I don't understand why people say there are no firmware updates.
Between my house, my parents' house and my girlfriend's parents' house, I have set up 4 different types of TP-Link routers. To my surprise, all of them continue to receive firmware updates years after launch. Most recently last month on some models.
I don't get the hate. They're cheap, they work and they have SOME security features which make them more than adequate for home use.
They're not perfect, but then again, for the price point, what do people expect?
Agreed. Are TP-Link the bastion of advanced security/tech/features and futureproofing? No. But they do what they say they do on the box, and do it reliably which unfortunately is more than you can say for a lot of things these days, no matter the price/payment model.
If you just need a basic ass device for simple non-critical shit without a bunch of proprietary bullshit and dark patterns, it's hard to beat TPLink for the money.
The fact that they still get support/updates long passed the typical lifespan of competing devices several times their price point is just icing on the cake.
Who can guarantee that the Cisco/UniFi or whatever Made in USA gear won't be a host to a state sanctioned "lawful interception software" politely pushed to many devices with the help of a National Security Letter?
Is this supposed to be some kind of gotcha? Of course this can happen. and not only I support it but I think they should do it more and use it to get a shot on any criminal or foreign power.
We can do it, but we shouldn’t expose ourselves for the possibility of our opponents doing it. That simple
So let me get this straight: The US government directly buying stakes in Intel is A-OK, but any involvement from the CCP in any form in any company is Not Good ?
If the only issue at hand was indeed security vulnerabilities, then I can see many ways that can constructively address that (e.g. Since a large number of SKUs deployed in the US are managed by the Telcos, then force them to finance the support for continued firmware updates).
The US will probably be collecting the reciprocity of their actions, and they won't like it ... It's a very childish game they're playing and it will hurt them in 15 years time ...
To be entirely honest, yes, American leadership is currently very childish while Chinese one is everything but childish. And the simple observable consequence is that China is winning whatever pissing contest is going on while America is busy shooting itself into own foot, applying bandage and then claiming it won cause it is not bleeding anymore.
> The US government directly buying stakes in Intel is A-OK, but any involvement from the CCP in any form in any company is Not Good ?
Yes, it’s the US government. Of course it thinks advancing US gov controlled technology is good and CCP influence in the US is bad. That’s a completely rational stance and it’s not even hypocritical until the CCP bans some US product and the US gov complains.
Now imagine your not American. Now you have the choice between 2 nations you don't trust. Which one are you going to take? The one you don't trust that hasn't done you anything personally, or the one that recently went rogue and is making a point of it to make everyone's life a little more miserable, actively?
> it’s not even hypocritical until the CCP bans some US product and the US gov complains.
It's not even hypocritical then. Both sides are protecting their own interests. These interests are partly at odds to each other. They're going to do what they believe is necessary, even if it "seems" hypocritical. That's not a bad thing, that's just ... how things work. China isn't innocent of this either. It's so weird how people are always painting this as "US bad".
Except US was all about Capitalism and they have now turned back and embraced Socialism except its socialism for losses and should be paid by the tax payer.
The real lesson here: If you're successful, don't skimp on security/software! Also, don't abandon software/firmware security support for your products so quickly.
If I was in charge over at TP-Link, getting news that tens of thousands of MY company's routers were compromised would have me furious! I'd be freaking out, making sure that we take immediate steps to improve software/firmware quality and to make sure we're in a constant state of trying to compromise our own hardware... To ensure no one else finds vulnerabilities before we do.
Instead, TP-Link seems to have just laughed and focused strictly on profit margins.
It occurred to me recently while driving in a high traffic area that (a) this area is congested every single day at this time and (b) if I shipped a piece of software that literally crawled to a stop for a two hour period every morning and a two hour period every evening that I would be deeply ashamed of myself and my work and that if I ran a department that did that I would have no priorities other than fixing this bug until it was fixed.
Yet we all know so many industries and products that just do not work like that and in fact the longer something is broken and it doesn’t seem to stop people from using it, the more it is accepted that it is ok for it to remain broken. I think that is somehow just a part of human psychology.
> It occurred to me recently while driving in a high traffic area that (a) this area is congested every single day at this time and (b) if I shipped a piece of software that literally crawled to a stop for a two hour period every morning and a two hour period every evening that I would be deeply ashamed of myself and my work and that if I ran a department that did that I would have no priorities other than fixing this bug until it was fixed.
The hubris of the spotless software engineer mind.
We have a solution for the traffic problem but you won't like it.
There is no "traffic".
YOU ARE THE TRAFFIC.
Cars and roads for cars don't scale well past very rural or very small suburban areas.
The solution to traffic is extremely hard and it involves:
* you and lots of other drivers voting to allow densification of highly serviced areas (close to central business districts, public transportation, hospitals, schools, ...) - at least mid rise apartment buildings, 4-6 stories high
* you and lots of other drivers voting to allow funding of public transit
* you and lots of other drivers voting to allow funding of reduction of car infrastructure (fewer car lanes, fewer parking spots, fewer highways, car only bridges, tunnels, etc)
* you and lots of other drivers voting to allow funding of safe bike infrastructure
* you and lots of other drivers voting to allow congestion pricing in ... congested places
* you and lots of other drivers voting to allow funding for anti bike theft measures (police training, bike theft prioritization, bike serial number databases, ...)
* you and lots of other drivers taking public transit
* you and lots of other drivers riding bikes for medium length trips
* you and lots of other drivers walking for short trips
I think this is you seeing the faults of other industries but being blind to yours.
No single person created the traffic jam "bug", the "users" are the biggest part. In many industries "the fix" isn't a few lines of code that you can quickly or even instantly push as an update to every user. You can't fix that traffic jam in code or even in infrastructure, you need to change society itself on top of everything else. It may not even be a defect as much as a supply and demand issue where supply is very scarce and impossible to ramp up, while demand is super high and growing.
That difference is good and bad. Yes software can be fixed quickly if broken. The other side of the coin is that software is routinely launched broken, and subsequently stays in various degrees of broken throughout its lifecycle, with new and unpredictable issues replacing old ones.
If too many people wanting to drive a car in the same place, at the same time despite the predictable outcome due to the limited capacity is purely a failure of the city, country, road builder, then isn't a user not being able or not knowing how to properly use the software the fault of the developer? Is demanding more from the software than it can deliver the fault of the developer? How much cumulated time does this cost, sometimes for absolutely no reason whatsoever than an arbitrary decision of the developer?
You aren't "deeply ashamed" because you downplay the issues you (or your company) create as a developer and pretend they aren't problems for the users. A "part of human psychology" tells you 1000 smaller cuts are fine.
> The real lesson here: If you're successful, don't skimp on security/software! Also, don't abandon software/firmware security support for your products so quickly.
This is like seeing a food poisoning outbreak at a fast food restaurant and concluding that it must be CIA/FSB/Mossad bogeymen trying a bioweapon. These breaches are things like not validating authentication tokens (at all, not just correctly) and that would be a big drop in professionalism from what we’ve seen from nation-state level attacks:
Hanlon's razor, paradoxically, is the perfect cover for surreptitious malice. We've already got a perfectly reasonable razor telling people not to assume malice, after all.
And to be clear, let's not forget that the US government did intentionally and secretly conduct surreptitious biological warfare tests against entire US cities that deliberately inflicted disease upon and killed American citizens. There was an entire formal program that spanned decades - https://en.wikipedia.org/wiki/United_States_biological_weapo...
Of course, the US government doesn't have any secret programs anymore and never lies to us, so everyone can rest easy knowing nothing like this could ever happen again.
People in the comments are defending TPLink for how 'solid' their products are. As someone who just switched to UniFi APs from a Deco Mesh (wired), I have to admit that the difference is deep dark hole and bright sunshine day. Maybe people are comparing to spectrum charter modem combos but I definitely don't see how a router that loses firmware updates in a year can be praised. And it needs reboots so frequently. The Deco has an option now to reboot 'everyday'. This sounds something maybe needed for rare cases where the ISP expects a reboot, but the fact that your routers have that as a feature to keep it stable is a big red flag.
I was so used to this that when I started looking for this setting in UniFi OS I had forgotten the part 'networks are not supposed to be rebooted frequently!'.
First, all of the TP-Link devices I use still have firmware updates regularly. I can't talk about Deco series, which I don't own.
Second, mesh capabilities are not consistent across different brands, that's true. On the other hand, comparing TP-Link, which is a home/SOHO brand to UniFi, which is essentially a prosumer/enterprise offering is not fair. I have a small mesh (three devices) at one of the places I run these devices, and it hands-off nicely, extends coverage, and gives me the speeds written on the tin.
Do I expect it to compare to a UniFi or Aruba mesh where the smallest element has more processing power than my router? Of course not. Do I expect it to run on a 300 sqm house with 10+ devices? Again, no. But as long as my network runs, I can access the devices with good connections and speeds they advertise, I'm golden.
Lastly, "restart everyday at this time" setting is present since forever on many devices. The feature is to help home-downloaders / data hoarders to renew their IP periodically. Heck, even JDownloader has a feature to reset your modem remotely if your modem supports to renew IPs (since 2004?). Assumptions don't help here.
I never had to automatically restart any of the routers/modems I used regardless of the manufacturer sans a couple Cisco/Linksys devices. E4200 which had two processors, one for the switch and one for the router. The router one stopped responding randomly to cut whole network off from internet, and my E900's processor crashed flooding whole home network with packets basically paralyzing it. Oh, that same E900 failed to negotiate with the on board RTL8139 Ethernet controller, so I had to buy another "Cisco/Linksys" RTL8139 card.
TP-Links I had never done anything remote. They even have the best latencies and WAN recovery when things go south on ISP side. My TP-Link 802.11AX extender works flawlessly with my ISP supplied WiFi6 modem, and despite having no mesh communication going on, running on the same SSID and handing off pretty reliably.
Yes, a home product with a dedicated controller unit, Fx networking support, cloud based management with ability to self-host, traffic shaping and SDN capabilities.
People can dedicate a small cabinet to UniFi rack-mountable gear plus the network center of their house. TP-Link has none of those, and not aiming for that market, even.
It's comparing a Peugeot 3008 with a Mercedes-Benz G Class and adding that, Mercedes has serious off-road trucks like Unimog, but G Class is their end-user product.
Apples to Pineapples.
BTW, it's not hard for me to install and manage a high capacity UniFi network in any way. I don't use their devices, because I don't want to manage yet another network.
I couldn’t figure out what was wrong with my WiFi. Turns out all I had to do is power restart it. All my problems went away after setting up weekly reboots. It is stupid that it works and it is stupid that it is the only solution for stable WiFi. Shame on tplink
its usually either low memory which basically crashes the devices or buggy software which works until you hit the bug at which point it requires a restart to get it working again. Most common is memory problems though because these devices have just enough memory to make it work.
I have not used the Deco access points but the Omada ones have web rock solid for me for about 4.5 years now and I used UniFi before that with no real issues either.
Yea, in the real world, the CEO gets news that tens of thousands of his company's routers were compromised, and calls up his General Counsel and asks "are we liable for damages?" And if the answer is NO, he goes back to enjoying the house party in his luxurious third home.
It was a completely Chinese company until last year. Then it split in 2. The US headquartered half has 11,000 employees in mainland China and 500 in the US based on what I could find when I googled it. It’s solely owned by the founder of the original company and his wife who are Chinese citizens.
I don’t know whether it’s worth banning them or not, but putting your hands up and saying “what Chinese company?” is just absurd.
1. The company was founded Zhao Jianjun and Zhao Jiaxing who are brothers, I don't know where you got the husband/wife sole ownership from.
2. As you admitted, they have completely separated into 2 separate companies, claiming that it is still Chinese is akin to saying "tea is Chinese", that's completely absurd, yes, it was at some point in history, that point is not now.
1. I got the idea from the Tp-Link website. Zhao Jianjun is known in the US as Jeffery Chao. Him and his wife are the sole owners of the US company.
“in October 2024, established TP-Link Systems Inc., based in Irvine, CA, as its global headquarters and parent company with Jeffrey (Jianjun) Chao and his wife Hillary as sole owners. Jeffrey is CEO of the company.”
2. The sole owners are Chinese citizens, 95% of their employees are Chinese citizens living in China, most of the R&D happens in china, and the majority of the components of their products are manufactured in China.
They have an HQ building in the US, but 90% of it is leased to other companies.
This is a US based company in name only. It’s essentially a shell company designed to bypass a potential US ban.
It's hard to believe you're saying 2 in good faith. Companies don't change that fast, and you skipped the part where so many of the employees are still in China.
Three years would be an impressive timescale to move a company from one country to another.
Except they didn't do that. They moved the HQ.
I'll accept for the purpose of this argument that they fully split the company into two separate companies. But both of those companies are still mostly Chinese, going by the numbers in this thread.
> Did you not read the article? It's hard to take your comment in good faith if you didn't.
This is a weak attempt at turnabout. The article doesn't present any evidence of separation or non-Chinese-ness, it just quotes the company (and even that quote admits a bunch of Chinese assets). But even if it did, it wouldn't be bad faith to skip reading it.
> This is a weak attempt at turnabout. The article doesn't present any evidence of separation or non-Chinese-ness, it just quotes the company (and even that quote admits a bunch of Chinese assets). But even if it did, it wouldn't be bad faith to skip reading it.
1. Who else would document a company's restructure if not the company itself?
2. Yes, not reading an article and commenting on it is bad faith.
> going by the numbers in this thread.
3. So you have no evidence of it not being as the company says, just the vibes of others on this thread, okay Senator.
> 1. Who else would document a company's restructure if not the company itself?
If the company wants to give numbers, I'll listen to them. But the company made vague/unproven claims and that's not enough. Journalists can investigate.
> 2. Yes, not reading an article and commenting on it is bad faith.
Commenting on something talked about in the article doesn't require reading that specific article. You can use other sources.
> 3. So you have no evidence of it not being as the company says, just the vibes of others on this thread, okay Senator.
Other people brought objective numbers. Not vibes.
Why should I not use those numbers? You have not claimed any of those numbers are wrong, you're just calling people's conclusions wrong.
The reality is the only part that matters, the chipsets, are produced in Chinese factories owned by TPLink.
They moved everything that doesn’t matter to the US recently in an effort to give the illusion that they aren’t putting chips manufactured under the control of the Chinese government into the majority of routers used in the US.
I’m not agreeing with banning them, but I can certainly see how it creates significant risks that I would want to mitigate somehow.
I agree with you that they shouldn't be banned, but the US casting aspersions against another country is pretty rich considering the involvement of the CIA, and NSA around the world.
> TP-Link's Headquarters are in California, they have a branch in Singapore and they manufacture in Vietnam
"TP-Link is a Chinese company that manufactures network equipment and smart home products. The company was established in 1996 in Shenzhen. TP-Link's main headquarters is located in Nanshan, Shenzhen; there is a smaller headquarters in Irvine, California"
Just because a company changed its headquarters to US all of a sudden they are a US company? Even if 99.9% of its decision, operation and R&D are still in elsewhere?
That is like people saying Nothing is a UK company, when all I see is a Chinese company registered in UK.
Until it hits their wallet, they will not do a thing. Now if they were more concerned about longer profits and how this could impact their image, maybe they would change but it is rare you see that nowadays.
Yeah, that's not the lesson here at all. We're still in an era where you will suffer absolutely zero consequences for security lapses and breaches.
Everything that is happening with this administration is simply because it suits American foreign policy or the interests of one of the oligarchs. I mean this with absolutely no hyperbole: the pretense of there being any rule of law for the ultra-wealthy is gone. The White House is openly selling pardons, which have the added effect of cancelling out debts to the US government.
Tiktok getting banned? It had nothing to do with "national security". The government simply had less control over the content and the algorithm on Tiktok than they do on Meta and Google platforms.
Reading through this article, you have Microsoft pointing the finger at TP-Link. That's... rich. Becvause Microsoft has historically been horrible for security. It would take further investigation but I really wonder if TP-Link isn't just a convenient scapegoat.
I don't mean to be hateful with this, but what's the point of your post besides random conjecture and a sort of rant about something only vaguely related to the story?
I see the comment as quite on point. There are many longstanding real problems that have been allowed to fester (in this case, embedded security). While these problems are now being talked about, there is still zero intention to actually address them. Rather they're merely being abused as talking points by fascists pretending that "something is being done" when really the "solutions" are merely the consolidation of autocratic control.
Real reform here would be something like prohibiting tying software and hardware together as one product, source code escrow, etc. Things that actually create security and consumer choice, rather than merely one less vendor to pick from.
Sometimes I wonder if people talking about corruption in the US have ever been to a country that is as corrupt as they say the US is.
Pardons are not being openly sold. There is absolutely not great stuff going on with them but, really, the major difference I see is that it's happening during the administration, rather than in the last few hours.
The US is moving the wrong direction when it comes to corruption but let's not act like we're bottom of the barrel ir that this slide just started in 2024 (or 2016, if you'd like).
So far Trum pardons have wiped out over $1 billion in decided and sought fines [1]. There are pardons for the likes of Geore Santos (convincted for a whole host of crimes) for no other reason than he was a reliable Republican vote. clearly sending the message that if you are loyal, you can commit crimes and you will be pardoned. There's also the Teenessee House Speaker convicted for corruption [2] and the Binance founder [3] who allegedly aided in Trump's rug pull (sorry, "crypto offering").
Now this sort of thing isn't new. Famously on Clinton's last day in office he pardoned Marc Rich [4], who was convicted (before fleeing the country) on breaking sanctions by trading with Iran. It was widely rumored his ex-wife, Denise Rich, who had a lot of access to the Clinton's brokered a deal.
But what changed is the disastrous Trump v. United STates [5] decision last year that granted almost absolute presidential immunity. Now there's not the slightest fear of repercussions so the whole operation has gone into overdrive and it's so incredibly brazen.
I stand by my original claim: the TP-Link ban isn't technical. It's political. And I would bet all th emoney in my pockets that if the CEO had "donated" $1 million to the inauguration (like all the Tech CEOs did including Bezos and Cook) we'd likely have a very different outcome.
No, I'm saying that the slide didn't start with Trump. I also don't think much of what Trump is doing is much, if at all, worse than his predecessors but he has zero shame about it.
Since he's in the news and it's on my mind, I'm not sure the Cheney and the whole Iraq/Haliburton situation has been topped since then. Then there's ever member of Congress suddenly becoming a multimillionaire after they get into office.
The only norm Trump is breaking is that he doesn't care to sweep it under the rug
TP-Link makes really solid products, and if you don’t want to use their firmware then almost all of them can easily flash OpenWRT. In fact most of their routers are built from OpenWRT anyway.
I installed their mesh Wi-Fi system for my parents recently and was really impressed how seamless the process was. It did involve making a cloud account which I wasn’t thrilled about, however.
All modern WiFi APs require closed firmware blobs that run below or parallel to OpenWRT.
You replacing the router OS with OpenWRT does nothing when the radio has full DMA access and runs its own OS on its own processor. The OpenWRT layer will have no idea what it's running/infiltrating/exfiltrating.
I say this as someone who has been running and building OpenWRT forever. It's great but it isn't a panacea.
That's why I bought a PCEngines box (one of the last of their inventory before they went out of business) with completely transparent hardware and no Chinese manufacturer in the supply chain.
For anyone asking this question I might suggest Protectli. They've got x86 systems with coreboot. That's about as good as you can get these days for open source-ness without going really obscure or outdated. I've got a VP2440 as my router and firewall. You can neuter the intel management engine with coreboot, but there's still going to be firmware blobs somewhere in it, especially if you're trying to build a wifi ap.
One of my 2 pcengines APUs has developed an issue with its solder joints I suspect. It hangs at the bootloader unless the unit is already warm. Can't complain at all, it lasted ages and problems like this are just life for things that thermally cycle, it was in a pretty extreme climate for most of its life. Doesn't help with me needing a replacement now pcengines is out of business though, hence getting a protectli box.
This is the route I went. After a decade plus of shite consumer routers and finally an EdgeRouter which died (along with Ubiquiti's quality) I bought a Protectli box, build and flashed Coreboot and run OPNSense.
It's been going strong with regular updates (and by regular I mean as regular as your Linux workstation) for over half a decade now.
It wasn't cheap, somewhere in the region of £700 after adding SSD and RAM but it's a way, way overkill model and never exceeds 10% RAM usage and 15% CPU with an IDS running and a bunch of VLANs and Gigabit symmetric WAN.
My original goal for overspeccing it was longevity, but I regret it now, I want to upgrade to 10G+ networking and I can't justify replacing it when it runs so well and wasn't cheap.
Sure, but if you run OpenWRT you can pick the radio firmware image. And you can trust Qualcomm cause they're from San Diego and made Eudora; their firmware won't have intentional security issues.
I use their Omada stuff for my business. I own a coffee shop where I have a few devices I need online and I provide free WiFi to customers. I needed something where I could run multiple networks, segregate my own devices, support a large number of clients, automatically turn off free wifi outside of business hours, run a captive portal, reserve a minimum amount of bandwidth for my own devices and prioritize my own traffic, etc. It’s absolutely packed with features and costs less than the stuff I run at home. It was a fraction of the cost of the Meraki gear I was considering. The performance is great too.
I don’t know how much I trust TP Link, but my risk level is very low. There’s not much an attacker could do if they get on my network. None of my data is accessible on that network and everything important has MFA anyway. The most sensitive things are my POS and menu displays and they are just client devices connecting to the internet. I probably wouldn’t run this stuff in an environment where I had complex security requirements.
I don't think the attackers are after your credit card records as much as they are after using your network as one base amongst thousands of others to perform illicit compute, generate traffic to a victim network, etc. That is: the attack is outbound from you to the victim, not inbound to you as the victim (at least not beyond the initial beachhead).
I bought a cellphone from them many years ago and they never really supported it and I couldn't even buy a replacement battery.
Recently I bought a router with the firm intent of installing OpenWRT, but I received a newer revision that had a different CPU, less RAM, and less flash memory.
These events left a bad impression, but they do make affordable stuff with reasonable quality.
> Recently I bought a router with the firm intent of installing OpenWRT, but I received a newer revision that had a different CPU, less RAM, and less flash memory.
This also happened many years ago with Linksys (prior to Cisco). It’s not that uncommon for manufacturers to release new revisions of hardware without necessarily making it clear to the purchaser. If their purpose is to deliver a router and they can shave a few cents off the BOM with less RAM, but it still works with their software, why would they care. And once new revisions have been released into the supply chain, it can be hard to know exactly what version you are buying.
In the Linksys case, IIRC they eventually re-released the first revision WRT54G as the WRT54GL (for Linux), so that people who wanted different firmware could get the exact hardware they wanted.
Wouldn't it be nice if that was illegal? Sell whatever, but label it accurately, it's different hardware so it needs to have a different version label in the listing or something.
We see this all the time with SSDs, where a high-spec model is released to reviewers, then a low-spec model is mass-produced and sold under the same model number. That's fraud, isn't it? Shouldn't it be?
It’s only fraud if they sold you or marketed to you on those specs. But at least for things like reflashing your router, short of a few explicit opener vendors (like glinet) and Linksys AFTER releasing the WRTGL version, router manufacturers aren’t usually advertising on how much ram or flash memory space they have, any more than car manufacturers are advertising how much flash memory is in their ECUs. It’s not an intended or marketed purpose, so they’re not going to be changing model numbers just because they made an internal update.
Changing the flash in a router is pretty understandable. Changing a router's CPU is going to affect core performance, and so does changing parts in an SSD, and core performance should totally count as being used to sell the product.
If you can build a plausible case that you did this (eg. simply making your fw image smaller justifies using a smaller eMMC chip), and provide a few benchmarks that demonstrate equivalent performance in those scenarios, you'd be of the hook in any legal mandate to keep the performance the same even if your new hw revision ships with weaker hardware.
This is even a common product development strategy: ship to market asap, optimize the margins later.
At some point it won't matter that you run OpenWRT on it. Obvious case in point: at a certain point it doesn't matter that you run Linux instead of Windows on your Intel PC, because it'll still be subjected to Intel ME, Intel AMT, Intel SGX and god knows what else.
On a PC, Intel ME and the like can be accessed remotely only through an Intel NIC, which can be avoided by using a PCIe Ethernet card from another manufacturer, if the motherboard does not have such an interface on it. Even many of the Intel Ethernet interfaces are supposed to have the remote access disabled from the factory, but you cannot be certain about this.
A more serious problem is caused by the laptops having Intel WiFi, which is difficult to replace. With such a laptop one would have to disconnect the internal antennas and use an external WiFi dongle, to be sure that remote control is not possible.
At one point laptop wifi cards seemed to mostly be m.2 cards, which, while not usually trivial, were relatively feasible to swap out. Has that changed?
I'm getting ready to set a mesh network for my older parents as well. Do you have any suggestions for hardware and software? I live a ways away from them so I need this to be pretty much faultless. I don't want to drive 4 hours for IT support.
My paranoia goes against this idea. How sure are you that the remote management is hardened? Assuming that disabling external control is actually effective, that seems like it removes most practical exploits one would encounter. A network configuration for a non technical person should be so simple it does not require regular maintenance.
The TP-Link option was great. If it was for myself, I'd build my own with OpenWRT but my goal was to minimize the chance of downtime in case I'm not available to help debug issues. They already had a TP-Link range extender running for 4+ years without ever needing to touch it, so I figured their mesh network was a good option too.
Do any of TP-Link's mesh routers support OpenWrt? I didn't think there was overlap between the "easy to set up for my parents" and "easy to install custom firmware" subsets.
And in reverse, you think Palentir has a transparent business model to trust with your data? I don't get why people find china more suspect than most of these billionaire led monopolies buying politicians and laws and spout paranoid gibberish about Christianity and anti Christ etc.
Both might be fundamentally evil or being, but they aren't different in danger based solely on how white they are.
And yes an American company in cahoots with the government having the ability to snoop on traffic and turn entire networks off, while bad, is nowhere near as bad as a Chinese one having the exact same capability.
Their hypothetical does have weight, though. Damn near every desktop/laptop computer does have "a hidden little core running a hidden little OS" nowadays, after all.[0]
Obviously this particular one isn't in non-Intel equipment, but...
Devices from companies under direct or implicit CCP control should indeed be considered suspect until proven otherwise. Not just them, but them much more than local ones.
China isn't the major threat for consumer routers; it's crappy firmware. Millions of networks have been compromised from non-state actor attacks on crappy consumer routers. You wanna protect America? Impose a software building code on critical network infrastructure (which should include consumer routers and modems). But they aren't gonna do that, because they're just trying to score cheap political points and put pressure on China for trade concessions.
Seemingly every year there is yet another Cisco vulnerability because of hard coded passwords. One as recently as July 2025. The entire network industry seems to YOLO the code running the world.
First DJI, now TP-Link. What is the endgame here? What will the American consumer technology market look like after all the best and cheapest products have been banned because they are Chinese, or have alleged links to the Chinese government? What will be the impact on the next generation of American engineers and scientists after growing up in an environment deprived of tech the rest of the developed world freely enjoys?
The large number of Chinese products currently permitted in the U.S. demonstrates that the bans were imposed not because of their nationality, but because confirmed security risks were identified.
The company's issue is not its country of origin, but its history of installing backdoors and its public declaration to abandon fixing security flaws for numerous devices still in use.
The issue started to be pointed out by numerous independent tech news outlets and communities far more than a year ago. Do you have a basis to argue otherwise?
Yeah but it’s not like every Chinese tech product is being systematically scrutinized by the US government. It’s more like one gains attention and then everyone piles on.
If TP-Link is known to have intentionally installed backdoors in its products, that is news to me. Can you provide a source for that claim?
Vulnerabilities have been found, of course, but that is hardly unique to TP-Link, and the existence of a vulnerability does not imply that it was put there intentionally.
> its public declaration to abandon fixing security flaws for numerous devices still in use
I have several machines that are still running Windows 10 and are (according to the Windows software) not eligible to upgrade to Windows 11, let alone for free. The Microsoft software informs me that I will no longer receive security updates on these machines.
When will the US government ban Microsoft products from sale in the US?
---
Still, I have much more context on the DJI ban. The law that will place DJI on the FCC's "covered list" states that if DJI is not audited by a (unspecified) US government agency, DJI products will be placed on the covered list and so be ineligible for FCC certification starting (IIRC) Jan 1 2026. In other words, the law was cleverly written such that nobody actually needs to do an audit to determine what nasty things DJI is actually getting up to; if nobody raises their hand, the ban will happen automatically.
---
Do not take me for an enthusiastic supporter of DJI, TP-Link, other Chinese companies, or the way America's political and business leaders have generally pissed away our technological advantage over China in the name of enriching themselves in the present (now past). I am, in fact, livid. But we will not dig ourselves out of this hole by becoming a backwater where Americans' relationship with consumer technology is as if they are living in a sanctioned country.
It will probably look like our EV car industry, where the tech is somewhat on par and ahead in some places, but very overpriced and missing out on key innovations ie battery technology in the case of EV’s
I have TP-Link Deco's for our WiFi, sitting behind a Firewalla Gold. This has been by far the nicest, simplest at home setup I've ever deployed. Do I love that I chose TP-Link? No. But price to purpose it was the best product available to me at the time.
If TP-Link gets banned, my concern is what that means for the massive market share in the US. Warranty? Software updates? Or maybe that action is what turns them into an agent of the state. Or do you horde all the hardware until its valuable like DJI parts are today?
I thought it was the Chinese owner of Tiktok that got paid money.
What is your evidence that the US government was paid any money as part of that deal (over and above any taxes that would have been incurred by any sale of any business).
"Gifted" would be misleading if (as I suspect) the entity that ended up with American Tiktok is the entity that won a bidding war to make the most attractive offer to the Chinese owner.
The U.S. is the bigger threat anyways. This just feels like America is coming online as a mafia state and wants their cut and their backdoors in things, otherwise they’ll destroy your business.
To be fair, I think this is most countries, they just don't have as much political power as the US. The UK's Online Safety Act is a good example.
My country (Australia) tried to legislate in 2016 that no one is allowed to use encryption, and if they were required to, for other obvious reasons like for medical data, then they were required to code in a back-door for law enforcement.
The above is just the announcement and doesn't include answering media questions wherein we would have heard dear Malcolm's famous quote:
“Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia"
Political understanding of mathematics and encryption has not progressed in the intervening 9 years, much the same as the thirty years prior. Regulating internet security is forming a similarly unfortunate trajectory.
If TP-Link is pathologically creating unsecure products -- through incorporation of enemy government backdoors or through other improperly handled security vulnerabilities, they deserve to be singled out as making the problem worse and imposing potentially wild cost of risk-mitigation on others.
Similarly, AI (just speaking about current AI), and the reasonably-predictable future AGI / super-intelligences (remember: more than one!) will present humanity with Enormous risk, and we'll (humanity) have no choice but spend the unbounded cost to mitigate that risk.
I recently bought a TP-Link Omada ceiling mountable access point, which has been working great. My Ubiqiti APs are due for an upgrade and the Omada (for a separate network), at half the price of roughly equivalent Ubiqiti APs, is impressing me so far.
(The Ubiqiti's have been rock solid for years though, no complaints whoatsoever).
Netgear (US) and D-Link (Taiwan) were consistently disappointmenting enough that I swore off them many years ago, and buyers-remorse-PTSD prevents me from reconsidering them ever again.
I've found the ubiquiti devices to be somewhat overly complex and generally overkill for all home-networks I've ever used them for. All the graphs and stuff tickles a nerdy nerve somewhere in me, but honestly I can get equally stable networks for less than a quarter of the price, but without all the fancy bells and whistles that I only enjoy four about 2 hours after installing anyway
The ones i have were purchased back when Ubiquiti was trying to gain market share and get their name out there, so it didn't have the more premium price tag it enjoys now. The setup was complex, but I'm a bit masochistic like that, but I also needed device roaming to work properly and, however Ubiquiti achieved it, it has worked really well for me for a long time.
I only just logged in to the controller interface yesterday again after probably six months or so, when I was checking in to see if there were firmware updates. Once it's setup there's very little maintenance, but the initial setup can be intimidating.
I was thinking - wonder if anyone in Trump's inner circle took at short position on TP-Link before this? There's a lot of people who seem to have amazing insights into policy positions the US government is about to take.
TP-Link produces solid and affordable network equipment. A great value for the money, which makes their products a popular choice for many customers around the world. But as almost all hardware vendors out there, TP-Link has weaknesses in their software. In a way, they are victims of their own success and popularity. I wish them to get their software security act together.
Banning such a bright tech company is totally unwarranted, unless there are proofs of their intentional wrongdoings.
As a hardware founder, low quality plastic is not rocket science. On trips to China I’ve heard similar things about other companies, specifically that Foxconn makes everything it uses, including things like coolant or plastic for prototype production.
Does anyone know what their chips are doing? Do you, really?
Until we have desk side silicon fabrication/placement, with accompanying tunnelling microscope features, we simply cannot trust our silicon in any way other than through utterly peaceful means, which is to say, through systems of human trustworthiness.
Technology never allows us humans to advance sufficiently well to do without it .. unless it is evenly distributed.
Right now we are all at the mercy of the masters of silicon. This is no joke!
I don't get what to make of this. Is it all just security theater? The idea of having consumer networking hardware that isn't riddled with security vulnerabilities seems to be a ship that sailed long ago. I doubt this move will prevent major nation states from hacking into whatever they want.
> the U.S.-based company’s products handle sensitive American data and because the officials believe it remains subject to jurisdiction or influence by the Chinese government.
These cowards have not yet finished banning TikTok
People worried about routers, meanwhile nearly every damn employee at Intel from the CEO to the janitor is Chinese.
The Intel ME chip is running its own OS on every single Intel chipset, even when the computer or laptop is shut down, and accessible directly through attached Intel WiFi or network cards. With full memory access, with no way to turn it off.
Asking: Chinese the ethnicity, or Chinese the nationality?
And, why exaggerate?
I get the sense of concern for strategic vulnerabilities - I feel that is a valid, and a separate topic to ascribing cause / blame / hypothetical bases for solution-making.
I've been really happy with the TP-Link smart plugs. I keep upgrading them as The Latest Standard That's Definitely The Real One This Time Trust Us Bro comes out, and the Matter ones are excellent. Getting an instant response from them is really nice. I see no reason to buy others.
I would buy only Hue but that's because I have more money than sense, and they don't actually make smart plugs last time I looked, they make plugs but label them all as lights in the app, which is more annoying than it sounds.
The real problem to solve ditching TP-Link _routers_ is that all routers are uniformly fucking awful, and all you are doing is choosing your particular poison. This is especially true after Apple exited the game so long ago. I use Google Wifi because it mostly works most of the time, but that's not glowing praise. But the world has become trained that rebooting a router once a week and praying that it works when it comes back is a perfectly normal state of affairs and we couldn't possibly do this any better.
I would buy only Hue but that's because I have more money than sense, and they don't actually make smart plugs last time I looked,
Ikea makes Zigbee smart plugs with power monitoring (Inspelning) that are ~10 Euro here (probably $10 in the US). Also Zigbee does not have all the security issues, since it is purely local and will talk with whatever hub/bridge you choose, e.g. Homey, Hubitat, or if you want to go free software Home Assistant or zigbee2mqtt.
It's somewhat insane to me that people use WiFi plugs for actuating things that actuate real-life electrical devices. Even more from companies that have a bad security reputation. Zigbee or Z-Wave all the way or possibly Matter over Thread, but the only Matter device that I had (an upgraded Eve Energy plug) has been a pain.
The real problem to solve ditching TP-Link _routers_ is that all routers are uniformly fucking awful, and all you are doing is choosing your particular poison. This is especially true after Apple exited the game so long ago.
I switched to Unifi gear (Cloud Gateway Max, two of their U7 access points, and a bunch of their managed switches) and they are a dream to set up. Making VLANs, associating VLANs with SSIDs, etc. is so easy. I had a TP Link managed switch and the interface was a huge pile of crap and I saved it several times after misconfiguration by virtue of it having a serial console. I only used it for two months or so because it was so frustrating.
They just announced the Matter range, it isn't even in stores yet. I was at the Ikea store yesterday and they still had a good stock of Inspelning and most likely they will still have for a while (they only introduced it a year ago and it seems quite popular).
At any rate, Matter over Thread is still much better than WiFi security-wise (even though it's IPv6 routable) and Ikea's Matter over Thread plug will probably be similar price-wise. And the good thing is that probably even more people have a thread border router (Apple TV, HomePods, some Amazon Echo, Google TV Streamer 4k, etc.).
Still, these Ikea plugs are so cheap and Zigbee is extremely nice, so it doesn't hurt to buy and stock ten now for the future :).
> all routers are uniformly fucking awful [...] the world has become trained that rebooting a router once a week and praying that it works when it comes back is a perfectly normal state of affairs
My OPNsense router currently has 74 days of uptime, and that's just because I ran an update 74 days ago. I've never rebooted it to solve a problem. The only wrinkle is OPNsense (and pfSense) is at least an order of magnitude more complicated than your average consumer router.
OTOH, my ubiquity access point reboots itself every time I change any setting at all.
I have some TP-Link smart plugs and was happy with them for a long time because their app could be used without an account. Then I recently got the new version of the app and it forces an account, there's no more guest mode. I'm done with TP-Link now.
We are unfortunately getting to the point where the only option for non-power users will be to create an online account to run local hardware you own; just like Windows 11.
I run OPNsense with a collection of Unifi radios (local controller) with great success.
But Sir! We are talking here between USA <eagle sound> versus rest of the world that’s unsafe and all the time attacking USA people privacy. Cisco is India based, not American!
disclaimer: not connected in any way with Cisco, just disappointed business customer.
Regardless of what TP-Link says, the damage is done. I was recently looking for a bigger switch. I went with a use switch instead of buying a new TP-Link because I don't trust them. Now I just need more projects to fill my extra ports on the 24 port switch haha
This is a very one sided article. Shouldn't there be a comparison with TP-Link and all other brands available in-terms of security? Otherwise they're just targeting a company for political reasons.
The article is in response to a very one-sided government ban (well, reported ban) on TP-Link products. The company is being targeted for what appears to be political reasons, the article even said so in the first paragraph:
Experts say while the proposed ban may have more to do with TP-Link’s ties to China than any specific technical threats
OPNsense is decent too. Problem is that running anything open on those AP will still be a mess unless they support something like OpenWRT ;)
Separating router from the AP was something I considered too for building a 10 Gbps network, since I haven't found any WiFi router that could also handle 10 Gbps wired without some accelerator chip requiring non upstream mess to work.
I don't have any particular opinion on TP-Link (never used their products), but the idea that a low-cost vendor targeting home and SMB users is somehow a state-level agent trying to compromise those users... needs evidence.
I mean, in the case of actors like Huawei, you can at least credibly make the argument that the continued access of their support staff to internal provider networks is a significant risk, but that vector is entirely absent here.
Sure, embedded firmware has been, is, and will continue to be a tire fire prone to embarrassing compromises, but containing those is mostly about notification and containment by government agencies (which the current US administration is doing their utmost best to kneecap) and/or large ISPs (which in the US have traditionally never cared).
Forcing "foreign" products off the market in favor of "domestic" replacements with the exact same, if not worse, flaws won't fix a thing, unless you put some pretty significant controls into place that nobody is willing to enforce or even outline.
But it does provide ample opportunity to profit personally, and that’s much more of a priority for the current federal administration than fixing anything.
^^^THIS 100%.
They are manufacturing low-cost products for home users. That is, if these claims are true, they have neglected a poignant question, why would they bother?
They are targeting poor people's personal data, not businesses, not high-profile people, not government bodies.
Eero used to be pretty close. Years ago, I used to stalk the subreddit despite never owning an Eero just because the (US based) devs would often drop knowledge bombs. AFAIK they wrote the entire software stack in house.
I have no idea if that's still the case, especially post AMZ, but worth looking into if so.
I miss the insider information. Some Redditors were not nice and they all left Reddit and their insider information stopped flowing, it's a shame, it was cool to see behind the development veil.
The fact that TP-Link products are vastly better and cheaper than all their numerous competitors is indeed a bit strange. You have to either think that all the people at Linksys, Netgear, D-link, etc. are incompetents or that something a bit out of the ordinary is going on at TP-Link...
I see that at the company I work at. US management at many companies is about doing the absolute minimum for a maximum of profit. It doesn’t allow for competence or long term investment so companies turn into empty shells.
It’s not that unheard of. Does anyone make a better $999 laptop than Apple? Nope, the MacBook Air is faster and gets better battery life with zero fans and basically nothing on the market compares. That doesn’t make Apple “suspicious” more than any other company.
TP-Link is the best for the same reason Apple is the best. They just have the momentum of being in the lead.
I would also say that TP-Link isn’t wildly and unrealistically cheaper or anything.
Their prosumer/business Omada lineup is clunky and kinda sucks compared to Ubiquiti.
Zyxel WiFi 7 APs are more competitively priced than basically anything last I checked.
> You have to either think that all the people at Linksys, Netgear, D-link, etc. are incompetents
They are. "Profit oriented". I bought a D-Link router once. Only one (1) port out of 4 was working. Great product, i never want to see something like this again. /s
Per company government acquisition "bans" are stupid for PR and security reasons. Brand-specific banlists are whackamole when the same hardware and software will be immediately duplicated with another cat-walks-on-keyboard brand name that will disappear within a year.
Instead, there should be in-depth, enforced audit, compliance, and evaluation standards for gear for particular purposes. If it doesn't meet particular standard(s), then it can't be purchased or used.
"TP-Link Systems told The Post it has sole ownership of some engineering, design and manufacturing capabilities in China that were once part of China-based TP-Link Technologies, and that it operates them without Chinese government supervision."
Is that even possible? Or do you always have to be on good terms with the Chinese government to own engineering, design, and manufacturing capabilities in China?
I don’t like that TP Link routers regularly force you to accept new terms of service within their app. If you don’t, then you can’t access much of their configuration options. Basically you get locked out of your own device. I feel like these dark patterns should be illegal.
Could you please stop posting unsubstantive comments and flamebait? You've been doing it repeatedly lately. It's not what this site is for, and destroys what it is for.
I'm so glad there's other American drone manufacturers that cater to the consumer market, like Skydi-oh right, they stopped making consumer drones after the successes in forcing DJI out of the market.
>drones from the American company Skydio proved ineffective in Ukraine [notably, a Skydio drone was used by the U.S. Army to drop a combat grenade for the first time], as they were unreliable in front-line interference conditions.
>The problems with Skydio drones in Ukraine were reported last year, and the manufacturer acknowledged the poor quality of its products.
>According to Alex, a key issue with today's low-quality products is the "information gap among many European and American manufacturers about current battlefield conditions and the timing of when they receive this information."
Surprisingly
>Some of the most effective ones have included the German-made Vector drones and Polish-made FlyEye drones.
No. But which nation claims to be all about freedom, and which is known for restricting individual liberties for (whatever the people in charge consider to be) the greater good?
PRC restricts guns ownership, but to make your example less stupid, PRC shooting ranges has access to western pattern arms vs US where civies has more freedom to own guns but you know... not sanctioned Chinese origin guns. So even on muh 2nd amendment grounds, PRC within their right to play with guns (again not own), still less protectionist than US. Which mirrors how you know, almost every major US tech brands operated in PRC with reasonable controls/oversight but not vice versa.
Between my house, my parents' house and my girlfriend's parents' house, I have set up 4 different types of TP-Link routers. To my surprise, all of them continue to receive firmware updates years after launch. Most recently last month on some models.
I don't get the hate. They're cheap, they work and they have SOME security features which make them more than adequate for home use.
They're not perfect, but then again, for the price point, what do people expect?
If you just need a basic ass device for simple non-critical shit without a bunch of proprietary bullshit and dark patterns, it's hard to beat TPLink for the money.
The fact that they still get support/updates long passed the typical lifespan of competing devices several times their price point is just icing on the cake.
We can do it, but we shouldn’t expose ourselves for the possibility of our opponents doing it. That simple
If the only issue at hand was indeed security vulnerabilities, then I can see many ways that can constructively address that (e.g. Since a large number of SKUs deployed in the US are managed by the Telcos, then force them to finance the support for continued firmware updates).
The US will probably be collecting the reciprocity of their actions, and they won't like it ... It's a very childish game they're playing and it will hurt them in 15 years time ...
Yes, it’s the US government. Of course it thinks advancing US gov controlled technology is good and CCP influence in the US is bad. That’s a completely rational stance and it’s not even hypocritical until the CCP bans some US product and the US gov complains.
It's not even hypocritical then. Both sides are protecting their own interests. These interests are partly at odds to each other. They're going to do what they believe is necessary, even if it "seems" hypocritical. That's not a bad thing, that's just ... how things work. China isn't innocent of this either. It's so weird how people are always painting this as "US bad".
Except US was all about Capitalism and they have now turned back and embraced Socialism except its socialism for losses and should be paid by the tax payer.
If I was in charge over at TP-Link, getting news that tens of thousands of MY company's routers were compromised would have me furious! I'd be freaking out, making sure that we take immediate steps to improve software/firmware quality and to make sure we're in a constant state of trying to compromise our own hardware... To ensure no one else finds vulnerabilities before we do.
Instead, TP-Link seems to have just laughed and focused strictly on profit margins.
Yet we all know so many industries and products that just do not work like that and in fact the longer something is broken and it doesn’t seem to stop people from using it, the more it is accepted that it is ok for it to remain broken. I think that is somehow just a part of human psychology.
The hubris of the spotless software engineer mind.
We have a solution for the traffic problem but you won't like it.
There is no "traffic".
YOU ARE THE TRAFFIC.
Cars and roads for cars don't scale well past very rural or very small suburban areas.
The solution to traffic is extremely hard and it involves:
* you and lots of other drivers voting to allow densification of highly serviced areas (close to central business districts, public transportation, hospitals, schools, ...) - at least mid rise apartment buildings, 4-6 stories high
* you and lots of other drivers voting to allow funding of public transit
* you and lots of other drivers voting to allow funding of reduction of car infrastructure (fewer car lanes, fewer parking spots, fewer highways, car only bridges, tunnels, etc)
* you and lots of other drivers voting to allow funding of safe bike infrastructure
* you and lots of other drivers voting to allow congestion pricing in ... congested places
* you and lots of other drivers voting to allow funding for anti bike theft measures (police training, bike theft prioritization, bike serial number databases, ...)
* you and lots of other drivers taking public transit
* you and lots of other drivers riding bikes for medium length trips
* you and lots of other drivers walking for short trips
No single person created the traffic jam "bug", the "users" are the biggest part. In many industries "the fix" isn't a few lines of code that you can quickly or even instantly push as an update to every user. You can't fix that traffic jam in code or even in infrastructure, you need to change society itself on top of everything else. It may not even be a defect as much as a supply and demand issue where supply is very scarce and impossible to ramp up, while demand is super high and growing.
That difference is good and bad. Yes software can be fixed quickly if broken. The other side of the coin is that software is routinely launched broken, and subsequently stays in various degrees of broken throughout its lifecycle, with new and unpredictable issues replacing old ones.
If too many people wanting to drive a car in the same place, at the same time despite the predictable outcome due to the limited capacity is purely a failure of the city, country, road builder, then isn't a user not being able or not knowing how to properly use the software the fault of the developer? Is demanding more from the software than it can deliver the fault of the developer? How much cumulated time does this cost, sometimes for absolutely no reason whatsoever than an arbitrary decision of the developer?
You aren't "deeply ashamed" because you downplay the issues you (or your company) create as a developer and pretend they aren't problems for the users. A "part of human psychology" tells you 1000 smaller cuts are fine.
Why? Microsoft and Cisco also skimp on security.
https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admi...
And to be clear, let's not forget that the US government did intentionally and secretly conduct surreptitious biological warfare tests against entire US cities that deliberately inflicted disease upon and killed American citizens. There was an entire formal program that spanned decades - https://en.wikipedia.org/wiki/United_States_biological_weapo...
Of course, the US government doesn't have any secret programs anymore and never lies to us, so everyone can rest easy knowing nothing like this could ever happen again.
I was so used to this that when I started looking for this setting in UniFi OS I had forgotten the part 'networks are not supposed to be rebooted frequently!'.
First, all of the TP-Link devices I use still have firmware updates regularly. I can't talk about Deco series, which I don't own.
Second, mesh capabilities are not consistent across different brands, that's true. On the other hand, comparing TP-Link, which is a home/SOHO brand to UniFi, which is essentially a prosumer/enterprise offering is not fair. I have a small mesh (three devices) at one of the places I run these devices, and it hands-off nicely, extends coverage, and gives me the speeds written on the tin.
Do I expect it to compare to a UniFi or Aruba mesh where the smallest element has more processing power than my router? Of course not. Do I expect it to run on a 300 sqm house with 10+ devices? Again, no. But as long as my network runs, I can access the devices with good connections and speeds they advertise, I'm golden.
Lastly, "restart everyday at this time" setting is present since forever on many devices. The feature is to help home-downloaders / data hoarders to renew their IP periodically. Heck, even JDownloader has a feature to reset your modem remotely if your modem supports to renew IPs (since 2004?). Assumptions don't help here.
I never had to automatically restart any of the routers/modems I used regardless of the manufacturer sans a couple Cisco/Linksys devices. E4200 which had two processors, one for the switch and one for the router. The router one stopped responding randomly to cut whole network off from internet, and my E900's processor crashed flooding whole home network with packets basically paralyzing it. Oh, that same E900 failed to negotiate with the on board RTL8139 Ethernet controller, so I had to buy another "Cisco/Linksys" RTL8139 card.
TP-Links I had never done anything remote. They even have the best latencies and WAN recovery when things go south on ISP side. My TP-Link 802.11AX extender works flawlessly with my ISP supplied WiFi6 modem, and despite having no mesh communication going on, running on the same SSID and handing off pretty reliably.
People can dedicate a small cabinet to UniFi rack-mountable gear plus the network center of their house. TP-Link has none of those, and not aiming for that market, even.
It's comparing a Peugeot 3008 with a Mercedes-Benz G Class and adding that, Mercedes has serious off-road trucks like Unimog, but G Class is their end-user product.
Apples to Pineapples.
BTW, it's not hard for me to install and manage a high capacity UniFi network in any way. I don't use their devices, because I don't want to manage yet another network.
This might be one of the only cases where subscription model would work well to cover the maintenance cost.
1) Company takes your subscription money.
2) Company finds a vulnerability that's difficult to fix.
3) Company announces your device is EOL and ends your subscription, taking your money for doing nothing, and not helping when you need it.
The only industry with a broad "no liability for torts" is gun manufacturing.
Almost all software everywhere comes with a 'no liability' clause. And arguable, open source couldn't exist without it.
The exceptions where liability is wanted negotiate that specifically.
Couldn't you just include selling a product or a licence for it as a requirement?
This whole thing is reminiscent of the TikTok CEO Chew Shou Zi - "But, I'm Singaporean, Senator".
I don’t know whether it’s worth banning them or not, but putting your hands up and saying “what Chinese company?” is just absurd.
2. As you admitted, they have completely separated into 2 separate companies, claiming that it is still Chinese is akin to saying "tea is Chinese", that's completely absurd, yes, it was at some point in history, that point is not now.
“in October 2024, established TP-Link Systems Inc., based in Irvine, CA, as its global headquarters and parent company with Jeffrey (Jianjun) Chao and his wife Hillary as sole owners. Jeffrey is CEO of the company.”
https://www.tp-link.com/us/landing/fact-sheet/
2. The sole owners are Chinese citizens, 95% of their employees are Chinese citizens living in China, most of the R&D happens in china, and the majority of the components of their products are manufactured in China.
They have an HQ building in the US, but 90% of it is leased to other companies.
This is a US based company in name only. It’s essentially a shell company designed to bypass a potential US ban.
Did you not read the article? It's hard to take your comment in good faith if you didn't.
Except they didn't do that. They moved the HQ.
I'll accept for the purpose of this argument that they fully split the company into two separate companies. But both of those companies are still mostly Chinese, going by the numbers in this thread.
> Did you not read the article? It's hard to take your comment in good faith if you didn't.
This is a weak attempt at turnabout. The article doesn't present any evidence of separation or non-Chinese-ness, it just quotes the company (and even that quote admits a bunch of Chinese assets). But even if it did, it wouldn't be bad faith to skip reading it.
1. Who else would document a company's restructure if not the company itself?
2. Yes, not reading an article and commenting on it is bad faith.
> going by the numbers in this thread.
3. So you have no evidence of it not being as the company says, just the vibes of others on this thread, okay Senator.
If the company wants to give numbers, I'll listen to them. But the company made vague/unproven claims and that's not enough. Journalists can investigate.
> 2. Yes, not reading an article and commenting on it is bad faith.
Commenting on something talked about in the article doesn't require reading that specific article. You can use other sources.
> 3. So you have no evidence of it not being as the company says, just the vibes of others on this thread, okay Senator.
Other people brought objective numbers. Not vibes.
Why should I not use those numbers? You have not claimed any of those numbers are wrong, you're just calling people's conclusions wrong.
The reality is the only part that matters, the chipsets, are produced in Chinese factories owned by TPLink.
They moved everything that doesn’t matter to the US recently in an effort to give the illusion that they aren’t putting chips manufactured under the control of the Chinese government into the majority of routers used in the US.
I’m not agreeing with banning them, but I can certainly see how it creates significant risks that I would want to mitigate somehow.
So are more than half the chipsets in the world. https://en.wikipedia.org/wiki/Category:Microprocessors_made_...
I agree with you that they shouldn't be banned, but the US casting aspersions against another country is pretty rich considering the involvement of the CIA, and NSA around the world.
"TP-Link is a Chinese company that manufactures network equipment and smart home products. The company was established in 1996 in Shenzhen. TP-Link's main headquarters is located in Nanshan, Shenzhen; there is a smaller headquarters in Irvine, California"
https://en.wikipedia.org/wiki/TP-Link
That is like people saying Nothing is a UK company, when all I see is a Chinese company registered in UK.
cough Microsoft, Google, Apple cough
Everything that is happening with this administration is simply because it suits American foreign policy or the interests of one of the oligarchs. I mean this with absolutely no hyperbole: the pretense of there being any rule of law for the ultra-wealthy is gone. The White House is openly selling pardons, which have the added effect of cancelling out debts to the US government.
Tiktok getting banned? It had nothing to do with "national security". The government simply had less control over the content and the algorithm on Tiktok than they do on Meta and Google platforms.
Reading through this article, you have Microsoft pointing the finger at TP-Link. That's... rich. Becvause Microsoft has historically been horrible for security. It would take further investigation but I really wonder if TP-Link isn't just a convenient scapegoat.
Real reform here would be something like prohibiting tying software and hardware together as one product, source code escrow, etc. Things that actually create security and consumer choice, rather than merely one less vendor to pick from.
Pardons are not being openly sold. There is absolutely not great stuff going on with them but, really, the major difference I see is that it's happening during the administration, rather than in the last few hours.
The US is moving the wrong direction when it comes to corruption but let's not act like we're bottom of the barrel ir that this slide just started in 2024 (or 2016, if you'd like).
Now this sort of thing isn't new. Famously on Clinton's last day in office he pardoned Marc Rich [4], who was convicted (before fleeing the country) on breaking sanctions by trading with Iran. It was widely rumored his ex-wife, Denise Rich, who had a lot of access to the Clinton's brokered a deal.
But what changed is the disastrous Trump v. United STates [5] decision last year that granted almost absolute presidential immunity. Now there's not the slightest fear of repercussions so the whole operation has gone into overdrive and it's so incredibly brazen.
I stand by my original claim: the TP-Link ban isn't technical. It's political. And I would bet all th emoney in my pockets that if the CEO had "donated" $1 million to the inauguration (like all the Tech CEOs did including Bezos and Cook) we'd likely have a very different outcome.
[1]: https://www.aljazeera.com/news/2025/6/8/fact-checking-claims...
[2]: https://www.nbcnews.com/politics/donald-trump/trump-pardons-...
[3]: https://www.reuters.com/world/us/trump-pardons-convicted-bin...
[4]: https://www.pbs.org/newshour/show/clintons-pardon-of-marc-ri...
[5]: https://en.wikipedia.org/wiki/Trump_v._United_States
Did I read the last sentence correctly?
Since he's in the news and it's on my mind, I'm not sure the Cheney and the whole Iraq/Haliburton situation has been topped since then. Then there's ever member of Congress suddenly becoming a multimillionaire after they get into office.
The only norm Trump is breaking is that he doesn't care to sweep it under the rug
I installed their mesh Wi-Fi system for my parents recently and was really impressed how seamless the process was. It did involve making a cloud account which I wasn’t thrilled about, however.
All modern WiFi APs require closed firmware blobs that run below or parallel to OpenWRT.
You replacing the router OS with OpenWRT does nothing when the radio has full DMA access and runs its own OS on its own processor. The OpenWRT layer will have no idea what it's running/infiltrating/exfiltrating.
I say this as someone who has been running and building OpenWRT forever. It's great but it isn't a panacea.
If it dies tomorrow, what’s next, out of curiosity?
One of my 2 pcengines APUs has developed an issue with its solder joints I suspect. It hangs at the bootloader unless the unit is already warm. Can't complain at all, it lasted ages and problems like this are just life for things that thermally cycle, it was in a pretty extreme climate for most of its life. Doesn't help with me needing a replacement now pcengines is out of business though, hence getting a protectli box.
This is the route I went. After a decade plus of shite consumer routers and finally an EdgeRouter which died (along with Ubiquiti's quality) I bought a Protectli box, build and flashed Coreboot and run OPNSense.
It's been going strong with regular updates (and by regular I mean as regular as your Linux workstation) for over half a decade now.
It wasn't cheap, somewhere in the region of £700 after adding SSD and RAM but it's a way, way overkill model and never exceeds 10% RAM usage and 15% CPU with an IDS running and a bunch of VLANs and Gigabit symmetric WAN.
My original goal for overspeccing it was longevity, but I regret it now, I want to upgrade to 10G+ networking and I can't justify replacing it when it runs so well and wasn't cheap.
For now, at least.
I don’t know how much I trust TP Link, but my risk level is very low. There’s not much an attacker could do if they get on my network. None of my data is accessible on that network and everything important has MFA anyway. The most sensitive things are my POS and menu displays and they are just client devices connecting to the internet. I probably wouldn’t run this stuff in an environment where I had complex security requirements.
I bought a cellphone from them many years ago and they never really supported it and I couldn't even buy a replacement battery.
Recently I bought a router with the firm intent of installing OpenWRT, but I received a newer revision that had a different CPU, less RAM, and less flash memory.
These events left a bad impression, but they do make affordable stuff with reasonable quality.
This also happened many years ago with Linksys (prior to Cisco). It’s not that uncommon for manufacturers to release new revisions of hardware without necessarily making it clear to the purchaser. If their purpose is to deliver a router and they can shave a few cents off the BOM with less RAM, but it still works with their software, why would they care. And once new revisions have been released into the supply chain, it can be hard to know exactly what version you are buying.
In the Linksys case, IIRC they eventually re-released the first revision WRT54G as the WRT54GL (for Linux), so that people who wanted different firmware could get the exact hardware they wanted.
We see this all the time with SSDs, where a high-spec model is released to reviewers, then a low-spec model is mass-produced and sold under the same model number. That's fraud, isn't it? Shouldn't it be?
This is even a common product development strategy: ship to market asap, optimize the margins later.
In my experience, TP-Link always has the hardware revision on a label on the outside of the box.
A more serious problem is caused by the laptops having Intel WiFi, which is difficult to replace. With such a laptop one would have to disconnect the internal antennas and use an external WiFi dongle, to be sure that remote control is not possible.
I'm getting ready to set a mesh network for my older parents as well. Do you have any suggestions for hardware and software? I live a ways away from them so I need this to be pretty much faultless. I don't want to drive 4 hours for IT support.
https://forum.openwrt.org/t/ipq4019-adding-support-for-tp-li...
Both might be fundamentally evil or being, but they aren't different in danger based solely on how white they are.
And yes an American company in cahoots with the government having the ability to snoop on traffic and turn entire networks off, while bad, is nowhere near as bad as a Chinese one having the exact same capability.
Obviously this particular one isn't in non-Intel equipment, but...
[0] https://en.wikipedia.org/wiki/Intel_Management_Engine
[0] https://sec.cloudapps.cisco.com/security/center/content/Cisc...
The company's issue is not its country of origin, but its history of installing backdoors and its public declaration to abandon fixing security flaws for numerous devices still in use.
The issue started to be pointed out by numerous independent tech news outlets and communities far more than a year ago. Do you have a basis to argue otherwise?
If TP-Link is known to have intentionally installed backdoors in its products, that is news to me. Can you provide a source for that claim?
Vulnerabilities have been found, of course, but that is hardly unique to TP-Link, and the existence of a vulnerability does not imply that it was put there intentionally.
> its public declaration to abandon fixing security flaws for numerous devices still in use
I have several machines that are still running Windows 10 and are (according to the Windows software) not eligible to upgrade to Windows 11, let alone for free. The Microsoft software informs me that I will no longer receive security updates on these machines.
When will the US government ban Microsoft products from sale in the US?
---
Still, I have much more context on the DJI ban. The law that will place DJI on the FCC's "covered list" states that if DJI is not audited by a (unspecified) US government agency, DJI products will be placed on the covered list and so be ineligible for FCC certification starting (IIRC) Jan 1 2026. In other words, the law was cleverly written such that nobody actually needs to do an audit to determine what nasty things DJI is actually getting up to; if nobody raises their hand, the ban will happen automatically.
---
Do not take me for an enthusiastic supporter of DJI, TP-Link, other Chinese companies, or the way America's political and business leaders have generally pissed away our technological advantage over China in the name of enriching themselves in the present (now past). I am, in fact, livid. But we will not dig ourselves out of this hole by becoming a backwater where Americans' relationship with consumer technology is as if they are living in a sanctioned country.
This feels like the painkiller autism thing. Some crazies theory became law
If TP-Link gets banned, my concern is what that means for the massive market share in the US. Warranty? Software updates? Or maybe that action is what turns them into an agent of the state. Or do you horde all the hardware until its valuable like DJI parts are today?
If only! Unfortunately it's whatever makes the Party leadership the most money.
What is your evidence that the US government was paid any money as part of that deal (over and above any taxes that would have been incurred by any sale of any business).
I'm sure money also went to Chinese owners.
My country (Australia) tried to legislate in 2016 that no one is allowed to use encryption, and if they were required to, for other obvious reasons like for medical data, then they were required to code in a back-door for law enforcement.
The above is just the announcement and doesn't include answering media questions wherein we would have heard dear Malcolm's famous quote:
“Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia"
Very quiet audio of the last half of the above quote: https://www.youtube.com/watch?v=8VB3uQHa14g
Political understanding of mathematics and encryption has not progressed in the intervening 9 years, much the same as the thirty years prior. Regulating internet security is forming a similarly unfortunate trajectory.
Does it mean that I am an enemy of the state?
TP-Link may be sore for getting singled out but they are certainly not unique.
If TP-Link is pathologically creating unsecure products -- through incorporation of enemy government backdoors or through other improperly handled security vulnerabilities, they deserve to be singled out as making the problem worse and imposing potentially wild cost of risk-mitigation on others.
Similarly, AI (just speaking about current AI), and the reasonably-predictable future AGI / super-intelligences (remember: more than one!) will present humanity with Enormous risk, and we'll (humanity) have no choice but spend the unbounded cost to mitigate that risk.
are there us equivalents to them?
I recently bought a TP-Link Omada ceiling mountable access point, which has been working great. My Ubiqiti APs are due for an upgrade and the Omada (for a separate network), at half the price of roughly equivalent Ubiqiti APs, is impressing me so far.
(The Ubiqiti's have been rock solid for years though, no complaints whoatsoever).
Netgear (US) and D-Link (Taiwan) were consistently disappointmenting enough that I swore off them many years ago, and buyers-remorse-PTSD prevents me from reconsidering them ever again.
I only just logged in to the controller interface yesterday again after probably six months or so, when I was checking in to see if there were firmware updates. Once it's setup there's very little maintenance, but the initial setup can be intimidating.
Banning such a bright tech company is totally unwarranted, unless there are proofs of their intentional wrongdoings.
So, the plastic bits?
And also passives like SMD resistors. They are also refining copper and iron from raw ore. /s
Until we have desk side silicon fabrication/placement, with accompanying tunnelling microscope features, we simply cannot trust our silicon in any way other than through utterly peaceful means, which is to say, through systems of human trustworthiness.
Technology never allows us humans to advance sufficiently well to do without it .. unless it is evenly distributed.
Right now we are all at the mercy of the masters of silicon. This is no joke!
These cowards have not yet finished banning TikTok
The Intel ME chip is running its own OS on every single Intel chipset, even when the computer or laptop is shut down, and accessible directly through attached Intel WiFi or network cards. With full memory access, with no way to turn it off.
https://en.wikipedia.org/wiki/Intel_Management_Engine
The totality of reassurance we have about it is intel’s promise that they won’t put a backdoor in.
And, why exaggerate?
I get the sense of concern for strategic vulnerabilities - I feel that is a valid, and a separate topic to ascribing cause / blame / hypothetical bases for solution-making.
I would buy only Hue but that's because I have more money than sense, and they don't actually make smart plugs last time I looked, they make plugs but label them all as lights in the app, which is more annoying than it sounds.
The real problem to solve ditching TP-Link _routers_ is that all routers are uniformly fucking awful, and all you are doing is choosing your particular poison. This is especially true after Apple exited the game so long ago. I use Google Wifi because it mostly works most of the time, but that's not glowing praise. But the world has become trained that rebooting a router once a week and praying that it works when it comes back is a perfectly normal state of affairs and we couldn't possibly do this any better.
Ikea makes Zigbee smart plugs with power monitoring (Inspelning) that are ~10 Euro here (probably $10 in the US). Also Zigbee does not have all the security issues, since it is purely local and will talk with whatever hub/bridge you choose, e.g. Homey, Hubitat, or if you want to go free software Home Assistant or zigbee2mqtt.
It's somewhat insane to me that people use WiFi plugs for actuating things that actuate real-life electrical devices. Even more from companies that have a bad security reputation. Zigbee or Z-Wave all the way or possibly Matter over Thread, but the only Matter device that I had (an upgraded Eve Energy plug) has been a pain.
The real problem to solve ditching TP-Link _routers_ is that all routers are uniformly fucking awful, and all you are doing is choosing your particular poison. This is especially true after Apple exited the game so long ago.
I switched to Unifi gear (Cloud Gateway Max, two of their U7 access points, and a bunch of their managed switches) and they are a dream to set up. Making VLANs, associating VLANs with SSIDs, etc. is so easy. I had a TP Link managed switch and the interface was a huge pile of crap and I saved it several times after misconfiguration by virtue of it having a serial console. I only used it for two months or so because it was so frustrating.
At any rate, Matter over Thread is still much better than WiFi security-wise (even though it's IPv6 routable) and Ikea's Matter over Thread plug will probably be similar price-wise. And the good thing is that probably even more people have a thread border router (Apple TV, HomePods, some Amazon Echo, Google TV Streamer 4k, etc.).
Still, these Ikea plugs are so cheap and Zigbee is extremely nice, so it doesn't hurt to buy and stock ten now for the future :).
My OPNsense router currently has 74 days of uptime, and that's just because I ran an update 74 days ago. I've never rebooted it to solve a problem. The only wrinkle is OPNsense (and pfSense) is at least an order of magnitude more complicated than your average consumer router.
OTOH, my ubiquity access point reboots itself every time I change any setting at all.
The mikrotik I've been using has been pretty solid, and super super customizable.
I run OPNsense with a collection of Unifi radios (local controller) with great success.
I think the Chinese do not want American backdoors in their products.
disclaimer: not connected in any way with Cisco, just disappointed business customer.
They could have searched on the internet for the backdoor password. /s
A router, a managed switch or something having an OS is another story.
Experts say while the proposed ban may have more to do with TP-Link’s ties to China than any specific technical threats
No. Regards, Cisco
Separating routing from WiFi has been the best thing I’ve ever done for my network.
Separating router from the AP was something I considered too for building a 10 Gbps network, since I haven't found any WiFi router that could also handle 10 Gbps wired without some accelerator chip requiring non upstream mess to work.
I mean, in the case of actors like Huawei, you can at least credibly make the argument that the continued access of their support staff to internal provider networks is a significant risk, but that vector is entirely absent here.
Sure, embedded firmware has been, is, and will continue to be a tire fire prone to embarrassing compromises, but containing those is mostly about notification and containment by government agencies (which the current US administration is doing their utmost best to kneecap) and/or large ISPs (which in the US have traditionally never cared).
Forcing "foreign" products off the market in favor of "domestic" replacements with the exact same, if not worse, flaws won't fix a thing, unless you put some pretty significant controls into place that nobody is willing to enforce or even outline.
I have no idea if that's still the case, especially post AMZ, but worth looking into if so.
TP-Link is the best for the same reason Apple is the best. They just have the momentum of being in the lead.
I would also say that TP-Link isn’t wildly and unrealistically cheaper or anything.
Their prosumer/business Omada lineup is clunky and kinda sucks compared to Ubiquiti.
Zyxel WiFi 7 APs are more competitively priced than basically anything last I checked.
They are. "Profit oriented". I bought a D-Link router once. Only one (1) port out of 4 was working. Great product, i never want to see something like this again. /s
They were... not great...
Instead, there should be in-depth, enforced audit, compliance, and evaluation standards for gear for particular purposes. If it doesn't meet particular standard(s), then it can't be purchased or used.
Is that even possible? Or do you always have to be on good terms with the Chinese government to own engineering, design, and manufacturing capabilities in China?
If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.
https://en.defence-ua.com/news/which_western_drones_have_sho...
https://www.defensenews.com/global/europe/2025/11/07/of-fibe...
>drones from the American company Skydio proved ineffective in Ukraine [notably, a Skydio drone was used by the U.S. Army to drop a combat grenade for the first time], as they were unreliable in front-line interference conditions.
>The problems with Skydio drones in Ukraine were reported last year, and the manufacturer acknowledged the poor quality of its products.
>According to Alex, a key issue with today's low-quality products is the "information gap among many European and American manufacturers about current battlefield conditions and the timing of when they receive this information."
Surprisingly
>Some of the most effective ones have included the German-made Vector drones and Polish-made FlyEye drones.
The main point the comment you replied to is trying to make is that the US doesn't put their money where their mouth is.
https://news.ycombinator.com/newsguidelines.html
https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...