Oh but all the US hardware with spyware from the NSA/FBI is just fiiiiiiiiiine.
As always US wants the data, they just don’t want anyone else to have it.
It’s also a laugh for them to say “fuck you consumers you don’t get to” when the federal government already fucking blew it with SolarWinds.
Personal opinion this is much ado about nothing. In other words this article is baseless fear-mongering.
Trump is a bigger national security concern than fucking TP-Link and no one in power is seriously talking about removing him.
His economic moves will devalue the US Dollar and put it at risk as a reserve currency. Who is gonna step in? China.
But boo hoo, we should ban TP-Link! What a fucking joke. If you’re really “worried” about China, get rid of Trump yesterday.
Trump is a bigger national security concern than fucking TP-Link and no one in power is seriously talking about removing him.
There is an abstract ironic beauty to this.
To secure US networks, start by kicking Musk out of government systems.
Seriously, DOGE could be literally installing ransomware that kicks off if anyone tries to block them… They were hooking up random fucking servers right into secured government systems and were given write access at some of those government systems.
“the single greatest insider threat risk the Bureau of the Fiscal Service has ever faced.”
https://www.wired.com/story/treasury-bfs-doge-insider-threat/
He is like Spyware or just crappy insecure code become manifest in human form.
As always US wants the data, they just don’t want anyone else to have it for free
I guarantee you that American data is going to Chinese companies. Temu has your data. Alibaba has your data. Bilibili has your data. They’re just getting it by purchasing from American data centers.
So what you’re saying is, the complaint about China spying on people boils down to piracy?
It’s the thing American IP companies care about the most.
Yeah, it boils down to… who do you want seeing your data?
The Chinese? or the Americans?
On one hand, I wouldn’t trust the US with anything. On the other hand, there’s a pretty good chance whatever they keep that data on catches on fire or has a plane fall on it.
TP-Link has a bad history of significant security vulnerabilities that have to either be gross negligence or intentional backdoors. Consumer router firmware is notoriously neglected in the grand scheme of tech, but TP-Link is exceptionally bad. Your average and even most above average techies probably have no idea unless they follow security releases or live in the security world. I personally wouldn’t know much if anything about them if not for some YT content I watch about software and security. I don’t love blanket blocking of stuff, but this one I feel is necessary to help protect an ignorant population.
I 100% agree with the sentiment that Trump is way more dangerous, because he is, but the two issues can be addressed (or not unfortunately) at the same time. If our reps won’t stop Trump, and not going to be upset over he small wins that we do get.
Do you have any links to the alleged bad history? I couldn’t find anything, partly because the recent political theatre makes it hard to be informed.
Here is the main video I watched that breaks down a recent ish CVE and at the end he gives some thoughts on TP-Link, D-link, and another and just his professional security opinion on them.
It is only one source, but I think it’s a strong one.
Thanks!
So, say I have a POE outdoor router that is TP-link. It is wired to my main router and is the network for outdoor cameras. How bad an idea is this?
If you’re just running it in AP mode and extending from your base router you will be better off than if it’s your WAN device. I don’t know enough about these exploits to know how they are executed, so I can’t give you a solid answer, but I think it’s best to err on the side of caution when it comes to your data security.
If you’re fairly tech savvy and willing to put in a little effort, you can flash the firmware on the TP-Link with something open source like openWRT and that would eliminate any exploits directly caused by their coding. I haven’t done this in years, but I’m sure there are plenty of guides to walk you through this. It would require resetting up your network, but you’d need to do that if you replaced anyway.
Personally, I would replace the device with something higher quality. I don’t have recommendations for you, but I’m sure there are some resources you can find with security minded device recommendations. For “pro-sumer” grade stuff, where it’s better than your off the shelf options but not enterprise grade, I’ve heard Unify is a good option, but it’s complicated and expensive.
I can’t wait to get a hold of a bunch of cheap TP Link routers. Those things run OpenWRT like champs.
Please yes, I look forward to cheaper routers due to oversupply.
Every single consumer SOHO router is just a data mining security clusterfuck these days, brand is irrelevant. The only way to really get away from it is to run your own SBC or NUC with a wifi card and shit.
They make mini PCs with five Ethernet ports that are perfect for this sort of thing.
OpenWRT?
Key word: consumer. You won’t find a single router on store shelves that the layman is not getting all of their data collected through.
GL.Inet sells routers that run openwrt out of the box. I’m not claiming they’re guaranteed to not be modified to collect data, but just giving an example that there are consumer grade products out there that are better options, you just need to look for them.
Mikrotik is probably OK IMO.
probably, lol. they don’t even support openwrt
And?
what do you base that probably upon?
It’s a European company, they are widely deployed and well regarded.
Their hardware is decent and well priced. I don’t think if anyone else can provide this type of hardware at that price point.
Dumb policy but still fuck tp link routers. They never took security remotely seriously to the point where their products are known for being a good entry point into learning about exploiting embedded devices.
Don’t really care or think the government spyware concerns are particularly legitimate but they definitely aren’t secure products to have on your network
You sure you’re not confusing TP-Link with D-Link? The latter has been the common attack surface I’m familiar with, and the former has been a staple for enthusiasts and as a tool for pentesters.
There’s quite a few TP-Link Models that can be flashed with open source firmware. The ones I helped friends and family with seemed to get software updates consistently after being discontinued.
This isn’t an all out endorsement, but I’ve certainly seen worse.
I love my Toilet Paper-Link router. It’s the only one I’ve ever owned that didn’t start randomly losing the internet connection after two years. I don’t know why every router starts acting up like that; I’ve had issues with literally every brand except this one.
Banning TP-Link routers isn’t going to do a damn thing to solve the problem of insecure routers, SOHO or otherwise. Too many people and companies set shit up and then ignore it until it breaks and under these conditions routers are always going to become insecure given a long enough timeline.
Fire up Shodan and see how many discontinued Cisco ASAs are out there. Hell you can probably still find some Cisco PIX boxes even though they went away nearly twenty years ago! Those aren’t people doing that, those are COMPANIES.
The problem here isn’t the brand or even the silicon that brand uses. It’s with the utter lack of management (including EoL replacement) by the people using the damn things.
I don’t understand why they’re considering a ban. People should be changing the default password on their router. If they aren’t and they leak information that isn’t theirs, tough shit, fine them. If they leak their own information, let them deal with the consequences.
There are so many people who just don’t get tech though. I was just at my buddy’s patents house, probably early 60s, and they have a random default SSID and password. It’s like 15 digits long. Secure as can be. If they really bothered to type that in on all their devices, I’m thinking they were probably incapable of changing it through the software.
Or they just didn’t know how. Which is a distinct possibility. Some devices these days even let you share the Wi-Fi password through QR code or similar. So you don’t have to enter it into every device.
I’ve had tplink forever and recently got a netgear to put openwrt on it. It’s pretty cool
His economic moves will devalue the US Dollar and put it at risk as a reserve currency. Who is gonna step in? China.
China doesn’t want to become the world currency, but they do want a BRICS currency. This will take years, though.
I buy a lot of TP-Link switches because they are cheap so please dont
