Long time Youtube viewer and lurker here.
Came across this today and I must say I’m disappointed in UI in this decision just months after the last data harvesting blowup.
I guess it further illustrates the need for the USA and my Country (Canada) to really start putting together a policy on user data much like the GDPR.
I must say I’ve really come to dislike UI with many unfinished projects and always starting new ones and don’t get me started on the whole Unifi Video/Protect issue.
While I wait for a similar product that competes with the price point and user friendly interface and may I dare ask (opensource and self-host options) I’ll just have to black-hole all my UI products in pfSense at all times expect for updates.
@LTS_Tom Looking forward to any video on this topic you might create. Keep up the great work and congratulations on 100K.
Honestly it would be great to determine if unifi devices are calling home despite the option not to.
I only have one floating rule in pfsense to block outgoing tcp4 traffic to trace.svc.ui.com. Is this sufficient?
UI just did a bad job with their documentation. There are multiple threads in the UI forums about this. The short answer is that flipping the switch in the controller turns off all phone home for current GA FW. The current beta FW does what the article describes, but can be disabled with a config edit. There are plans to add the ability to the controller in future releases. I think that the major problem is that they are releasing things in reverse order. Add the toggle switch to the controller, then release the FW. Not the other way like they’re doing currently.
How are folks dealing with the Unifi devices phoning home? What have you done in order to blackhole or disable telemetry?
I’ve done three things (which may be redundant)
- Within Unifi Controller Software (web gui) Settings->Controller Turned off Analytics & Improvements
- Router Block (I use pfsense so modify to your router brand)
Created alias Unifi_Phone_Home trace.svc.ui.com
Firewall->Rules->Floating - Block Protocol All, Source *, Port *, Destination Unifi_Phone_Home, Port *, Gateway *
- Modified config on Controller Device - Source (https://community.ui.com/questions/UniFi-Analytics-cannot-be-disabled-whatsoever/300f6fed-118e-4cd9-9a47-d399c53483f9?page=1)
Depending on what your using as your controller (ie Linux, Windows, CloudKey) - note that the base directory is going to differ (https://help.ubnt.com/hc/en-us/articles/115004872967):
UniFi Cloud Key: /usr/lib/unifi
Debian/Ubuntu Linux: /usr/lib/unifi
Windows: %userprofile%/Ubiquiti UniFi.
ssh into CloudKey, or Linux Install or whatever device your controller software is stored. Once in make sure you are user root
If not sure of <site_name> just cd into <unifi_base>/data/sites and look for a directory that corresponds to your site (mine was default since I never changed it)
vi config.properties (This file did not exist for me so I opened empty file. In some cases it might exist, and then just add to it)
Add - “config.system_cfg.1=system.analytics.anonymous=disabled”
Save and exit
For changes to stick, you will need to re-provision all switches and AP’s.
That’s it. Good way to waste some precious moments of your day.