Netgear NightHawk R7000 routers now collect user data

If you don't want Netgear collecting your IP, MAC address or info about devices connected to the router, you need to disable it. Here's how to do it.

Netgear NightHawk R7000 routers collect users' data
Credit: Netgear

Netgear makes some popular routers, but do you really want the company behind your model of router to collect data such as your IP address and MAC address? If the answer is no, then you need to disable the "analytics" data collection.

Netgear’s NightHawk R7000 router, dubbed as “best-selling” and “top-rated” router on Amazon, is now collecting users’ data. Not just Wi-Fi information, but also information about connected devices, MAC address and IP. The data collection was enabled in the latest firmware update.

A Slashdot user spotted the change after Netgear updated its data collection policy. A support article—“What router analytics data is collected and how is the data being used by Netgear?—states:

Technical data about the functioning and use of our routers and their WiFi network can help us to more quickly isolate and debug general technical issues, improve router features and functionality, and improve the performance and usability of our routers. Such data may include information regarding the router’s running status, number of devices connected to the router, types of connections, LAN/WAN status, WiFi bands and channels, IP address, MAC address, serial number, and similar technical data about the use and functioning of the router, as well as its WiFi network.

While some people don’t believe the information Netgear is collecting from the router and sending to its servers to be overly sensitive, others believe data such as IP and MAC address don’t need to be collected at all. If you are a NightHawk R7000 owner in the latter camp, you should disable the data collection.

How to disable the Netgear dat collection

A Netgear knowledge base article says to disable the data collection “feature” in the router’s configuration panel by:

  • Entering the URL http://www.routerlogin.net in a browser to open a login window.
  • Enter the router user name and password. Netgear noted that “the user name is admin. The default password is password. The user name and password are case-sensitive.” Hopefully you have changed the defaults. If you hadn't, then you might as well do so after disabling the data collection.
  • You will be on the Home page after logging in, so select Advanced > Administration > Router Update.
  • Scroll down to the Router Analytics Data Collection section and select the disable radio button.
  • Click apply to save your new settings.

Don’t forget to change the default login credentials while you are in there if you haven’t previously done so. However, it is unlikely that you applied the latest firmware update if you never got around to changing the default credentials after so many thousands of internet-connected devices were jacked for the Mirai IoT botnet.

Netgear provides information on how to use the “Check” button in the router’s web interface to update the firmware. The company also explains how to change the default password or SSID or to make the password change using a Smart Wizard.

For people wondering how Netgear intends to secure the data it collects from users’ NightHawk R7000 routers, the company's support page points users to read the company’s privacy policy.

ASUS also accused of collecting too much information

Netgear isn’t the only router manufacturer accused of collecting too much information from users. Earlier this month, when Daniel Aleksandersen reviewed ASUS router firmwareASUSWRT—it came to light that ASUS sends data to Trend Micro servers about what websites are visited. The data collection is part of a deep packet inspection security feature and occurs if you use Apps/traffic Analysis, Bandwidth Monitor, Network Analyzer, Network Protection (AiProtection), Parental Controls, Quality-of-Service and/or Web History.

In the end, Aleksandersen recommended not buying any ASUS networking products. At the very least, he advised router shoppers to “be sure to review the terms of service and privacy policy of any router you consider purchasing.” If you are required to agree to third-party services, then that should scream red flag!

Cybersecurity market research: Top 15 statistics for 2017