Turris Omnia data collection? Turn off?

I assume that the Turris Omnia is subject to the same data collection as the regular Turris?

Is this data available to the user? Can the data collection be turned off? What exactly is sent? How is it sent? Are the more details on this?

EDIT: Found more info regarding security on https://www.turris.cz/en/security
but still doesnt answer all questions
BR

I think it was developed with even more advanced data collection in mind. The container feature is a by-product of this. They are used for the honeypots in Turris’ data collection.

The result (tons of blocking firewall rules) are. There are also some statistics. Turris - network devices and have a look under Results.
Sometimes they publish on their blog like Who’s poking at our Turris SSH honeypot | The CZ.NIC Staff Blog

Yes, for the Omnia sold on Indiegogo there will be an option to enable this. Default disabled. https://discourse.labs.nic.cz/t/turris-os-firewall-logs/402/2

A bit of background may be found in the slides to their talks at RIPE 71 and OpenWRT summit.

Great! Ordered a 2GB WIFI monster.

Last but not least you can always simply remove the software.

FOSS f.t.w.! As in; you are free to do whatever with it! The sky is the limit with the exception of the Omnia’s WiFi blob(s) ).

Although I am turning the uploads “ON”; explicitly for the reason that this whole thing seems ethically sound (it being turned off by default, it being open source, etc.)! And also; because the “advertised” reason (added security against third parties).

I love the whole concept of the Turris Omnia!

I´m not against the uploading concept in itself, as it seems sound. I just need to know (in technical detail):

  • What is being uploaded?
  • How is it sent? Encrypted? HTTPS? PKI?
  • How is it stored? EncrypteD?
  • Can it ever be traced back to me?

Take a look at the code on github. It is pretty self explanatory how it is uploaded.

Got (or should I say: “Git”) to :heart_decoration: FOSS!

The uploaded data is obtained from three main sources: uCollect plugins, firewall events and selected syslog records. All of the data is transmitted over a secured channel (HTTPS POST requests or TLS-secured TCP connection).

The uCollect is a small daemon that runs on the router and collects some metadata. It either does some analysis on the device itself and then sends the processed data or collects data that is sent to the server directly. It has a plugin architecture and the plugins are added (or removed) over time. If you are into the gory details, it’s best to visit its repository: https://gitlab.labs.nic.cz/turris/ucollect/tree/master

Firewall events that are analyzed are mostly blocked incoming connections (someone tries to access a port that is not opened on your router), or connection attempts to some malicious servers, e.g. known botnet C&C servers, from your network. This collection is done by a tool called Nikola, which you can find here: https://gitlab.labs.nic.cz/turris/nikola/tree/master/Nikola

The last part - syslog records, are collected by a small utility called logsend. It just parses the information about “our” services (uCollect, Nikola) and important router health information and sends it to our server.

If you decide to turn the data collection on, you will have to agree with some sort of EULA that defines the scope of the data collection and the retention policy. Currently we retain the data for 10 days, then it’s deleted or anonymized (either the local or remote end of the communication is dropped). During the 10 days, it is possible to link the records with you, but to be honest, it’s far less interesting for three-letter agencies than the data collected by your ISP.

2 Likes