be wary of Roku

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

MichaelRSorg

Well-known member
Nov 1, 2020
113
19
routersecurity.org
Steve mentioned in the March 16th show that he uses Roku. So do I. Roku makes much of their money on advertising, so I would be vary of it. To that end, I suggest keeping it off when not in use. Also, its best to isolate in its own VLAN if you can. And review the Privacy section of the device settings.
I have not monitored it in a while, but last time I did, I noticed that it was using Google's DNS (8.8.8.8) for its own use even though the router was configured with different DNS servers.
 
I noticed that it was using Google's DNS (8.8.8.8) for its own use even though the router was configured with different DNS servers.
There is an easy fix for this. Do NOT allow DNS traffic from inside your network through your firewall. (At least unencrypted DNS traffic anyway, DoH may be a more interesting challenge.)
 
There is an easy fix for this. Do NOT allow DNS traffic from inside your network through your firewall. (At least unencrypted DNS traffic anyway, DoH may be a more interesting challenge.)
Even if I don’t own a Roku, I did just that. I only allow DoT traffic, which is generated by my PiHole.
 
There is an easy fix for this. Do NOT allow DNS traffic from inside your network through your firewall. (At least unencrypted DNS traffic anyway, DoH may be a more interesting challenge.)
This the the main reason I am disappointed about DoH winning the encrypted DNS race. DoT is much better from a network management perspective.

On the flip side, DoH is a better option to circumvent censorship so it does have value... on other people's network:)
 
I confirmed my years old observation - Roku is using Google for legacy DNS (8.8.8.8 and 8.8.4.4). However, it is using TCP rather than UDP. This while it is behind a router that is not using Google for legacy DNS. It also makes HTTP port 80 requests to Netflix IP addresses and uses a very non-standard port for some requests. And, its quite chatty on the network, even when it is not being used. All the more reason to leave it off when not in-use.

 
So your router is configured to use NextDNS?
Yes it is.

I'm amazed at how much DNS traffic my network makes actually. I would have zapped the free tier of NextDNS within a week it seems.

Edit: I just remembered a detail that might be important, my internal network doesn't have IPv6 setup. My router has a IPv6 ip, but none of my internal devices have IPv6
 
So your router is configured to use NextDNS?

I also started doing this recently. Previously I was using OpenDNS with some blocking. Very impressed with NextDNS and the analytics and logging capabilities.

I have issues using their NextDNS Ads & Trackers blocklist though. It prevents some streaming services from working properly (had issues with Paramount+), probably because I am presented with commercial ads sometimes and those get blocked. Trying to figure out what to add to the whitelist was a challenge so I just gave up and turned off that blocklist for now.
 
I returned a Roku after learning that its remote was broadcasting its own WiFi signal. You can not turn it off either.

My concern was a practical one, I wasn't worried about any medical issue. I live in a fairly rural area and just didn't want to add an unnecessary WiFi signal that might cause interference with my WiFi signal. And I didn't really need the Roku, it was only purchased after we lost video on demand on our TiVo. In the end we didn't care for the Roku (already have an Apple TV) so I returned the Roku.

I've got a Vizio TV in my kitchen that also broadcasts its own WiFi. It's not even apparent what the Vizio's WiFi does. The set is on my WiFi for firmware updates. And initially the set did not broadcast WiFi (it was turned on by a firmware update) so it's not for the remote control.
 
didn't want to add an unnecessary WiFi signal that might cause interference with my WiFi signal.
For remotes that don't have to be pointed at the device (i.e. not infra-red) then you really only have two choices. (The old satellite remotes used to use UHF, but those more or less required a very obvious little antenna.) It's either AdHoc WiFi (because they'd never require you to join it to your network) or it's Bluetooth. Either of these are likely in the *unlicensed* 2.4GHz band, along with your microwave, baby monitor, spread spectrum DECT POTS phone and a bunch of IoT device protocols like ZigBee.
 
For the Visio, it might be for some wireless screen mirroring feature. Even though they're on different networks, I always wondered why my computer could mirror it's display to my Roku devices (along with some 40 inch Roku TV a neighbor around here owns).
 
Maybe I'm missing something here. Why do I care that my Roku's are sending me advertising? Sure, they know what I'm watching, but again, why do I care? I'm not conducting business or using it for anything illegal (or even questionable). I'm using the Roku to view .. not upload or otherwise send .. content. Other than the extra bandwidth (which is trivial compared to the streaming commercials I get from the different services we subscribe to), I don't see anything I'd be concerned about. Let them monetize me. I'm currently watching This Old House (that they purchased) for free and have been doing the same for old TV shows. I don't see a security risk here.
 
I don't see a security risk here.
I'm not necessarily disagreeing with your conclusion that being monetized is a problem (if you are aware.) But I wanted to comment that it's not necessarily a security risk... but it *IS* a privacy risk, and that can become a security risk for a *very* small subset of the population (those targeted in some way by a powerful organization like a government.) The risk to me is not that I am being "spied upon"... it that I being unknowingly (and/or unpreventably) spied upon. IMHO It should always be my option to pay for not being tracked so that I have an option for free with tracking or not free with NO tracking. Unfortunately, these days, even if you pay (say Netflix, or even your "Smart" TV) you still get tracking included with the bargain, with NO way to disable it except to not use the service or device.