Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
The only outbound connection made with me by this firmware is when the firmware checks for availability of a new version. During this check the only information that might be obtained is the IP address of the connection (part of the HTTPS connection). This information is only technical purposes, and will not be shared with any third party.
The only outbound connection established by this firmware with the Asuswrt-Merlin developer is through the new firmware version check function, which is enabled by default since firmware version 380.64, and can be disabled by the end-user if he desires to do so.
The firmware version check works by downloading a plain-text file over HTTPS, and locally (on the router) checking if there is a newer version available for the specific router, by examining the downloaded file content. The only information that might be obtained by the remote server is the IP address of the connecting router (which is normal for any web connection). No other information is transmitted. By default, this check is made either every 48 hours, if initiated by the user, or following a reboot of the router. The update frequency can potentially change with future firmware releases if deemed necessary.
The new firmware check uses the same mechanism as put in place by Asus for their own original firmware check, but with a few changes, such as directing the firmware check to the Asuswrt-Merlin server and disabling the automatic download of new firmware.
Your IP address may be logged by the server's web server, and can be retained in the server logs for up to a month, as part of the server's regular log rotation. The content of this log file is only kept for troubleshooting purposes, for example to track and block abusive connection attempts to prevent disruption of the service, or to evaluate the server load generated by this process. These log files and the logged IP addresses will never be shared or accessed by anyone other than the server administrator (currently the Asuswrt-Merlin lead developer), unless ordered to do so by a court of law.