ISP data collection from home routers

Thu Mar 24 11:21:08 UTC 2022

It sounds like the kind of data you can retrieve through TR-069. 

To be able to use it, you have to either log on to the router and set the TR-069 server, or push out the setting via DHCP, which means you need to have layer 2 access to the device. This limits the ability to apply/change the setting.

Yes, there is a scary amount of data you can collect, including the wifi name and password. You can also push out settings to the devices, which is the main purpose. If a customer calls up and says their wifi isn't working, you can reset the password for them and get them to try again rather than trying to talk them through how to do it themselves.

-----Original Message-----
From: NANOG <nanog-bounces+philip.loenneker=tasmanet.com.au at nanog.org> On Behalf Of Giovane C. M. Moura via NANOG
Sent: Thursday, 24 March 2022 9:44 PM
To: North American Network Operators' Group <nanog at nanog.org>
Subject: ISP data collection from home routers

Hello there,

Several years ago, a friend of mine was working for a large telco and his job was to detect which clients had the worst networking experience.

To do that, the telco had this hadoop cluster, where it collected _tons_ of data from home users routers, and his job was to use ML to tell the signal from the noise.

  I remember seeing a sample csv from this data, which contained _thousands_ of data fields (features) from each client.

I was _shocked_ by the amount of (meta)data they are able to pull from home routers. These even included your wifi network name _and_ password!
(it's been several years since then).

And home users are _completely_ unaware of this.

So my question to you folks is:

- What's the policy regulations on this? I don't remember the features
(thousands) but I'm pretty sure you could some profiling with it.

- Is anyone aware of any public discussion on this? I have never seen it.

Thanks,

Giovane Moura