The real lesson here: don't forget to bribe the president of the US.

If this was actually the lesson then they'd be banning Fortinet, but it seems these concerns about security don't apply to US listed companies.

Just make them liable for the damages and then they will start caring.

This might be one of the only cases where subscription model would work well to cover the maintenance cost.

Or maybe, don't capture 50% market share in a country that's decided your country of origin is the threat of the decade.

I think a lot of companies violate that lesson and continue to make money.

Until it hits their wallet, they will not do a thing. Now if they were more concerned about longer profits and how this could impact their image, maybe they would change but it is rare you see that nowadays.

But they got this far with $X in security spending, what’s the problem?

Unfortunately people like you are hardly ever in charge of this kind of thing.

Yeah, that's not the lesson here at all. We're still in an era where you will suffer absolutely zero consequences for security lapses and breaches.

Everything that is happening with this administration is simply because it suits American foreign policy or the interests of one of the oligarchs. I mean this with absolutely no hyperbole: the pretense of there being any rule of law for the ultra-wealthy is gone. The White House is openly selling pardons, which have the added effect of cancelling out debts to the US government.

Tiktok getting banned? It had nothing to do with "national security". The government simply had less control over the content and the algorithm on Tiktok than they do on Meta and Google platforms.

Reading through this article, you have Microsoft pointing the finger at TP-Link. That's... rich. Becvause Microsoft has historically been horrible for security. It would take further investigation but I really wonder if TP-Link isn't just a convenient scapegoat.

You aren't thinking low enough for firmware.

All modern WiFi APs require closed firmware blobs that run below or parallel to OpenWRT.

You replacing the router OS with OpenWRT does nothing when the radio has full DMA access and runs its own OS on its own processor. The OpenWRT layer will have no idea what it's running/infiltrating/exfiltrating.

I say this as someone who has been running and building OpenWRT forever. It's great but it isn't a panacea.

I use their Omada stuff for my business. I own a coffee shop where I have a few devices I need online and I provide free WiFi to customers. I needed something where I could run multiple networks, segregate my own devices, support a large number of clients, automatically turn off free wifi outside of business hours, run a captive portal, reserve a minimum amount of bandwidth for my own devices and prioritize my own traffic, etc. It’s absolutely packed with features and costs less than the stuff I run at home. It was a fraction of the cost of the Meraki gear I was considering. The performance is great too.

I don’t know how much I trust TP Link, but my risk level is very low. There’s not much an attacker could do if they get on my network. None of my data is accessible on that network and everything important has MFA anyway. The most sensitive things are my POS and menu displays and they are just client devices connecting to the internet. I probably wouldn’t run this stuff in an environment where I had complex security requirements.

At some point it won't matter that you run OpenWRT on it. Obvious case in point: at a certain point it doesn't matter that you run Linux instead of Windows on your Intel PC, because it'll still be subjected to Intel ME, Intel AMT, Intel SGX and god knows what else.

TP-Link let me down twice.

I bought a cellphone from them many years ago and they never really supported it and I couldn't even buy a replacement battery.

Recently I bought a router with the firm intent of installing OpenWRT, but I received a newer revision that had a different CPU, less RAM, and less flash memory.

These events left a bad impression, but they do make affordable stuff with reasonable quality.

Hey, that's really timely for me.

I'm getting ready to set a mesh network for my older parents as well. Do you have any suggestions for hardware and software? I live a ways away from them so I need this to be pretty much faultless. I don't want to drive 4 hours for IT support.

Do any of TP-Link's mesh routers support OpenWrt? I didn't think there was overlap between the "easy to set up for my parents" and "easy to install custom firmware" subsets.

Assuming there isn't a hidden little core running a hidden little OS somewhere.

Seemingly every year there is yet another Cisco vulnerability because of hard coded passwords. One as recently as July 2025. The entire network industry seems to YOLO the code running the world.

[0] https://sec.cloudapps.cisco.com/security/center/content/Cisc...

My guess is they’ll be forced to sell their US division to whatever company gives the government the most money (sort of like the Oracle-Tiktok deal).

I've found the ubiquiti devices to be somewhat overly complex and generally overkill for all home-networks I've ever used them for. All the graphs and stuff tickles a nerdy nerve somewhere in me, but honestly I can get equally stable networks for less than a quarter of the price, but without all the fancy bells and whistles that I only enjoy four about 2 hours after installing anyway

To be fair, I think this is most countries, they just don't have as much political power as the US. The UK's Online Safety Act is a good example.

My country (Australia) tried to legislate in 2016 that no one is allowed to use encryption, and if they were required to, for other obvious reasons like for medical data, then they were required to code in a back-door for law enforcement.

An empire in every way except name.

Presumably the software, the boards, connectors, antenna design, etc.

As a hardware founder, low quality plastic is not rocket science. On trips to China I’ve heard similar things about other companies, specifically that Foxconn makes everything it uses, including things like coolant or plastic for prototype production.

Does anyone know what their chips are doing? Do you, really?

Until we have desk side silicon fabrication/placement, with accompanying tunnelling microscope features, we simply cannot trust our silicon in any way other than through utterly peaceful means, which is to say, through systems of human trustworthiness.

Technology never allows us humans to advance sufficiently well to do without it .. unless it is evenly distributed.

Right now we are all at the mercy of the masters of silicon. This is no joke!

Because Jeff Yass asked Trump not to

I would buy only Hue but that's because I have more money than sense, and they don't actually make smart plugs last time I looked,

Ikea makes Zigbee smart plugs with power monitoring (Inspelning) that are ~10 Euro here (probably $10 in the US). Also Zigbee does not have all the security issues, since it is purely local and will talk with whatever hub/bridge you choose, e.g. Homey, Hubitat, or if you want to go free software Home Assistant or zigbee2mqtt.

It's somewhat insane to me that people use WiFi plugs for actuating things that actuate real-life electrical devices. Even more from companies that have a bad security reputation. Zigbee or Z-Wave all the way or possibly Matter over Thread, but the only Matter device that I had (an upgraded Eve Energy plug) has been a pain.

The real problem to solve ditching TP-Link _routers_ is that all routers are uniformly fucking awful, and all you are doing is choosing your particular poison. This is especially true after Apple exited the game so long ago.

I switched to Unifi gear (Cloud Gateway Max, two of their U7 access points, and a bunch of their managed switches) and they are a dream to set up. Making VLANs, associating VLANs with SSIDs, etc. is so easy. I had a TP Link managed switch and the interface was a huge pile of crap and I saved it several times after misconfiguration by virtue of it having a serial console. I only used it for two months or so because it was so frustrating.

> all routers are uniformly fucking awful [...] the world has become trained that rebooting a router once a week and praying that it works when it comes back is a perfectly normal state of affairs

My OPNsense router currently has 74 days of uptime, and that's just because I ran an update 74 days ago. I've never rebooted it to solve a problem. The only wrinkle is OPNsense (and pfSense) is at least an order of magnitude more complicated than your average consumer router.

OTOH, my ubiquity access point reboots itself every time I change any setting at all.

> all routers are uniformly fucking awful,

The mikrotik I've been using has been pretty solid, and super super customizable.

Eve smart plugs are solid and don’t have any unnecessary cloud stuff.

I have some TP-Link smart plugs and was happy with them for a long time because their app could be used without an account. Then I recently got the new version of the app and it forces an account, there's no more guest mode. I'm done with TP-Link now.

I bought a dedicated router and separate WAPs and cable modem and it works really well. The converged devices are terrible though.

^^^THIS 100%. They are manufacturing low-cost products for home users. That is, if these claims are true, they have neglected a poignant question, why would they bother? They are targeting poor people's personal data, not businesses, not high-profile people, not government bodies.

But it does provide ample opportunity to profit personally, and that’s much more of a priority for the current federal administration than fixing anything.

The article is in response to a very one-sided government ban (well, reported ban) on TP-Link products. The company is being targeted for what appears to be political reasons, the article even said so in the first paragraph:

Experts say while the proposed ban may have more to do with TP-Link’s ties to China than any specific technical threats

An unmanaged switch is not going to realistically have exploitable vulnerabilities, the chances of that are dim.

A router, a managed switch or something having an OS is another story.

But Sir! We are talking here between USA <eagle sound> versus rest of the world that’s unsafe and all the time attacking USA people privacy. Cisco is India based, not American!

disclaimer: not connected in any way with Cisco, just disappointed business customer.

SSL added and removed here! :)

OPNSense on a dual NIC mini PC, the your WiFi comes from dumb APs.

Separating routing from WiFi has been the best thing I’ve ever done for my network.

God help us.

The fact that TP-Link products are vastly better and cheaper than all their numerous competitors is indeed a bit strange. You have to either think that all the people at Linksys, Netgear, D-link, etc. are incompetents or that something a bit out of the ordinary is going on at TP-Link...

Eero used to be pretty close. Years ago, I used to stalk the subreddit despite never owning an Eero just because the (US based) devs would often drop knowledge bombs. AFAIK they wrote the entire software stack in house.

I have no idea if that's still the case, especially post AMZ, but worth looking into if so.

I’m sure there’s some way to inject advertising - otherwise it’s just leaving money on the table.

I'm old enough to remember most cable modems and set-top boxes being manufactured in the US.

They were... not great...

There is, but corporate greed doesn't allow it.

Could you please stop posting unsubstantive comments and flamebait? You've been doing it repeatedly lately. It's not what this site is for, and destroys what it is for.

If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.

I'm so glad there's other American drone manufacturers that cater to the consumer market, like Skydi-oh right, they stopped making consumer drones after the successes in forcing DJI out of the market.