back to article Before you buy that managed Netgear switch, be aware you may need to create a cloud account to use its full UI

Netgear has decided that users of some of its managed network switches don’t need access to the equipment's full user interface – unless they register their details with Netgear first. For instance, owners of its 64W Power-over-Ethernet eight-port managed gigabit switch GC108P, and its 126W variant GC108PP, need to hand over …

  1. DavCrav Silver badge

    The mesh network I bought for my home required to access my GPS location on my phone in order to work. No mention of this anywhere in the advertising materials, on the product webpage, anywhere.

    Well, I spoofed the GPS signal so it thinks I live in the middle of Hyde Park.

    1. Jim Mitchell
      IT Angle

      Hyde Park, New York? Nice place, also where FDR served hot dogs to some visiting Brits:

      https://www.smithsonianmag.com/smart-news/when-franklin-delano-roosevelt-served-hot-dogs-king-180963589/

    2. Roger Lipscombe

      It *probably* wants it so that it can work out which country you're in, and therefore which Wifi bands it should use.

      But I wouldn't put it past them to record that information for some other purpose...

    3. Anonymous Coward Silver badge
      Boffin

      Assuming you're using android; the location permission is required to be able to scan for WiFi networks and look at the SSID list, which is the standard way of configuring mesh APs.

      It's like that because knowing what SSIDs are visible can approximate your location quite successfully.

      Spoofing your GPS will have absolutely no effect on this.

  2. druck Silver badge
    Stop

    Vote with your wallet

    No sale is the way to deal with nonsense like that.

    1. Doctor Syntax Silver badge

      Re: Vote with your wallet

      And in the UK mention Trade Descriptions Act whilst returning it.

    2. Arthur the cat Silver badge

      Re: Vote with your wallet

      Agreed but who are the decent alternate switch manufacturers? I've tended to buy Netgear because their stuff is reliable, and soon going to be buying a rack mounted managed switch.

  3. karlkarl Silver badge

    No. Nope. Never. I wont do it.

    I lose respect for any idiot who feels this is an acceptable idea.

    I hope Netgear gets all this sill shite out of their minds before I am in the market for some hardware again.

  4. Anonymous Coward
    Anonymous Coward

    Doesn't that break GDPR? You can not restrict access if the user doesn't consent.

    1. Anonymous Coward
      Anonymous Coward

      re: Doesn't that break GDPR?

      since when has that bothered any American Company?

      They simply don't give a shit. Once you have spent your ££££ or whatever currency, you are on your own.

      I'd love to see the real justification for this move especially the bit where some nerd at the back asks about air-gapped networks.

      Said nerd would probably be shown the door by the all powerful MBA (More Bloody Assholes) that seem to run US Businesses these days. I'm saying that as someone who has an MBA. Total waste of time except to gain membership to the Assholes Club which I refused. All moot now since I retired when CV-19 hit.

    2. Mike 137 Silver badge

      Unfortunately you can, but...

      Under the GDPR you can't make consent to the processing of "unnecessary" personal data a condition of access to a service, but if you can demonstrate that it's necessary for the data subject's specific purpose there's no prohibition.

      But in any case, consent (once again) does not have to be the lawful basis relied on. Legitimate Interest (for example, "to allow us to improve our products") might make collecting the data lawful.

      However, quite apart from the dreaded (but ultimately toothless) GDPR, why would I buy a network appliance that exposes my network configuration to the vendor (and eventually almost certainly to the world when they have a data breach)?

      1. Anonymous Coward
        Anonymous Coward

        Re: Unfortunately you can, but...

        But that's not the case with Netgear, because there are other managed switches on the market that offer the same/similar functionality without having to provide personal details/register their hardware (as well as older Netgear hardware). There is no clear reason why personal details are necessary, and are clearly with the intention (at least) of marketing customer's data,.Implied consent is not sufficient.

        Netgear's forced registration policy certainly seems to be flouting EU GDPR.

        1. ThatOne Silver badge
          Unhappy

          Re: Unfortunately you can, but...

          > there are other managed switches on the market that offer the same/similar functionality without having to provide personal details

          - Still. You forgot "still"...

          Come on, we all know it, it's useless to lie, all and every company out there selling something with an electrical component will progressively add personal data collection as a mandatory feature. One can debate about the use of having your power drill collect data about you and your house, but the fact is, it will. Because it can, and because no company will ignore free money.

    3. Doctor Syntax Silver badge

      If it's a corporate purchase no PII would be needed.

      If it's a new purchase was that term mentioned in the original specification? If so, buy somewhere else or if you've already bought learn to read specs more closely. If not it gets bundled straight back as not meeting specification.

      If it's something that appears in a S/W upgrade to existing kit then read the licence terms very carefully and vote with your feet for future purposes, making sure your salesdroid knows that's what will happen.

  5. Chewi
    Thumb Down

    Thanks Netgear

    …for reminding me why I already swore never to buy your shit again. As if I'd forgotten anyway.

  6. Dante Alighieri

    N600

    Just dumped the unsupported router and glad I've avoided this.

    I will confess to a 4 port GB unmanaged switch though. More impressed with the 8port+1 TP Link for my small LAN. QoS is on the router for now.

    If I had bought gear limited like this

    Sale of Goods - not as described, does not function correctly - full refund (by chargeback if necessary)

  7. LDS Silver badge

    Is this a kind of ransomware?

    I'm starting to believe I'll need to build my next switch or AP - as long as there will be enough carefree peole buying the devices anyway instead of letting them take dust on shelves or in warehouses.

    But I hope they are going to piss off someone with enough time to bring them into court.

  8. JohnG Silver badge

    Does this mean that when you register the product, you get some sort of code to unlock the full feature set or that Netgear require these products to be managed via their cloud? If it is the latter, then the administrative interfaces of these devices would have to be exposed to the Internet and these products would cease to be useful whenever Netgear drops them out of it's cloud or their cloud is turned off. How utterly useless!

  9. Nate Amsden

    "No subscription equals your office hardware bricked"

    I think I have read that Cisco has some product lines that do this? (new product lines which have been quite controversial with the new subscription model). I don't know specifics as I have generally tried to avoid anything Cisco for at least 15 years now.

    The org I work for uses Aerohive for corporate wireless which is a cloud based management product(company was purchased by Extreme Networks last year I think, I've been an Extreme Networks ethernet customer for 20 years now). Last year our subscription lapsed. I asked support in advance what would happen as we were just about to expire and our vendor was struggling to get a quote. They said no issues just can't manage the devices. We ended up getting the order in on time but it got canceled for some reason(never got notification, I was assuming once the order was processed Aerohive would automatically update the subscription on their end and things would just keep working) and we ended up with no subscription for several months(took me that long to need to login again to poke at the interface before I realized the order never went through as our vendor confirmed it was received by Aerohive and being processed several months before). At the end of the day there was no impact, network stayed up and fine. The only reason I had to access the management UI at the time was to a quarterly "rogue AP scan" for PCI, otherwise it was not for at least another 7 months before I actually had a need to make a configuration change(adjusted radio strengths).

    Even without a subscription I would wager that I would be able to login to the command line of the Aerohive access points and make changes there if needed. I mean I can already login and make changes, I don't think the AP would phone home and say "hey I don't have a subscription so you can't make any changes", but it's technically possible I suppose. I logged into the CLI of the APs many times while cleaning up the configuration last year. I monitor each individual AP via SNMP with our general monitoring tool and even without subscription there was no issues gathering metrics either.

    1. Henry Wertz 1 Gold badge

      Re: "No subscription equals your office hardware bricked"

      "I think I have read that Cisco has some product lines that do this?"

      That's different though, that's gear where they tell you up front you're paying a subscription for functionality.

      In Netgear's case you're buying a managed switch, period, which they've suddenly decided needs to phone home to keep on functionality you've already paid for up front.

  10. DS999

    If it is a one time deal, who cares?

    Put up some bogus information and give it a throwaway email created on hotmail or whatever. It isn't as if they can verify the information is true, they probably just want to get your contact info so they can notify you of firmware updates (though the real reason will be to try to sell you extended warranties, support contracts, other Netgear products etc.)

    1. ThatOne Silver badge
      Facepalm

      Re: If it is a one time deal, who cares?

      > If it is a one time deal

      And who said it was an one time deal? We're not talking about some mandatory registration, that wouldn't even be worth mentioning.

      No, we're talking about a SaaS (Switch as a Service) model, where your switch only works as long as it can connect to the mothership to upload any bits of information Netgear's marketing thinks it can sell. And yes, they will verify your information, and most likely shut the switch down if they can't tie it to a valid purchase.

      1. DS999

        Re: If it is a one time deal, who cares?

        Nowhere does it say it requires an active cloud connection to be able to manage it. That would require a full time internet connection, and make it useless in a network that is firewalled off from the net.

        1. ThatOne Silver badge

          Re: If it is a one time deal, who cares?

          > Nowhere does it say it requires an active cloud connection

          True, but the quoted customer mentions he had to "register them to Netgear Cloud" (emphasis mine). That's a peculiar wording, including the word "cloud".

          Besides, if there isn't an active Internet connection, how would the switches know you had indeed registered?

          1. DS999

            Re: If it is a one time deal, who cares?

            if there isn't an active Internet connection, how would the switches know you had indeed registered?

            The switch would only have to see the internet once to add the registration information, i.e. during setup.

            1. jake Silver badge

              Re: If it is a one time deal, who cares?

              How do I plug one into my internal-only, never connected to the world at large test network? All new hardware for my clients gets hooked into this network to test for software compatibility in a secure environment.

              Likewise, many of my clients have airgapped internal networks for R&D reasons. Others have them for more important security reasons ... LLNL, Sandia, JPL and SLAC come to mind. I guess these high-profile customers aren't a target for the marketers of spyware ridden consumer-grade equipment in the first place ...

  11. astfgl
    FAIL

    Never bought one, never will

    That's them off my suppliers list - which is admittedly restricted to HP/Aruba and D-link.

    I can't think of any reason to buy network infrastructure which requires internet access, but Netgear has apparently deluded themselves into thinking that some people can.

    1. Anonymous Coward
      Anonymous Coward

      Re: Never bought one, never will

      "I can't think of any reason to buy network infrastructure which requires internet access, but Netgear has apparently deluded themselves into thinking that some people can."

      I'm sure the thought process was: networks are used to connect local computers to the Internet, therefore we should manage them over the Internet. Plus, oooh, we can use an app to manage your network from a smartphone, ain't that awesome??

      Obviously not considered by anyone who has networked anything more complicated than a cable modem to an unmanaged switch.

    2. Antron Argaiv Silver badge
      Happy

      Re: Never bought one, never will

      Funny. I have an HP 3500 48 port managed switch in my basement, which was given to me during an IT upgrade at work. "Hey, you want this?" I prefer the commercial grade because the ports usually have better transient protection and I have had several consumer grade swithes borked by nearby lightning strikes.

      It rolled over and died rather dramatically on me recently, and I was shocked to find it had a "lifetime warranty", and even more surprised when HPE sent me a replacement and a UPS label to return the borked one. Found another, used for $70 from a vendor on Newegg, which is exactly what an unmanaged Netgear 16 port cost me off Amazon (it got here in 2 days, which was why I ordered from them)

      So, yes, HP/Aruba have my vote. Even if I can't pull that warranty trick again, I have a backup. Good stuff, and way overspec for my little home network, but impresses the visitors.

  12. Richard Boyce

    Cisco Linksys scandal

    I just put those three words into Google and the first link was https://tech.slashdot.org/story/12/07/02/1743253/ciscos-cloud-vision-mandatory-and-killed-at-their-discretion

    So this is not the first time managers have thought this was a good business decision. Although the victims were mainly retail consumers, there was a big enough backlash to persuade Cisco that this wasn't the best decision they ever made. The Linksys brand was subsequently sold. That Netgear has chosen to do something similar to business customers is astonishing.

    1. Gene Cash Silver badge

      Re: Cisco Linksys scandal

      Real link:

      http://www.extremetech.com/computing/132142-ciscos-cloud-vision-mandatory-monetized-and-killed-at-their-discretion

      The Slashdot "story" is just a list of links.

    2. ThatOne Silver badge

      Re: Cisco Linksys scandal

      > That Netgear has chosen to do something similar to business customers is astonishing.

      When Linksys/Cisco tried that in 2012 it was too early. Now, in 2020, the market is ripe: Over the last years people have progressively gotten used to be milked for their personal information. Nowadays people consider this annoying, but normal.

      Just remember all the protests when Windows started to collect personal information, they have eventually died out. In peoples' minds personal information theft has become just an unfortunate side effect of modern technology.

  13. Pascal Monett Silver badge

    "hand over information about themselves to the Netgear Cloud"

    Fuck that.

    If I paid for a product with a given list of functionality and find out, after the fact, that using said functionality depends on me recording my private data on some effing cloud, I guarantee that there will be some people regretting getting my calls.

    So that's NetGear on my blacklist. Good to know.

    Not that I'd buy that kind of equipment for myself, but if they can do that on the high-end, then they'll definitely do that on the low-end.

  14. jake Silver badge

    Goodbye, Netgear.

    EOF

  15. tcmonkey
    Windows

    Why would you be buying any of Netgear's trash anyway?

    1. Down not across Silver badge

      I've resorted to GS110TP on couple occasions. POE for APs, cameras,phones etc plus SFP uplink. Relatively cheap, and yet for most part they work fine unlike Cisco Small Business stuff that seems to either die or just have "interesting" b0rkage in firmware (and Cisco seems to refuse to fix ths issues). And GS110TP has a rudimentary CLI as well. No, never registered any of them.

      In more general terms, I would agree with your comment though.

  16. stick box

    ASUS have done this for years

    ASUS home routers require a similar thing. In order to use many features you need to accept T&C's which include transmitting your data to TrendMicro and potentially others. That includes features where it's hard to see why any remote integration is required.

    Fortunately they Open Source their router software so you can run builds without the wire-taps.

  17. Demogenes

    Odd how this works out...

    funny how the world moves... give us your details and we might let you use our equipment... SONOS comes to mind here with an attempt about a year ago?

    These kind of vendor lockdowns that NG apparently now tries to implement... it's what I look for before I buy gear so welcome to the DNP* list Netgear ;)

    *DNP = Denied Parties List

  18. Ken Moorhouse Silver badge

    When Netgear End of Life this Product Line (or die/get taken over)...

    Does this mean that they are then no longer "managed" devices?

    There needs to be some requirement that products such as these have some kind of "fold-back" facility which can be used to emulate the "host" end of the link, so that the device can continue to be fully utilised in the event that Netgear are no longer able to support it. Or, if for some reason the purchaser objects to relying on Netgear's portal.

    I'm sure many large corporates would want this capability to be demonstrated to them prior to purchase.

  19. Anonymous Coward
    Anonymous Coward

    So.o.o.o.o.o.o 2014..............

    Link: http://jeramiah.net/2014/01/it-doesnt-matter-what-you-think-setting-up-the-linksys-ea6900/

    *

    In 2018 I bought a Linksys EA7500. Same problem. Jeremiah reported Linksys for the same thing in 2014!

    *

    I did a factory reset on my EA7500, repacked it and gave it to the local charity shop. SEP!

    *

    Why would ANYONE (never mind an enterprise customer) put up with network management via a third party cloud?

    *

    PS Take a look at Synology NAS boxes!

    1. Doctor Syntax Silver badge

      Re: So.o.o.o.o.o.o 2014..............

      "Why would ANYONE (never mind an enterprise customer) put up with network management via a third party cloud?"

      Non-technical management. And as Cloud is the new shiny they may possibly believe this is a Good Thing. Maybe Netgear aren't as stupid as we think.

    2. Sandtitz Silver badge
      Stop

      Re: So.o.o.o.o.o.o 2014..............

      "PS Take a look at Synology NAS boxes!"

      Why? They don't require any internet connectivity.

  20. Anonymous Coward
    Anonymous Coward

    Nah, nice opportunity ..

    .. to absolutely screw them over with a GDPR complaint.

    GDPR is a lot of fun if you know how to wield it. I already have a few US companies hating my guts by now, many more to go..

  21. Kane Silver badge
    Alien

    You will be pushed, filed, stamped, indexed, briefed, debriefed, and numbered...

    ...without an order, signed in triplicate, sent in, sent back, queried, lost, found, subjected to public enquiry, lost again, and finally buried in soft peat for three months and recycled as firelighters.

  22. Antron Argaiv Silver badge
    Thumb Up

    Upvote to the headline writer

    For the Prisoner reference.

  23. Henry Wertz 1 Gold badge

    Nope!

    If I got any hardware that artificially removes functionality based on being "reigstered" or having a cloud account, back to the store it goes!

    A) A switch does not have to be switching internet-accessible traffic, that's an invalid assumption. I mean, it PROBABLY will be but still...

    B) What am I getting out of it? I don't need all my equipment pumping usage information back to the manufacturer just because.

    C) That DOES mean your switch will lose it's functionality down the road when Netgear decides they can't be bothered to run that authentication server any more, and randomly every now and then as the server gets a bit wobbly. I've personally seen less than 5 year old devices where the web-based firmware update check already fails -- not just "there are no new updates", an error because they ALREADY pulled the page the device goes to to check for firmware updates.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020