Between my house, my parents' house and my girlfriend's parents' house, I have set up 4 different types of TP-Link routers. To my surprise, all of them continue to receive firmware updates years after launch. Most recently last month on some models.

I don't get the hate. They're cheap, they work and they have SOME security features which make them more than adequate for home use.

They're not perfect, but then again, for the price point, what do people expect?

If I was in charge over at TP-Link, getting news that tens of thousands of MY company's routers were compromised would have me furious! I'd be freaking out, making sure that we take immediate steps to improve software/firmware quality and to make sure we're in a constant state of trying to compromise our own hardware... To ensure no one else finds vulnerabilities before we do.

Instead, TP-Link seems to have just laughed and focused strictly on profit margins.

If the only issue at hand was indeed security vulnerabilities, then I can see many ways that can constructively address that (e.g. Since a large number of SKUs deployed in the US are managed by the Telcos, then force them to finance the support for continued firmware updates).

The US will probably be collecting the reciprocity of their actions, and they won't like it ... It's a very childish game they're playing and it will hurt them in 15 years time ...

I installed their mesh Wi-Fi system for my parents recently and was really impressed how seamless the process was. It did involve making a cloud account which I wasn’t thrilled about, however.

If TP-Link gets banned, my concern is what that means for the massive market share in the US. Warranty? Software updates? Or maybe that action is what turns them into an agent of the state. Or do you horde all the hardware until its valuable like DJI parts are today?

I recently bought a TP-Link Omada ceiling mountable access point, which has been working great. My Ubiqiti APs are due for an upgrade and the Omada (for a separate network), at half the price of roughly equivalent Ubiqiti APs, is impressing me so far.

(The Ubiqiti's have been rock solid for years though, no complaints whoatsoever).

Netgear (US) and D-Link (Taiwan) were consistently disappointmenting enough that I swore off them many years ago, and buyers-remorse-PTSD prevents me from reconsidering them ever again.

TP-Link may be sore for getting singled out but they are certainly not unique.

The Intel ME chip is running its own OS on every single Intel chipset, even when the computer or laptop is shut down, and accessible directly through attached Intel WiFi or network cards. With full memory access, with no way to turn it off.

https://en.wikipedia.org/wiki/Intel_Management_Engine

The totality of reassurance we have about it is intel’s promise that they won’t put a backdoor in.

So, the plastic bits?

These cowards have not yet finished banning TikTok

I would buy only Hue but that's because I have more money than sense, and they don't actually make smart plugs last time I looked, they make plugs but label them all as lights in the app, which is more annoying than it sounds.

The real problem to solve ditching TP-Link _routers_ is that all routers are uniformly fucking awful, and all you are doing is choosing your particular poison. This is especially true after Apple exited the game so long ago. I use Google Wifi because it mostly works most of the time, but that's not glowing praise. But the world has become trained that rebooting a router once a week and praying that it works when it comes back is a perfectly normal state of affairs and we couldn't possibly do this any better.

tp-link routers are consistently the wirecutter consumer pick. They've always done me fine, although it's time to upgrade my 6-year-old one. (which prob demonstrates i'm not a router power user).

Banning such a bright tech company is totally unwarranted, unless there are proofs of their intentional wrongdoings.

Instead, there should be in-depth, enforced audit, compliance, and evaluation standards for gear for particular purposes. If it doesn't meet particular standard(s), then it can't be purchased or used.

This feels like the painkiller autism thing. Some crazies theory became law

I run OPNsense with a collection of Unifi radios (local controller) with great success.

What does this really matter when everyone is running agentic AIs on all of their devices?

Installing "apps" that have access to everything on a device?

Those same "apps" record everything around the device and upload that to the "cloud"?

For the average user, security doesn't even matter any more. I used to say people are running around in plain text mode, but it looks like that has been degraded to broadcast mode.

Librecmc/Openwrt is great for security and privacy.

With Librecmc, it doesn't contain non-free blobs and uses a Linux libre kernel.

https://directory.fsf.org/wiki/Librecmc

For example, They will call some device Deco / Archer ABC with a Qualcomm chip that's latest and greatest. They might sell it for 499$ for example and then let reviewers do their thing to review these products everywhere with 5 stars. Great!

Six months or maybe a year down the road when the product starts getting traction as people start buying new WiFi standards like 6/6E/7 etc. they will swap out the chips inside and launch a v2 of that same product with either mediatek chips or a slower Qualcomm SOC. This affects performance and stability and it also drives down the pricing with cheaper hardware.

This has been done a lot with Deco units. Reviews are for original v1 hardware but what's being sold is a different hardware completely. Not only is this a firmware problem but keep in mind such practices really show lack of trust.

Great example of how to lose trust in a brand.

Seem more heavy lobbying to get their US marketshare here rathar than looking for secure products.

Also the report from checkpoint over firmware used to attache EU, the malware is firmware agnostic. As it can be used for other hardware.

I mean, in the case of actors like Huawei, you can at least credibly make the argument that the continued access of their support staff to internal provider networks is a significant risk, but that vector is entirely absent here.

Sure, embedded firmware has been, is, and will continue to be a tire fire prone to embarrassing compromises, but containing those is mostly about notification and containment by government agencies (which the current US administration is doing their utmost best to kneecap) and/or large ISPs (which in the US have traditionally never cared).

Forcing "foreign" products off the market in favor of "domestic" replacements with the exact same, if not worse, flaws won't fix a thing, unless you put some pretty significant controls into place that nobody is willing to enforce or even outline.

Is that even possible? Or do you always have to be on good terms with the Chinese government to own engineering, design, and manufacturing capabilities in China?

Does it mean that I am an enemy of the state?

Salt Typhoon is a serious ongoing attack on lawful intercept systems in telecom networks. There's nothing any individual can do to protect themselves from this, and it's probably deployed everywhere that US style lawful intercept specifications are implemented in telecom networks.

Of course the irony is that domestic surveillance is the attack surface for this exploit.

I would like to be able to weigh the risk of a TP link router being a national security threat against something like Salt Typhoon. But there's a lack of transparency that makes that impossible.

this is a political move, if we apply the reason of security concern to anything. it would affect 80% of things US consume since its directly and indirectly come back to china as a part of supply chain