gen vPro is now available in four flavors across 150 designs. (Image Source: Intel)
Intel 12th gen vPro branches into four distinct platforms across Windows and Chrome, Control Flow Enforcement now coming to desktops for the first time 03/03/2022
The Galaxy S21 Ultra is reputed to be one of the affected devices. (Image source: Denis Cherkashin)
Samsung has shipped around 100 million smartphones with faulty or weak encryption 03/02/2022
Read all 6 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2022 03 > TP-Link routers and Deco Wi-Fi mesh systems caught sharing traffic with third-party vendors
Alex Alderson, 2022-03-15 (Update: 2022-03-17)