There is so much wrong with this, that the usual EULA blunder is but the tip of the iceberg:
For a long time now, I'm using small fanless Linux boxes as routers for my home network, so clearly, I'm somewhat of a home router power user.
If there is one thing I have never ever in my life done with said routers, it must be changing their configuration while not at home.
This is incidentally the only reason why you would ever even want to consider using a cloud based home router management as an end-user.
IMHO a totally unneeded feature which also opens up a whole ton of other issues - privacy being one of them, security being a huge other part.
These linksys boxes are so far removed from even having having an acceptable security record... At least up until now, they would not respond to administrative commands from the outside. Now they clearly have to. Even if they got security significantly better than they did up to now, this is such a bad idea.
Oh, and I believe it's absolutely crazy to push an update like this as part of an automatically installed firmware update: when you alter functionality in such a broad way, the only thing you achieve is that people begin distrusting silent updates.
After years in which Chrome and Firefox finally managed to convince the public that silent updates might be a good thing (they certainly are for security - and web developers, I guess), stuff like this goes great lengths in destroying that trust again.
Let's see a couple of plausible use cases for a home router with a remote config capability:
* Husband calls wife who is at work: "Joey is visiting for a day, but he says our network is locked. Can you let him on? I don't know how to use this thing."
* Grandma calls her son the Dad who's away on a business trip: "I know you've blocked Facebook from your daughter's machine, but it's also blocked on my laptop. Can you unblock it for me? I'm trying to make plans!"
Sure, one could try to walk someone through the steps over the phone, or even remote desktop into a box to make the changes... or just tell them "wait til I get home, too bad!". But theoretically, both of these scenarios could be fixed with a cloud oriented mgt system.
Look, Cisco made a total clusterF out of how they handled this, but it's also easy to see what they were trying to solve for. They just hamhanded it, in a huge way. Also, these scenarios are potentially rare, so they made people change everything about the router just to solve these edge cases, agreed.
But I suspect many more products will have cloud/external management before long, whether they should or not. When something is hot, it becomes solutions looking for problems beyond the few they may actually solve.
I think you're giving them too much credit. To me, this screams of marketing driven decision. It seems transparent to me that Cisco was trying to get some synergy with their current marketing "Cisco Cloud" advertising.
I can just hear the marketing droids speaking now - "Wouldn't it be great if we could bring our little home users into the great cloud so they think they're important to us. Why would anyone object to that, I mean they already have opt-in to automatic updates so they are saying it's OK, they really want it".
> If there is one thing I have never ever in my life done with said routers, it must be changing their configuration while not at home.
Connecting to the router over the Internet and waking (WoL) up a computer behind it to pull some data is a neat trick, though today with cloud storage (Dropbox&co) there is no need for it. The only viable use for remote management is taking care of someone else's network but even that is usually unnecessary because network configuration only needs to be done once.
It's yet one more reason to run software you can truly control if only possible:
> This is why you should demand open source in your router, open source in your operating system, and open source in any application software that is important to your life. Because if you don’t own it, it will surely own you.
The privacy policy was half of the problem. The other half was taking everyone's internal-only routers and making them accessible through Cisco. This is the opposite of what most people want.
Make Cisco Connect opt-in on existing routers, make it opt-out on new routers.
Yet another case of 'It's better to ask forgiveness than permission.' Their capitulation is only natural considering the negative PR mess this has become, however it's hard not to imagine this being entirely intentional.
So basically, cisco was going to collect their own behavioral targeting dataset for sale or to get into the adtech business. Better yet, they were going to backdoor this in via an automatic update most users wouldn't see onto a physical device the users paid for. Some dbag there saw NebuAd and Phorm and get jealous, I guess.
Whatever else you may think of cisco, they sure do have big ole brass balls.
For a long time now, I'm using small fanless Linux boxes as routers for my home network, so clearly, I'm somewhat of a home router power user.
If there is one thing I have never ever in my life done with said routers, it must be changing their configuration while not at home.
This is incidentally the only reason why you would ever even want to consider using a cloud based home router management as an end-user.
IMHO a totally unneeded feature which also opens up a whole ton of other issues - privacy being one of them, security being a huge other part.
These linksys boxes are so far removed from even having having an acceptable security record... At least up until now, they would not respond to administrative commands from the outside. Now they clearly have to. Even if they got security significantly better than they did up to now, this is such a bad idea.
Oh, and I believe it's absolutely crazy to push an update like this as part of an automatically installed firmware update: when you alter functionality in such a broad way, the only thing you achieve is that people begin distrusting silent updates.
After years in which Chrome and Firefox finally managed to convince the public that silent updates might be a good thing (they certainly are for security - and web developers, I guess), stuff like this goes great lengths in destroying that trust again.