0

Eero plus - capabilities and questions

Eero+ offers increased security - but  what does it really do?  

I've been trying Eero+. The first pleasant surprise is that my network seems to run faster than before. In all my browsers, web pages come up faster than previously, whether or not the "advanced security" feature is enabled. Eero+ redirects all DNS lookup to Zscaler. Apparently, Eero+ substitutes the Zscaler DNS for my ISP's default, and maybe that explains the speedup. It's very obvious how much faster pages fill out in a browser.

I read thru the Zscaler web site, which includes a lot of information. Much of what ZScaler can do is aimed at enterprise computing systems, and probably doesn't make sense for residential or small business users. 

Which leads to my question:  which Zscaler services DOES Eero+ actually deploy? What does it really do, and exactly how?

For example, Zscaler describes a technique which lets it investigate data packets even when an SSL tunnel is active. Effectively, it implements a kind of "man in the middle" technique that lets Zscaler examine encrypted packets. Zscaler seems to say that this is done in live memory, the packets are examined for signs of badness but never stored.  

Personally, I think Eero's services are probably more trustworthy than my ISP.  After all, Eero would be out of biz pretty quickly if they tried to exploit private information; whereas the big ISPs are allowed to do that by law.  Still, I'd like to know more details about the Zscaler services.  Apple publishes a good whitepaper on its security methodology. Could Eero do something similar?

6 replies

    • eero Community Manager
    • Jeff_C
    • 7 yrs ago
    • Official response
    • Reported - view

    Hi  macrom

    Thanks for reaching out and welcome to the eero community! 

    We hope you are enjoying eero Plus so far. I'll be happy to address your questions.

    While we have partnered with Zscaler, we are actually only using a subset of the features they offer. So we don't do any SSL inspection, and Zscaler also isn't allowed to use eero customer data in any way other than to provide the services of filtering content and blocking suspicious websites.

    A great place to start is at our blog, with our recent post eero, plus peace of mindWe go into detail on how it all works there, and will also be continuing to provide more information on how we actively protect your network, as well as your data.

    To do all of this, we’ve partnered with Zscaler — the cloud security provider for companies like Silicon Valley Bank, U.S. Marine Corps, NBC, and more — which brings enterprise-grade security available to your home. Meanwhile, our policies around customer privacy remain the same — we don’t review or store your browsing data, and won’t sell customer data in order to subsidize these services. To learn more about how eero thinks about customer privacy, read this recent letter from our CEO and co-founder.

    I hope this helps! Please let me know if there are any other questions or concerns we can help answer!

    • baileybomber
    • 7 yrs ago
    • Reported - view

    Does Eero Plus route all traffic through Zscaler's infrastructure ?  I'd like to understand if my web traffic would be flowing through someone else's infrastructure.  Thanks.

    • macrom
    • 7 yrs ago
    • Reported - view

    Obviously the Eero guys will have to give a definitive answer. But this is not some kind of VPN. I'm pretty sure that what goes through Zscaler's infrastructure is every DNS resolution request. The rest of your traffic flows in the usual way.

    Zscaler's web site claims they don't store any of this. It sounds like all the resolutions are in their servers' RAM, and discarded immediately. Yet they do classify each resolution request and you receive a report at the end of the week indicating the kinds of traffic and sites that were accessed. 

    I decided I'm more comfortable with Zscaler having this info than Comcast (which provided my DNS services until Eero Plus). Someone has to see it, since the names must be resolved into IP addresses. At least ZScaler is doing this for very big clients who would sue their pants off if it were misused.

      • baileybomber
      • 7 yrs ago
      • Reported - view

      macrom thanks. I would like to hear from them. I'm actually familiar with Zscaler as we used it at work and we did set up a tunnel and everything went through them. If it is only a DNS service then other than the DNS request traffic wouldn't flow there as you pointed out. However from a security perspective that may limit its effectiveness as a solution to some degree as the traffic itself is not being inspected. Either way if I know exactly how it works I can make a judgment about whether it works and how I feel about it from a privacy perspective.

      • eero Community Manager
      • Jeff_C
      • 7 yrs ago
      • Official response
      • Reported - view

      baileybomber  As mentioned above,  we don't do any SSL inspection, and Zscaler also isn't allowed to use eero customer data in any way other than to provide the services of filtering content and blocking suspicious websites.

      If you have Advanced Network Security turned on for your network, all DNS requests will go through Zscaler without any personal information (like passwords, usernames etc.) being looked at. The only information being passed is the domain (i.e. reddit.com but not a specific subreddit) so that Zscaler can check if it is unsafe or unsuitable. If you don't have Advanced Network Security turned on, the only DNS requests that will be passed through Zscaler are those for any Profiles that have the Safe Search or Content Filters toggled on.

      The privacy of our customers is extremely important to us, and we are not in the business of gathering your browsing data. We do not store this data, and it was important that we found a reliable partner in Zscaler to ensure our customers continue to feel that their browsing data is properly managed and never abused.

    • macrom
    • 7 yrs ago
    • Reported - view

    The commercial version of Zscaler does run traffic thru as you say. I was told that Eero's version does not, and therefore it can't get into your encrypted traffic by a MITM method.  But let's hear from Eero staff directly.

Content aside

  • 7 yrs agoLast active
  • 6Replies
  • 2302Views
  • 5 Following