QNAP will send data about NAS disks to 3rd party

[jeyare]

New AI Helps Predict When NAS HDDs are About to Bite the Dust | ExtremeTech

NAS manufacturer QNAP has come up with a clever way to predict HDD failure: train an AI to do it. ...

www.extremetech.com

So, Synology find out an idea to break of providing SMART data for NAS contains “unsupported” SATA disks. What is from essential point of view just a shoot into dark or a fairytale for newbies.

The QNAP is moving this point to another level:

Once you install the software on your NAS, it takes 14 days of monitoring your disk usage before the AI can come to any conclusions about your current disks’ health. From there it will continue to monitor the drives and compare them to its own database of millions of drives’ behavior in order to send you suggestions about their current status and future actions you can take.

I like data-mining it feeds me. The idea is quite good.
But it means new era for the NAS operation = monetize your data.

However, when they think about a really deep understanding of disk behavior in the NAS, they will need much more than just SMART data. And here's the problem.
For proper interpretation of the “my disk will die” you need more sources. Everything is logged in the NAS.
Sending of such bunch of data to 3rd parties, even to the NAS vendor is dangerous.

Better idea is capture all necessary data to a container and create sequence of statistical steps to get sufficient accurate scenarios = visible just for user of the NAS.

 

[WST16]

But it means new era for the NAS operation = monetize your data.

That’s nasty.
That’s why Synology is starting to enforce their hard drives– to protect us

 

[jeyare]

Last answer from Synology to my question, how they will protect user's data from DSMdump requested:

Synology has no interest in the Data or any part of it contained in your device, and even when for the procedure a full access to the system may be needed, and this may include access to the data, Synology respects the confidentiality, privacy and security of our customers.

No Data or any part of it will be accessed, used for any other purpose than the repair, or reproduced, duplicated, copied or transferred in any way unless needed for the procedure and agreed beforehand.

Synology will take every measure of due care to keep the Data and every part of it confidential at all times within and after the service and will not keep any duplicated copy of the Data or any part of it after the support process has ended nor will Synology disclose the Data or any part of it to any third party.

Your data is still protected by national and international laws.

I don't have a signed contract with them about their responsibility when they will get a full root account to remote connection to my NASes. I don't like these 'statements' with zero value - especially the last one: "Your data is still protected by national and international laws."

So, the reality is little bit different:

1. I don't use quick-connect or Synology ddns. But in my tcpdump I regularly found ongoing communication to checkip.synology.com. Every 3 minutes.:

as you can see in botom, both of the addresses are registered for the checkip.synology.com DNS record:

nslookup checkip.synology.com
Server: 172.26.32.1
Address: 172.26.32.1#53
Non-authoritative answer:
checkip.synology.com canonical name = ddns-checkip.quickconnect.to.
ddns-checkip.quickconnect.to canonical name = checkip.digitalocean.synology.com.
Name: checkip.digitalocean.synology.com
Address: 138.68.28.244
Name: checkip.digitalocean.synology.com
Address: 159.89.129.146
Name: checkip.digitalocean.synology.com
Address: 206.189.214.49
Name: checkip.digitalocean.synology.com
Address: 165.227.63.200
Name: checkip.digitalocean.synology.com
Address: 159.89.142.52
Name: checkip.digitalocean.synology.com
Address: 159.65.77.153
Name: checkip.digitalocean.synology.com
Address: 104.248.79.120
Name: checkip.digitalocean.synology.com
Address: 142.93.81.166

OFC, blocked in my firewall. But it is not enough.
Here is my Pi-hole queries dashboard (PowerBI) connected directly to the PiHole DB and monitored all selected records (traffic) deeply. So just for your imagination, this is filtered data cut from November 18th till now, just for domains contain 'synology' keyword, established from/to my home NASes in one of my locations (exclude checkip.synology.com).

Understand some of the domain traffic:
- contains "c2" - it is my backup to the C2
- contains "pkgupdate" or "pkgautoupdate" - update notification for DSM pack centre
- contains "kb"
- .... and all understable subdomains

Can't understand:
- ddns.synology ... when I don't use ddns services
- all the rest

 

[jeyare]

What websites does my Synology NAS connect to when running services or updating software? - Synology Knowledge Center

Synology Knowledge Center offers comprehensive support, providing answers to frequently asked questions, troubleshooting steps, software tutorials, and all the technical documentation you may need.

kb.synology.com

explained Synology targets

 

[fredbert]

I can see the need to discover the local ISP IP of the NAS's location when any DDNS is being maintained by DSM.

Either Synology uses a different IP discovery service for each DSM supported DDNS service, or they use one that they can rely on being available. My guess is that they use their own service because they are responsible for it, not some unrelated third party.

I've been, on and off, writing a DDNS updater Bash script. It came in useful last week when Cisco had an issue with some people not being able to use their DDNS IP updater URLs and I needed to keep Namecheap updated. Normal service has resumed with Cisco (OpenDNS and DNS-O-Matic). Anyway, I have looked into a few ways to discover my assigned ISP IP and here're a few of them.

The grep -oE extraction of an IP address was something I found posted by a helpful person somewhere. And DSM doesn't support dig so you have to use nslookup.

# getting ISP IP from Cloudflare
my_ip=$(dig TXT CH +short whoami.cloudflare @1.1.1.1)
my_ip=$(nslookup -type=txt -class=ch whoami.cloudflare 1.1.1.1| grep whoami.cloudflare | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")

# getting ISP IP from Google
my_ip=$(dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F '"' '{print $2}')
my_ip=$(dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
my_ip=$(nslookup -type=txt o-o.myaddr.l.google.com ns1.google.com | grep o-o.myaddr.l.google.com | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")

# getting ISP IP from OpenDNS (nameserver: resolver1.opendns.com or 208.67.222.222
my_ip=$(dig +short myip.opendns.com @resolver1.opendns.com)
my_ip=$(nslookup myip.opendns.com resolver1.opendns.com | tail -n 2 | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")

# getting ISP IP from DNS-O-Matic
my_ip=$(curl -s http://myip.dnsomatic.com  | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")

# getting ISP IP from DynDNS
my_ip=$(curl -s http://checkip.dyndns.com | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")

# getting ISP IP from Synology
my_ip=$(curl -s http://checkip.synology.com  | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")

 

[fredbert]

If you look at your Synology Account you'll see the Internet IP of your devices. Why it needs this information isn't clear but that has to be collected somehow and why, thinks Synology, stress central service CPUs to extract it from thousands/millions of HTTP headers when each NAS/router can find it out and include it in its status data.

 

[jeyare]

If you look at your Synology Account you'll see the Internet IP of your devices. Why it needs this information isn't clear but that has to be collected somehow and why, thinks Synology, stress central service CPUs to extract it from thousands/millions of HTTP headers when each NAS/router can find it out and include it in its status data.

collecting my WAN IP address by Syno is for me a mystery, especially when no ddns or quick connect is in usage or all of my NASes (anywhere).
also connection from NAS to:

Security Advisor	dataupdate.synology.com
External IP Analyzer	checkip.synology.com
External IP Analyzer	checkipv6.synology.com
Port Connection Test	checkport.synology.com (Port 82)
Surveillance Station	utyupdate.synology.com
Surveillance Station	synosurveillance.synology.com

it is strange - I don't use such services/pckg in my NASes.
all of them are blocked on my firewall.

 

[fredbert]

Do you have a Synology account that you log into in Control Panel? That's all I can think may collect your local IP, as I mentioned it's visible on your account page.

 

[jeyare]

synology account uses diff subdomain:

account.synology.com

 

[fredbert]

That's a web portal but how does it get the information that is displayed within it? To be honest, at this present time, I'm not that concerned that there is a find my IP service run by Synology and that DSM uses it. The plethora of Apple and Google service addresses that their respective OS access is staggeringly large and nigh on impossible to limit access, especially when using a mobile device. At least with a NAS you can block access at the perimeter, even set up a local DNS server with a bogus zone for synology.com.

 

[jeyare]

OFC, account.synology.com
is web portal target

also, it is the daily target of outbound traffic from NASes to WAN (checked the Control panel, to be sure)
include Syno WAN IP analyzer, include the Syno Security advisor, Syno check port connection test, ....

as I wrote, for me it is under control (firewall drop), for the rest of millions of NASes it is strange behaviour from Syno.