Synology Angers Its Community: DSM EULA Requires Mandatory Arbitration and Waives Class Actions (and Some Packages Disappear in 7.3)

A Reddit thread has gone viral following the latest update to DSM (Synology’s NAS operating system): to continue updating, the user must accept the License Agreement (EULA), which includes mandatory arbitration, waiver of class action, and Taipei as the jurisdiction (English or, if both parties agree, Mandarin). Although several users recall that this clause has existed since 2023, many encountered the screen for the first time upon updating, which has caused concern. Meanwhile, some report that Active Backup no longer appears in the Package Center of DSM 7.3; however, manual installation from the official Synology file still works.

Obvious legal note: this is not legal advice. The enforceability and execution of arbitration/waiver clauses depend on jurisdiction.

What do the clauses that triggered alarms say?

The text that users are seeing when updating DSM (captured in Reddit) summarizes three controversial points:

1. Mandatory and exclusive arbitration (three arbitrators, Taipei, English or Mandarin language by agreement).
2. Limitation of scope to user–Synology conflicts (without stacking with other arbitrations).
3. Waiver of class actions (or collective actions).

Is this new? Not exactly. Several responses point out that this wording was already present in 2023; the concern now is that the update requires acceptance to continue.

Is this valid everywhere? It depends. In the U.S., these types of clauses are often enforceable; in the EU, consumer law and regulations on abusive clauses can limit or nullify their effectiveness (case by case). If you use your NAS for business, the situation differs from being a consumer.

What real options does the user have?

• Accept and proceed: this is the path suggested by the update wizard.
• Refuse: you won’t update DSM (with the risk of outstanding security patches).
• Disa connecting cloud services (QuickConnect, DDNS, etc.) and limit yourself to using it on local network; but DSM updates will still be conditioned by the EULA.
• Migrate to another NAS platform (TrueNAS CORE/Scale, Unraid, DIY Linux), considering cost, learning curve, and loss of proprietary features like Active Backup, Drive, Photos, etc.

Practical tip (if you decide to proceed): save the displayed EULA (screenshot/PDF), back up your configuration, export critical backups, and review whether your jurisdiction restricts arbitration or class-action waivers.

Active Backup “not showing” in DSM 7.3: manual installation

Several users mention that Active Backup is not listed in Package Center of DSM 7.3 and that Active Backup 3.0 appears as incompatible. The shared solution involves installing manually the v3.1.0-24948 package from the official archive:

1. Download the appropriate .spk for your CPU from the Synology archive (link provided in the thread):
   https://archive.synology.com/download/Package/ActiveBackup/3.1.0-24948
   (choose the folder matching your architecture, e.g., x86_64, apollolake, etc.).
2. In DSM: Package Center → Manual Install → Browse and select the .spk.
3. Accept permissions and complete the installation.
4. Ensure the service starts and the backup tasks continue to operate.

Best practices: verify the checksum of the .spk, keep a local copy of the installer in case Synology moves the package, and document the installed version.

Why does this annoy people (beyond the legal text)?

• Change in tone. Many users bought Synology for the balance between ease of use and freedom. After years of restrictions on “validated” HDDs, seeing an intrusive EULA reinforces the idea of a closed ecosystem.
• Asymmetry. A NAS typically contains critical assets (backups, photos, projects). Imposing a “accept or don’t update” block is perceived as coercion.
• Practical opacity. The EULA textbox cannot be searched (no Ctrl+F) and does not highlight/select for copying—this user-hostile detail is highlighted in the thread.

Should I worry already about arbitration?

• If you are a consumer in the EU, it’s good to know that many waivers/arbitrations do not surpass the abusive clauses filter (check locally).
• If you’re a business (B2B), the contractual risk is higher: waivers are usually valid.
• In any case, not accepting it means missing security patches—a difficult trade-off.

Prudent recommendation

• Accept only after saving the EULA and copies; document model/serial/version.
• Minimize Internet exposure (firewall, VPN, 2FA, close UPnP ports).
• Assess, in the medium term, a exit plan (second NAS or independent backup).

Alternatives if you don’t want to “swallow” the EULA

• TrueNAS CORE/Scale (BSD/Linux): ZFS, snapshots, native replication; more sysadmin oriented than DSM.
• Unraid: mix of heterogeneous disks, simple Docker/VM management; paid license.
• DIY Linux (Debian/Ubuntu + ZFS/Btrfs + Samba/NFS + Borg/Restic): maximum control, more maintenance.
• Dedicated backup servers (appliances or cloud) to separate production from recovery.

Checklist (minimum hygiene)

• Export configuration from DSM and inventory of packages/volumes.
• 3-2-1 Backup Rule (one offsite copy, another immutable if possible).
• Firewall/VPN for the NAS; disable QuickConnect if not needed.
• Users and permissions reviewed; 2FA enabled for admin accounts.
• SMART and scrubs scheduled periodically (Btrfs/EXT4); health alerts via email.
• Document the accepted EULA (date and version) and note the jurisdiction.

Quick questions

Can I use DSM without accepting the new EULA?
Generally, you won’t be able to update DSM without accepting it (risk of missing patches). The system will keep working, but the security trade-off is significant.

Did Active Backup really disappear?
In some setups, it’s not showing in DSM 7.3’s Package Center; installing the .spk 3.1.0-24948 from the official archive is working.

Is it legal to block class actions?
It depends on your jurisdiction and whether you are a consumer or business. In the EU, such clauses may be null or limited; in the U.S., they are often enforceable.

What risk do I run if I don’t update?
Exposing yourself to vulnerabilities already fixed by Synology (exposed services, kernel flaws, packages). If you skip updates, it’s wise to tighten security and keep external backups.

Synology does not “die” from an EULA, but has crossed a symbolic line for some of its user base: accepting harsher conditions to keep receiving essential updates (patches). If you choose to proceed, do so consciously: save the text, secure your NAS, and if you’re uncomfortable with this direction, start planning alternatives. Meanwhile, if Active Backup is hiding in DSM 7.3, the manual installation from the official archive remains— for now—the way to go.