The US Is Considering a TP-Link Router Ban

I've had tplink forever and recently got a netgear to put openwrt on it. It's pretty cool

I love my Toilet Paper-Link router. It's the only one I've ever owned that didn't start randomly losing the internet connection after two years. I don't know why every router starts acting up like that; I've had issues with literally every brand except this one.

I can’t wait to get a hold of a bunch of cheap TP Link routers. Those things run OpenWRT like champs.

same

I don't care if China steals my data or uses my router as a vector for a DOS attack at this point. My fascist nation already has domestic back doors to spy on me if I was interesting enough. My opinion of China is roughly the same as my opinion of my own red white and blue shithole, about as low as you can go. In fact, their regular people on the street seem a hell of a lot more prosocial and EMPATHETIC than I've ever seen here in the US going by Rednote. I'm on nobody's side geopolitically because nobody is on my side.

Besides, we destroyed ourselves already. Checkmate CCP! Have fun spying on the ash heap. Spoilers: we're largely poorly educated here by design, so enjoy the stream of "...evolution is just a theory science is fake education is a scam pull yourself by your bootstraps stop virtue signaling it's not greed I'm rationally self-interested... "

In a fucked up way I lol’d at this. If I put on my tinfoil hat I’d say the USA is encouraging China to “spy” on us so they have to absorb the brainrot. Poor bastards
Maybe China isn’t the bad guy. They have goals. Goals are good. We’re mainly into destruction and extracting capital. Wild thought, maybe we’ve never been the good guys. :o
- I don't think goals are inherently good... Hitler had goals...

Oh but all the US hardware with spyware from the NSA/FBI is just fiiiiiiiiiine.

As always US wants the data, they just don't want anyone else to have it.

It's also a laugh for them to say "fuck you consumers you don't get to" when the federal government already fucking blew it with SolarWinds.

Personal opinion this is much ado about nothing. In other words this article is baseless fear-mongering.

Trump is a bigger national security concern than fucking TP-Link and no one in power is seriously talking about removing him.

His economic moves will devalue the US Dollar and put it at risk as a reserve currency. Who is gonna step in? China.

But boo hoo, we should ban TP-Link! What a fucking joke. If you're really "worried" about China, get rid of Trump yesterday.

Trump is a bigger national security concern than fucking TP-Link and no one in power is seriously talking about removing him.

There is an abstract ironic beauty to this.
- To secure US networks, start by kicking Musk out of government systems.
- Security concerns usually don't talk about themselves
As always US wants the data, they just don’t want anyone else to have it for free

I guarantee you that American data is going to Chinese companies. Temu has your data. Alibaba has your data. Bilibili has your data. They're just getting it by purchasing from American data centers.
- So what you're saying is, the complaint about China spying on people boils down to piracy?
Three separate government departments are investigating TP-Link, so someone either tipped the Fed off and you (and the public) know nothing, or this is simply a witch hunt.

Since I know for a fact I can't trust anyone commenting anywhere on the internet as a credible source, I'm hoping those departments who once were independent of the Executive control and free of Trump corruption and are now filled with human excrement yes-men MAGA regarded morons, i will hold my anger until we know more.
- The US government has something of a credibility crisis, doesn't it? (And I don't think it started with Trump, though he makes it worse.)
- It looks just like the Tik Tok ban to me. Racist/Nationalist nonsense that doesn't solve the actual underlying problem, which is lack of regulation in the US
- The best that they've got is that TP-Link is competitive on pricing. Oh no they're not bilking consumers and still make enough money to function, that must mean something shady is happening! Or maybe they're just a company who isn't all-in on ripping off consumers for overpriced tech gear?
  
  Also, the argument that some models force you to log in, sure, if you're a technically un-inclined dingus. If you are technically inclined, literally nothing is stopping you from installing something like OpenWRT/DD-WRT/FreshTomato on your TP-Link router and bypassing the login requirement entirely by replacing the firmware with an open source variant (note: DD-WRT isn't actually fully open like OpenWRT and FreshTomato). The point being that their two major arguments for why TP-Link are dangerous are defeated pretty damn simply.
  
  If I can avoid logging in by installing fresh firmware of my own, and the only other major argument they have is that they're selling at lower prices then competitors... well, that's pretty weak tea.
Yeah, it boils down to... who do you want seeing your data?

The Chinese? or the Americans?
- On one hand, I wouldn't trust the US with anything. On the other hand, there's a pretty good chance whatever they keep that data on catches on fire or has a plane fall on it.
TP-Link has a bad history of significant security vulnerabilities that have to either be gross negligence or intentional backdoors. Consumer router firmware is notoriously neglected in the grand scheme of tech, but TP-Link is exceptionally bad. Your average and even most above average techies probably have no idea unless they follow security releases or live in the security world. I personally wouldn't know much if anything about them if not for some YT content I watch about software and security. I don't love blanket blocking of stuff, but this one I feel is necessary to help protect an ignorant population.

I 100% agree with the sentiment that Trump is way more dangerous, because he is, but the two issues can be addressed (or not unfortunately) at the same time. If our reps won't stop Trump, and not going to be upset over he small wins that we do get.
- So, say I have a POE outdoor router that is TP-link. It is wired to my main router and is the network for outdoor cameras. How bad an idea is this?
- Do you have any links to the alleged bad history? I couldn't find anything, partly because the recent political theatre makes it hard to be informed.

Please yes, I look forward to cheaper routers due to oversupply.

I don't understand why they're considering a ban. People should be changing the default password on their router. If they aren't and they leak information that isn't theirs, tough shit, fine them. If they leak their own information, let them deal with the consequences.

There are so many people who just don't get tech though. I was just at my buddy's patents house, probably early 60s, and they have a random default SSID and password. It's like 15 digits long. Secure as can be. If they really bothered to type that in on all their devices, I'm thinking they were probably incapable of changing it through the software.
- Or they just didn't know how. Which is a distinct possibility. Some devices these days even let you share the Wi-Fi password through QR code or similar. So you don't have to enter it until every device.

Dumb policy but still fuck tp link routers. They never took security remotely seriously to the point where their products are known for being a good entry point into learning about exploiting embedded devices.

Don't really care or think the government spyware concerns are particularly legitimate but they definitely aren't secure products to have on your network

You sure you're not confusing TP-Link with D-Link? The latter has been the common attack surface I'm familiar with, and the former has been a staple for enthusiasts and as a tool for pentesters.
There's quite a few TP-Link Models that can be flashed with open source firmware. The ones I helped friends and family with seemed to get software updates consistently after being discontinued.

This isn't an all out endorsement, but I've certainly seen worse.

Every single consumer SOHO router is just a data mining security clusterfuck these days, brand is irrelevant. The only way to really get away from it is to run your own SBC or NUC with a wifi card and shit.

They make mini PCs with five Ethernet ports that are perfect for this sort of thing.
OpenWRT?
- Key word: consumer. You won’t find a single router on store shelves that the layman is not getting all of their data collected through.
Mikrotik is probably OK IMO.
- probably, lol. they don't even support openwrt

Banning TP-Link routers isn't going to do a damn thing to solve the problem of insecure routers, SOHO or otherwise. Too many people and companies set shit up and then ignore it until it breaks and under these conditions routers are always going to become insecure given a long enough timeline.

Fire up Shodan and see how many discontinued Cisco ASAs are out there. Hell you can probably still find some Cisco PIX boxes even though they went away nearly twenty years ago! Those aren't people doing that, those are COMPANIES.

The problem here isn't the brand or even the silicon that brand uses. It's with the utter lack of management (including EoL replacement) by the people using the damn things.

His economic moves will devalue the US Dollar and put it at risk as a reserve currency. Who is gonna step in? China.

China doesn’t want to become the world currency, but they do want a BRICS currency. This will take years, though.

Should we worry? About Trump's reciprocal tariffs which are going to plunge the world into the greatest recession since the 1930's, Trump breaking the post war Western alliance and making partner of Putin's Russa, or Trump dismantling of the Constitutional underpinnings of all American juris prudence? Oh, you're talking about some fucking router.

I buy a lot of TP-Link switches because they are cheap so please dont

The US Is Considering a TP-Link Router Ban—Should You Worry?