General discussion

Should I be worried about my ISP's rep accessing my network?

Mar 16, 2018 5:07PM PDT

I was on the phone with an AT&T tech who decided that my U-verse modem should be upgraded. It arrived and I installed it. I had a small problem changing the Wi-Fi log-ins and called tech support to resolve it. The tech offered to look at my settings to tell me how to change them. She was able, with nothing other than my verbal permission, to view the modem settings and I believe could have changed them. Of course, she said, she would NEVER change anything without permission. But that's only a policy; they could decide they NEED to change my settings or their system could be hacked and in either case, my network is open. If they can do this, do they also have the ability to gather other information? My question, then, is: should I worry about their access and is there a way to block or prevent their access? What does the community think?

--Submitted by Bob R.

Discussion is locked

Follow
Reply to: Should I be worried about my ISP's rep accessing my network?
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Should I be worried about my ISP's rep accessing my network?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Why worry
Mar 16, 2018 5:55PM PDT

Virtually all broadband ISPs can get into their equipment that you lease from them, modem, router, or whatever interface device of theirs you have at home or work. Should you worry? That depends a on who you are and how much illegal activity you do online. If you aren't pirating music, movies, or software and you aren't trying to hack your way into places you don't belong you needn't worry. Your computer(s) should all have firewalls in them that protect them and mostly keep out nefarious actors.

If you choose to worry you can turn your computers off when not using them or even turn off your modem/router and totally keep everything offline.

- Collapse -
RE: illegal activity....
Mar 17, 2018 4:18PM PDT

While illegal activity may be a concern, general privacy should be a big concern. You don't shout your Social Security Number or other private data about yourself from the rooftops. You close your drapes and lock your door for privacy and safety. Why not do what is possible to keep one's computer as private as possible and, therefore, possibly both you and it a bit safer????

READ: Why privacy is important, and having "nothing to hide" is irrelevant
https://robindoherty.com/2016/01/06/nothing-to-hide.html

And also: Why Your Privacy Matters, Even If You're Not "Doing Anything Wrong"
https://lifehacker.com/why-your-privacy-matters-even-if-youre-not-doing-anyt-1645884650

Need more reasons??

Here's a start: https://duckduckgo.com/?q=Why+Privacy+Matters&t=ffsb&ia=web

- Collapse -
Should be required reading/viewing
Mar 17, 2018 7:17PM PDT

The first two links should be required for anyone 'with nothing to hide' TED talks in particular are always very interesting. Lot of really valid points plus some historic facts about reduction of privacy. I did like te Snowden quote in first article

Ask yourself: at every point in history, who suffers the most from unjustified surveillance? It is not the privileged, but the vulnerable. Surveillance is not about safety, it’s about power. It’s about control.

- Collapse -
Exactly on point
Mar 24, 2018 4:45AM PDT

I often hear the argument, "If you have nothing to hide... " which is an indication of the abject ignorance of what a free and open society is and lack of foresight of the person saying it. Your comment and excellent links should dispel such nonsensical statements. But it won't for some reason.

- Collapse -
RE: Exactly on point - the reason
Mar 24, 2018 3:16PM PDT

To be nice, it's called 'apathy'. Mischief

To be skewered on the point, it's called 'Deliberate Stupidity'. Devil

Take your pick. Wink

- Collapse -
Thumbs down
Mar 20, 2018 7:10PM PDT

There is WAY more to think, be weary about and worry about. From privacy, to the low level person having access to your stuff. Using it, giving it, selling it and more. Stay out of my info, MY life, my system, you do NOT need my user name, login, or passwords, NOTHING. Thanks to the lack of common-sense and Ignorance is why they have gone this route.
#AmericasPandemicIgnorance
#SocietyDecay

- Collapse -
RE: Thumbs down....
Mar 21, 2018 10:41AM PDT
Both Thumbs UP and 5 stars for you, DADSGETNDOWN!!! Thank you, sir.

*Oh, and, BTW, thanks for the hash tags, too. They tell it the way it is.
- Collapse -
Trust issues
Mar 16, 2018 6:12PM PDT

If it's their equipment, then I think that if you read your TOS, they have every right to access its settings. If they for some reason let you buy your own modem, that might be a different case, but would you ten have any expectation of receiving tech support from the isp? I'd bet that if you contacted the tech support for a purchased modem, that tech support person could do exactly the same thing. As another post mentioned, the only true privacy would be to not connect. You have no real choice but to trust that the reps of companies that you do business with won't break that trust, enact whatever preventative measures you can, an most importantly, don't rely solely on the tech to know what is going on with your critical information. It also would be good not to be doing illegal or immoral activity.

- Collapse -
Standard Procedure
Mar 16, 2018 6:14PM PDT

I understand your alarm. However, if you lease equipment from the company then they will be able to access it. I don't know what happens if you buy your own equipment and use it instead (some companies might forbid it).

Although there is probably no reason to be worried right now, I say it is an issue to consider. We can see our privacy being chipped away at all the time. There is no reason to assume that this ability will not be abused in the future. In fact, just the fact that it is possible to use this ability to spy on someone or control what they do online will almost certainly be exploited eventually. I turn my computers completely off when I am not using them. I unplug all of my computer equipment if I am leaving home for more than a few hours. I have one computer that rarely accesses the internet. I'm not paranoid and I don't have anything in particular to hide, but I do keep the possibilities in the back of my mind and pay attention.

- Collapse -
They should reach the modem - but put a firewall inside that
Mar 16, 2018 8:39PM PDT

I firmly believe that people should maintain their own firewall/router/wifi unit as the only device on the modem provided by the ISP, and secure it with a strong key. Of course the provider must have access to the equipment they use to deliver service to your home, often that includes your "land line" telephone service too. All of your devices other than your POTS (Plain Old Telephone System) equipment should connect with your private router which should be the only device (other than the POTS of course) that is connected to your ISP's equipment. I never recommend getting your WIFI from the service provider. If you wish, you can plug a second router/firewall/wifi unit plugged into your ISP equipment to provide WIFI internet-only to your guests without giving them your password to your secured system.

- Collapse -
Good Advice
Mar 16, 2018 9:26PM PDT

My ISP's modem has WiFi on it, and that is the one my guests use. I have a router for my own traffic to go through. I still turn off my computer when I am not using it and unplug everything when I will be gone for more than a few hours. It is just good policy.

The fact of the matter is that there are so many ways to spy on us now that there is pretty much no chance that we can block them all. We should just use our best judgement and common sense.

- Collapse -
'Security'
Mar 17, 2018 11:01AM PDT

Security on ISP provided routers/modems is pathetic, you can look on-line for administrative password (usually 'admin' , 'root' or 'user') You will probably be in breach of contract if you change this to something more reasonable so getting your own router/repeater with better firewall/passwords is pretty much a requirement. If you get a router using DDW-RT you have more access to various settings/security plus ability to increase transmit wireless power from default ~40mw to 60~70mw (any higher requires active cooling) I prefer 'Tomato' firmware but it hasn't been updated since 2012.

- Collapse -
Actually, it is recommended...
Mar 17, 2018 11:29AM PDT

that you change your settings as soon as possible. That recommendation comes from the ISPs. They can still access the modem at will. They have a built-in backdoor. Changing your default passwords and names is just common sense. It protects you from unauthorized use (unless someone cracks your password or gets it from someone else, so change them periodically). No, it is not as secure as it should be, but it will keep the casual person from using your network, especially since some people simply refuse to change these and they are easy to break into. Without a good reason, it is unlikely that casual users will specifically target one person.

- Collapse -
I don't think so?
Mar 17, 2018 6:01PM PDT

It may be recommended but there isn't any information on 'how to' with any contract. When I asked I was told, 'not yours, don't mess with it' (somewhat paraphrased)

- Collapse -
I know so
Mar 17, 2018 7:12PM PDT

My ISP gave me materials telling me how to do it and also has it on their website in case I lose the ones they sent me. I believe that most ISPs are more like mine than yours.

- Collapse -
Agree, get your own router
Mar 16, 2018 11:02PM PDT

That's what I do. It's worth the cost, to me. I know that I'm secure.

Off topic, but for guest access, most modern routers have that built in, now. You don't need to buy two routers.

OTOH, if the ISP equipment includes Wi-Fi, then you already have a second radio available. Might as well use it for guests, as 4Denise suggests.

Drake Christensen

- Collapse -
My condensed version / answer
Mar 16, 2018 9:13PM PDT

to this question would be :
No, I wouldn't be worried that you're being watched but that bit about " that's only a policy; they could decide they NEED to change my settings or their system could be hacked " is B.S.

These ISP's are huge and have their own protection from hacking. Not anything the average person can do and I really can't see you as a one in a million person that anyone with the ability would have you in their crosshairs .

purchase your own modem if you like but the ISP's can see you anytime unless you run a Live OS but they can still find the location ...

- Collapse -
Question: Can you get inside your modem?
Mar 17, 2018 6:12AM PDT

In other words, could you - assuming you would be willing to learn what it takes - log into your modem and inspect and manipulate the settings? Could you lock out external parties and would your ISP accept that? Is it possible that your ISP has installed back doors against such an eventuality?

In my part of the world the ISP will usually throw in a free modem with the contract. But the first time lightning strikes you wander off to your friendly corner computer store and get your own. My ISP is actually amazingly well prepared to assist with configuration issues of any devices I am likely to encounter locally. As far as I know these freely available devices don't have back doors (except for the well documented misbehaviour of WPS, which, wherever you encounter it, you should disable.)

So, as long as you use a free market modem and change the factory-set security parameters, you should be okay. Make sure you do this, especially if these values are printed on a label on the underside of the device! This is not only because anyone could read the labels once they get near your modem, but also because it is likely that the same values apply to lots of other modems near you ...

If your ISP insists that the modem is and must remain theirs to configure it is up to you to decide if you will switch providers or if you can accept that and will maintain firewalls on all your connected devices, as has been suggested here already.

From what you told us it seems to me that the agent asking for permission was really just a matter of politely following protocol and that technically she could have proceeded without your say-so, probably even at any time, whether you were present or not. Some people may be comfortable with that, I am not. It may well be that none of their staff ever overstep their authority, but I wouldn't like to depend on it. Of course, nowadays, if access is available to them, there is nothing to suggest that it isn't available to anyone - and this is not the forum to classify intruders into their natural categories of enemy secret services, friendly (?) secret services, commercial interests (advertising and market insights,) criminal interests (fraudulent use of your banking and other secrets) and so on. So, make sure that your interface to the web at large is protected by keys that only you can apply. That is ny advice.

(By the way, I also don't know everything my router can do. So I, too, have to call for help on occasion. But then I change the keys where it seems appropriate - i.e. after I had to let someone come inside.)

- Collapse -
See reply above.
Mar 17, 2018 11:07AM PDT

In my experience there isn't any 'security' on ISP provided routers. Their techs must have access in case there is a problem plus they can remote re-set
The last 3 routers I've had supplied by ISP don't even have a re-set button, just a hole in the plastic case (I opened one up to take a look ;o) )

- Collapse -
Won't work
Mar 17, 2018 11:22AM PDT

Yes, definitely change the default settings (your ISP should be able to provide you with instructions). Don't expect it to keep them out. It will not. Whatever you do, do NOT physically open or tamper with the modem. You may wind up having to pay for it -- and that means whatever price they set.

- Collapse -
only if they know
Mar 19, 2018 6:37AM PDT

Router was swapped for a 'new' (different) one years ago (probably removed from former customer?) Service techs don't carry 'new' routers or cable boxes, just 'reconditioned'. The only time you get a really new one is when you get a new contract (at least with our service provider/bundle) Over the last 15~20 yrs we have tried various ISP's, they vary from bad to worse to just damn expensive for nothing. I have had to ask for wireless function to be 'turned off' then use CAT5 to my router/wireless. It has been 'accidentally' turned back on several times so I'm guessing bored night-shift workers 'check' to see whats going on with people? Little over2 yrs ago someone was downloading 'torrent', more than likely somewhere outside of house in street or parking lot?
'We' got the cease and desist' order for 'illegal' downloads even though we (wife and I plus son-in-law/granddaughter hadn't done anything wrong) Safer to just not trust your ISP and assume they are 'nefarious'

- Collapse -
Yes, but
Mar 19, 2018 11:04AM PDT

The fact is that it is illegal and anyone who messes with the company's equipment and gets caught will be charged a lot more than the box is worth. It is not worth the risk, especially since most people really do not know what to do once they get it open. I would not recommend that anyone try it. If it comes down to that, then buy your own and replace the company's version. You can tinker to your heart's content with your own property.

- Collapse -
YOUR SURE?
Mar 19, 2018 12:34PM PDT

Sorry, didn't notice caps lock was on.
That is my point about changing passwords on routers, if opening it up is illegal, changing 'company password' is also illegal

- Collapse -
Yes, I am sure and I know I'm right
Mar 19, 2018 1:28PM PDT

Changing the password is standard procedure, whether you are on a company modem or not. However, opening the box up and messing with it is definitely illegal. How can you not know this? There is a big difference between managing the equipment and modifying it.

- Collapse -
LOL
Mar 19, 2018 2:39PM PDT

Some people get 'bent out of shape' so easy.
Who said anything about modifying ISP modem?
I said I took a look inside, there wasn't a physical re-set switch/button.
BTW, that does look a bit like a 'personal attack as it's a statement not a question ;o)

- Collapse -
I did not attack anyone
Mar 20, 2018 12:44PM PDT

You responded to my advice to never open the box with "only if they know." The subject was physically opening the box, not changing the settings. If you meant changing the settings, then you should have said so. You would have been agreeing with me.

- Collapse -
Extra security
Mar 24, 2018 6:27AM PDT

Having the ISP "turn off" your wireless function is well & good (and thanks, I never thought of running a CAT 5 to my own router) but perhaps to be sure WIFI "tap in" doesn't happen again, you might want to try generating a tough to crack hexi decimal password for the WIFI on the ISP modem.

- Collapse -
They Have to Access But YOU Can't
Mar 24, 2018 10:43AM PDT

For security (government) purposes, we bought our own separate router and cable modem. Here is what I've found: the cable company doesn't touch my "router" but, they have to not only access the inner workings of the cable modem, but YOU, the owner, will be locked out. That is, of your own cable modem! Sounds illegal, nefarious, etc. until you think it through. The settings inside of your cable (or other) modem, can affect the operation of THEIR NETWORK -- not yours! By setting the parameters inside of the cable modem and then locking those settings, they are protecting their network from not only you, but anyone who wants to see what happens if someone changes a setting out of curiosity and takes down the entire neighborhood. Is the modem yours? Yup! Are you allowed to do anything you want to it while it connects to the ISP? NOPE! Doesn't sound fair at all but it's their network; their rules. Can you take back your modem? SURE. They should unlock it for you in a way to clear out settings safely or there is usually a way to wipe the whole thing out yourself. But they won't let you play with the health of their network.

- Collapse -
(NT) No.
Mar 17, 2018 8:50AM PDT
- Collapse -
Oops! But still no.
Mar 17, 2018 9:00AM PDT

I accidentally posted my previous post without typing the body. Sorry.

But there is no point in worrying. If they own the router (and if you're on U-verse I believe they do) they do not need to ask your permission and do so only as a courtesy.

But they are unlikely to penetrate your devices themselves unless you have them wide open. But why would they want to? What would make their busy technicians single you out for scrutiny, and risk getting caught and losing their jobs or worse?

In any event, nothing on the Internet is truly private. AT&T is the least of your worries.

CNET Forums

Forum Info