Netgear NightHawk R7000 users who ran last week's firmware upgrade need to check their settings, because the company added a remote data collection feature to the units.

A sharp-eyed user posted the T&Cs change to Slashdot.

Netgear lumps the slurp as routine diagnostic data.

“Such data may include information regarding the router’s running status, number of devices connected to the router, types of connections, LAN/WAN status, WiFi bands and channels, IP address, MAC address, serial number, and similar technical data about the use and functioning of the router, as well as its WiFi network.”

Much of this is probably benign, but posters to the Slashdot thread were concerned about IP address and MAC address being collected by the company.

The good news is that you can turn it off: the instructions are here.

It's probably unlikely that any significant number of users will do so, given the number of people who never get around to changing their default passwords.

Concerns about how such data is secured are certainly justified: Netgear has been a regular contributor to The Register's chronicles of SOHOpelessness, including a CERT advisory telling R7000 users to hack their own devices for self-protection.

How does Netgear answer “Is this secure?”

With a link to its privacy policy, which doesn't explain how router data is stored or secured. ®