cancel
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

What can Vodafone see on my LAN?

cleckhuddersfax
2: Seeker
2: Seeker

So I've had Vodafone Pro broadband for a while. Recently I had a missed call/voicemail from them telling me my WiFi booster wasn't connected and they were contacting customers proactively. On the voicemail they called out some of my specific wifi devices with poor signal.

So, what exactly do they have access to see? Are they snmpwalking my router, or do they have admin access to the router and can access what's on my LAN? To be honest I'm quite concerned they can do anything past the WAN side of my router and it's making me consider swapping the router out for a separate device!

10 REPLIES 10

Cynric
16: Advanced member
16: Advanced member

@cleckhuddersfax  They could just be reading the router logs. Given that they are likely to have a remote admin capability they would be able to read anything in /var/log (assuming that it's Unix under the skin).

Ripshod
16: Advanced member
16: Advanced member

They can see the private ip of every connected device, as well as their MACs. The nature of using an ISP router (TR-069)

Jayach
16: Advanced member
16: Advanced member

@cleckhuddersfax wrote:

So I've had Vodafone Pro broadband for a while. Recently I had a missed call/voicemail from them telling me my WiFi booster wasn't connected and they were contacting customers proactively.


That really doesn't sound like Vodafone. They have trouble doing things (correctly) reactively.

Iguana
3: Seeker
3: Seeker

@cleckhuddersfax found this site that has a section on Home Broadband and Phone privacy. Home Broadband and Phone - privacy supplement | Vodafone

"Vodafone Home Broadband provides your hardware with connectivity in the home. In order for you to be able to access the internet, we process data such as the kind of device you are browsing on (for example, each device will have a media access control (MAC) address), your browsing speeds, and the amount of data you’re using (for example, streaming videos will use up more data than email, although we don’t see what it is you’re doing)."

"For providing end user support and optimizing your WiFi experience we are collecting information about connected devices (MAC address, Serial Number, user given host names and WiFi connection quality) as well as information about the WiFi networks (MAC addresses and identifiers, radio statistics)."

"Information about the Wi-Fi network of your home may be collected and sent to the Vodafone platform."

"This platform is facilitated by a third party provider called Airties A.S. Through this platform, this information may be accessed by the Customer Service Department in the event that the user calls us to report any type of problem with their Wifi or may be treated by your Network Maintenance and Operations Service to Resolve any issues. This information will be obtained from the Wifi devices or those connected to it."

CrimsonLiar
16: Advanced member
16: Advanced member

Airties is the company that bought Technicolor's WiFi Doctor program - which Vodafone promoted as plus when it introduced the THG3000.  Interesting that it's still there, and in the documentation!

Cynric
16: Advanced member
16: Advanced member

@Iguana Part of the MAC address identifies the manufacturer, so with the serial number they may be able to identify the device in detail. In theory a good company could use that info to help investigate a user reporting issues. I shouldn't hope for too much 🙂

 

I would argue Vodafone have breached their own privacy policy here.

"Through this platform, this information may be accessed by the Customer Service Department in the event that the user calls us to report any type of problem with their Wifi or may be treated by your Network Maintenance and Operations Service to Resolve any issues."

The above makes no mention (unless I'm missing it) of such data being used in the event the user does not call in.

Jayach
16: Advanced member
16: Advanced member

They are informing us the data is being collected, and are telling us when CS may use it. There is no mention of what else they may (or may not) do with it?

CrimsonLiar
16: Advanced member
16: Advanced member

Its perfectly possible that when a trigger event is detected an automated system contacts the user, it doesn't even mean that the trigger event has to be logged or recorded unless the user calls in and makes the request.