Cisco and its subsidiaries are pushing their cloud-based router interface pretty hard. Turns out, they pushed a little too hard. Owners of some Linksys routers (Models EA4500, EA3500, and EA2700) woke up last week to find their firmware had been updated automatically, and they now were being pushed to this new service. The rebellion began, and Cisco heard about it.
Below is a quote from the company blog in response to the criticism they’ve received. I’ve taken it upon myself to edit out the PR spin aspects of the response, so we can only show the relevant part. If you want to read the whole post, feel free.
Brett Wingo, Cisco:
[quote]We’ve [heard] that some customers are confused about our Terms of Service, particularly with regards to their data privacy, and so we felt it was important to clarify our policies. […] When a customer signs up for a Cisco Connect Cloud account, personal information is used only to establish an account in order to provide customer support. […] Cisco Connect Cloud was delivered only to consumers who opted in to automatic updates. However, we apologize that the opt-out process for Cisco Connect Cloud and automatic updates was not more clear in this product release, and we are developing an updated version that will improve this process.[/quote]
On the upside, you can roll back your router’s firmware to be less fluffy. This PR fumble doesn’t seem particularly bad in and of itself, but the principle of the matter has raised some serious security-related issues. Can we really trust companies to reach in and update our products without our consent? For many people, the answer is “No.”
What do you think? Did Cisco react properly? Is there a better way they could have handled it? Sound off by leaving a comment below this post.