firmware update: add unique identifier for statistics #821
Conversation
Add merlin_fwupdate_uuid mvram variable to persist a UUID, UUID is randomly generated, not bound to hardware, and will be deleted after nvram reset (after factory reset). Statistics sent to the server are sent through the HTTP user agent in the format: Model-FirmwareVersion-UUID. (ex: RT-AX68U-386.7_2-323fd9e3-7c70-45af-b0de-57caec678e54) When the merlin_fwupdate_uuid variable is 0, it means that the user has explicitly opted out of statistics collection, will stop sending the unique identifier to the server, and revert to the default behavior of the previous firmware.
|
This is of no use since the update server is behind a CDN, and therefore the query never reaches the server itself. |
Since this data is sent to the server via the user agent, the log records the user agent for you. If you're using Cloudflare, here's an introduction to their logging information: https://developers.cloudflare.com/logs/reference/log-fields/zone/http_requests/ And you can even block check for update requests from illegal hardware via user agent |
|
This is just a proof-of-concept code as it is very simple to implement. The UUID is used to determine the uniqueness of each update request, and the UUID will be reset after the router is factory reset. Firmware and Model are used for statistics. Since this information is sent through the user agent, more granular management can be done in the server admin panel or in Cloudflare's dashboard. Also, if you decide to get statistics via the user agent, there are a few things that may need updating: First: the format of the user agent, you need a format that is more suitable for your server or CDN statistics and export. Second: Is the feature enabled by default? Because sending a unique identifier to the server may be considered data collection, although this information does not have the ability to locate the device and can be reset after a factory reset. But there are more things that need to be addressed here than code, including a clear privacy policy on the website, and data collection terms. Of course, this even means giving the user an opt-in and opt-out option in the GUI, which is beyond my capabilities. Finally: if you're going to expose statistics, as Tomato has done (https://anon.groov.pl/index.php ), there's a lot more work to do. I'm not expecting it to be merged because it doesn't make any sense until you're ready, and there are even unknown legal risks. so this code is just a proof of concept. |
|
Closed because I've elaborated my idea through code. Any further discussion should go to the SNB forum :) |
Add merlin_fwupdate_uuid mvram variable to persist a UUID, UUID is randomly generated, not bound to hardware, and will be reset after factory reset.
Statistics sent to the server are sent through the HTTP user agent in the format: Model-FirmwareVersion-UUID. (ex: RT-AX68U-386.7_2-323fd9e3-7c70-45af-b0de-57caec678e54)
When the merlin_fwupdate_uuid variable is 0, it means that the user has explicitly opted out of statistics collection, will stop sending the unique identifier to the server, and revert to the default behavior of the previous firmware.