QNAP will send data about NAS disks to 3rd party

2,486
840
NAS
Synology, TrueNAS
Operating system
  1. Linux
  2. Windows
So, Synology find out an idea to break of providing SMART data for NAS contains “unsupported” SATA disks. What is from essential point of view just a shoot into dark or a fairytale for newbies.

The QNAP is moving this point to another level:
Once you install the software on your NAS, it takes 14 days of monitoring your disk usage before the AI can come to any conclusions about your current disks’ health. From there it will continue to monitor the drives and compare them to its own database of millions of drives’ behavior in order to send you suggestions about their current status and future actions you can take.

I like data-mining it feeds me. The idea is quite good.
But it means new era for the NAS operation = monetize your data.

However, when they think about a really deep understanding of disk behavior in the NAS, they will need much more than just SMART data. And here's the problem.
For proper interpretation of the “my disk will die” you need more sources. Everything is logged in the NAS.
Sending of such bunch of data to 3rd parties, even to the NAS vendor is dangerous.

Better idea is capture all necessary data to a container and create sequence of statistical steps to get sufficient accurate scenarios = visible just for user of the NAS.
 
Last answer from Synology to my question, how they will protect user's data from DSMdump requested:

Synology has no interest in the Data or any part of it contained in your device, and even when for the procedure a full access to the system may be needed, and this may include access to the data, Synology respects the confidentiality, privacy and security of our customers.

No Data or any part of it will be accessed, used for any other purpose than the repair, or reproduced, duplicated, copied or transferred in any way unless needed for the procedure and agreed beforehand.

Synology will take every measure of due care to keep the Data and every part of it confidential at all times within and after the service and will not keep any duplicated copy of the Data or any part of it after the support process has ended nor will Synology disclose the Data or any part of it to any third party.

Your data is still protected by national and international laws.

I don't have a signed contract with them about their responsibility when they will get a full root account to remote connection to my NASes. I don't like these 'statements' with zero value - especially the last one: "Your data is still protected by national and international laws."

So, the reality is little bit different:

1. I don't use quick-connect or Synology ddns. But in my tcpdump I regularly found ongoing communication to checkip.synology.com. Every 3 minutes.:
1639562219651.png


as you can see in botom, both of the addresses are registered for the checkip.synology.com DNS record:
nslookup checkip.synology.com
Server: 172.26.32.1
Address: 172.26.32.1#53
Non-authoritative answer:
checkip.synology.com canonical name = ddns-checkip.quickconnect.to.
ddns-checkip.quickconnect.to canonical name = checkip.digitalocean.synology.com.
Name: checkip.digitalocean.synology.com
Address: 138.68.28.244
Name: checkip.digitalocean.synology.com
Address: 159.89.129.146
Name: checkip.digitalocean.synology.com
Address: 206.189.214.49
Name: checkip.digitalocean.synology.com
Address: 165.227.63.200
Name: checkip.digitalocean.synology.com
Address: 159.89.142.52
Name: checkip.digitalocean.synology.com
Address: 159.65.77.153
Name: checkip.digitalocean.synology.com
Address: 104.248.79.120
Name: checkip.digitalocean.synology.com
Address: 142.93.81.166
OFC, blocked in my firewall. But it is not enough.
Here is my Pi-hole queries dashboard (PowerBI) connected directly to the PiHole DB and monitored all selected records (traffic) deeply. So just for your imagination, this is filtered data cut from November 18th till now, just for domains contain 'synology' keyword, established from/to my home NASes in one of my locations (exclude checkip.synology.com).
1639563183505.png


Understand some of the domain traffic:
- contains "c2" - it is my backup to the C2
- contains "pkgupdate" or "pkgautoupdate" - update notification for DSM pack centre
- contains "kb"
- .... and all understable subdomains

Can't understand:
- ddns.synology ... when I don't use ddns services
- all the rest
 
I can see the need to discover the local ISP IP of the NAS's location when any DDNS is being maintained by DSM.

Either Synology uses a different IP discovery service for each DSM supported DDNS service, or they use one that they can rely on being available. My guess is that they use their own service because they are responsible for it, not some unrelated third party.

I've been, on and off, writing a DDNS updater Bash script. It came in useful last week when Cisco had an issue with some people not being able to use their DDNS IP updater URLs and I needed to keep Namecheap updated. Normal service has resumed with Cisco (OpenDNS and DNS-O-Matic). Anyway, I have looked into a few ways to discover my assigned ISP IP and here're a few of them.

The grep -oE extraction of an IP address was something I found posted by a helpful person somewhere. And DSM doesn't support dig so you have to use nslookup.

Bash:
# getting ISP IP from Cloudflare
my_ip=$(dig TXT CH +short whoami.cloudflare @1.1.1.1)
my_ip=$(nslookup -type=txt -class=ch whoami.cloudflare 1.1.1.1| grep whoami.cloudflare | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")

# getting ISP IP from Google
my_ip=$(dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F '"' '{print $2}')
my_ip=$(dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
my_ip=$(nslookup -type=txt o-o.myaddr.l.google.com ns1.google.com | grep o-o.myaddr.l.google.com | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")

# getting ISP IP from OpenDNS (nameserver: resolver1.opendns.com or 208.67.222.222
my_ip=$(dig +short myip.opendns.com @resolver1.opendns.com)
my_ip=$(nslookup myip.opendns.com resolver1.opendns.com | tail -n 2 | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")

# getting ISP IP from DNS-O-Matic
my_ip=$(curl -s http://myip.dnsomatic.com  | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")

# getting ISP IP from DynDNS
my_ip=$(curl -s http://checkip.dyndns.com | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")

# getting ISP IP from Synology
my_ip=$(curl -s http://checkip.synology.com  | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
 
If you look at your Synology Account you'll see the Internet IP of your devices. Why it needs this information isn't clear but that has to be collected somehow and why, thinks Synology, stress central service CPUs to extract it from thousands/millions of HTTP headers when each NAS/router can find it out and include it in its status data.
 
If you look at your Synology Account you'll see the Internet IP of your devices. Why it needs this information isn't clear but that has to be collected somehow and why, thinks Synology, stress central service CPUs to extract it from thousands/millions of HTTP headers when each NAS/router can find it out and include it in its status data.

collecting my WAN IP address by Syno is for me a mystery, especially when no ddns or quick connect is in usage or all of my NASes (anywhere).
also connection from NAS to:
Security Advisordataupdate.synology.com
External IP Analyzercheckip.synology.com
External IP Analyzercheckipv6.synology.com
Port Connection Testcheckport.synology.com (Port 82)
Surveillance Stationutyupdate.synology.com
Surveillance Stationsynosurveillance.synology.com

it is strange - I don't use such services/pckg in my NASes.
all of them are blocked on my firewall.
 
That's a web portal but how does it get the information that is displayed within it? To be honest, at this present time, I'm not that concerned that there is a find my IP service run by Synology and that DSM uses it. The plethora of Apple and Google service addresses that their respective OS access is staggeringly large and nigh on impossible to limit access, especially when using a mobile device. At least with a NAS you can block access at the perimeter, even set up a local DNS server with a bogus zone for synology.com.
 
OFC, account.synology.com
is web portal target

also, it is the daily target of outbound traffic from NASes to WAN (checked the Control panel, to be sure)
include Syno WAN IP analyzer, include the Syno Security advisor, Syno check port connection test, ....

as I wrote, for me it is under control (firewall drop), for the rest of millions of NASes it is strange behaviour from Syno.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top