Privacy Question: Denon X1500 uploading 1Gb each month

[bishbashsplash]

Somebody started a discussion on the HT sub on reddit about their Denon uploading 36mb each night, and another marantz user shared that their unit was doing the same thing

post: https://www.reddit.com/r/hometheater...b_every_night/

Has anyone noticed the same thing?
Do folks not care?
Do folks have any idea what data they're collecting?

 

[bigx5murf]

I'd be pissed, no reason an AVR should be collecting that much data, especially not so consistently.

My AVR is 10 years old, but it is network connected, I'm going to monitor it's usage after seeing this.

 

[amirm]

Better not be doing that. I would complain bitterly to them and send a note to cnet/pcmag/engadget about it.

 

[Timbo2]

1. Send note to Denon
2. Sound of crickets or canned email response that is non-responsive or says "update to most recent firmware"
3. Internet outrage
4. Many days later - weak apology and/or "mistakes were made", but begrudging acknowledgement of unintentional and unused data collection.
5. Reiteration that firm takes customer privacy seriously.
6. New firmware
7. Rinse and repeat.

 

[q3cpma]

Remember, the S in "IoT" is for Security. You can also see the P for Privacy if you look hard enough.

 

[jomark911]

There is a way , since they don't behave.
Have the receiver powered down when not in use.
When I say powered down , I don't mean stby. I mean shut off. Completely.
Through a powered switched outlet. Turn that switch off. This is what I do for the 2 decades , just because voltage here is not stable.
Turning the voltage regulators that I use off every night or whenever there is something running.
Then check after a month what has your receiver been doing.

 

[North_Sky]

Denon must not be alone in collecting data?

I think it's turn On (Yes) by default, just select No ...
• http://manuals.denon.com/AVRX1500H/NA/EN/GFNFSYfjhjkojv.php

 

[PierreV]

Unfortunately, I don't have one to test. If one wants to investigate, explicitly route the traffic from the device through a proxy running fiddler and see what goes through. Chances are Denon hasn't implemented certificate pinning and HSTS. Worth a shot anyway.

https://www.telerik.com/fiddler
https://www.mehdi-khalili.com/fiddler-in-action/part-1

And simpler option if they haven't even implemented https (not that rare for not-very-much security-aware corporations) a simple tcpdump on a semi-advanced router offering console access (most so called high end routers from Asus, Netgear and others) may tell you what they are doing.

 

[JeffS7444]

Why is anyone surprised? With "smart" and IoT-powered gadgets, ewe are the product. Without (technically) violating their stated privacy policies, I imagine that even a less-invasive company could build a pretty good profile on the users of their product, including but not limited to, when and how you are using it, what other devices you have connected to it and where you are located. And they may be able to infer your likely age, education, ethnicity, gender identity, political leanings and income. And if you tie these to a social media account, if they didn't have the info before, they do now! No doubt a lot can be done within the unregulated boundaries of "Providing diagnostics and improving our services".

This is why I haven't bought into products like Roon: In addition to profiling via your streaming habits, they really, really want to scan your offline content too.

 

[Doodski]

Why is anyone surprised? With "smart" and IoT-powered gadgets, ewe are the product. Without (technically) violating their stated privacy policies, I imagine that even a less-invasive company could build a pretty good profile on the users of their product, including but not limited to, when and how you are using it, what other devices you have connected to it and where you are located. And they may be able to infer your likely age, education, ethnicity, gender identity, political leanings and income. And if you tie these to a social media account, if they didn't have the info before, they do now! No doubt a lot can be done within the unregulated boundaries of "Providing diagnostics and improving our services".

This is why I haven't bought into products like Roon: In addition to profiling via your streaming habits, they really, really want to scan your offline content too.

I am concerned about online security. I do not have a facebook or twitter account etc and I use Gmail for everything. I am also of the mindset that in the grand scheme of things thinking how important could one person be in all this information skimming?

 

[North_Sky]

I think new intelligent TVs collect data, Tesla cars collect data, computers collect data...browsers, Alexa, Cortana, Sophia, Angela, Google, Edge, Apple, Samsung, Huawei, Amazon, eBay, ...

Hackers collect data too ...

 

[pozz]

This information can be bought and sold if it is scrubbed of PII (personally identifiable information). The legalities of this area are just being developed. It is used a lot in investment and finance circles in concert with new AI and data science. I haven't looked into this area beyond what I see at work so I don't have the full picture.

 

[JeffS7444]

I am concerned about online security. I do not have a facebook or twitter account etc and I use Gmail for everything. I am also of the mindset that in the grand scheme of things thinking how important could one person be in all this information skimming?

Let's put it this way: On the whole, this user info is valuable enough to sustain companies the size of Facebook and Google quite nicely. If you are logged into your Google account, use their Chrome web browser, they know your browsing history - their privacy policy says as much. And if the web site incorporates Google Analytics as many do, so much the better for them. Got an Android phone, they know your likely location at any given moment.

 

[Doodski]

Let's put it this way: On the whole, this user info is valuable enough to sustain companies the size of Facebook and Google quite nicely. If you are logged into your Google account, use their Chrome web browser, they know your browsing history - their privacy policy says as much. And if the web site incorporates Google Analytics as many do, so much the better for them. Got an Android phone, they know your likely location at any given moment.

There is no alternative in the present and going overboard on security makes things unusable. I simply accepted my fate years ago

 

[Tks]

This sort of garbage practice following audio products now as well?

This lawless frontier is something that irks me to no limit as time goes on. Day by day the practice is taken to new heights, while we have idiots of the same caliber in the audiophile realm; with comments like:

"If you got nothing to hide, then you got nothing to worry about."

Snowden shut these clowns up real good when he said something along the lines of: "Guess we should get rid of freedom of speech for those that have nothing to say".

There is no alternative in the present and going overboard on security makes things unusable. I simply accepted my fate years ago

https://www.reddit.com/r/privacytoolsIO/

EDIT:

@Doodski One of the best things you could try and learn to setup is something called PiHole, or at least if you use Internet browsers on your comptuer, use Firefox and dump Chrome if you got it, along with the addon Ublock Origin (don't bother with others of the similar name). This will go a long way. The former is a bit of a learning curve, while the latter is braindead easy.

No need to have all your doors open for creepy corporations to sell your information without your consent, and without your benefit (share of the profit).

 

[maxxevv]

Can't one just use a firewall and block the outgoing connection since it goes to a specific domain ?

 

[Doodski]

Can't one just use a firewall and block the outgoing connection since it goes to a specific domain ?

A good firewall can block by MAC address or domain name/IP. You might like the http://www.smoothwall.org/ firewall. Fully featured open source.

 

[RayDunzl]

I do not have a facebook or twitter account

I have two facebook accounts that I don't use.

I forgot the login for this one, and the email address it uses is no longer valid

It can be amusing to see others with similar names...

Nice... https://fa-ir.facebook.com/barf.in.98

So having forgotten the login to the first one, and hearing about Facebook eliminating all their FAKE ACCOUNTS just prior to their IPO, I created a totally new personna to test their purges.

This one should set off their "Terrorists that look a bit like The Fonz" alarm, as well as any number of FAKE ACCOUNT triggers.

But it is still there, years later.

Maybe forever.

Turns out there are many real Faiks in the world.

 

[maxxevv]

A good firewall can block by MAC address or domain name/IP. You might like the http://www.smoothwall.org/ firewall. Fully featured open source.

Yes, I'm aware of it. It can be done natively using Windows too.

https://www.online-tech-tips.com/windows-10/adjust-windows-10-firewall-settings/

Some router administration programs can allow similar blocking options independent of the OS.

I was just wondering why nobody has done that since they don't agree with the amount of data being uploaded.

 

[Doodski]

Yes, I'm aware of it. It can be done natively using Windows too.

https://www.online-tech-tips.com/windows-10/adjust-windows-10-firewall-settings/

Some router administration programs can allow similar blocking options independent of the OS.

I was just wondering why nobody has done that since they don't agree with the amount of data being uploaded.

I think PC and network security is something many people don't get around to. Most people set it to auto and forget about it and they've not learned about the options in the sub menus.