Time to look at Synology NAS products
I’m looking into the Synology DS218 right now. Western Digital left me hanging and I can’t use my G-RAID anymore. No working professional can rely on WD as a viable option.
Why Synology? I wonder. Is there any other viable option?
Do your research. it is pretty clear.
Oh wow! You make some compelling argument! If you’re so sold on Synology, go get on Twitter and tell the world! Or something. This is not a good place to post your status updates. And for God’s sake stop looking at it and just buy it already! What brings you to WD anyway? If Synology is that much better? You must have followed an equally compelling argument to buy a WD NAS some years ago. And for the record, I am not here to defend WD, I could not care less about WD or Synology. I do use WD disks, but I don’t use their NAS and hence I’m not affected by the recent security incident. I don’t use one from Synology either.
It looks like Synology is actively promoting their product in WD forums and taking advantage of WD outage too. Its like going to your competitor’s offices and not only promoting your product but to also sh%$it on your competitor’s product at the same time. It’s a pathetic lowball game that makes me keep away from Synology, which by the way is Chinese ■■■■ and most likely has spyware built in.
It should be noted that Synology is not China Chinese; it’s Taiwan Chinese (or Taiwanese). There is declaratively only “one China” according to US policy, but nonetheless, there are in fact two Chinas (something that the aforementioned policy acknowledges too). These are two quite different countries.
As for spyware, it’s hard to keep spyware at bay in this time and age. This is the new normal. You will literally find some form of spyware everywhere, from web browsers to operating systems, firmware and hardware.
Coincidentally, the motherboard maker MSI (Micro Star International) – yet another Taiwanese company – was hacked the other day and the threat actor was able to craft a malicious firmware, which unknowing MSI users could download and install. What makes this even more concerning in my opinion is that the BIOS/UEFI firmware update process is made so effortless and easier on modern systems. It’s a matter of clicking a single button, and you can do it all from within Windows, or from within UEFI if you have one of these modern boards.
If there are no reports about it only means that no one is looking for evidence, or they are not looking hard enough. Having to examine a closed and proprietary system doesn’t make the job easier either.
Sometimes the device makers are not made aware of the many vulnerabilities that exist in the components that are provided to them by OEM partners. In a recent report by Bitdefender, up to 40% of cybersecurity experts said they are told by their employers not to publicly disclose vulnerabilities. There is a culture within the cybersecurity community to keep quite about these things. Companies may see this is a damage control, but they risk legal backlash and fines if someone finds out they have been keeping their customers in the dark.
Windows itself has these telemetry and feedback features now that can potentially disclose sensitive information you wouldn’t want to share with anyone, but you might be the one who accidentally discloses it by pressing the wrong button whereby a screenshot is taken of your currently open password manager or bank account statement which is then sent to Microsoft servers to improve “the product”, with no delete button and no undo button (and no phone number to call). I was close to doing something like this myself at least three times over the past two years, with Win+F and their Feedback Hub app, when I wanted to view the desktop with Win+D (F key is right next to D). Thankfully I was able to cancel before damage was done. These are only the things we know about, but what type of data it collects in background processes, we don’t even know of.
Interestingly, the two founders of Synology were originally Microsoft employees, before they left and started their own business.
I initially wanted to buy a Synology NAS. This was about 10 years ago. But I decided against that, mainly because of the aggressive pricing. They cost too much for what they actually are: small computers with network cards, and with empty disk bays. Then on top of the initial purchase price, you have to pay for additional licenses and subscriptions if you want to take advantage of the many features such as surveillance camera control. I ended up building a small x86 PC and installing FreeNAS on it (known as TrueNAS CORE now). This setup has served me well. I don’t need to connect cameras. I only use mine for backing up my PCs, for storing and sharing files locally. The way it was mean to be used.
NAS stands for “Network Attached Storage” and the name suggests that the storage system is self-contained and local to the network it’s on. Authentication is also expected to be local. This is unlike having cloud-dependent authentication for what is locally stored within the own network, like in case of WD My Cloud. The dumbest thing about the WD incident is that – in my understanding, after reading the official WD support article – all of their NAS products have the “Local Access” feature, which creates a local user and a network share with the same name, that can be used to access the locally stored files, without having to use their cloud based authentication (which is still broken, some 12 days in). But what’s the issue then? It’s not enabled by default! And what’s worse? WD did in fact enable it by default… but not on the cheapest models! So it’s not that some models have “Local Access” while others don’t, that would have been understandable to some extent. No… they purposefully made a design decision to only enable Local Access for the most expensive models! Those are the My Cloud PR and EX series.