back to article Vodafone: Yes, we slurp data on customers' network setups, but we do it for their own good

Seeking to improve its pisspoor customer service rating, UK telecoms giant Vodafone has clarified just how much information it slurps from customer networks. You might want to rename those servers, m'kay? The updates are rather extensive and were noted by customers after a headsup-type email arrived from the telco. One …

  1. Anonymous Coward
    Anonymous Coward

    call centre

    We all providers are bound under the rules and regulations of the of-com

    apart from the fact that these are just outright lies to avoid potential confrontation, why do I get the feeling that this person is unfamiliar with a lot of UK laws anyway..

    1. Chris G Silver badge

      Re: call centre

      Voda' employees and those of Voda' franchises are trained to lie, I say that because the lies you get from different people at different locations have a common theme similar enough to show they originate from the same source.

      In my last dealings with them before going to a different supplier I recorded the conversations.

      When you record face to face in one of their shops and tell them you are doing it, the conversation on their side is almost non existent.

      1. Kubla Cant Silver badge

        Re: call centre

        When you record face to face in one of their shops and tell them you are doing it, the conversation on their side is almost non existent

        Not disagreeing with your general point. But if I was working in a shop and somebody came in and started to record a (possibly confrontational) conversation, then I think I'd be pretty tight-lipped too.

    2. DomDF

      Re: call centre

      When talking to Vodafone this morning it felt like trying to have a conversation with one of those natural language AIs but, allegedly, it was a human being, albeit a foreign one.

  2. t0m5k1
    Thumb Down

    Glad I chose not to move to them even though they continue to call, email and SMS me repeatedly to the point I've blocked them on my mobile which is on contract with Vody!

    1. Swashbuckled

      It’s a great shame they didn’t call, email me or SMS me - instead, they had a Default put on my credit file. That has has ENDLESS dreadful ramifications for me, loss of previously high credit limits, cancellation of my cards etc. I intend to sue them.

  3. FuzzyWuzzys
    Facepalm

    Perfect...

    ...until they get hacked then you have a perfect "map" of Vodafone customer home layouts so you know which might hold the richest pickings ( clue, the networks with lots of Apple devices given the rise in a Mac malware! ).

  4. Anonymous Coward
    Anonymous Coward

    BT does the same

    All BT Home Hubs send back these details of your personal network, despite this being your private data.

    1. Andy 97

      Re: BT does the same

      *Not in a hostile tone* Do you have any proof?

      I know they employ deep packet inspection to find Kodi-serving freetards and those who are stupid enough to seed torrent files on their home computers. I also remember they ran a service which harvested DNS enquiries (which they sold to a 3rd party), but this is new.

      1. Peter Gathercole Silver badge

        Re: BT does the same

        Just a quick fact-check. Torrent itself is not necessarily bad. It's just that a majority of data shared is copyrighted material.

        But not all of it.

        1. Pascal Monett Silver badge

          Torrent is great to get and share Linux distro images. I'm sharing Mint 19.1 and 19.2 images and the ratio on that is sky high.

      2. tiggity Silver badge

        Re: BT does the same

        Kodi is not intrinsically bad - depends what people do with it.

        I use mine to watch recordings on network PVR from a different room

        Just like torrents, people can use Kodi for nefarious purposes but lots of legit uses.

        1. Tinslave_the_Barelegged

          Re: BT does the same

          > people can use Kodi for nefarious purposes but lots of legit uses.

          I hope you're planning to shop yourself. It's almost certain that West Midlands police have added using Kodi to their list of thought-crimes

          https://www.theregister.co.uk/2020/02/14/silly_police_infosec_parental_advice_poster/

        2. Andy The Hat Silver badge

          Re: BT does the same

          I have a big kitchen knife, an axe, some acid and a 40 gallon drum but I don't honestly recall ever disposing of bodies ... unless I'm a "sleep mass murderer". Having legal tools is not an issue, it's what you do with them ...

    2. Cuddles Silver badge

      Re: BT does the same

      I have an old enough Homehub that BT refuse to believe it exists, despite it clearly connecting perfectly well. I doubt they're spying very successfully on the rest of my network when they can't even figure out what their own kit looks like.

  5. Captain Hogwash

    So...

    For the benefit of an ignoramus such as myself, this can't be avoided by not using the Vodafone supplied router?

    1. Dan 55 Silver badge

      Re: So...

      Can't you connect your own in modem mode? Seems like that'll stop the WiFi slurping at least.

      1. Captain Hogwash

        Re: So...

        I'm not sure I understand you. I have been using only my own kit with various ISPs for many years. Does this mean my LAN is unslurpable by the ISP or am I as vulnerable to it as though I was using the ISP supplied kit?

        1. Dan 55 Silver badge

          Re: So...

          I had this idea that you had to use the VF router as they wouldn't give you the passwords but you could switch it to modem mode and plug your own router into the VF router and answered based on that idea. Probably this is only necessary for fibre connections, ADSL is easy to use your own kit with.

          I guess ISPs are slurping WiFi/MACs/device names using TR-069 which is another point in favour of running your own kit (no TR-069).

          But if you have to use ISP kit then it's best to hang your own router off of it and use that for as much of your local network that you can.

          1. Captain Hogwash

            Re: So...

            Vodafone gave me the login details for VDSL when I signed up a few months ago. I've been using my own kit (and only my own kit) with every ISP for the last 10 years or so since I realised O2 were trashing my configuration settings in the router they supplied whenever they forced a firmware update.

            So, to be clear, my LAN is safe from this slurpage or not?

            1. Dan 55 Silver badge

              Re: So...

              I would asume so as MACs and device names don't ordinarily leave the router via TCP/IP.

          2. Mike007

            Re: So...

            It is a sad aspect of consumers wanting some fully managed service, with the CPE often not properly supporting transparent mode.

            I have a Zen line where they supply the PPPoE credentials, however they also supply a CPE which is utter crap. I have a routed subnet, but the CPE does not properly support this (If I recall I could only forward single ports for specific IPs using using it NAT mode, or if I used the public subnet on the "LAN" side with no NAT then it wouldn't let me open up inbound connections at all). The supplied CPE had a "PPPoE passthrough" mode which should in theory be "just a modem" and allow my own router to terminate the PPPoE session to bypass it, but this did not work properly. Zen are a more technically orientated ISP than most so for them to have this crappy CPE just shows the state of the market.

            I had an Openreach modem from a previous service, so just plugged that in to terminate the VDSL line and have my router terminate the PPPoE and all works fine. So, it is purely the CPE they supplied that was the problem and I found no way to make the thing stop screwing with my packets and just be a dumb modem. Those plain openreach modems are not avaliable any more, they used to be mandatory but people complained about "needing 2 boxes" so they dropped that rule and required ISPs to supply a modem which they did using integrated units containing Modem+router+wifi+kitchen sink.

            It certainly is simple enough to bypass the crap, but even if you can get the required credentials (some ISPs just use IPoE so no creds needed) the problem is that it is a bitch to find a dumb modem (or CPE which will act as one) these days...

            1. LeahroyNake Silver badge

              Re: So...

              I'm guessing that Zen Cpe is a Fritzbox?

              The standard Fritzbox is not that bad but Zen configure them in a way that disabled modem mode. VPN pass through and the SNMP also has issues.

              At least Zen provide the login details so using your own decent kit is easy.

          3. Ewan121

            Re: So...

            They freely give you dsl usernames and passwords to use your own equipment. I've been doing so with vodafone for the past year.

            Just get an old openreach modem if your on fttc as they don't have a modem mode in the router as far as I remember

            1. Fursty Ferret

              Re: So...

              Exactly what I do. I've no idea what the uptime is on the modem but it's not been unplugged since I moved in 4 years ago.

              More worried about the cheap Chinese mesh network that the modem is connected to.

        2. LeahroyNake Silver badge

          Re: So...

          Good luck with that if you have Sky broadband. The last time I tried helping out a relative with connection issues they refused to supply the connection details (this was a few years ago). Half hour to faf around making up a cable and 2 minutes with wireshark I managed to connect a Draytek ADSL router and I think its still working fine. Their support were absolutely useless!

          1. tfewster Silver badge

            Re: So...

            Similar experience here, Sky Customer Service refused to supply the connection details but the agent did suggest looking on the Sky broadband forums for "semi-official" login account details. Which only took 5 minutes ;-)

  6. Pascal Monett Silver badge

    "Our service helps overcome these issues"

    Could someone please explain to me how capturing the MAC and IP addresses of the stuff I use in the privacy of my own house is going to overcome any issues whatsoever ?

    I am well aware that any service provider likely has this capability - after all you're paying it to provide you with connectivity, so it obviously has the means to manage that connectivity. And that includes knowing what you connect to its service. Fine.

    Except that, I can have a WiFi printer that the rest of computers can use. That printer is not going on the Internet, cannot be used from the Internet, and my computers using it do not send anything over the Internet to get to it to print. So why should my provider grab that address and what can it do with said address to "overcome these issues" ?

    Apart from being able to tell me what I have connected to my network, I don't see how any provider can optimize anything at all with that information. And I'm not saying my provider is selling that info, I don't think so, honestly.

    So what good it is to have that info ?

    1. nematoad Silver badge

      Re: "Our service helps overcome these issues"

      "...give customers an improved home broadband experience."

      Yes, you could get that by moving away from Vodaphone given the reported problems people have but if other ISPs are up to the same tricks which way should you jump?

      The only reason Vodaphone is in the frame is because they have come out and admitted what they are doing. It might be useful if other ISPs started doing the same.

      Personally I'm thinking of moving away from Plusnet to a local ISP as they have quite a good reputation.

    2. babydave

      Re: "Our service helps overcome these issues"

      The first thing that comes to my mind is where you print something on a colour printer and possibly the make, model, serial and MAC is watermarked into the printed document as described here...https://en.wikipedia.org/wiki/Machine_Identification_Code

      Finding that hidden info is generally not enough to identify the person printing but once a database exists of the locations of a particular MAC address that suddenly changes. Also consider the many possibilities this opens up - there are quite a few things i can think of - good and bad, What about stolen devices that have a MAC address??

    3. DuncanLarge Silver badge

      Re: "Our service helps overcome these issues"

      Well the only thing that comes to mind is if you have several devices that have the same IP they would be able to detect that.

      But for that to happen al least one of your devices would need its address set to static, so you probably would be able to debug such a situation yourself.

      1. PM from Hell

        Re: "Our service helps overcome these issues"

        I've had IP address clashes on my homehub when everything is set to dynamic. The hub through a wobbly, crashed and restarted (many times) the hub cleared down the local routing table and allocated new addresses for connected devices. Powered off devices retained their original IP address. It took a while to diagnose as several of the devices are powered from TV's and power up and connect as soon as the tv is turned on.

        In the end I had to factory reset half a dozen things and force several others to renew their IP addresses before the network became stable again.

        1. Pascal Monett Silver badge

          Yeah okay, but it's not your provider that helped you with that.

    4. thondwe

      Re: "Our service helps overcome these issues"

      MAC addresses have manufacturer specific pre-fixes - so it's possible to ID the basic device type from the prefix and certainly the WIFI card supplier - which I guess they could match up to known problem models? Though I'd expect this to lead to a proactive missive to the customer suggesting a replacement/upgrade of their last 802.11b devices might help their wifi setup?

    5. 2+2=5 Silver badge
      Joke

      Re: "Our service helps overcome these issues"

      > Could someone please explain to me how capturing the MAC and IP addresses of the stuff I use in the privacy of my own house is going to overcome any issues whatsoever ?

      I don't know, but I always make sure to use 192.168.2.x just to confuse them.

      1. Fursty Ferret

        Re: "Our service helps overcome these issues"

        I suppose that potentially if one manufacturer makes shit products that cause problems with other devices, knowing the MAC addresses will help narrow down the cause.

        Don't use the Vodafone router if you're unhappy with the data slurping (although as routers go the new one isn't terrible). Vodafone happily gave me the login details to use my own router when I asked.

  7. Neil Barnes Silver badge

    And that is why

    Even though I am not a Voda customer, my ISP's modem is used solely as a pass through modem, with all the wifi and other gubbins turned off and handled by my router.

    1. Rathernicelydone

      Re: And that is why

      I AM a Vodafone broadband customer and I have the Voda supplied router switched off because it is really crap. I have a BT Whole Home mesh wifi system all connected to the Voda router via Cat5. So dodgy slurping aside I have generally been happy with the Voda service - at least they don't traffic shape me even when I am downloading torrents at peak times.

  8. iron Silver badge

    And this is why you never use the ISP supplied router.

    I'd add never use one of the BIG 5 but most people prefer low price and bundled footy deals over security, reliability and speed so there's no point.

    1. Korev Silver badge

      >And this is why you never use the ISP supplied router.

      Me too, the only problem is that I deployed Ubiquiti gear Ubiquiti gear...

    2. Mike007

      And when the modem is built in to the router, and has no option to turn off the router side of things and use it as a dumb modem?

      The ISP will happily provide an integrated system, but find one willing to supply a dumb modem... and for some reason buying one yourself is more expensive than a full bloatware router with integrated modem.

      Was much better when VDSL service required an openreach modem for the VDSL and the ISP supplied a separate router that connected over ethernet, made it easy to just not use the ISP supplied paper weight.

      1. phuzz Silver badge

        It's not possible in all circumstances, but companies like Vodafone and Talktalk don't manufacture their own modems, they just buy them from other companies and slap their own branding on.

        So, sometimes, the (eg) Vodafone router you received, is just a re-badged Huawei unit, and you can just flash the default firmware to get a non-vodafone device.

        Or you might end up with a bricked modem that Voda refuse to support, you takes your chances...

        1. Strahd Ivarius
          Trollface

          And so instead of having Voda slurping your information it is the Chinese doing it?

  9. Joe Drunk
    Windows

    Not surprised, probably all ISPs do this, even in the US if you use their router

    As other commenters have noted the solution is to use your own router. My previous ISP provided a combo modem- WIFI router they managed. I connected my router to theirs, thus making my LAN invisible to them.

    I personally know more people using their ISP supplied router than one they purchased. Most people aren't boffins and are clueless as to how a router or any of their internet do-hickeys work. They will call their ISP for any problem with their LAN (Ipad can't connect, wireless printer won't print, etc.). I can see how the ISP gathering information on their LAN would be useful in troubleshooting.

    Sound off - how many people do you personally know that have purchased their own router versus those using the one provided by their ISP? For me about 80% fall in the latter category.

    1. anothercynic Silver badge

      Re: Not surprised, probably all ISPs do this, even in the US if you use their router

      This is what I do too... Makes the most sense. Things in your network just continue to work, the connection to t'Internet changes but nowt else...

  10. steelpillow Silver badge

    Connection management

    Vodafone manage their connection points remotely and give client connections something very like NAT: the other end sees a generic Vodafone IP and not the client connection's IP. Does it with IPv6 too, so I am not sure if that is NAT or something else like a VPN or some mobile protocol or whatever. Certainly, my login to Wikipedia is frequently tainted by vandals given the same dynamic IP, be it v4 or v6. Then, the remote manager also has a subscriber web interface so we can log in and fiddle with things like net nannies and firewalls.

    They obviously need to record a fair amount of shit to do all that. Not convinced they need to slurp /that/ much, though.

    1. burnard

      Re: Connection management

      Hmm...I think you are confusing Vodafone with Virgin. Virgin do this for business customers to give them static IP addresses as the base network is built around DHCP. The business connections run on this also. So if you check your IP (router or IP chicken) you will see the DHCP address, but the static IP you've been sold is still good for inbound traffic. You just don't "use" it for your outboud. Causes some challanges for businesses and SIP.

      Vodafone don't to do this. The IP address you see on your router is the same one you get when checking via IP chicken etc.

  11. DomDF

    This combined with the ongoing outage since 9PM last night makes me glad my contact is up in under a month.

  12. Anonymous Coward
    Anonymous Coward

    I am a Vodafone customer, and I know why their service is so ****!

    Two reasons.

    Vodafone use the "stable" profile - most UK FTTC ISP's use the "Gaming" profile. I didn't find this out till after switching and I've gone from 38Mb download sync speed to 33Mb. Not great.

    Vodafone's supplied router is terrible. Why? Two reasons actually.

    One the wifi is poor. They talk up AC standard and Beam Forming. Heads up Vodafone, it doesn't work. After switching I couldn't get wifi in my bathroom, ruining my "alone time".

    Two, due to some firmware bug to do with FEC(?) errors, the router will re-sync the line to try and stablise it. Not good! The BT end sees all the re-syncs and thinks the line is unstable. The "stable" profile they use is more cautious about sync speeds and drops it down. The result, your sync speeds get lower and lower over the course of time. It settled at 25Mb for me. This is a line that was a solid 38Mb with Sky for 2 years. Hmm...should've eaten the price increase!

    I managed to fix some of the above by buying a new router at my own expense. I won't plug makes/models, but suffice to say my wifi now reaches my bathroom again, and the sync speed has recovered to the above mentioned 33Mb. Still not 38Mb, but less of a noticeable reduction in day to day use.

    Note that if you do change router like I did, it can take quite some time for sync speeds to recover. The BT end needs to see 7-9 days of stability before it tries to up your speed a little bit. In all I think it took about 2 weeks to get back up to 33Mb. My router reports my line is capable of the 38Mb I had previously, but the "Stable" or "Business" line profile Vodafone insist on using is preventing me from getting there.

    Vodafone = AVOID! I will be leaving as soon as my contract ends. Wish I had known some of the above before joining, but a lot of the "real" informaiton about ISP's that customers need is hidden. Like the line profiles ISP's use. Not published or easy to find out.

    P.S. If anyone cares...my cabling from master socket to router is CAT6. The cable the ISP sends you is garbage. Go on eBay and buy one, I guarrantee it will improve your FTTC sycn speeds immediately!

    1. Martin an gof Silver badge

      Re: I am a Vodafone customer, and I know why their service is so ****!

      Note that if you do change router like I did, it can take quite some time for sync speeds to recover. The BT end needs to see 7-9 days of stability before it tries to up your speed a little bit.

      I only have direct experience of ADSL, but I assume it's the same for VDSL. If you have a halfway competent ISP (presumably not Vodafone, but again I have never been a customer of theirs) you can speed up this process by asking the ISP to order a line card reset (I forget the exact terminology, but it's something like that). This forces the thing to start from scratch, forgetting everything it has "learned" about the line.

      The upside is that you will see immediate vast improvements in speed, the downside is that it may try a little too hard to begin with so you may see some instabilities for the first couple of days.

      It's worth being absolutely certain that there isn't a genuine fault on the line first, as any ISP may get tired of repeated calls for a "reset". We had a situation where water had got into an underground junction and causing all sorts of issues, but stopping short of complete disconnection. The line card "learned" that the line was noisy, so even after a few days of dry and sun it didn't increase the speed until I'd asked for a reset.

      Eventually, of course, I asked for an engineer, who found the root cause.

      My modem - a Draytek - has a diagnostics page. Among other interesting information it lists "Actual rate" and "Attainable rate". A big discrepancy in this pairing (alongside a "high" SNR margin), even after a modem restart, can indicate a line card reset is required.

      Or patience.

      M.

  13. Muscleguy Silver badge

    Hmm,

    I'm with Virgin and I have their app which allows you to check your status and get an automated check of the router, which resets it remotely. I have so I can use the data on my phone to see if it's my router or the local cabinet (the dogs pee on it). They also know how many times recently I have reset my modem since if your ring they will note that fact. I've never seen anything which says they slurp MAC addresses from it though.

    Helpline staff training also doesn't seem like it was. They sent me a new modem, same as the old one except for a phone socket. It wouldn't remember my settings on it. The original helpline dude asked why I would want to change from the default settings . . . I don't broadcast or advertise it's presence. You have to know it's there and the name of the bit you want to connect to as well as the correct password (set by me) to connect to it. It will not appear on your list of available WiFi's. i got it kicked upstairs and got a very helpful and pragmatic Brit who just advised me to go back to my old router. I still have the borked one, they didn't want it back.

    I'm not interested in the neighbouring teenagers using it for nefarious activities and me getting a visit from the Polis.

    I can see two other WiFi's which both look bog standard. One BT, one Virgin. I wonder how divorced from the discoverable numbers on the device the default password is.

  14. heyrick Silver badge

    "it gives a third party that information [...] there is no way to opt out"

    Uh... GDPR?

    1. Zippy´s Sausage Factory

      I was wondering that myself. Does anyone remember what happened when people tried arguing over whether IP addresses were personal information? Or has anyone actually resolved that for MAC addresses yet?

  15. LeahroyNake Silver badge

    Auto channel

    I though and half decent WiFi router or AP had an auto select best WiFi channel?

    No reason at all for the ISP to know that channel let alone the devices connected to it.

    If they wanted to improve customer support maybe add that functionality to the Vodafone app? Something similar to WiFi Analyzer maybe, it's then opt in and would allow you to walk about to find signal strength issues etc. Probably too easy though.

    1. Martin an gof Silver badge

      Re: Auto channel

      I though and half decent WiFi router or AP had an auto select best WiFi channel?

      Dunno about that (except for some mandated use at 5GHz), but if they do they seem only to choose (on 2.4GHz) between 1, 6 and 11. I've done some wandering around, trying to work out where best to place my APs, and I have only met one local user with WiFi on anything other than those three channels.

      It wouldn't be quite so bad if they used 1, 5, 9, 13 which are also non-overlapping. I assume that as 12 and 13 aren't available in the US (though they are available just about everywhere else) it's easier for firmware writers to ignore them.

      The situation is a little better at 5GHz because the four "easy to use" channels are already non-overlapping, and it's still quite underused, even more so on the "not-so-easy-to-use" channels, which simply aren't available on some APs.

      Interestingly, quick scouts around using WiFiAnalyzer show that most local APs are 20MHz only, which is probably a Good Thing.

      I know a bloke who got so fed up with poor WiFi that he made lots of new friends with his neighbours and reconfigured their WiFi for them, to benefit them all.

      I also know an IT professional who insisted that multiple APs on the same network also had to be on the same channel, as mobile devices could not "roam". This lead to certain blackspots in the building where a reasonable - but equally powerful - signal could be seen from two (or three!) different APs, but the throughput was abysmal.

      Oh, and why do some people leave their HP wireless printers broadcasting to the world and his dog using default credentials?

      M.

  16. JohnG

    IANAL bit it seems extremely dodgy for a service provider (with whom you have a contract) to demand that you agree to having your personal data handed to some third party (with whom you have no contract,no legal relationship and no contact). It sounds like the sort of thing that should not happen by default and not without a customer's explicit permission.

  17. TFL
    Flame

    Assume ISP is hostile, control your own network

    My ISP (and employer, as it happens) sees one device attached to the router, and none via Wi-Fi. The one device is a firewall, and all the real stuff is behind that.

    Sure, they could run some equivalent of Kismet to see what's around, but it won't tell them too much, and nothing they need to know in order to keep the pipe running.

  18. Ewan121

    Easy way out

    I've been on at Vodafone about this since they emailed me. Turns out the easy way to opt out is by doing what I've been doing for ages. Use your own equipment, not Vodafone supplied router.

    It's still ridiculous there isn't a way to opt out officially.

  19. kraduk

    PPPoe credentials are fairly easy to extract from nearly all locked down CPEs. Most of them have ppp on default config, so there is a PAP fallback mode. So all that is needed is to fire up a PPPoE server that doesnt off chap authentication. Next plug the wan port of the CPE into the nic running the PPPoE server. Not long after you will have the details in your ppp logs, or failing that wireshark

  20. Mihai

    Sql names

    Anyone with Vodafone adds a server name to drop their database? Just sayin...

  21. Mike 137 Silver badge

    The ICO [praised] Voda, telling us: "It's important that organisations are transparent "

    That's alright then - you can carry on abusing your customers as long as you tell them you're doing it.

    Next, it'll be OK to mug someone as long as you shout "this is a mugging" - right back to the "stand and deliver" of the 18th century.

    In my practical experience both as a private person and a data protection consultant, the ICO is now hardly worth its (admittedly limited) budget. Under its previous leadership is was actually better on much the same resources.

  22. skalamanga

    Time to rename all my wifi smart bulbs and connect up that box of esp8266's. Might as well spoof the mac addresses while I'm at it.

  23. Spamfast
    Facepalm

    If you haven't built it yourself, don't trust it.

    My ISP's router is on the same network as exactly one device - my border NAT firewall. Inside that our phones & Chromecast-type stuff are on a DMZ network separate from my compute gear.

    Unfortunately, Joe Q P hasn't been given the understanding as to why this is prudent in the same way as he doesn't understand why posting his child's entire upbringing on Facebook is A Bad Idea™.

    I'd still like to see the ISP's execs nailed to the the wall but it's never going to happen in the current political climate.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020