Ask
Reply
Solution
10-11-2023 09:43 AM
So I've had Vodafone Pro broadband for a while. Recently I had a missed call/voicemail from them telling me my WiFi booster wasn't connected and they were contacting customers proactively. On the voicemail they called out some of my specific wifi devices with poor signal.
So, what exactly do they have access to see? Are they snmpwalking my router, or do they have admin access to the router and can access what's on my LAN? To be honest I'm quite concerned they can do anything past the WAN side of my router and it's making me consider swapping the router out for a separate device!
10-11-2023 11:20 AM
@cleckhuddersfax They could just be reading the router logs. Given that they are likely to have a remote admin capability they would be able to read anything in /var/log (assuming that it's Unix under the skin).
10-11-2023 12:34 PM - edited 10-11-2023 12:35 PM
They can see the private ip of every connected device, as well as their MACs. The nature of using an ISP router (TR-069)
10-11-2023 03:16 PM
@cleckhuddersfax wrote:So I've had Vodafone Pro broadband for a while. Recently I had a missed call/voicemail from them telling me my WiFi booster wasn't connected and they were contacting customers proactively.
That really doesn't sound like Vodafone. They have trouble doing things (correctly) reactively.
10-11-2023 04:07 PM
@cleckhuddersfax found this site that has a section on Home Broadband and Phone privacy. Home Broadband and Phone - privacy supplement | Vodafone
"Vodafone Home Broadband provides your hardware with connectivity in the home. In order for you to be able to access the internet, we process data such as the kind of device you are browsing on (for example, each device will have a media access control (MAC) address), your browsing speeds, and the amount of data you’re using (for example, streaming videos will use up more data than email, although we don’t see what it is you’re doing)."
"For providing end user support and optimizing your WiFi experience we are collecting information about connected devices (MAC address, Serial Number, user given host names and WiFi connection quality) as well as information about the WiFi networks (MAC addresses and identifiers, radio statistics)."
"Information about the Wi-Fi network of your home may be collected and sent to the Vodafone platform."
"This platform is facilitated by a third party provider called Airties A.S. Through this platform, this information may be accessed by the Customer Service Department in the event that the user calls us to report any type of problem with their Wifi or may be treated by your Network Maintenance and Operations Service to Resolve any issues. This information will be obtained from the Wifi devices or those connected to it."
10-11-2023 05:38 PM - edited 10-11-2023 05:39 PM
Airties is the company that bought Technicolor's WiFi Doctor program - which Vodafone promoted as plus when it introduced the THG3000. Interesting that it's still there, and in the documentation!
10-11-2023 06:48 PM
@Iguana Part of the MAC address identifies the manufacturer, so with the serial number they may be able to identify the device in detail. In theory a good company could use that info to help investigate a user reporting issues. I shouldn't hope for too much 🙂
17-11-2023 09:42 PM
I would argue Vodafone have breached their own privacy policy here.
"Through this platform, this information may be accessed by the Customer Service Department in the event that the user calls us to report any type of problem with their Wifi or may be treated by your Network Maintenance and Operations Service to Resolve any issues."
The above makes no mention (unless I'm missing it) of such data being used in the event the user does not call in.
18-11-2023 02:20 AM
They are informing us the data is being collected, and are telling us when CS may use it. There is no mention of what else they may (or may not) do with it?
18-11-2023 01:12 AM
Its perfectly possible that when a trigger event is detected an automated system contacts the user, it doesn't even mean that the trigger event has to be logged or recorded unless the user calls in and makes the request.