I recently picked up a 4gig NAS drive 'Seagate Personal Cloud' for reasonable money, but I'm writing here to warn off any potential purchasers and to check a couple of things with anyone else who has one.

Generally its a good value NAS type drive seemed to suit my modest needs perfectly, however it took me two days to get up and running - I'd switch it on and log in to it, it would tell me it wanted to update the firmware and then say it couldn't do the installation and fail, I'd factory reset rinse and repeat to no avail. I finally managed to get it to skip the update and it finished configuring itself and then finally the update worked (from within it's own settings panel.

So far so 'OK'

Now, I also run my own DNS server so that I can block advertising and malware at my router, one of the benefits of this is that I can also see all the outgoing requests from the devices on my network (great for trouble shooting and to catch naughty software quickly). Low and behold I can see the NAS making DNS requests every 3 minutes for a bunch of sites:

apple.com
hp.com
microsoft.com
oracle.com
gnu.org

The NAS is hitting these sites over 700 times a day, now I don't much care for any of the dot coms but I'm unhappy to be causing issues for gnu.org.

The icing on the cake is that Seagate Support is utterly atrocious, they've not responded to queries put in through the webform on their website, the have a twitter acct called seagage_support which just told me to phone them, expect their phone support line is open 7 - 4 Mon-Fri and I'm in gainful employment during those times, so currently I'm a bit stuck with this thing.

Does anyone else have one of these things and the ability to monitor what it's doing on your network to see if mine is an isolated incident or if this is a 'feature' ?

If you're thinking of buying one of these may I urge you to reconsider - I'm currently viewing mine as a 'buy cheap buy twice' mistake.

Dont sound good Marc. I had a wd one once and didnt get it going well for me. I got shot. Stick to my own storage now. Dont like the sending of data constantly and you might be able to shut that up. Might cause it to crash of course too. Seagate used to be a good company..shame

Yeah, well I've just blocked those addresses for now as I don't need them so there's no data going out or coming back at least.

I should have done more due diligence, as I really only wanted a NAS not all they consumer crap they've bundled with it - I can avoid that stuff pretty well but the mindless polling of these websites that they don't want to acknowledge or provide any support for is really winding me up!

Sorry to hear of your problems, Marc. It's most bizarre, as I own the very same unit, which I use to steam music files to my Raspberry Pi, and it's done so faultlessly since day one of ownership....

But then, I don't try and do anything 'fancier' with it than that.

Marco.

Thanks Marco,

Don't get me wrong, after the initial teething issues the NAS aspect of it is fine and it works well for my needs on that count.

As is often the case with these things everything is fine as long as everything is fine, the moment there's an issue you get to see the real mettle of a company and this one is a sorry case.

Do you have any means to check the requests to 'out there' internet that your device is making to see if you might also be affected by the issue I've found? (router firewall logs etc) I'd be really interested to know if this is something that only I'm a victim of or if there are others who just haven't noticed this behaviour.

Oh dear, this isn't going well.

I finally got a response from Seagate 'support'

Dear Marc:

Thank you for contacting Seagate Support.

I understand that you would like to know if there is way to set the requests. I apologize for any inconvenience this may be causing you. I will be happy to assist you.

The calculations you provided show as 480 per day. This is not a huge load to the bandwidth.

Unfortunately, there is not a way to limit or control these in any way.

Again, i apologize for any inconvenience this may be causing you.

For additional assistance, feel free to contact us at:
http://www.seagate.com/gb/en/about/contact-us/technical-support/


Regards,

Heather
Seagate Support

So they want to quibble my DNS log (unfortunately she's done her maths wrong and it's that x5 because multiple sites are being hit, and 3 minutes was an approximation)

It's not their bandwidth so it's not for them to judge what an acceptable use of it is.

So apparently Seagate are quite happy to have devices out there spamming servers they don't own, without the permission of the device's owner and will do nothing to stop it.

Not a company I will be making the mistake of dealing with again.

Hope you tell them so too, and let them know you will be letting everyone you know....in on this "dirty little secret" they have gone down on my estimation too.... i wonder if there is a small print getout clause..

No point telling them directly, I'll just let their media monitoring team follow me round the internet, they'll let me know when I get close to causing an issue for them.

Well, another couple of emails and things are starting to move (although whether it's in the right direction remains to be seen)

I asked them to confirm that they are aware that the device is compromised and that they are actively choosing to do nothing about it (essentially so I could report them to trading standards / NCA) so now I'm told my enquiry has been escalated, what's worrying through is the claim that

"this type of connection is interrupted by the router's lowest security settings so there is no threat to your device and your data. "

Of course if it were true I wouldn't be able to access any of those websites..... indeed it's only the fact that I'm now actively blocking them at the DNS request stage that prevents the call going out, and that's just me, lord knows how many of these devices are spitting out these spam requests across the globe.

It also kind of misses / avoids the point.

My advice remains 'don't buy Seagate if you can help it, especially not if you think you might ever need support'

I'd gone quiet on this as Seagate contacted me and asked me to supply further information on 27-01-17 so I got back to them promptly with everything they asked for and left them to get on with it.

At the end of last week I'd heard nothing so sent an email asking what was going on, no response.

So here I am, logged in to my DNS server and for today we're currently up to 802 requests for each of the 5 sites listed above (all blocked at source by me, but who knows how many devices are out there doing this) and there's not a peep from Seagate, who appear not to be concerned in any way that their devices may be compromised (or that they have a dissatisfied customer, perhaps worse?)

So, if I didn't make myself clear enough before. Please think twice before buying a Seagate Personal Cloud (or any Seagate device for that matter) their support is piss poor and their devices may well be compromised.

Wow, just wow....

I finally nagged a response out of Seagate 'support', rather than deal with my issue they've taken the fact that I provided them with additional information, from my DNS/adblock server, to try and help them better troubleshoot the issue and have tried to twist it (through apparently 'misunderstanding' what they're looking at) to say that it's not them (it is).

So, for instance, because I've used my ad-blocking server to block the domains being called by the Personal Cloud, those domains therefore turn up in the server control panel as 'Top Advertisers' (because the personal cloud spams them every 3 or so minutes) Seagate's response is 'these aren't being called by the personal cloud they are advertisers' GRRR, they are deemed advertisers because I've blocked them - they are all being called by the cloud IP!

One of the other shots I supplied (unprompted) shows the IP of the Personal Cloud and the domains being hit, because it happens not to include one of them (even though it's in the 'Top Advertisers' list with the same number of hits as the others) they've come back saying 'nerr, it's not in that list' (implication - you're lying mr customer).

Anyway, because I thought I'd get support (and have waited a month) I've now missed the chance of getting a refund from the reseller so I've asked Seagate if they'll provide me with one, let's see how that goes.

DO NOT BUY A SEAGATE PERSONAL CLOUD THEY ARE COMPROMISED AND THEIR SUPPORT IS SHADY.

Sorrŷ to ask what will seem like a dumb question to loads of people, but for what purpose is the NAS contacting the sites you list? What information is it giving or getting?

Sorrŷ to ask what will seem like a dumb question to loads of people, but for what purpose is the NAS contacting the sites you list? What information is it giving or getting?

Entirely legitimate question, the simple answer is that I don't know and either Seagate don't know either, or they're not telling me. They have suggesting that oracle may be being hit due to some use of their database software in the product, but I don't believe that these sort of services would be provided under their top level domain (ie the service would likely be on a subdomain like service.oracle.com rather than on their main website). It should also be noted that I've uninstalled all the 'apps' from the drive so by rights it shouldn't be doing anything but waiting for me to access it over my local network and serve me my files.

As to why it hits gnu.org I can see no good reason.

So without a straightforward explanation from support I can only assume that the device's firmware is somehow compromised and that Seagate don't care.

When I have a moment I will put some work in to trying to find out what the requests actually contain, at the moment all I can see is that there's a DNS (domain name server) request for the sites listed but I can't see any further content at the moment.

Its gotta be a worry with these nas products. If it goes out, can it read info and send it to people. Can it lock you out etc.. can it ransom you etc
Fortunately i cant get my head round these world book type things so dont have one

Have you looked at the legal side? Is it a breach of contract with you or a breach of consumer regulations? And of course, is Seagate doing anything illegal?

I

recently picked up a 4gig NAS drive 'Seagate Personal Cloud' for
reasonable money, but I'm writing here to warn off any potential
purchasers and to check a couple of things with anyone else who has one.

Generally its a good value NAS type drive seemed to suit my modest needs
perfectly, however it took me two days to get up and running - I'd
switch it on and log in to it, it would tell me it wanted to update the
firmware and then say it couldn't do the installation and fail, I'd
factory reset rinse and repeat to no avail. I finally managed to get it
to skip the update and it finished configuring itself and then finally
the update worked (from within it's own settings panel.

So far so 'OK'

Now, I also run my own DNS server so that I can block advertising and
malware at my router, one of the benefits of this is that I can also see
all the outgoing requests from the devices on my network (great for
trouble shooting and to catch naughty software quickly). Low and behold I
can see the NAS making DNS requests every 3 minutes for a bunch of
sites:

apple.com
hp.com
microsoft.com
oracle.com
gnu.org

The NAS is hitting these sites over 700 times a day, now I don't much
care for any of the dot coms but I'm unhappy to be causing issues for
gnu.org.

The icing on the cake is that Seagate Support is utterly atrocious,
they've not responded to queries put in through the webform on their
website, the have a twitter acct called seagage_support which just told
me to phone them, expect their phone support line is open 7 - 4 Mon-Fri
and I'm in gainful employment during those times, so currently I'm a bit
stuck with this thing.

Does anyone else have one of these things and the ability to monitor
what it's doing on your network to see if mine is an isolated incident
or if this is a 'feature' ?

If you're thinking of buying one of these may I urge you to reconsider -
I'm currently viewing mine as a 'buy cheap buy twice' mistake.

Hi Marc
I would recommend also reviewing how to free the Java Scripts on
websites - it will be an eye opener as to how many are non compliant

The reasons first, to understand Why FSF is doing this
https://www.gnu.org/philosophy/javascript-trap.html
and the page how to set your Java Script Free
https://www.gnu.org/software/librejs/free-your-javascript.html

Also
be aware some sites are compliant on their first page to lead you in ,
but then contain many on subsequent pages.

As a general guide, and you probably already know far more than me in
this area. confine email to a computer that has
the highest security, uses encryption and is ideally free software.
But at the very very least is Linux based.

For an understanding of what free software is
find the short video here: http://www.fsf.org/resources/
and find for yourself the Free Software definition to understand
what it means.

Alternatively actually read and understand the End User Licence Agreement that people
worldwide - willy nilly think nothing about, and rather like robots agree to, KNOW what you
are agreeing to.... its a shocker.

Free software is a leaning curve, like you have never seen before - Wow !

Maybe we should work on a new thread to assist AOS members as best we
can, and invite a round table of discussion.

Cheers / Chris

Thanks Chris,

Don't, you're making me kick myself for buying it even more - I've been a keen user and advocate of Open Source for over a decade now, there's only one windows machine in the house (in the studio) and everything else runs linux. AFAIC Debian is the true path and the GNU licence is a work of subversive genius, the value of which will ultimately rank alongside the transistor and the silicon chip.

The issue is I didn't do enough research on this drive before I bought it to realise it's not a proper NAS, yeah it's a big hard drive with an ethernet socket but it's also riddled with lots of wierd 'apps' and the like which could be doing all sorts of stuff.

As for a the legal situation Geoff, given that Seagate either don't know or aren't saying if this is how the device is expected to work and that there are many, far more heinous offences being committed online I'm not going to be able to get law enforcement involved and unless I can get some FSF pro-bono on it, I'm not going to start spending money on a solicitor for a £100 device - this is what Seagate are counting on I suppose, and why the best thing I can do is try to warn others off falling in the same trap as me.

Legend!

This is straight from the latest email from 'Tech Support'

"It is right, that the gnu.org does not provide any web services, but ALL of our Firmware, for all devices is based on a GNU-GPL License and has to follow the license requirements. So the contact between the gnu.org and Seagate is a very extensive."

There's not an emoji with enough face palming and eye-rolling going on to countenance just how stupid this excuse is.

Caveat Emptor! You have been warned, Seagate are shady as.

Could these be probes for updates? Do you see any other traffic attempts towards these sites?

But yeah I have given up using such NAS machines looooong ago.

They are cheaply made, they usually do not have the horsepower to support the full bandwidth of the ethernet ports, heat management is bad or non-existent (directly affecting disk life) and the custom firware (read half-baked) rarely works as intended without issues. And if anything goes wrong with a disk, you are pretty much eFed up because it will take forever to rebuild volumes (if you are lucky) or recover the sytem (if you are unlucky).
I always ended up trying to install some micro Linux distro on them, but after a while (when my time became more expensive) I decided it was just not worth it.

A few years back I built an HP microserver running a proper OS that works as intended without surprises. And of course I never looked back or spent any more silly money on toy devices with a short expiration date.

Hi Dimitris,

No, I don't believe it's probing for upgrades. For one gnu.org don't actually host any software and I don't believe any of the other companies that are getting pinged host any services on their TLD, the volume of requests is wild as well; today alone as I look at the dns logs right now there are 860 requests to each of the five sites that are being hit (hp.com, oracle.com, microsoft.com, apple.com and gnu.org) that tots up to over 4300 unauthorised requests from the personal cloud to the network in just one day

I would be interested to hear from anyone with any insight as to what my legal rights are likely to be in this context. I have tried to reach out to the Free Software Federation (the keepers of the GPL licence) to point out that Seagate are basically using them s an excuse for distributing broken software so I'm hoping that they might be able to assist too.

I'd love to be able to install 'FreeNAS' or something similar on this box but I suspect it's stitched up with some shady firmware, I'll see if I can make time to overcome it if I can't get a sensible response from seagate.

A light at the end of the tunnel?

I'm not holding my breath, but following a very straightforward message from me pointing out that they'd continued to ignore the issue at hand (choosing instead to quibble my supplied info or to sidetrack to irrelevant issues) and that (un-rectified) the issue could constitute a breach of the Computer Misuse Act (1990), Seagate have finally deigned that my issue is of a severity that warrants passing on to their developers (quite what they did with the log dump and additional they already requested from me remains a mystery) who will now try and work out what's going on and if they think that it might be worth fixing.

They've also offered to provide me with a 1TB usb drive 'for my efforts' which is a nice gesture but not one that will prevent me continuing to complain if they don't fix the unauthorised network access issue on the personal cloud.

So two months and a fair bit of battling in I've finally arrived at a basic standard of customer support, hopefully their new positive approach will follow through and deliver the goods.

Marc,

I admire your persistence. Naively, I might have thought a cloud appliance would have a mechanism to poll/contact various providers, but once configured ought not to be doing what you have found to be the case. Their GPL code is available here: http://www.seagate.com/gb/en/support/downloads/item/personal-cloud-and-personal-cloud-2-bay-firmware-gpl-source-code-master-dl/

But it only shows what they have used, not how. It includes what you might expect for embedded linux on an Arm device: uboot, busybox. etc. If only you get to a shell you'd soon now what was running.


I wonder if you had considered this https://wiki.debian.org/InstallingDebianOn/Seagate/PersonalCloud The page seems to be up to date.

I wonder if you had considered this https://wiki.debian.org/InstallingDebianOn/Seagate/PersonalCloud The page seems to be up to date.

Chris, that's amazing, I'd not come across it so many thanks for pointing it out. As I mentioned earlier I'm a huge fan of debian so this delights me massively! (and I'm glad you waited to point it out as I may have given up with seagate, the free drive is nice but I'm more interested now in getting the device fixed as I suspect I'm not the only one clogging up the pipes with unauthorised DNS requests)

I have the prospect of a quiet weekend at the in-laws coming up so I may well seize the opportunity experiment with putting a proper os on this box.

Marc,

Seeing as Seagate have appeared to have made use of debootstrap, and there is now a decent armhf debian port, it could be a successful combo. Good luck with that.

I'd be interested to know how you get on.

Quick question for any Seagate users... My unit is out just now being filled with some more music, so I can't check, and just wanted to know what input voltage the power supply is.

From memory, I think it's 12V and 100 - 240 VAC, 50 to 60 Hz. Could someone please confirm? :)

Marco.

12v 2amp at the business end Marco. It's a smps so it takes input from somewhere between a candle to infinite improbability (but probably works best between 100 - 240vAC..)

In related news it turns out 'Customer Service' weren't going to escalate my issue to tech support, all they've done is give me the email for the developers / technical line and instructed me to start again with them. No response yet.

Once I've worked out how to back-up the Seagate OS I'll be flashing it with Debian and installing Open Media Vault I think, although I'll wait long enough to give them a chance to fix it before doing so (in the hope that the fix will go out to other users). Initial experimentation has shown that I can log on to u-boot console using the 'clunc' app from Lacie (as per the link provided by Chris above).

Hi Marc


12v 2amp at the business end Marco. It's a smps so it takes input from somewhere between a candle to infinite improbability (but probably works best between 100 - 240vAC..)


Cheers, mate - much appreciated :)


In related news it turns out 'Customer Service' weren't going to escalate my issue to tech support, all they've done is give me the email for the developers / technical line and instructed me to start again with them. No response yet.

Once I've worked out how to back-up the Seagate OS I'll be flashing it with Debian and installing Open Media Vault I think, although I'll wait long enough to give them a chance to fix it before doing so (in the hope that the fix will go out to other users). Initial experimentation has shown that I can log on to u-boot console using the 'clunc' app from Lacie (as per the link provided by Chris above).

Hope you get your issues sorted out ASAP.

Marco.