Eero plus - capabilities and questions
Eero+ offers increased security - but what does it really do?
I've been trying Eero+. The first pleasant surprise is that my network seems to run faster than before. In all my browsers, web pages come up faster than previously, whether or not the "advanced security" feature is enabled. Eero+ redirects all DNS lookup to Zscaler. Apparently, Eero+ substitutes the Zscaler DNS for my ISP's default, and maybe that explains the speedup. It's very obvious how much faster pages fill out in a browser.
I read thru the Zscaler web site, which includes a lot of information. Much of what ZScaler can do is aimed at enterprise computing systems, and probably doesn't make sense for residential or small business users.
Which leads to my question: which Zscaler services DOES Eero+ actually deploy? What does it really do, and exactly how?
For example, Zscaler describes a technique which lets it investigate data packets even when an SSL tunnel is active. Effectively, it implements a kind of "man in the middle" technique that lets Zscaler examine encrypted packets. Zscaler seems to say that this is done in live memory, the packets are examined for signs of badness but never stored.
Personally, I think Eero's services are probably more trustworthy than my ISP. After all, Eero would be out of biz pretty quickly if they tried to exploit private information; whereas the big ISPs are allowed to do that by law. Still, I'd like to know more details about the Zscaler services. Apple publishes a good whitepaper on its security methodology. Could Eero do something similar?
6 replies
-
Hi macrom —
Thanks for reaching out and welcome to the eero community!
We hope you are enjoying eero Plus so far. I'll be happy to address your questions.
While we have partnered with Zscaler, we are actually only using a subset of the features they offer. So we don't do any SSL inspection, and Zscaler also isn't allowed to use eero customer data in any way other than to provide the services of filtering content and blocking suspicious websites.
A great place to start is at our blog, with our recent post eero, plus peace of mind. We go into detail on how it all works there, and will also be continuing to provide more information on how we actively protect your network, as well as your data.
To do all of this, we’ve partnered with Zscaler — the cloud security provider for companies like Silicon Valley Bank, U.S. Marine Corps, NBC, and more — which brings enterprise-grade security available to your home. Meanwhile, our policies around customer privacy remain the same — we don’t review or store your browsing data, and won’t sell customer data in order to subsidize these services. To learn more about how eero thinks about customer privacy, read this recent letter from our CEO and co-founder.
I hope this helps! Please let me know if there are any other questions or concerns we can help answer!
-
Does Eero Plus route all traffic through Zscaler's infrastructure ? I'd like to understand if my web traffic would be flowing through someone else's infrastructure. Thanks.
-
Obviously the Eero guys will have to give a definitive answer. But this is not some kind of VPN. I'm pretty sure that what goes through Zscaler's infrastructure is every DNS resolution request. The rest of your traffic flows in the usual way.
Zscaler's web site claims they don't store any of this. It sounds like all the resolutions are in their servers' RAM, and discarded immediately. Yet they do classify each resolution request and you receive a report at the end of the week indicating the kinds of traffic and sites that were accessed.
I decided I'm more comfortable with Zscaler having this info than Comcast (which provided my DNS services until Eero Plus). Someone has to see it, since the names must be resolved into IP addresses. At least ZScaler is doing this for very big clients who would sue their pants off if it were misused.
-
The commercial version of Zscaler does run traffic thru as you say. I was told that Eero's version does not, and therefore it can't get into your encrypted traffic by a MITM method. But let's hear from Eero staff directly.
Content aside
- 7 yrs agoLast active
- 6Replies
- 2300Views
-
5
Following