The FCC maintains a list of equipment and services (Covered List) 
    that have been determined to “pose an unacceptable risk to the
    national security

    Recently, malicious state and non-state sponsored cyber attackers
    have increasingly leveraged the vulnerabilities in small and home
    office routers produced abroad to carry out direct attacks against
    American civilians in their homes.

Manufacturers have never had to care about security because no Gov agency would ever mandate secure firmware. This includes the FCC which license their devices and the FTC who (until recently) had the direct mandate to protect consumers.

Our most recent step backward was to gut those agencies of any ability to provide consumer oversight. All they they can do now is craft protectionist policies that favor campaign donors.

The US has a bazillion devices with crap security because we set ourselves up for this.

> Producers of consumer-grade routers that receive Conditional Approval from DoW or DHS can continue to receive FCC equipment authorizations.

In other words, foreign-made consumer routers are banned by default. But if you are a manufacturer, you can apply to get unbanned ("Conditional Approval").

In the FAQ (https://www.fcc.gov/faqs-recent-updates-fcc-covered-list-reg...), they even include guidance on how to apply: https://www.fcc.gov/sites/default/files/Guidance-for-Conditi...

If you (a manufacturer) apply, they want information regarding corporate location, jursidiction, and ownership. They want a bill of materials with country of origin and a justification for why any foreign-sourced components can't be domestic. They want information about who provides software and updates. And they want to hear your plan to increase US domestic manufacturing and progress toward that goal.

So, foreign-made consumer routers can still be sold, but they are going to look at them with a fine-tooth comb, and they are going to use FCC approval as leverage to try to increase domestic manufacturing.

Yes china routers are a liability, but free trade and open market ensure at least one thing that's essential : no single state has surveillance capability on its entire population

You can get an old desktop or laptop that's more than good enough to be a router for basically nothing (or sometimes literally nothing) on Craigslist or Ebay. I suspect pretty much anyone who frequents this forum could probably figure out how to do it with a YouTube tutorial. Routers are pretty dumb computers, so you don't need something top of the line.

Even if you want higher speed than the ethernet port built into the computer, you can buy old dual-port 10GbE PCIe cards for less than $50 on eBay as well.

I've been running my own custom thing with NixOS for a couple years now, and it's been working great, and before that I ran ClearOS for a couple years, and before that I ran OpnSense for a couple years. They all work fine, and they're not too hard to set up. I recommend it to anyone who can figure out how to do it.

The FCC's power just got substantially nerfed, and "we've decided to slow lane all foreign-made routers" feels like that may have been beaten on the old, higher, standard. Let alone the new one that gives the FCC almost no power.

Are there even consumer-grade routers that are produced in the USA...?

I've already done everything the article says to do years ago, but what happens when this equipment dies? Can I get a replacement, and is it flashable? I currently use "routers" as access points because it's the cheapest way to get an AP for OpenWRT.

A little rich coming from the administration that supports a strict view of the major questions doctrine. They have no problem kneecapping the EPA. But the communications commission has the right to ban all drones (and not the FAA for example).

I'd say I'm shocked but I am not. Their next order forcing backdoors will be secret.

Personally, I don't make the distinction between foreign and domestically produced routers in America. In fact, I trust foreign produced routers more because the likelihood that they can act upon their surveillance is significantly lower than the current American regime's oppressive and malicious tactics. Therefore, open source routers provides enough transparency to effectively eliminate spyware threats from all angles while being compliant.

I'm especially excited about the Banana Pi because of the transparency and potential of modular upgrades. Whenever there's a network issue, I have to consider whether the manufacturer (American or not) is doing something nefarious. With a Pi based router, I have much more peace of mind with network debugging issues.

I'm guessing the rest of this looks like drones, too: FCC approval is given only to American companies that bribe members of the administration, and they raise prices through the roof. The routers are still manufactured overseas and there's no improvement in security.

It's all a bunch of very expensive kind of dodgy Compex cards, used for industrial or prototype purposes. Be prepared to spend $300+ for a single 4x4 MIMO card. And then you want to go dual band right?

Thankfully the MediaTek offerings are somewhat available and much much much cheaper, but reports are that driver quality is just absymal.

Meanwhile the openwrt table of hardware for wifi 6 and wifi 7 is a bare trickle already, and inceasingly not consumer routers but SBC. Thanks for the FCC messing things up brutally already, back in 2015, with requirements to make sure users couldn't possibly do anything out of spec, requiring these systems to be locked down. They almost banned open source outright, but in practice it feels like the requirements are high enough that they practically did. https://toh.openwrt.org/?features=wifi_be https://arstechnica.com/information-technology/2016/03/tp-li...

Frelling FCC! What dastardly deeds done against civilization! We would be so much more secure & protected, the bar would be so much higher if open source / openwrt was allowed to compete. You messed everything up already!!

Previous example: https://news.ycombinator.com/item?id=37392676

Numerous papers showing the ability to easily map indoors areas with WiFi (including occupancy) it’s a liability.

There will be excuses “tariffs” etc but I heard a few have gotten calls from three letter agencies coyly telling you to improve your systems.

It’s a chance to refresh the product line! (of course at the worst time when mem prices are bleed you dry high)

From one side, that sure... does have some point. Well, I mean, one could potentially install some kind of a backdoor on the networking hardware they produce, and if it's state-controlled, then it could potentially be a threat.

From the other side, though...

That's crazy. Maybe I'm missing something obvious, or maybe I'm just stupid, I don't know; but at this point, with almost no manufacturing in the USA, this feels like shooting yourself in the foot. Or rather, it's like shooting yourself straight up in the head if manufacturing will not be efficiently (so it can satisfy the demand) moved to the USA (which is a big challenge).

It's also a quasi inevitable side effect of the push to encrypt all communication back to the cloud, since now it's too easy for malicious devices to hide what they're sending back.

Back to wearing the tin foil hat in my faraday cage.

Effectively banning all consumer routers.

Manufacturers can support devices for long but it costs money which the consumers / businesses aren’t willing to pay or value. Cybersecurity is a joke and the general consensus is : we will pay for things as and when there is a fire. We don’t put a price on prevention because we can’t really show it to shareholders how we profited from not being attacked since we blocked those. So we create an arbitrary certification and pass things according to it. This certification doesn’t say anything about firmware. But if we do get attacked then we can convince the shareholders to spend money on better equipment this financial year and then not bother until the next time we have a problem.

Some of these certifications focus on what the devices allow you to do (like acls and firewalls) and see if they pass these tests. But actually looking at the firmware and finding vulnerabilities is not in scope.

But largely thanks to FCC demands, the list of router hardware that can run open source operating systems such as OpenWRT has dwindled to a trickle. There's very precious few wifi 7 / BE systems available, and only a few wifi 6! it's ghastly. https://toh.openwrt.org/?features=wifi_be https://toh.openwrt.org/?features=wifi_ax

To me, this is a deeply dangerous situation for the state & for the population, where it is nearly impossible for consumers and businesses to purchase gear that they can secure. Where we are at the mercy of what is on the market, and no actual securing of our own can occur.

The FCC claimed in 2015 they were not trying to forbid open source systems, but the additional compliance demands they have made unsupportable unsecurable devices the default state: the FCC mandated companies make sure the users dont have freedom, make sure the wifi performance is locked down, and the most obvious path to that end is to just lock out the user entirely. Open source isn't outlawed, but the FCC turned a good working amazing open source movement into something that is incredibly rare and hard to do. The FCC assurances (https://www.eff.org/deeplinks/2015/11/free-router-software-n...) have not proven true (https://news.ycombinator.com/item?id=11122966): everything has gotten worse for security & availability (https://news.ycombinator.com/item?id=11122966).

I switched away from Omada to Ubiquiti, because of TP Link’s problems.

I can’t think of a complete start to finish, OS to mosfets, computer that is 100% manufactured in the United States.

If worried about supply chain and inside jobs, I worry more about the IoT widgets I have. They are already inside the LAN, can access the internet, etc.

Anyway, bribes aside, this is probably just a talking point and not much actually changes.

Thats what this is all about: government level blackmail.

[cue https://youtu.be/EnIm71jRb_o]

This is for newly released models that still need to get FCC certification.

One purpose for taxes is to shape behavior. If the behavior they wish for is to have more manufacturing in the US, you increase the taxes of outsourcing it. IOW, you make it more desirable to manufacture locally.

[0] https://mono.si/

This is kind of a boneheaded way of handling whatever issues they're claiming.

Is this just another mass surveillance operation?

Really, do they have a definition?

> Firmware updates for existing covered devices are allowed, but only through March 1, 2027.

Good luck enforcing that with libre firmware without being sued with some amendment until oblivion and the FCC -the irony- gets sued like crazy.

> For the purpose of this determination, the term “Routers” is defined by National Institute of Science and Technology’s Internal Report 8425A to include consumer-grade networking devices that are primarily intended for residential use and can be installed by the customer. Routers forward data packets, most commonly Internet Protocol (IP) packets, between networked systems. ¹

> A “consumer-grade router” is a router intended for residential use and can be installed by the customer. Routers forward data packets, most commonly Internet Protocol (IP) packets, between networked systems. Throughout this document, the term “router” is used as a shorthand for “consumer-grade router.” ²

There doesn't seem to be a general ban for foreign-made professional routers, just for some Chinese manufacturers, right³?

Oh, and what does "produced by foreign countries" even mean? I couldn't find any definition. Is this meant to be the country of final assembly? Would importing a Chinese router and the flashing the firmware in the USA be sufficient to be exempt? Where is the line drawn usually?

¹) https://www.fcc.gov/sites/default/files/NSD-Routers0326.pdf

²) https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8425A.pdf

³) https://www.fcc.gov/supplychain/coveredlist

Because it provides a pathway to full government control of the internet.

Content that demonizes the current administration's enemies will become easier to find. Evidence of their crimes will vanish.

When they murder someone in the street, fewer people will find out about it, and those that do will be more likely to hear the government's side of the story.

Mobile networks are already owned by the billionaires, and they've shown plenty of willingness to shape traffic for their interests.

Managing this kind of information at scale is an incredible challenge, but one that LLMs are very well suited for.

Even if you are confident the current administration doesn't have the competence or longevity to exploit this (as I mostly am,) we can easily predict future admins of either party will happily make use of these capabilities.

Bad for the US, but also very bad for the world, because it will make it much easier to manufacture consent for or hide future international crimes committed by the government.

We've excused the complete loss of traditional journalism with a reliance on the Internet instead. Not anymore.

Can savvy individuals work around it, of course. But the general public will treat them like conspiracy theorists, because all they will see is content that reinforces the administration.

The technical discussions in here sound like: "silly Caligula, his horse won't be able to sign his name to cast a vote in the Senate."

Chinese citizens have more computing freedom than American citizens at this point. What the fuck happened to the land of the free?