Preserving your privacy online can be a difficult prospect. Whether by devising uncrackable passwords or using a VPN, users continue to seek new means of preventing someone from spying on their Wi-Fi Networks. An underrated aspect of online security, however, is the hardware itself. Router suppliers in particular have garnered the ire of some critics due to their position at the nexus of their customers’ data, making them uniquely capable of infringing upon the privacy of their clients. A recent report by opens a window into the industry’s privacy practices by reviewing over 30,000 words of fine print and reaching out to representatives for seven of the largest providers, namely Arris, TP-Link, Eero, D-Link, Asus, Google Nest, and Netgear. The results were less clear-cut than you’d hope. For the most part, company privacy policies were long, opaque, and convoluted documents likely crafted to create as much of a legal gray area as possible. Unfortunately, such documents make it incredibly difficult for the average user to discern the privacy protections of their selected providers. And while most denied selling browsing information, all were found to collect user data for use in marketing or system maintenance.
The issue made headlines in December 2024 when the Wall Street Journal reported that the Departments of Commerce and Justice were discussing banning TP-Link, one of the country’s most popular routers, due to national security concerns. Such actions regard the company’s potential link to the Chinese government, whose national security laws compel internet companies to share data with the military. Although no bans have come to fruition, the controversy raises serious questions regarding the security and privacy of popular Wi-Fi routers.
Is your router spying on you? It’ s complicated
According to journalist Ry Crist, the surveyed firms collected some form of user data, ranging from identifying information like owners’ names and addresses to key technical information, usage, and performance metrics. While router firms use this technical data to measure and ensure equipment performance, they all admitted to using it, in some form, for marketing purposes, often with third parties. And although some firms noted that most of their partners are beholden to company privacy policies, what level of information is shared remains largely unclear. For instance, CommScope, whose routers retail under the brand Surfboard, noted in its privacy policy that it shares “Personal Data as necessary to provide our products and services and respond to requests, and to fulfill other business and compliance purposes.”
The lines are clearer when it comes to users’ browsing history. Google’s user agreement, for example, explicitly states it does not collect browsing data. Eero and Asus, meanwhile, denied monitoring internet histories in direct communications with Crist. Both Netgear and TP-link, for their part, stated that they do not track browsing history unless customers opt into parental control programs or other services. A CommScope representative told Crist that its retail Surfboard routers have “no access or visibility to an individual users’ web browsing history.” Several companies, like TP-Link and CommScope, disclosed using cookies and other data tracking tools on their websites. was unable to determine whether D-Link tracks user activity through its user agreements or via a spokesperson.
Protecting your privacy
As an industry, router companies are inconsistent in how users can opt out of data collection practices. For some, like Asus and Motorola, whose routers are managed by Minim, users can opt out of data collection directly in their interface’s settings. Google Nest, for its part, allows users to do so via the app. You can locate this setting by going to your Wi-Fi tab, hitting Settings, and selecting Privacy Settings. Many companies, however, make the process more burdensome, requiring customers to email their requests or submit online forms. Commscope, for instance, requires users to submit their disapproval online, whereas Netgear provides a user data deletion form on its website. TP-Link allows users to opt out of targeted ads via Amazon, Google, and Facebook through its website. Some companies, like Eero, stated that collecting select usage data is necessary for routers to function properly.
Users should consider additional privacy risks when reviewing their internet hardware. A less discussed privacy concern is whether your router stores user activity locally in its router log, which allows Wi-Fi owners, administrators, ISPs, and router providers to access a record of your network’s traffic and performance. While not inherently a means of spying, it is important to recognize that other users, or potentially hackers, can use router logs to ascertain private web browsing information. Luckily, router logs can easily be accessed and cleared via their admin dashboard. Similarly, popular smart home gadgets, ranging from security cameras to thermostats, can be misused by malicious actors to spy on their users. As such, users should research their IoT devices and ensure they take the proper privacy precautions.
