Adaptive firewall is always download-only. EULA does not apply to it because of that. We highly suggest of course to participate. We are working on documentation for every component you can enable in Sentinel system to collect data. In short we have following components:
- firewall logs: those are logs about failed connection attempts from WAN side. That means what you are blocking (not what you allow).
- minipots: these are minimal honeypots we use to collect login attempts to various services. At the moment (Turris OS 5.1) there is HTTP, FTP, SMTP and telnet implemented. They again listen on standard ports on WAN.
- usage survey: this can be the only component you might have problem with. This is not used as data source for firewall but rather to maintain Turris OS. This collects OS version and list of installed packages. It is intended as source for internally used usage statistics to better allocate our manpower for distribution maintenance.
And beside Sentinel you can also use HaaS (that we use as data source to dynamic firewall as well). It is full honeypot but it runs on our servers while on router runs only proxy.
EULA also permits us (and we were doing so in the past) to collect some aggregated data flows from traffic. At the moment we are not doing that and in future we rather plan to use Suricata and collect only alerts it produces.
In short I hope you can see that while we collect some info that we are trying to not collect anything sensitive regarding our users. The only component that is truly “telemetry” (that is usage survey) can be disabled (in terms of fully removed from system) same as any other component.