I was tipped off to Rokus behaving badly on home networks by a reddit thread here:
It made me paranoid enough to want to switch out some of my home networking components. I've long just used a higher end home WiFi router and relied on its in-build DNS, DHCP, firewall, etc. and figure that was enough.
Last weekend I grabbed a Raspberry Pi and built a Pi-Hole DNS server for my network. This little box sits on my network now and resolves DNS queries (the queries that turn hosts names like www.google.com into actual IP addresses like 192.168.1.1 which is what your hardware uses to talk to other computers on the larger connected network). It also serves up DHCP for my network now. My edge wifi router, a LinkSys WRT1900ACS is now doing gateway, access point and firewall duties only.
Well...the things you discover when you have broad visibility into your network!
Yes, I can 100% confirm the two Rokus I have in my house are attempting to log frequently to data collection end points that Roku runs. These collection attempts are now being blocked by my Pi-Hole box.
But the bigger surprise?
My f'ing router is sending a crap ton of telemetry data back to Belkin! Belkin you ask? Yup. Turns out Belkin bought LinkSys (or Cisco punted LinkSys to them) a while back and in a firmware upgrade to the router they began collecting my network information for...purposes they don't clarify.
Well, the pi-hole box has shut those shenanigans down.
I can keep my Rokus. Which I think are excellent devices.
I'm in the process of spec'ing out a more component-based home network using Ubiquiti gear or something like it. I'm done with this crap.
I also want to segregate all my IoT devices (which I love, because home automation is the best) onto their own VLAN so if they get popped the damage is isolated.
Bonus: the pi-hole blocks ad traffic at the DNS level for the entire network. So everything on my network is now getting ads stopped. It's been great for cleaning up the kid's browers from ads and YouTube spam too. Highly recommend a Pi-Hole. The build is very simple and not too hard to slot into your network with only basic knowledge.
Know your enemy, folks.
It made me paranoid enough to want to switch out some of my home networking components. I've long just used a higher end home WiFi router and relied on its in-build DNS, DHCP, firewall, etc. and figure that was enough.
Last weekend I grabbed a Raspberry Pi and built a Pi-Hole DNS server for my network. This little box sits on my network now and resolves DNS queries (the queries that turn hosts names like www.google.com into actual IP addresses like 192.168.1.1 which is what your hardware uses to talk to other computers on the larger connected network). It also serves up DHCP for my network now. My edge wifi router, a LinkSys WRT1900ACS is now doing gateway, access point and firewall duties only.
Well...the things you discover when you have broad visibility into your network!
Yes, I can 100% confirm the two Rokus I have in my house are attempting to log frequently to data collection end points that Roku runs. These collection attempts are now being blocked by my Pi-Hole box.
But the bigger surprise?
My f'ing router is sending a crap ton of telemetry data back to Belkin! Belkin you ask? Yup. Turns out Belkin bought LinkSys (or Cisco punted LinkSys to them) a while back and in a firmware upgrade to the router they began collecting my network information for...purposes they don't clarify.
Well, the pi-hole box has shut those shenanigans down.
I can keep my Rokus. Which I think are excellent devices.
I'm in the process of spec'ing out a more component-based home network using Ubiquiti gear or something like it. I'm done with this crap.
I also want to segregate all my IoT devices (which I love, because home automation is the best) onto their own VLAN so if they get popped the damage is isolated.
Bonus: the pi-hole blocks ad traffic at the DNS level for the entire network. So everything on my network is now getting ads stopped. It's been great for cleaning up the kid's browers from ads and YouTube spam too. Highly recommend a Pi-Hole. The build is very simple and not too hard to slot into your network with only basic knowledge.
Know your enemy, folks.