Asus Routers and Spyware

The goal was to run OpenVPN on my network router instead of running separate instances on each client device. I had an old and very reliable Asus WL-520GU with Shibby’s Tomato on it and i quickly discovered that the router didn’t have the horsepower to handle an encrypted VPN connection and so i began searching for a new router. After reading many reviews and checking out the specs, i bought an Asus AC86U. Unfortunately i didn’t do enough research.

One of the things a manufacturer may do to drop the price of their products is to bundle third party “features” with their devices and in the case of the Asus AC86U, and probably many other models, they come with several “features” that collect data and send it off to companies that have found ways to monetize it. Trend Micro, which is apparently some sort of anti-virus, was one of the “features” that the router was shipped with. In order to potentially avoid (and i emphasize potentially) the phoning home nonsense, one must not enable several of the built-in features of the router firmware, including AiProtection, Traffic analyzer, Apps analyzer and Adaptive QoS. You can read the EULA here.

None of this mattered much to me anyway since i intended to flash the Asuswrt-Merlin firmware which i assumed would be devoid of such crap. It wasn’t, and so i started looking for ways to disable or remove this Trend Micro garbage, however i was never able to discover a solution. The Trend Micro spyware/malware (let’s call it what it really is) appears to well-baked into the firmware and apparently Merlin, one of the very well known developers for third party Asus firmware, has no interest in removing it. In my searching for solutions i came across some interesting stuff, including the following:

VPNIntegrity: AsusWRT/Merlin AI-Protection calling home to US Department of Defense, Hardening AsusWRT against NSA/DoD & the Whores of SNBForums

Asus router warnings on privacy and security | Computerworld

384.6 Now sharing data to Trend Micro? | SmallNetBuilder Forums

With no solution for removing the Trend Micro spyware, i started looking for other third party custom firmware, however i wasn’t able to find anything that would work on the AC86U specifically. In the end my solution was to box up the Asus and ship it back, exchanging it for a Linksys WRT1900ACS which i flashed with DD-WRT (actually i flashed OpenWRT first but quickly realized i was in way over my head). The Linksys WRT series of routers are not an ideal solution either, nor is any other equipment that uses proprietary hardware and drivers, however i wasn’t able to find a source that would ship a Turris Omnia to the U.S.. Now that is a router!

My advice is to stay away from Asus routers, or any other manufacturer that bundles third party crap with their products or forces you to register the device before it can be activated.

As far as the DD-WRT firmware (version 3), it’s not great. Merlin’s was better, but obviously it wasn’t an option for me. The use of VPNs is apparently on the rise and yet there’s no option to import VPN configuration files with DD-WRT so you have to set everything up manually. Just as bad is the fact that you can only setup a single VPN client, so if the configured server drops for any reason, you can’t quickly switch to another. I liked Shibby’s Tomato a lot, but it doesn’t work with the newer ARM based routers unfortunately.

What do you think about all this?

Firefox user-overrides.js update, Librefox

The user-overrides.js preferences file for Firefox was updated. See the change-log in the GitLab repo for details.

Also wanted to pimp (again) a project that i’ve been keeping an eye on, Librefox. Librefox looks like a very interesting project that is focused on enhancing Firefox privacy and security and unlike Waterfox, Pale Moon, etc., Librefox is not technically a Firefox fork which means the project should keep up with security updates.

One of the goals of the project is to remove the “features” that are packaged with Firefox as well as eliminating it from phoning home. On the settings side, Librefox uses preferences from both the ‘ghacks’ user.js and the ‘pyllyukko’ user.js, the latter of which i am not familiar with.

It appears the project is progressing nicely and hopefully will replace Firefox for us privacy folks in the near future. In the mean time i’m letting it bake a little longer.

Programming DirectTV remote to control Vizio soundbar

I bought a Vizeo sound bar because the speakers on many of these flat-screen TVs suck. I don’t watch TV, but my mom does and one big annoyance was having to use the Vizio remote to control the sound instead of the DirectTV remote, and so i started hunting for a solution.

Controlling the volume and mute functions of the Vizio soundbar with the DirectTV remote is easy enough once you program the remote to operate the soundbar from either the AV1, AV2 or TV modes on the remote, which you have to do anyway, but it isn’t at all convenient because you have to switch the remote mode switch back and forth between the DTV mode and whatever mode (AV1, AV2 or TV) you used to control the soundbar.

As it turns out this can be simplified and everything you need to know is in the DirectTV manual for the RC65 remote (other remotes may be similar), but i disregarded the instructions because the manual states “DIRECTV Receivers don’t have volume control, so the remote will not allow the user to lock volume to the DIRECTV mode.”. I interpreted that to mean the volume keys on the remote would not work for controlling volume on the speaker bar while the remote was in the DTV mode. Wrong!

In my case the setup is a DirectTV RC65 remote with a Vizio SB3621n-E8 soundbar, however this solution may/should work with other soundbars or any other audio equipment for which you want to control the volume and mute functions using the DirectTV remote, and it may not be specific to the RC65 remote either.

I don’t take any credit for this because the solution is clearly in the manual, but i didn’t realize it until i saw this post by ‘thelavenders’ on the AVS Forum. Here’s what you need to do:

  1. Set the DTV remote to a mode you’re not using (AV1, AV2 or TV)
  2. Program the DTV remote to operate your soundbar (the instructions and codes are likely in the manual for your remote – the RC65 manual is here)
  3. Slide the MODE switch back to DTV
  4. To change the volume lock function of the DTV remote:
    1. Press and hold the MUTE and SELECT keys until the green light under the DIRECTV position flashes twice, then release both keys
    2. Using the number keys, enter 9-9-3 (the green light will flash twice after the 3)
    3. Press and release the VOL+ key (the green light flashes 4 times)
  5. To lock the remote volume, while in DTV mode, to the mode used to operate the soundbar:
    1. Slide the MODE switch to the same position you used in step 1 (AV1, AV2 or TV)
    2. Press and hold the MUTE and SELECT keys until the green light under the selected switch flashes twice, then release both keys
    3. Using the number keys, enter 9-9-3 (the green light flashes twice)
    4. Press and release the SELECT key (the green light flashes twice)
  6. Slide the MODE switch back to DTV

Now the DirectTV remote should control the volume and mute functions of your soundbar while the mode switch is set to DTV.

Article update: Firefox Tweaks and Fixes and Styles and Things

I made some small edits to the article, Firefox Tweaks and Fixes and Styles and Things, the primary change being the addition of a method to un-hide embedded YouTube videos. I don’t know if there’s been a change on YouTube’s end or what, but i’m noticing a lot of embedded YT videos are not accessible on 3rd party sites unless you enable JavaScript and no way will i do that for every domain that has a YT video i want to watch. One alternative is to watch the videos on youtube.com, but that’s not optimal. Another alternative is a simple CSS style to hide the element that is used to hide the videos, which is what i added to the article.