Firewall taking hits from WDTV Live

I just got an alert on my firewall that my 2 live units were slamming my firewall port by port looking to talk to Geobytes.com

I would like to know from someone at WD, why your device is talking out to a server known to collect information from users over the internet. I filter Geobytes on my firewall but I’m highly annoyed to discover that this is going on. This is a privacy concern that I’d like to get an answer on.

Ip .51 and .53 are both of my WDTV Live Plus units.

Miguel

We can’t see the picture until an Admin approves it.

I’ve set up a firewall rule for that…  I’ll see if I’m getting that, too.

Didn’t know about the admin approval on the pic posts, I may post this to my blog as well this doesn’t sit well with me, check your router for hits from your Live units trying to talk out to 72.32.8.40 and running port by port, seems to be every 3 seconds … on my .53 Live the pings to Geobytes fills page after page each ping increments the port by 1 (ex. 34923, 34924, 34925 etc)

Miguel

Ahh.  That’s location-finding.

I’m guessing that this is one of the tools that the WD has in place to prevent things like NetFlix, Live365, etc. which aren’t allowed in certain areas.

This tool takes an IP address (of the client) and returns information about WHERE that client is geographically (usually to about a city or larger territory. )

That said, I still agree that I’d like to see WD explain what it is, because it seems a bit shady if users discover this themselves…  

I see a much greater issue here … let’s say that I’m watching a copy of DIsney’s Little Mermaid (a movie that I legally own) which I’ve ripped to my server for convenience or the main reason that I purchased the Live.

The live is makes a connection to the web and says here is Live Box # 123abc registered to Miguel who according to our records lives in Phoenix Arizona who at 3:40 pm was watching Little Mermaid.iso on his Live.

One part of that may be marketing, now that data mining company can get my information from WD and see that I like Disney movies and target me… BUT here is the bigger picture, that information may be sold to the RIAA or MPAA and they may be told that I have 500 MP3s or 200 movies which now can bring up another issue if you see where I’m coming from!

This is a huge privacy issue merely because this box may have the capability to send out much more information than just a geo location since up until yesterday we didn’t even know this was going on! 

See where I’m coming from …

Miguel

Tony,

What kind of firewall rule did you set on your router to stop this?

I’m looking into this. I’ll let you know when I find out more.

mkelley wrote:

Tony,

 

What kind of firewall rule did you set on your router to stop this?

I run an Untangle (Untangle.com) router and the Spyware module sets up automatically to look for stuff like this. 

I just put a “Domain Block” in my actiontec.   Anything trying to do http://*.geobytes.com is blocked.

In the meantime I just blocked that URL and we’ll see if that’s adequate for now.

I don’t mind if devices need to access the internet once when booting or, as you mention, in case they need to validate the region before they do a service that is tied to that region, but to continually check things behind the scenes is a little creepy.  I’ve blocked software that does this and there’s no excuse for the Live to do it but perhaps Guy will give us an answer eventually.

mkelley wrote:

In the meantime I just blocked that URL and we’ll see if that’s adequate for now.

 

I don’t mind if devices need to access the internet once when booting or, as you mention, in case they need to validate the region before they do a service that is tied to that region, but to continually check things behind the scenes is a little creepy.  I’ve blocked software that does this and there’s no excuse for the Live to do it but perhaps Guy will give us an answer eventually.

 

 

Well I’m sure that Guy will give us an answer but the answers that we need are: 

  1. Why is the box doing this and where is the disclaimer that it may do it, is it in the EULA? 

  2. Exactly what information is being sent out? I don’t have Wireshark so I can’t analyze the packets

  3. It’s obviously important to someone or it wouldn’t mount a port by port scan trying to get out

  4. Who controls the information captured by GeoBytes what does their contract with WD say about re-selling info

Miguel 

Iombana:  I agree with all your points!I, except t’s not doing a port by port scan.   It’s only going out one port, probably 80 or 443.   The different port numbers you see above are SOURCE port numbers, and it’s quite normal for them to increment in that way.   All network clients do the same thing.

Ah ok thanks Tony, I see the logic now. 

lombana wrote:

I see a much greater issue here … let’s say that I’m watching a copy of DIsney’s Little Mermaid (a movie that I legally own) which I’ve ripped to my server for convenience or the main reason that I purchased the Live.

 

The live is makes a connection to the web and says here is Live Box # 123abc registered to Miguel who according to our records lives in Phoenix Arizona who at 3:40 pm was watching Little Mermaid.iso on his Live.

 

One part of that may be marketing, now that data mining company can get my information from WD and see that I like Disney movies and target me… BUT here is the bigger picture, that information may be sold to the RIAA or MPAA and they may be told that I have 500 MP3s or 200 movies which now can bring up another issue if you see where I’m coming from!

 

This is a huge privacy issue merely because this box may have the capability to send out much more information than just a geo location since up until yesterday we didn’t even know this was going on! 

 

 

See where I’m coming from …

 

 

Miguel

You seem to be adding 2 and X together and getting paranoia. We can all speculate our way into this sort of ‘scary’ scenario. So far all it appears is happening is that they are using Geobyte to get a location. If you attempt to access Pandora in the UK a message comes up to inform you that it is only available in the states. It gets that info from my IP address. Possibly it needs to be more precise about the location so it uses the Geobyte info.

We will see what WD has to say but going on other conspiracy theories will anybody actually believe them.

You can see what the WDTV is requesting by going to the page yourself

http://geobytes.com///iplocator.htm?GetLocation

If indeed the unit was requesting more then surely your firewall would show you this as well. Its not so its just the location info which is easily explained. Note it says ‘getlocation’ in the firewall record, it does not say ‘get film info’ or ‘get box info’. Possibly it is requesting this info continuously because you have blocked it and it can’t get a reply.

Ironically I would be more worried that you have informed the world via this forum that you have ripped mp3’s and movies then what the unit is telling anybody.

Rich,

I’m not paranoid per se (because it would be almost impossible to identify with any precison what a ripped movie would actually be from an mkv file, which is what I use) but I don’t like constant info being sent out from my machine to the internet under any circumstances.

I wouldn’t mind if the Live checked ONCE before it booted up Netflix, for example.  But to constantly keep sending out (and receiving) information is just silly and I don’t want any of my devices/programs to do this.  For one thing, there’s no reason, and for another it just increases traffic in ways that, multiplied a thousand times (by all the devices/software I have on various computers) can eventually clog things up.

That’s why I tried blocking the sites – we’ll see if it interferes in any way with my Netflix usage (and if it doesn’t then it begs the question – why does the Live bother?)

I know that you choose to share this info but again I think it is ironic that you are worried about your privacy when you tell us all about yourself on your website.

http://www.miguellombana.com/  Miguel Lombana This is my life!

I know ‘exactly’ where you live and to the day how old you are. I know your solar power stats (if it was working). I know how much your last power bill was. I have seen pictures of you and the family plus videos of your wife and child. You have made a couple of posts on this forum and yet I now feel that I know you intimately.

Nobody needs to snoop on your WDTV usage as you have made that information freely available.

mkelley wrote:

Rich,

 

I’m not paranoid per se (because it would be almost impossible to identify with any precison what a ripped movie would actually be from an mkv file, which is what I use) but I don’t like constant info being sent out from my machine to the internet under any circumstances.

 

I wouldn’t mind if the Live checked ONCE before it booted up Netflix, for example.  But to constantly keep sending out (and receiving) information is just silly and I don’t want any of my devices/programs to do this.  For one thing, there’s no reason, and for another it just increases traffic in ways that, multiplied a thousand times (by all the devices/software I have on various computers) can eventually clog things up.

 

That’s why I tried blocking the sites – we’ll see if it interferes in any way with my Netflix usage (and if it doesn’t then it begs the question – why does the Live bother?)

I am not an expert but is it constantly requesting this info because it is not getting a reply. As I said it may also be for pandora or some other geo restricted reason.

If my guess is right (that the WDTV is seeking location info to manage “Entitlement” of online services,) that’ really just nuts.   The SERVICE should be managing itself.

If Live365 doesn’t want service offered in Argentina, then it shouldn’t be the LIVE’s job to police that; it should be Live365s.

Conspiracy Theories are “Fun” and all that, and strangely, at times productive.  We’ll see what WD has to say!

TonyPh12345 wrote:

If my guess is right (that the WDTV is seeking location info to manage “Entitlement” of online services,) that’ really just nuts.   The SERVICE should be managing itself.

 

If Live365 doesn’t want service offered in Argentina, then it shouldn’t be the LIVE’s job to police that; it should be Live365s.

 

Conspiracy Theories are “Fun” and all that, and strangely, at times productive.  We’ll see what WD has to say!

 

 

Surely these facilities like Live 365, pandora and netflix are via approved API, perhaps this request is built into the API and therefore they are in fact 'managing themselves.

Also don’t forget that the first rule of ‘Conspiracy Theories’ mean that you never accept an official answer.

Well, as I said, if it’s true that blocking this service doesn’t stop Netflix from operating (which I would think Tony would know since it sounds like he’s done so – I haven’t yet tried my Netflix since I stopped that URL) then why even bother doing it?   That’s really the thing I want WD to answer (I could care less about conspiracies – some are undoubtably true but the ones that are are most likely ones we’ll never know about anyway).

Besides – I’m pretty sure Rich and Tony are WD agents who will terminate anyone who finds out the truth.