The real lesson here: If you're successful, don't skimp on security/software! Also, don't abandon software/firmware security support for your products so quickly.
If I was in charge over at TP-Link, getting news that tens of thousands of MY company's routers were compromised would have me furious! I'd be freaking out, making sure that we take immediate steps to improve software/firmware quality and to make sure we're in a constant state of trying to compromise our own hardware... To ensure no one else finds vulnerabilities before we do.
Instead, TP-Link seems to have just laughed and focused strictly on profit margins.
This is like seeing a food poisoning outbreak at a fast food restaurant and concluding that it must be CIA/FSB/Mossad bogeymen trying a bioweapon. These breaches are things like not validating authentication tokens (at all, not just correctly) and that would be a big drop in professionalism from what we’ve seen from nation-state level attacks:
Hanlon's razor, paradoxically, is the perfect cover for surreptitious malice. We've already got a perfectly reasonable razor telling people not to assume malice, after all.
And to be clear, let's not forget that the US government did intentionally and secretly conduct surreptitious biological warfare tests against entire US cities that deliberately inflicted disease upon and killed American citizens. There was an entire formal program that spanned decades - https://en.wikipedia.org/wiki/United_States_biological_weapo...
Of course, the US government doesn't have any secret programs anymore and never lies to us, so everyone can rest easy knowing nothing like this could ever happen again.
Yea, in the real world, the CEO gets news that tens of thousands of his company's routers were compromised, and calls up his General Counsel and asks "are we liable for damages?" And if the answer is NO, he goes back to enjoying the house party in his luxurious third home.
It was a completely Chinese company until last year. Then it split in 2. The US headquartered half has 11,000 employees in mainland China and 500 in the US based on what I could find when I googled it. It’s solely owned by the founder of the original company and his wife who are Chinese citizens.
I don’t know whether it’s worth banning them or not, but putting your hands up and saying “what Chinese company?” is just absurd.
1. The company was founded Zhao Jianjun and Zhao Jiaxing who are brothers, I don't know where you got the husband/wife sole ownership from.
2. As you admitted, they have completely separated into 2 separate companies, claiming that it is still Chinese is akin to saying "tea is Chinese", that's completely absurd, yes, it was at some point in history, that point is not now.
It's hard to believe you're saying 2 in good faith. Companies don't change that fast, and you skipped the part where so many of the employees are still in China.
The reality is the only part that matters, the chipsets, are produced in Chinese factories owned by TPLink.
They moved everything that doesn’t matter to the US recently in an effort to give the illusion that they aren’t putting chips manufactured under the control of the Chinese government into the majority of routers used in the US.
I’m not agreeing with banning them, but I can certainly see how it creates significant risks that I would want to mitigate somehow.
I agree with you that they shouldn't be banned, but the US casting aspersions against another country is pretty rich considering the involvement of the CIA, and NSA around the world.
> TP-Link's Headquarters are in California, they have a branch in Singapore and they manufacture in Vietnam
"TP-Link is a Chinese company that manufactures network equipment and smart home products. The company was established in 1996 in Shenzhen. TP-Link's main headquarters is located in Nanshan, Shenzhen; there is a smaller headquarters in Irvine, California"
Until it hits their wallet, they will not do a thing. Now if they were more concerned about longer profits and how this could impact their image, maybe they would change but it is rare you see that nowadays.
Yeah, that's not the lesson here at all. We're still in an era where you will suffer absolutely zero consequences for security lapses and breaches.
Everything that is happening with this administration is simply because it suits American foreign policy or the interests of one of the oligarchs. I mean this with absolutely no hyperbole: the pretense of there being any rule of law for the ultra-wealthy is gone. The White House is openly selling pardons, which have the added effect of cancelling out debts to the US government.
Tiktok getting banned? It had nothing to do with "national security". The government simply had less control over the content and the algorithm on Tiktok than they do on Meta and Google platforms.
Reading through this article, you have Microsoft pointing the finger at TP-Link. That's... rich. Becvause Microsoft has historically been horrible for security. It would take further investigation but I really wonder if TP-Link isn't just a convenient scapegoat.
I don't mean to be hateful with this, but what's the point of your post besides random conjecture and a sort of rant about something only vaguely related to the story?
I see the comment as quite on point. There are many longstanding real problems that have been allowed to fester (in this case, embedded security). While these problems are now being talked about, there is still zero intention to actually address them. Rather they're merely being abused as talking points by fascists pretending that "something is being done" when really the "solutions" are merely the consolidation of autocratic control.
Real reform here would be something like prohibiting tying software and hardware together as one product, source code escrow, etc. Things that actually create security and consumer choice, rather than merely one less vendor to pick from.
Sometimes I wonder if people talking about corruption in the US have ever been to a country that is as corrupt as they say the US is.
Pardons are not being openly sold. There is absolutely not great stuff going on with them but, really, the major difference I see is that it's happening during the administration, rather than in the last few hours.
The US is moving the wrong direction when it comes to corruption but let's not act like we're bottom of the barrel ir that this slide just started in 2024 (or 2016, if you'd like).
So far Trum pardons have wiped out over $1 billion in decided and sought fines [1]. There are pardons for the likes of Geore Santos (convincted for a whole host of crimes) for no other reason than he was a reliable Republican vote. clearly sending the message that if you are loyal, you can commit crimes and you will be pardoned. There's also the Teenessee House Speaker convicted for corruption [2] and the Binance founder [3] who allegedly aided in Trump's rug pull (sorry, "crypto offering").
Now this sort of thing isn't new. Famously on Clinton's last day in office he pardoned Marc Rich [4], who was convicted (before fleeing the country) on breaking sanctions by trading with Iran. It was widely rumored his ex-wife, Denise Rich, who had a lot of access to the Clinton's brokered a deal.
But what changed is the disastrous Trump v. United STates [5] decision last year that granted almost absolute presidential immunity. Now there's not the slightest fear of repercussions so the whole operation has gone into overdrive and it's so incredibly brazen.
I stand by my original claim: the TP-Link ban isn't technical. It's political. And I would bet all th emoney in my pockets that if the CEO had "donated" $1 million to the inauguration (like all the Tech CEOs did including Bezos and Cook) we'd likely have a very different outcome.
No, I'm saying that the slide didn't start with Trump. I also don't think much of what Trump is doing is much, if at all, worse than his predecessors but he has zero shame about it.
Since he's in the news and it's on my mind, I'm not sure the Cheney and the whole Iraq/Haliburton situation has been topped since then. Then there's ever member of Congress suddenly becoming a multimillionaire after they get into office.
The only norm Trump is breaking is that he doesn't care to sweep it under the rug
I recently bought a TP-Link Omada ceiling mountable access point, which has been working great. My Ubiqiti APs are due for an upgrade and the Omada (for a separate network), at half the price of roughly equivalent Ubiqiti APs, is impressing me so far.
(The Ubiqiti's have been rock solid for years though, no complaints whoatsoever).
Netgear (US) and D-Link (Taiwan) were consistently disappointmenting enough that I swore off them many years ago, and buyers-remorse-PTSD prevents me from reconsidering them ever again.
I've found the ubiquiti devices to be somewhat overly complex and generally overkill for all home-networks I've ever used them for. All the graphs and stuff tickles a nerdy nerve somewhere in me, but honestly I can get equally stable networks for less than a quarter of the price, but without all the fancy bells and whistles that I only enjoy four about 2 hours after installing anyway
TP-Link makes really solid products, and if you don’t want to use their firmware then almost all of them can easily flash OpenWRT. In fact most of their routers are built from OpenWRT anyway.
I installed their mesh Wi-Fi system for my parents recently and was really impressed how seamless the process was. It did involve making a cloud account which I wasn’t thrilled about, however.
All modern WiFi APs require closed firmware blobs that run below or parallel to OpenWRT.
You replacing the router OS with OpenWRT does nothing when the radio has full DMA access and runs its own OS on its own processor. The OpenWRT layer will have no idea what it's running/infiltrating/exfiltrating.
I say this as someone who has been running and building OpenWRT forever. It's great but it isn't a panacea.
That's why I bought a PCEngines box (one of the last of their inventory before they went out of business) with completely transparent hardware and no Chinese manufacturer in the supply chain.
For anyone asking this question I might suggest Protectli. They've got x86 systems with coreboot. That's about as good as you can get these days for open source-ness without going really obscure or outdated. I've got a VP2440 as my router and firewall. You can neuter the intel management engine with coreboot, but there's still going to be firmware blobs somewhere in it, especially if you're trying to build a wifi ap.
One of my 2 pcengines APUs has developed an issue with its solder joints I suspect. It hangs at the bootloader unless the unit is already warm. Can't complain at all, it lasted ages and problems like this are just life for things that thermally cycle, it was in a pretty extreme climate for most of its life. Doesn't help with me needing a replacement now pcengines is out of business though, hence getting a protectli box.
Sure, but if you run OpenWRT you can pick the radio firmware image. And you can trust Qualcomm cause they're from San Diego and made Eudora; their firmware won't have intentional security issues.
I use their Omada stuff for my business. I own a coffee shop where I have a few devices I need online and I provide free WiFi to customers. I needed something where I could run multiple networks, segregate my own devices, support a large number of clients, automatically turn off free wifi outside of business hours, run a captive portal, reserve a minimum amount of bandwidth for my own devices and prioritize my own traffic, etc. It’s absolutely packed with features and costs less than the stuff I run at home. It was a fraction of the cost of the Meraki gear I was considering. The performance is great too.
I don’t know how much I trust TP Link, but my risk level is very low. There’s not much an attacker could do if they get on my network. None of my data is accessible on that network and everything important has MFA anyway. The most sensitive things are my POS and menu displays and they are just client devices connecting to the internet. I probably wouldn’t run this stuff in an environment where I had complex security requirements.
I don't think the attackers are after your credit card records as much as they are after using your network as one base amongst thousands of others to perform illicit compute, generate traffic to a victim network, etc. That is: the attack is outbound from you to the victim, not inbound to you as the victim (at least not beyond the initial beachhead).
I bought a cellphone from them many years ago and they never really supported it and I couldn't even buy a replacement battery.
Recently I bought a router with the firm intent of installing OpenWRT, but I received a newer revision that had a different CPU, less RAM, and less flash memory.
These events left a bad impression, but they do make affordable stuff with reasonable quality.
> Recently I bought a router with the firm intent of installing OpenWRT, but I received a newer revision that had a different CPU, less RAM, and less flash memory.
This also happened many years ago with Linksys (prior to Cisco). It’s not that uncommon for manufacturers to release new revisions of hardware without necessarily making it clear to the purchaser. If their purpose is to deliver a router and they can shave a few cents off the BOM with less RAM, but it still works with their software, why would they care. And once new revisions have been released into the supply chain, it can be hard to know exactly what version you are buying.
In the Linksys case, IIRC they eventually re-released the first revision WRT54G as the WRT54GL (for Linux), so that people who wanted different firmware could get the exact hardware they wanted.
Wouldn't it be nice if that was illegal? Sell whatever, but label it accurately, it's different hardware so it needs to have a different version label in the listing or something.
We see this all the time with SSDs, where a high-spec model is released to reviewers, then a low-spec model is mass-produced and sold under the same model number. That's fraud, isn't it? Shouldn't it be?
It’s only fraud if they sold you or marketed to you on those specs. But at least for things like reflashing your router, short of a few explicit opener vendors (like glinet) and Linksys AFTER releasing the WRTGL version, router manufacturers aren’t usually advertising on how much ram or flash memory space they have, any more than car manufacturers are advertising how much flash memory is in their ECUs. It’s not an intended or marketed purpose, so they’re not going to be changing model numbers just because they made an internal update.
Changing the flash in a router is pretty understandable. Changing a router's CPU is going to affect core performance, and so does changing parts in an SSD, and core performance should totally count as being used to sell the product.
At some point it won't matter that you run OpenWRT on it. Obvious case in point: at a certain point it doesn't matter that you run Linux instead of Windows on your Intel PC, because it'll still be subjected to Intel ME, Intel AMT, Intel SGX and god knows what else.
On a PC, Intel ME and the like can be accessed remotely only through an Intel NIC, which can be avoided by using a PCIe Ethernet card from another manufacturer, if the motherboard does not have such an interface on it. Even many of the Intel Ethernet interfaces are supposed to have the remote access disabled from the factory, but you cannot be certain about this.
A more serious problem is caused by the laptops having Intel WiFi, which is difficult to replace. With such a laptop one would have to disconnect the internal antennas and use an external WiFi dongle, to be sure that remote control is not possible.
I'm getting ready to set a mesh network for my older parents as well. Do you have any suggestions for hardware and software? I live a ways away from them so I need this to be pretty much faultless. I don't want to drive 4 hours for IT support.
My paranoia goes against this idea. How sure are you that the remote management is hardened? Assuming that disabling external control is actually effective, that seems like it removes most practical exploits one would encounter. A network configuration for a non technical person should be so simple it does not require regular maintenance.
The TP-Link option was great. If it was for myself, I'd build my own with OpenWRT but my goal was to minimize the chance of downtime in case I'm not available to help debug issues. They already had a TP-Link range extender running for 4+ years without ever needing to touch it, so I figured their mesh network was a good option too.
Do any of TP-Link's mesh routers support OpenWrt? I didn't think there was overlap between the "easy to set up for my parents" and "easy to install custom firmware" subsets.
And in reverse, you think Palentir has a transparent business model to trust with your data? I don't get why people find china more suspect than most of these billionaire led monopolies buying politicians and laws and spout paranoid gibberish about Christianity and anti Christ etc.
Both might be fundamentally evil or being, but they aren't different in danger based solely on how white they are.
And yes an American company in cahoots with the government having the ability to snoop on traffic and turn entire networks off, while bad, is nowhere near as bad as a Chinese one having the exact same capability.
Their hypothetical does have weight, though. Damn near every desktop/laptop computer does have "a hidden little core running a hidden little OS" nowadays, after all.[0]
Obviously this particular one isn't in non-Intel equipment, but...
Devices from companies under direct or implicit CCP control should indeed be considered suspect until proven otherwise. Not just them, but them much more than local ones.
China isn't the major threat for consumer routers; it's crappy firmware. Millions of networks have been compromised from non-state actor attacks on crappy consumer routers. You wanna protect America? Impose a software building code on critical network infrastructure (which should include consumer routers and modems). But they aren't gonna do that, because they're just trying to score cheap political points and put pressure on China for trade concessions.
Seemingly every year there is yet another Cisco vulnerability because of hard coded passwords. One as recently as July 2025. The entire network industry seems to YOLO the code running the world.
People worried about routers, meanwhile nearly every damn employee at Intel from the CEO to the janitor is Chinese.
The Intel ME chip is running its own OS on every single Intel chipset, even when the computer or laptop is shut down, and accessible directly through attached Intel WiFi or network cards. With full memory access, with no way to turn it off.
The U.S. is the bigger threat anyways. This just feels like America is coming online as a mafia state and wants their cut and their backdoors in things, otherwise they’ll destroy your business.
To be fair, I think this is most countries, they just don't have as much political power as the US. The UK's Online Safety Act is a good example.
My country (Australia) tried to legislate in 2016 that no one is allowed to use encryption, and if they were required to, for other obvious reasons like for medical data, then they were required to code in a back-door for law enforcement.
The above is just the announcement and doesn't include answering media questions wherein we would have heard dear Malcolm's famous quote:
“Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia"
Political understanding of mathematics and encryption has not progressed in the intervening 9 years, much the same as the thirty years prior. Regulating internet security is forming a similarly unfortunate trajectory.
I have TP-Link Deco's for our WiFi, sitting behind a Firewalla Gold. This has been by far the nicest, simplest at home setup I've ever deployed. Do I love that I chose TP-Link? No. But price to purpose it was the best product available to me at the time.
If TP-Link gets banned, my concern is what that means for the massive market share in the US. Warranty? Software updates? Or maybe that action is what turns them into an agent of the state. Or do you horde all the hardware until its valuable like DJI parts are today?
I thought it was the Chinese owner of Tiktok that got paid money.
What is your evidence that the US government was paid any money as part of that deal (over and above any taxes that would have been incurred by any sale of any business).
"Gifted" would be misleading if (as I suspect) the entity that ended up with American Tiktok is the entity that won a bidding war to make the most attractive offer to the Chinese owner.
TP-Link produces solid and affordable network equipment. A great value for the money, which makes their products a popular choice for many customers around the world. But as almost all hardware vendors out there, TP-Link has weaknesses in their software. In a way, they are victims of their own success and popularity. I wish them to get their software security act together.
Banning such a bright tech company is totally unwarranted, unless there are proofs of their intentional wrongdoings.
As a hardware founder, low quality plastic is not rocket science. On trips to China I’ve heard similar things about other companies, specifically that Foxconn makes everything it uses, including things like coolant or plastic for prototype production.
Does anyone know what their chips are doing? Do you, really?
Until we have desk side silicon fabrication/placement, with accompanying tunnelling microscope features, we simply cannot trust our silicon in any way other than through utterly peaceful means, which is to say, through systems of human trustworthiness.
Technology never allows us humans to advance sufficiently well to do without it .. unless it is evenly distributed.
Right now we are all at the mercy of the masters of silicon. This is no joke!
I don't get what to make of this. Is it all just security theater? The idea of having consumer networking hardware that isn't riddled with security vulnerabilities seems to be a ship that sailed long ago. I doubt this move will prevent major nation states from hacking into whatever they want.
> the U.S.-based company’s products handle sensitive American data and because the officials believe it remains subject to jurisdiction or influence by the Chinese government.
These cowards have not yet finished banning TikTok
We are unfortunately getting to the point where the only option for non-power users will be to create an online account to run local hardware you own; just like Windows 11.
I run OPNsense with a collection of Unifi radios (local controller) with great success.
I've been really happy with the TP-Link smart plugs. I keep upgrading them as The Latest Standard That's Definitely The Real One This Time Trust Us Bro comes out, and the Matter ones are excellent. Getting an instant response from them is really nice. I see no reason to buy others.
I would buy only Hue but that's because I have more money than sense, and they don't actually make smart plugs last time I looked, they make plugs but label them all as lights in the app, which is more annoying than it sounds.
The real problem to solve ditching TP-Link _routers_ is that all routers are uniformly fucking awful, and all you are doing is choosing your particular poison. This is especially true after Apple exited the game so long ago. I use Google Wifi because it mostly works most of the time, but that's not glowing praise. But the world has become trained that rebooting a router once a week and praying that it works when it comes back is a perfectly normal state of affairs and we couldn't possibly do this any better.
I would buy only Hue but that's because I have more money than sense, and they don't actually make smart plugs last time I looked,
Ikea makes Zigbee smart plugs with power monitoring (Inspelning) that are ~10 Euro here (probably $10 in the US). Also Zigbee does not have all the security issues, since it is purely local and will talk with whatever hub/bridge you choose, e.g. Homey, Hubitat, or if you want to go free software Home Assistant or zigbee2mqtt.
It's somewhat insane to me that people use WiFi plugs for actuating things that actuate real-life electrical devices. Even more from companies that have a bad security reputation. Zigbee or Z-Wave all the way or possibly Matter over Thread, but the only Matter device that I had (an upgraded Eve Energy plug) has been a pain.
The real problem to solve ditching TP-Link _routers_ is that all routers are uniformly fucking awful, and all you are doing is choosing your particular poison. This is especially true after Apple exited the game so long ago.
I switched to Unifi gear (Cloud Gateway Max, two of their U7 access points, and a bunch of their managed switches) and they are a dream to set up. Making VLANs, associating VLANs with SSIDs, etc. is so easy. I had a TP Link managed switch and the interface was a huge pile of crap and I saved it several times after misconfiguration by virtue of it having a serial console. I only used it for two months or so because it was so frustrating.
> all routers are uniformly fucking awful [...] the world has become trained that rebooting a router once a week and praying that it works when it comes back is a perfectly normal state of affairs
My OPNsense router currently has 74 days of uptime, and that's just because I ran an update 74 days ago. I've never rebooted it to solve a problem. The only wrinkle is OPNsense (and pfSense) is at least an order of magnitude more complicated than your average consumer router.
OTOH, my ubiquity access point reboots itself every time I change any setting at all.
I have some TP-Link smart plugs and was happy with them for a long time because their app could be used without an account. Then I recently got the new version of the app and it forces an account, there's no more guest mode. I'm done with TP-Link now.
This is a very one sided article. Shouldn't there be a comparison with TP-Link and all other brands available in-terms of security? Otherwise they're just targeting a company for political reasons.
The article is in response to a very one-sided government ban (well, reported ban) on TP-Link products. The company is being targeted for what appears to be political reasons, the article even said so in the first paragraph:
Experts say while the proposed ban may have more to do with TP-Link’s ties to China than any specific technical threats
Regardless of what TP-Link says, the damage is done. I was recently looking for a bigger switch. I went with a use switch instead of buying a new TP-Link because I don't trust them. Now I just need more projects to fill my extra ports on the 24 port switch haha
I don't have any particular opinion on TP-Link (never used their products), but the idea that a low-cost vendor targeting home and SMB users is somehow a state-level agent trying to compromise those users... needs evidence.
I mean, in the case of actors like Huawei, you can at least credibly make the argument that the continued access of their support staff to internal provider networks is a significant risk, but that vector is entirely absent here.
Sure, embedded firmware has been, is, and will continue to be a tire fire prone to embarrassing compromises, but containing those is mostly about notification and containment by government agencies (which the current US administration is doing their utmost best to kneecap) and/or large ISPs (which in the US have traditionally never cared).
Forcing "foreign" products off the market in favor of "domestic" replacements with the exact same, if not worse, flaws won't fix a thing, unless you put some pretty significant controls into place that nobody is willing to enforce or even outline.
^^^THIS 100%.
They are manufacturing low-cost products for home users. That is, if these claims are true, they have neglected a poignant question, why would they bother?
They are targeting poor people's personal data, not businesses, not high-profile people, not government bodies.
But it does provide ample opportunity to profit personally, and that’s much more of a priority for the current federal administration than fixing anything.
But Sir! We are talking here between USA <eagle sound> versus rest of the world that’s unsafe and all the time attacking USA people privacy. Cisco is India based, not American!
disclaimer: not connected in any way with Cisco, just disappointed business customer.
OPNsense is decent too. Problem is that running anything open on those AP will still be a mess unless they support something like OpenWRT ;)
Separating router from the AP was something I considered too for building a 10 Gbps network, since I haven't found any WiFi router that could also handle 10 Gbps wired without some accelerator chip requiring non upstream mess to work.
The fact that TP-Link products are vastly better and cheaper than all their numerous competitors is indeed a bit strange. You have to either think that all the people at Linksys, Netgear, D-link, etc. are incompetents or that something a bit out of the ordinary is going on at TP-Link...
I see that at the company I work at. US management at many companies is about doing the absolute minimum for a maximum of profit. It doesn’t allow for competence or long term investment so companies turn into empty shells.
It’s not that unheard of. Does anyone make a better $999 laptop than Apple? Nope, the MacBook Air is faster and gets better battery life with zero fans and basically nothing on the market compares. That doesn’t make Apple “suspicious” more than any other company.
TP-Link is the best for the same reason Apple is the best. They just have the momentum of being in the lead.
I would also say that TP-Link isn’t wildly and unrealistically cheaper or anything.
Their prosumer/business Omada lineup is clunky and kinda sucks compared to Ubiquiti.
Zyxel WiFi 7 APs are more competitively priced than basically anything last I checked.
Eero used to be pretty close. Years ago, I used to stalk the subreddit despite never owning an Eero just because the (US based) devs would often drop knowledge bombs. AFAIK they wrote the entire software stack in house.
I have no idea if that's still the case, especially post AMZ, but worth looking into if so.
I miss the insider information. Some Redditors were not nice and they all left Reddit and their insider information stopped flowing, it's a shame, it was cool to see behind the development veil.
Per company government acquisition "bans" are stupid for PR and security reasons. Brand-specific banlists are whackamole when the same hardware and software will be immediately duplicated with another cat-walks-on-keyboard brand name that will disappear within a year.
Instead, there should be in-depth, enforced audit, compliance, and evaluation standards for gear for particular purposes. If it doesn't meet particular standard(s), then it can't be purchased or used.
I don’t like that TP Link routers regularly force you to accept new terms of service within their app. If you don’t, then you can’t access much of their configuration options. Basically you get locked out of your own device. I feel like these dark patterns should be illegal.
"TP-Link Systems told The Post it has sole ownership of some engineering, design and manufacturing capabilities in China that were once part of China-based TP-Link Technologies, and that it operates them without Chinese government supervision."
Is that even possible? Or do you always have to be on good terms with the Chinese government to own engineering, design, and manufacturing capabilities in China?
Could you please stop posting unsubstantive comments and flamebait? You've been doing it repeatedly lately. It's not what this site is for, and destroys what it is for.
I'm so glad there's other American drone manufacturers that cater to the consumer market, like Skydi-oh right, they stopped making consumer drones after the successes in forcing DJI out of the market.
>drones from the American company Skydio proved ineffective in Ukraine [notably, a Skydio drone was used by the U.S. Army to drop a combat grenade for the first time], as they were unreliable in front-line interference conditions.
>The problems with Skydio drones in Ukraine were reported last year, and the manufacturer acknowledged the poor quality of its products.
>According to Alex, a key issue with today's low-quality products is the "information gap among many European and American manufacturers about current battlefield conditions and the timing of when they receive this information."
Surprisingly
>Some of the most effective ones have included the German-made Vector drones and Polish-made FlyEye drones.
The real lesson here: If you're successful, don't skimp on security/software! Also, don't abandon software/firmware security support for your products so quickly.
If I was in charge over at TP-Link, getting news that tens of thousands of MY company's routers were compromised would have me furious! I'd be freaking out, making sure that we take immediate steps to improve software/firmware quality and to make sure we're in a constant state of trying to compromise our own hardware... To ensure no one else finds vulnerabilities before we do.
Instead, TP-Link seems to have just laughed and focused strictly on profit margins.
The real lesson here: don't forget to bribe the president of the US.
I'm sure TP-Link could help fund a second ball room.
If this was actually the lesson then they'd be banning Fortinet, but it seems these concerns about security don't apply to US listed companies.
Bold of you to assume those Fortinet vulns arent just exposed government backdoors.
This is like seeing a food poisoning outbreak at a fast food restaurant and concluding that it must be CIA/FSB/Mossad bogeymen trying a bioweapon. These breaches are things like not validating authentication tokens (at all, not just correctly) and that would be a big drop in professionalism from what we’ve seen from nation-state level attacks:
https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admi...
Hanlon's razor, paradoxically, is the perfect cover for surreptitious malice. We've already got a perfectly reasonable razor telling people not to assume malice, after all.
And to be clear, let's not forget that the US government did intentionally and secretly conduct surreptitious biological warfare tests against entire US cities that deliberately inflicted disease upon and killed American citizens. There was an entire formal program that spanned decades - https://en.wikipedia.org/wiki/United_States_biological_weapo...
Of course, the US government doesn't have any secret programs anymore and never lies to us, so everyone can rest easy knowing nothing like this could ever happen again.
Just make them liable for the damages and then they will start caring.
This might be one of the only cases where subscription model would work well to cover the maintenance cost.
> This might be one of the only cases where subscription model would work well to cover the maintenance cost.
1) Company takes your subscription money.
2) Company finds a vulnerability that's difficult to fix.
3) Company announces your device is EOL and ends your subscription, taking your money for doing nothing, and not helping when you need it.
Contracts will (and do) include boilerplate whereby the customer absolves the manufacturer of liability.
It’s fairly trivial to write a law that makes those illegal.
Yea, in the real world, the CEO gets news that tens of thousands of his company's routers were compromised, and calls up his General Counsel and asks "are we liable for damages?" And if the answer is NO, he goes back to enjoying the house party in his luxurious third home.
It depends on whether customers care.
Yeah, I know, at some point you cannot make them care for their customers wholeheartedly.
I think a lot of companies violate that lesson and continue to make money.
Or maybe, don't capture 50% market share in a country that's decided your country of origin is the threat of the decade.
TP-Link's Headquarters are in California, they have a branch in Singapore and they manufacture in Vietnam, which of those were the threat exactly?
This whole thing is reminiscent of the TikTok CEO Chew Shou Zi - "But, I'm Singaporean, Senator".
It was a completely Chinese company until last year. Then it split in 2. The US headquartered half has 11,000 employees in mainland China and 500 in the US based on what I could find when I googled it. It’s solely owned by the founder of the original company and his wife who are Chinese citizens.
I don’t know whether it’s worth banning them or not, but putting your hands up and saying “what Chinese company?” is just absurd.
1. The company was founded Zhao Jianjun and Zhao Jiaxing who are brothers, I don't know where you got the husband/wife sole ownership from.
2. As you admitted, they have completely separated into 2 separate companies, claiming that it is still Chinese is akin to saying "tea is Chinese", that's completely absurd, yes, it was at some point in history, that point is not now.
It's hard to believe you're saying 2 in good faith. Companies don't change that fast, and you skipped the part where so many of the employees are still in China.
It took them 3 years to achieve this, so yes, they can change that fast...
Did you not read the article? It's hard to take your comment in good faith if you didn't.
That is what TPLink PR would like you to think.
The reality is the only part that matters, the chipsets, are produced in Chinese factories owned by TPLink.
They moved everything that doesn’t matter to the US recently in an effort to give the illusion that they aren’t putting chips manufactured under the control of the Chinese government into the majority of routers used in the US.
I’m not agreeing with banning them, but I can certainly see how it creates significant risks that I would want to mitigate somehow.
> the chipsets, are produced in Chinese factories owned by TPLink.
So are more than half the chipsets in the world. https://en.wikipedia.org/wiki/Category:Microprocessors_made_...
I agree with you that they shouldn't be banned, but the US casting aspersions against another country is pretty rich considering the involvement of the CIA, and NSA around the world.
> TP-Link's Headquarters are in California, they have a branch in Singapore and they manufacture in Vietnam
"TP-Link is a Chinese company that manufactures network equipment and smart home products. The company was established in 1996 in Shenzhen. TP-Link's main headquarters is located in Nanshan, Shenzhen; there is a smaller headquarters in Irvine, California"
https://en.wikipedia.org/wiki/TP-Link
Until it hits their wallet, they will not do a thing. Now if they were more concerned about longer profits and how this could impact their image, maybe they would change but it is rare you see that nowadays.
But they got this far with $X in security spending, what’s the problem?
Unfortunately people like you are hardly ever in charge of this kind of thing.
Yeah, that's not the lesson here at all. We're still in an era where you will suffer absolutely zero consequences for security lapses and breaches.
Everything that is happening with this administration is simply because it suits American foreign policy or the interests of one of the oligarchs. I mean this with absolutely no hyperbole: the pretense of there being any rule of law for the ultra-wealthy is gone. The White House is openly selling pardons, which have the added effect of cancelling out debts to the US government.
Tiktok getting banned? It had nothing to do with "national security". The government simply had less control over the content and the algorithm on Tiktok than they do on Meta and Google platforms.
Reading through this article, you have Microsoft pointing the finger at TP-Link. That's... rich. Becvause Microsoft has historically been horrible for security. It would take further investigation but I really wonder if TP-Link isn't just a convenient scapegoat.
I don't mean to be hateful with this, but what's the point of your post besides random conjecture and a sort of rant about something only vaguely related to the story?
That this is a political issue, not technical
I see the comment as quite on point. There are many longstanding real problems that have been allowed to fester (in this case, embedded security). While these problems are now being talked about, there is still zero intention to actually address them. Rather they're merely being abused as talking points by fascists pretending that "something is being done" when really the "solutions" are merely the consolidation of autocratic control.
Real reform here would be something like prohibiting tying software and hardware together as one product, source code escrow, etc. Things that actually create security and consumer choice, rather than merely one less vendor to pick from.
The Chinese see their exports rise because America no longer controls the world. They'll just sell their stuff to emerging markets.
Sometimes I wonder if people talking about corruption in the US have ever been to a country that is as corrupt as they say the US is.
Pardons are not being openly sold. There is absolutely not great stuff going on with them but, really, the major difference I see is that it's happening during the administration, rather than in the last few hours.
The US is moving the wrong direction when it comes to corruption but let's not act like we're bottom of the barrel ir that this slide just started in 2024 (or 2016, if you'd like).
So far Trum pardons have wiped out over $1 billion in decided and sought fines [1]. There are pardons for the likes of Geore Santos (convincted for a whole host of crimes) for no other reason than he was a reliable Republican vote. clearly sending the message that if you are loyal, you can commit crimes and you will be pardoned. There's also the Teenessee House Speaker convicted for corruption [2] and the Binance founder [3] who allegedly aided in Trump's rug pull (sorry, "crypto offering").
Now this sort of thing isn't new. Famously on Clinton's last day in office he pardoned Marc Rich [4], who was convicted (before fleeing the country) on breaking sanctions by trading with Iran. It was widely rumored his ex-wife, Denise Rich, who had a lot of access to the Clinton's brokered a deal.
But what changed is the disastrous Trump v. United STates [5] decision last year that granted almost absolute presidential immunity. Now there's not the slightest fear of repercussions so the whole operation has gone into overdrive and it's so incredibly brazen.
I stand by my original claim: the TP-Link ban isn't technical. It's political. And I would bet all th emoney in my pockets that if the CEO had "donated" $1 million to the inauguration (like all the Tech CEOs did including Bezos and Cook) we'd likely have a very different outcome.
[1]: https://www.aljazeera.com/news/2025/6/8/fact-checking-claims...
[2]: https://www.nbcnews.com/politics/donald-trump/trump-pardons-...
[3]: https://www.reuters.com/world/us/trump-pardons-convicted-bin...
[4]: https://www.pbs.org/newshour/show/clintons-pardon-of-marc-ri...
[5]: https://en.wikipedia.org/wiki/Trump_v._United_States
So the claim is that corruption only started in DC with Trump becoming President?
Did I read the last sentence correctly?
No, I'm saying that the slide didn't start with Trump. I also don't think much of what Trump is doing is much, if at all, worse than his predecessors but he has zero shame about it.
Since he's in the news and it's on my mind, I'm not sure the Cheney and the whole Iraq/Haliburton situation has been topped since then. Then there's ever member of Congress suddenly becoming a multimillionaire after they get into office.
The only norm Trump is breaking is that he doesn't care to sweep it under the rug
TP-Link bribe/lobbying in 3, 2, 1...
I recently bought a TP-Link Omada ceiling mountable access point, which has been working great. My Ubiqiti APs are due for an upgrade and the Omada (for a separate network), at half the price of roughly equivalent Ubiqiti APs, is impressing me so far.
(The Ubiqiti's have been rock solid for years though, no complaints whoatsoever).
Netgear (US) and D-Link (Taiwan) were consistently disappointmenting enough that I swore off them many years ago, and buyers-remorse-PTSD prevents me from reconsidering them ever again.
I've found the ubiquiti devices to be somewhat overly complex and generally overkill for all home-networks I've ever used them for. All the graphs and stuff tickles a nerdy nerve somewhere in me, but honestly I can get equally stable networks for less than a quarter of the price, but without all the fancy bells and whistles that I only enjoy four about 2 hours after installing anyway
TP-Link makes really solid products, and if you don’t want to use their firmware then almost all of them can easily flash OpenWRT. In fact most of their routers are built from OpenWRT anyway.
I installed their mesh Wi-Fi system for my parents recently and was really impressed how seamless the process was. It did involve making a cloud account which I wasn’t thrilled about, however.
You aren't thinking low enough for firmware.
All modern WiFi APs require closed firmware blobs that run below or parallel to OpenWRT.
You replacing the router OS with OpenWRT does nothing when the radio has full DMA access and runs its own OS on its own processor. The OpenWRT layer will have no idea what it's running/infiltrating/exfiltrating.
I say this as someone who has been running and building OpenWRT forever. It's great but it isn't a panacea.
That's why I bought a PCEngines box (one of the last of their inventory before they went out of business) with completely transparent hardware and no Chinese manufacturer in the supply chain.
Neat.
If it dies tomorrow, what’s next, out of curiosity?
For anyone asking this question I might suggest Protectli. They've got x86 systems with coreboot. That's about as good as you can get these days for open source-ness without going really obscure or outdated. I've got a VP2440 as my router and firewall. You can neuter the intel management engine with coreboot, but there's still going to be firmware blobs somewhere in it, especially if you're trying to build a wifi ap.
One of my 2 pcengines APUs has developed an issue with its solder joints I suspect. It hangs at the bootloader unless the unit is already warm. Can't complain at all, it lasted ages and problems like this are just life for things that thermally cycle, it was in a pretty extreme climate for most of its life. Doesn't help with me needing a replacement now pcengines is out of business though, hence getting a protectli box.
Sure, but if you run OpenWRT you can pick the radio firmware image. And you can trust Qualcomm cause they're from San Diego and made Eudora; their firmware won't have intentional security issues.
And yet American products are the only ones we've ever had hard evidence on wrt intentional security issues in collaboration with US Intelligence.
Source for this claim?
I use their Omada stuff for my business. I own a coffee shop where I have a few devices I need online and I provide free WiFi to customers. I needed something where I could run multiple networks, segregate my own devices, support a large number of clients, automatically turn off free wifi outside of business hours, run a captive portal, reserve a minimum amount of bandwidth for my own devices and prioritize my own traffic, etc. It’s absolutely packed with features and costs less than the stuff I run at home. It was a fraction of the cost of the Meraki gear I was considering. The performance is great too.
I don’t know how much I trust TP Link, but my risk level is very low. There’s not much an attacker could do if they get on my network. None of my data is accessible on that network and everything important has MFA anyway. The most sensitive things are my POS and menu displays and they are just client devices connecting to the internet. I probably wouldn’t run this stuff in an environment where I had complex security requirements.
I don't think the attackers are after your credit card records as much as they are after using your network as one base amongst thousands of others to perform illicit compute, generate traffic to a victim network, etc. That is: the attack is outbound from you to the victim, not inbound to you as the victim (at least not beyond the initial beachhead).
TP-Link let me down twice.
I bought a cellphone from them many years ago and they never really supported it and I couldn't even buy a replacement battery.
Recently I bought a router with the firm intent of installing OpenWRT, but I received a newer revision that had a different CPU, less RAM, and less flash memory.
These events left a bad impression, but they do make affordable stuff with reasonable quality.
> Recently I bought a router with the firm intent of installing OpenWRT, but I received a newer revision that had a different CPU, less RAM, and less flash memory.
This also happened many years ago with Linksys (prior to Cisco). It’s not that uncommon for manufacturers to release new revisions of hardware without necessarily making it clear to the purchaser. If their purpose is to deliver a router and they can shave a few cents off the BOM with less RAM, but it still works with their software, why would they care. And once new revisions have been released into the supply chain, it can be hard to know exactly what version you are buying.
In the Linksys case, IIRC they eventually re-released the first revision WRT54G as the WRT54GL (for Linux), so that people who wanted different firmware could get the exact hardware they wanted.
Wouldn't it be nice if that was illegal? Sell whatever, but label it accurately, it's different hardware so it needs to have a different version label in the listing or something.
We see this all the time with SSDs, where a high-spec model is released to reviewers, then a low-spec model is mass-produced and sold under the same model number. That's fraud, isn't it? Shouldn't it be?
It’s only fraud if they sold you or marketed to you on those specs. But at least for things like reflashing your router, short of a few explicit opener vendors (like glinet) and Linksys AFTER releasing the WRTGL version, router manufacturers aren’t usually advertising on how much ram or flash memory space they have, any more than car manufacturers are advertising how much flash memory is in their ECUs. It’s not an intended or marketed purpose, so they’re not going to be changing model numbers just because they made an internal update.
Changing the flash in a router is pretty understandable. Changing a router's CPU is going to affect core performance, and so does changing parts in an SSD, and core performance should totally count as being used to sell the product.
> but label it accurately, it's different hardware so it needs to have a different version label
In my experience, TP-Link always has the hardware revision on a label on the outside of the box.
It's small text on a small label that online vendors don't bother to check.
At some point it won't matter that you run OpenWRT on it. Obvious case in point: at a certain point it doesn't matter that you run Linux instead of Windows on your Intel PC, because it'll still be subjected to Intel ME, Intel AMT, Intel SGX and god knows what else.
On a PC, Intel ME and the like can be accessed remotely only through an Intel NIC, which can be avoided by using a PCIe Ethernet card from another manufacturer, if the motherboard does not have such an interface on it. Even many of the Intel Ethernet interfaces are supposed to have the remote access disabled from the factory, but you cannot be certain about this.
A more serious problem is caused by the laptops having Intel WiFi, which is difficult to replace. With such a laptop one would have to disconnect the internal antennas and use an external WiFi dongle, to be sure that remote control is not possible.
Hey, that's really timely for me.
I'm getting ready to set a mesh network for my older parents as well. Do you have any suggestions for hardware and software? I live a ways away from them so I need this to be pretty much faultless. I don't want to drive 4 hours for IT support.
Go unifi and manage it remotely.
My paranoia goes against this idea. How sure are you that the remote management is hardened? Assuming that disabling external control is actually effective, that seems like it removes most practical exploits one would encounter. A network configuration for a non technical person should be so simple it does not require regular maintenance.
The TP-Link option was great. If it was for myself, I'd build my own with OpenWRT but my goal was to minimize the chance of downtime in case I'm not available to help debug issues. They already had a TP-Link range extender running for 4+ years without ever needing to touch it, so I figured their mesh network was a good option too.
ASUS routers with Merlin firmware work well in a mesh configuration.
Do any of TP-Link's mesh routers support OpenWrt? I didn't think there was overlap between the "easy to set up for my parents" and "easy to install custom firmware" subsets.
From what I could tell in the admin panel, those mesh routers _are_ OpenWRT. And they have an advanced section where you can upload a firmware .bin.
OpenWRT runs well on Deco M5 with a custom build.
https://forum.openwrt.org/t/ipq4019-adding-support-for-tp-li...
Assuming there isn't a hidden little core running a hidden little OS somewhere.
Yeah companies should be held guilty unless proven otherwise. Of course you can never actually prove anything, so they are all guilty by default. /s
You can't bootstrap nearly any embedded ARM SoC and run Linux without running some closed Chinese blob just to bring it up lol
And in reverse, you think Palentir has a transparent business model to trust with your data? I don't get why people find china more suspect than most of these billionaire led monopolies buying politicians and laws and spout paranoid gibberish about Christianity and anti Christ etc.
Both might be fundamentally evil or being, but they aren't different in danger based solely on how white they are.
Both can be bad at the same time
What about whataboutism?
And yes an American company in cahoots with the government having the ability to snoop on traffic and turn entire networks off, while bad, is nowhere near as bad as a Chinese one having the exact same capability.
The US company and the US government are 1000x more likely to leverage their position in an antagonistic way against US customers.
Their hypothetical does have weight, though. Damn near every desktop/laptop computer does have "a hidden little core running a hidden little OS" nowadays, after all.[0]
Obviously this particular one isn't in non-Intel equipment, but...
[0] https://en.wikipedia.org/wiki/Intel_Management_Engine
Of course there is probably a hidden little os running on hidden core within the hidden hardware running the hidden os.
Devices from companies under direct or implicit CCP control should indeed be considered suspect until proven otherwise. Not just them, but them much more than local ones.
China isn't the major threat for consumer routers; it's crappy firmware. Millions of networks have been compromised from non-state actor attacks on crappy consumer routers. You wanna protect America? Impose a software building code on critical network infrastructure (which should include consumer routers and modems). But they aren't gonna do that, because they're just trying to score cheap political points and put pressure on China for trade concessions.
Seemingly every year there is yet another Cisco vulnerability because of hard coded passwords. One as recently as July 2025. The entire network industry seems to YOLO the code running the world.
[0] https://sec.cloudapps.cisco.com/security/center/content/Cisc...
People worried about routers, meanwhile nearly every damn employee at Intel from the CEO to the janitor is Chinese.
The Intel ME chip is running its own OS on every single Intel chipset, even when the computer or laptop is shut down, and accessible directly through attached Intel WiFi or network cards. With full memory access, with no way to turn it off.
https://en.wikipedia.org/wiki/Intel_Management_Engine
The totality of reassurance we have about it is intel’s promise that they won’t put a backdoor in.
The U.S. is the bigger threat anyways. This just feels like America is coming online as a mafia state and wants their cut and their backdoors in things, otherwise they’ll destroy your business.
To be fair, I think this is most countries, they just don't have as much political power as the US. The UK's Online Safety Act is a good example.
My country (Australia) tried to legislate in 2016 that no one is allowed to use encryption, and if they were required to, for other obvious reasons like for medical data, then they were required to code in a back-door for law enforcement.
Prime Minister (at the time) Malcolm Turnbull announcing it: https://www.youtube.com/watch?v=i326eNOa6Us
The above is just the announcement and doesn't include answering media questions wherein we would have heard dear Malcolm's famous quote:
“Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia"
Very quiet audio of the last half of the above quote: https://www.youtube.com/watch?v=8VB3uQHa14g
Political understanding of mathematics and encryption has not progressed in the intervening 9 years, much the same as the thirty years prior. Regulating internet security is forming a similarly unfortunate trajectory.
An empire in every way except name.
I have TP-Link Deco's for our WiFi, sitting behind a Firewalla Gold. This has been by far the nicest, simplest at home setup I've ever deployed. Do I love that I chose TP-Link? No. But price to purpose it was the best product available to me at the time.
If TP-Link gets banned, my concern is what that means for the massive market share in the US. Warranty? Software updates? Or maybe that action is what turns them into an agent of the state. Or do you horde all the hardware until its valuable like DJI parts are today?
My guess is they’ll be forced to sell their US division to whatever company gives the government the most money (sort of like the Oracle-Tiktok deal).
> whatever company gives the government the most money
If only! Unfortunately it's whatever makes the Party leadership the most money.
I thought it was the Chinese owner of Tiktok that got paid money.
What is your evidence that the US government was paid any money as part of that deal (over and above any taxes that would have been incurred by any sale of any business).
He's referring to whoever paid in America to be gifted the largest propaganda platform.
I'm sure money also went to Chinese owners.
"Gifted" would be misleading if (as I suspect) the entity that ended up with American Tiktok is the entity that won a bidding war to make the most attractive offer to the Chinese owner.
Wow. Where are the actual details about the threat, what models are affected etc? How to mitigate the threat? Totally useless.
Virtually every home router and a whole lot of small business routers should be considered “national security risks”.
TP-Link may be sore for getting singled out but they are certainly not unique.
TP-Link produces solid and affordable network equipment. A great value for the money, which makes their products a popular choice for many customers around the world. But as almost all hardware vendors out there, TP-Link has weaknesses in their software. In a way, they are victims of their own success and popularity. I wish them to get their software security act together.
Banning such a bright tech company is totally unwarranted, unless there are proofs of their intentional wrongdoings.
> The company says it researches, designs, develops and manufactures everything except its chipsets in-house.
So, the plastic bits?
Presumably the software, the boards, connectors, antenna design, etc.
> connectors, antenna design
And also passives like SMD resistors. They are also refining copper and iron from raw ore. /s
They actually make their own iron in the heart of a dying star.
They actually manufacture a synthetic star from which they gather their elements.
As a hardware founder, low quality plastic is not rocket science. On trips to China I’ve heard similar things about other companies, specifically that Foxconn makes everything it uses, including things like coolant or plastic for prototype production.
I don't think they were saying the plastic bits are rocket science, proverbally or not
Does anyone know what their chips are doing? Do you, really?
Until we have desk side silicon fabrication/placement, with accompanying tunnelling microscope features, we simply cannot trust our silicon in any way other than through utterly peaceful means, which is to say, through systems of human trustworthiness.
Technology never allows us humans to advance sufficiently well to do without it .. unless it is evenly distributed.
Right now we are all at the mercy of the masters of silicon. This is no joke!
You can measure input and output with commodity equipment. That will give a good, but admittedly incomplete picture of what the chips are doing.
Even with desk-side silicon fabrication, one would have to hope the hardware/software with the design tools wasn’t already backdoor-ed…
Reflections on trusting trust...
Absolutely. We'll never be 100% free until we can fabricate computers at home, just like we can write our own software at home.
I don't get what to make of this. Is it all just security theater? The idea of having consumer networking hardware that isn't riddled with security vulnerabilities seems to be a ship that sailed long ago. I doubt this move will prevent major nation states from hacking into whatever they want.
> the U.S.-based company’s products handle sensitive American data and because the officials believe it remains subject to jurisdiction or influence by the Chinese government.
These cowards have not yet finished banning TikTok
Because Jeff Yass asked Trump not to
We are unfortunately getting to the point where the only option for non-power users will be to create an online account to run local hardware you own; just like Windows 11.
I run OPNsense with a collection of Unifi radios (local controller) with great success.
I've been really happy with the TP-Link smart plugs. I keep upgrading them as The Latest Standard That's Definitely The Real One This Time Trust Us Bro comes out, and the Matter ones are excellent. Getting an instant response from them is really nice. I see no reason to buy others.
I would buy only Hue but that's because I have more money than sense, and they don't actually make smart plugs last time I looked, they make plugs but label them all as lights in the app, which is more annoying than it sounds.
The real problem to solve ditching TP-Link _routers_ is that all routers are uniformly fucking awful, and all you are doing is choosing your particular poison. This is especially true after Apple exited the game so long ago. I use Google Wifi because it mostly works most of the time, but that's not glowing praise. But the world has become trained that rebooting a router once a week and praying that it works when it comes back is a perfectly normal state of affairs and we couldn't possibly do this any better.
> all routers are uniformly fucking awful,
The mikrotik I've been using has been pretty solid, and super super customizable.
I would buy only Hue but that's because I have more money than sense, and they don't actually make smart plugs last time I looked,
Ikea makes Zigbee smart plugs with power monitoring (Inspelning) that are ~10 Euro here (probably $10 in the US). Also Zigbee does not have all the security issues, since it is purely local and will talk with whatever hub/bridge you choose, e.g. Homey, Hubitat, or if you want to go free software Home Assistant or zigbee2mqtt.
It's somewhat insane to me that people use WiFi plugs for actuating things that actuate real-life electrical devices. Even more from companies that have a bad security reputation. Zigbee or Z-Wave all the way or possibly Matter over Thread, but the only Matter device that I had (an upgraded Eve Energy plug) has been a pain.
The real problem to solve ditching TP-Link _routers_ is that all routers are uniformly fucking awful, and all you are doing is choosing your particular poison. This is especially true after Apple exited the game so long ago.
I switched to Unifi gear (Cloud Gateway Max, two of their U7 access points, and a bunch of their managed switches) and they are a dream to set up. Making VLANs, associating VLANs with SSIDs, etc. is so easy. I had a TP Link managed switch and the interface was a huge pile of crap and I saved it several times after misconfiguration by virtue of it having a serial console. I only used it for two months or so because it was so frustrating.
Iirc ikea zigbee range have been discontinued in favour of matter
> all routers are uniformly fucking awful [...] the world has become trained that rebooting a router once a week and praying that it works when it comes back is a perfectly normal state of affairs
My OPNsense router currently has 74 days of uptime, and that's just because I ran an update 74 days ago. I've never rebooted it to solve a problem. The only wrinkle is OPNsense (and pfSense) is at least an order of magnitude more complicated than your average consumer router.
OTOH, my ubiquity access point reboots itself every time I change any setting at all.
Eve smart plugs are solid and don’t have any unnecessary cloud stuff.
I have some TP-Link smart plugs and was happy with them for a long time because their app could be used without an account. Then I recently got the new version of the app and it forces an account, there's no more guest mode. I'm done with TP-Link now.
I bought a dedicated router and separate WAPs and cable modem and it works really well. The converged devices are terrible though.
This is a very one sided article. Shouldn't there be a comparison with TP-Link and all other brands available in-terms of security? Otherwise they're just targeting a company for political reasons.
The article is in response to a very one-sided government ban (well, reported ban) on TP-Link products. The company is being targeted for what appears to be political reasons, the article even said so in the first paragraph:
Experts say while the proposed ban may have more to do with TP-Link’s ties to China than any specific technical threats
Regardless of what TP-Link says, the damage is done. I was recently looking for a bigger switch. I went with a use switch instead of buying a new TP-Link because I don't trust them. Now I just need more projects to fill my extra ports on the 24 port switch haha
An unmanaged switch is not going to realistically have exploitable vulnerabilities, the chances of that are dim.
A router, a managed switch or something having an OS is another story.
It's managed. I don't know, but I would bet that unmanaged switches have vulnerabilities too. Maybe they just aren't targeted.
I don't have any particular opinion on TP-Link (never used their products), but the idea that a low-cost vendor targeting home and SMB users is somehow a state-level agent trying to compromise those users... needs evidence.
I mean, in the case of actors like Huawei, you can at least credibly make the argument that the continued access of their support staff to internal provider networks is a significant risk, but that vector is entirely absent here.
Sure, embedded firmware has been, is, and will continue to be a tire fire prone to embarrassing compromises, but containing those is mostly about notification and containment by government agencies (which the current US administration is doing their utmost best to kneecap) and/or large ISPs (which in the US have traditionally never cared).
Forcing "foreign" products off the market in favor of "domestic" replacements with the exact same, if not worse, flaws won't fix a thing, unless you put some pretty significant controls into place that nobody is willing to enforce or even outline.
^^^THIS 100%. They are manufacturing low-cost products for home users. That is, if these claims are true, they have neglected a poignant question, why would they bother? They are targeting poor people's personal data, not businesses, not high-profile people, not government bodies.
But it does provide ample opportunity to profit personally, and that’s much more of a priority for the current federal administration than fixing anything.
I'll just leave this little NSA intercepting Cisco products reminder here: https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa...
But Sir! We are talking here between USA <eagle sound> versus rest of the world that’s unsafe and all the time attacking USA people privacy. Cisco is India based, not American!
disclaimer: not connected in any way with Cisco, just disappointed business customer.
SSL added and removed here! :)
OpenWRT is the way to go. If it doesn't run on it, I'd skip such router.
OPNSense on a dual NIC mini PC, the your WiFi comes from dumb APs.
Separating routing from WiFi has been the best thing I’ve ever done for my network.
OPNsense is decent too. Problem is that running anything open on those AP will still be a mess unless they support something like OpenWRT ;)
Separating router from the AP was something I considered too for building a 10 Gbps network, since I haven't found any WiFi router that could also handle 10 Gbps wired without some accelerator chip requiring non upstream mess to work.
Seems hard to overestimate their market when if you go to Walmart 75% of the routers they have in stock are TP link
I don’t get the end game here D-link isn’t any better. Are we heading for isp enforced hardware in our homes?
God help us.
If only there were US manufacturers that could produce things at a decent price and didn't actively hate their customers.
The fact that TP-Link products are vastly better and cheaper than all their numerous competitors is indeed a bit strange. You have to either think that all the people at Linksys, Netgear, D-link, etc. are incompetents or that something a bit out of the ordinary is going on at TP-Link...
I see that at the company I work at. US management at many companies is about doing the absolute minimum for a maximum of profit. It doesn’t allow for competence or long term investment so companies turn into empty shells.
It’s not that unheard of. Does anyone make a better $999 laptop than Apple? Nope, the MacBook Air is faster and gets better battery life with zero fans and basically nothing on the market compares. That doesn’t make Apple “suspicious” more than any other company.
TP-Link is the best for the same reason Apple is the best. They just have the momentum of being in the lead.
I would also say that TP-Link isn’t wildly and unrealistically cheaper or anything.
Their prosumer/business Omada lineup is clunky and kinda sucks compared to Ubiquiti.
Zyxel WiFi 7 APs are more competitively priced than basically anything last I checked.
Eero used to be pretty close. Years ago, I used to stalk the subreddit despite never owning an Eero just because the (US based) devs would often drop knowledge bombs. AFAIK they wrote the entire software stack in house.
I have no idea if that's still the case, especially post AMZ, but worth looking into if so.
I miss the insider information. Some Redditors were not nice and they all left Reddit and their insider information stopped flowing, it's a shame, it was cool to see behind the development veil.
I’m sure there’s some way to inject advertising - otherwise it’s just leaving money on the table.
I'm old enough to remember most cable modems and set-top boxes being manufactured in the US.
They were... not great...
I am pretty sure the companies that made those, had a monopoly on them and charged $500 a piece went bankrupt too.
There is, but corporate greed doesn't allow it.
Per company government acquisition "bans" are stupid for PR and security reasons. Brand-specific banlists are whackamole when the same hardware and software will be immediately duplicated with another cat-walks-on-keyboard brand name that will disappear within a year.
Instead, there should be in-depth, enforced audit, compliance, and evaluation standards for gear for particular purposes. If it doesn't meet particular standard(s), then it can't be purchased or used.
I don’t like that TP Link routers regularly force you to accept new terms of service within their app. If you don’t, then you can’t access much of their configuration options. Basically you get locked out of your own device. I feel like these dark patterns should be illegal.
"TP-Link Systems told The Post it has sole ownership of some engineering, design and manufacturing capabilities in China that were once part of China-based TP-Link Technologies, and that it operates them without Chinese government supervision."
Is that even possible? Or do you always have to be on good terms with the Chinese government to own engineering, design, and manufacturing capabilities in China?
I don't see anything here that suggests TP-Link is especially bad at security. What I do see is anti-China fearmongering by GOP officials.
So much freedom in America lately. TP-Link, DJI, BYD, must be great to never have these options.
Could you please stop posting unsubstantive comments and flamebait? You've been doing it repeatedly lately. It's not what this site is for, and destroys what it is for.
If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.
I'm so glad there's other American drone manufacturers that cater to the consumer market, like Skydi-oh right, they stopped making consumer drones after the successes in forcing DJI out of the market.
and their mil drones are subpar
https://en.defence-ua.com/news/which_western_drones_have_sho...
https://www.defensenews.com/global/europe/2025/11/07/of-fibe...
>drones from the American company Skydio proved ineffective in Ukraine [notably, a Skydio drone was used by the U.S. Army to drop a combat grenade for the first time], as they were unreliable in front-line interference conditions.
>The problems with Skydio drones in Ukraine were reported last year, and the manufacturer acknowledged the poor quality of its products.
>According to Alex, a key issue with today's low-quality products is the "information gap among many European and American manufacturers about current battlefield conditions and the timing of when they receive this information."
Surprisingly
>Some of the most effective ones have included the German-made Vector drones and Polish-made FlyEye drones.