Ubiquiti has begun deleting early references to its phone home scheme:
Ubiquiti Community
(/community.ui.com/questions/What-is-trace-svc-ui-com-and-why-are-my-devices-trying-to-connect/c4be2292-9c0d-4d19-8a10-36afb6b6c0cc)
From what I've read, the scheme was discovered while troubleshooting a problem 23 days ago and it took 11 days for UBNT to formulate a response, leading me to believe it was done without front office knowledge. Maybe even covertly, China being China.
I have a EdgeRouter-8 and really like it, but now I'm curious about what it may be collecting and forwarding to the mothership. I have been searching for a way to monitor the WAN stream for router generated traffic; I can easily mirror the router WAN port, tap into the stream and use Snort or Wireshark, but how would I separate 'normal' traffic from router-generated? Using Wireshark to catch calls to anything.ui.com is shortsighted, as that destination is likely to morph real soon.
Any thoughts on how to monitor an EdgeRouter for covert activity?