The real lesson here: If you're successful, don't skimp on security/software! Also, don't abandon software/firmware security support for your products so quickly.
If I was in charge over at TP-Link, getting news that tens of thousands of MY company's routers were compromised would have me furious! I'd be freaking out, making sure that we take immediate steps to improve software/firmware quality and to make sure we're in a constant state of trying to compromise our own hardware... To ensure no one else finds vulnerabilities before we do.
Instead, TP-Link seems to have just laughed and focused strictly on profit margins.
Yeah, that's not the lesson here at all. We're still in an era where you will suffer absolutely zero consequences for security lapses and breaches.
Everything that is happening with this administration is simply because it suits American foreign policy or the interests of one of the oligarchs. I mean this with absolutely no hyperbole: the pretense of there being any rule of law for the ultra-wealthy is gone. The White House is openly selling pardons, which have the added effect of cancelling out debts to the US government.
Tiktok getting banned? It had nothing to do with "national security". The government simply had less control over the content and the algorithm on Tiktok than they do on Meta and Google platforms.
Reading through this article, you have Microsoft pointing the finger at TP-Link. That's... rich. Becvause Microsoft has historically been horrible for security. It would take further investigation but I really wonder if TP-Link isn't just a convenient scapegoat.
TP-Link makes really solid products, and if you don’t want to use their firmware then almost all of them can easily flash OpenWRT. In fact most of their routers are built from OpenWRT anyway.
I installed their mesh Wi-Fi system for my parents recently and was really impressed how seamless the process was. It did involve making a cloud account which I wasn’t thrilled about, however.
I bought a cellphone from them many years ago and they never really supported it and I couldn't even buy a replacement battery.
Recently I bought a router with the firm intent of installing OpenWRT, but I received a newer revision that had a different CPU, less RAM, and less flash memory.
These events left a bad impression, but they do make affordable stuff with reasonable quality.
> Recently I bought a router with the firm intent of installing OpenWRT, but I received a newer revision that had a different CPU, less RAM, and less flash memory.
This also happened many years ago with Linksys (prior to Cisco). It’s not that uncommon for manufacturers to release new revisions of hardware without necessarily making it clear to the purchaser. If their purpose is to deliver a router and they can shave a few cents off the BOM with less RAM, but it still works with their software, why would they care. And once new revisions have been released into the supply chain, it can be hard to know exactly what version you are buying.
In the Linksys case, IIRC they eventually re-released the first revision WRT54G as the WRT54GL (for Linux), so that people who wanted different firmware could get the exact hardware they wanted.
I'm so glad there's other American drone manufacturers that cater to the consumer market, like Skydi-oh right, they stopped making consumer drones after the successes in forcing DJI out of the market.
>drones from the American company Skydio proved ineffective in Ukraine [notably, a Skydio drone was used by the U.S. Army to drop a combat grenade for the first time], as they were unreliable in front-line interference conditions.
>The problems with Skydio drones in Ukraine were reported last year, and the manufacturer acknowledged the poor quality of its products.
>According to Alex, a key issue with today's low-quality products is the "information gap among many European and American manufacturers about current battlefield conditions and the timing of when they receive this information."
Surprisingly
>Some of the most effective ones have included the German-made Vector drones and Polish-made FlyEye drones.
No. But which nation claims to be all about freedom, and which is known for restricting individual liberties for (whatever the people in charge consider to be) the greater good?
PRC restricts guns ownership, but to make your example less stupid, PRC shooting ranges has access to western pattern arms vs US where civies has more freedom to own guns but you know... not sanctioned Chinese origin guns. So even on muh 2nd amendment grounds, PRC within their right to play with guns (again not own), still less protectionist than US. Which mirrors how you know, almost every major US tech brands operated in PRC with reasonable controls/oversight but not vice versa.
You're from NZ, which perpetuated one of the most brutal COVID lockdowns, including allowing police to enter homes without a warrant to enforce quarantine and restrictions.
The US routinely bans unsafe products. Far east garbage riddled with security holes are unsafe products.
I have TP-Link Deco's for our WiFi, sitting behind a Firewalla Gold. This has been by far the nicest, simplest at home setup I've ever deployed. Do I love that I chose TP-Link? No. But price to purpose it was the best product available to me at the time.
If TP-Link gets banned, my concern is what that means for the massive market share in the US. Warranty? Software updates? Or maybe that action is what turns them into an agent of the state. Or do you horde all the hardware until its valuable like DJI parts are today?
I thought it was the Chinese owner of Tiktok that got paid money.
What is your evidence that the US government was paid any money as part of that deal (over and above any taxes that would have been incurred by any sale of any business).
As a hardware founder, low quality plastic is not rocket science. On trips to China I’ve heard similar things about other companies, specifically that Foxconn makes everything it uses, including things like coolant or plastic for prototype production.
Does anyone know what their chips are doing? Do you, really?
Until we have desk side silicon fabrication/placement, with accompanying tunnelling microscope features, we simply cannot trust our silicon in any way other than through utterly peaceful means, which is to say, through systems of human trustworthiness.
Technology never allows us humans to advance sufficiently well to do without it .. unless it is evenly distributed.
Right now we are all at the mercy of the masters of silicon. This is no joke!
Per company government acquisition "bans" are stupid for PR and security reasons. Brand-specific banlists are whackamole when the same hardware and software will be immediately duplicated with another cat-walks-on-keyboard brand name that will disappear within a year.
Instead, there should be in-depth, enforced audit, compliance, and evaluation standards for gear for particular purposes. If it doesn't meet particular standard(s), then it can't be purchased or used.
I don't get what to make of this. Is it all just security theater? The idea of having consumer networking hardware that isn't riddled with security vulnerabilities seems to be a ship that sailed long ago. I doubt this move will prevent major nation states from hacking into whatever they want.
But Sir! We are talking here between USA <eagle sound> versus rest of the world that’s unsafe and all the time attacking USA people privacy. Cisco is India based, not American!
disclaimer: not connected in any way with Cisco, just disappointed business customer.
The fact that TP-Link products are vastly better and cheaper than all their numerous competitors is indeed a bit strange. You have to either think that all the people at Linksys, Netgear, D-link, etc. are incompetents or that something a bit out of the ordinary is going on at TP-Link...
Eero used to be pretty close. Years ago, I used to stalk the subreddit despite never owning an Eero just because the (US based) devs would often drop knowledge bombs. AFAIK they wrote the entire software stack in house.
I have no idea if that's still the case, especially post AMZ, but worth looking into if so.
"TP-Link Systems told The Post it has sole ownership of some engineering, design and manufacturing capabilities in China that were once part of China-based TP-Link Technologies, and that it operates them without Chinese government supervision."
Is that even possible? Or do you always have to be on good terms with the Chinese government to own engineering, design, and manufacturing capabilities in China?
I've been really happy with the TP-Link smart plugs. I keep upgrading them as The Latest Standard That's Definitely The Real One This Time Trust Us Bro comes out, and the Matter ones are excellent. Getting an instant response from them is really nice. I see no reason to buy others.
I would buy only Hue but that's because I have more money than sense, and they don't actually make smart plugs last time I looked, they make plugs but label them all as lights in the app, which is more annoying than it sounds.
The real problem to solve ditching TP-Link _routers_ is that all routers are uniformly fucking awful, and all you are doing is choosing your particular poison. This is especially true after Apple exited the game so long ago. I use Google Wifi because it mostly works most of the time, but that's not glowing praise. But the world has become trained that rebooting a router once a week and praying that it works when it comes back is a perfectly normal state of affairs and we couldn't possibly do this any better.
I would buy only Hue but that's because I have more money than sense, and they don't actually make smart plugs last time I looked,
Ikea makes Zigbee smart plugs with power monitoring (Inspelning) that are ~10 Euro here (probably $10 in the US). Also Zigbee does not have all the security issues, since it is purely local and will talk with whatever hub/bridge you choose, e.g. Homey, Hubitat, or if you want to go free software Home Assistant or zigbee2mqtt.
It's somewhat insane to me that people use WiFi plugs for actuating things that actuate real-life electrical devices. Even more from companies that have a bad security reputation. Zigbee or Z-Wave all the way or possibly Matter over Thread, but the only Matter device that I had (an upgraded Eve Energy plug) has been a pain.
The real problem to solve ditching TP-Link _routers_ is that all routers are uniformly fucking awful, and all you are doing is choosing your particular poison. This is especially true after Apple exited the game so long ago.
I switched to Unifi gear (Cloud Gateway Max, two of their U7 access points, and a bunch of their managed switches) and they are a dream to set up. Making VLANs, associating VLANs with SSIDs, etc. is so easy. I had a TP Link managed switch and the interface was a huge pile of crap and I saved it several times after misconfiguration by virtue of it having a serial console. I only used it for two months or so because it was so frustrating.
I have some TP-Link smart plugs and was happy with them for a long time because their app could be used without an account. Then I recently got the new version of the app and it forces an account, there's no more guest mode. I'm done with TP-Link now.
I don't have any particular opinion on TP-Link (never used their products), but the idea that a low-cost vendor targeting home and SMB users is somehow a state-level agent trying to compromise those users... needs evidence.
I mean, in the case of actors like Huawei, you can at least credibly make the argument that the continued access of their support staff to internal provider networks is a significant risk, but that vector is entirely absent here.
Sure, embedded firmware has been, is, and will continue to be a tire fire prone to embarrassing compromises, but containing those is mostly about notification and containment by government agencies (which the current US administration is doing their utmost best to kneecap) and/or large ISPs (which in the US have traditionally never cared).
Forcing "foreign" products off the market in favor of "domestic" replacements with the exact same, if not worse, flaws won't fix a thing, unless you put some pretty significant controls into place that nobody is willing to enforce or even outline.
But it does provide ample opportunity to profit personally, and that’s much more of a priority for the current federal administration than fixing anything.
I don’t like that TP Link routers regularly force you to accept new terms of service within their app. If you don’t, then you can’t access much of their configuration options. Basically you get locked out of your own device. I feel like these dark patterns should be illegal.
The real lesson here: If you're successful, don't skimp on security/software! Also, don't abandon software/firmware security support for your products so quickly.
If I was in charge over at TP-Link, getting news that tens of thousands of MY company's routers were compromised would have me furious! I'd be freaking out, making sure that we take immediate steps to improve software/firmware quality and to make sure we're in a constant state of trying to compromise our own hardware... To ensure no one else finds vulnerabilities before we do.
Instead, TP-Link seems to have just laughed and focused strictly on profit margins.
Or maybe, don't capture 50% market share in a country that's decided your country of origin is the threat of the decade.
Yeah, that's not the lesson here at all. We're still in an era where you will suffer absolutely zero consequences for security lapses and breaches.
Everything that is happening with this administration is simply because it suits American foreign policy or the interests of one of the oligarchs. I mean this with absolutely no hyperbole: the pretense of there being any rule of law for the ultra-wealthy is gone. The White House is openly selling pardons, which have the added effect of cancelling out debts to the US government.
Tiktok getting banned? It had nothing to do with "national security". The government simply had less control over the content and the algorithm on Tiktok than they do on Meta and Google platforms.
Reading through this article, you have Microsoft pointing the finger at TP-Link. That's... rich. Becvause Microsoft has historically been horrible for security. It would take further investigation but I really wonder if TP-Link isn't just a convenient scapegoat.
TP-Link makes really solid products, and if you don’t want to use their firmware then almost all of them can easily flash OpenWRT. In fact most of their routers are built from OpenWRT anyway.
I installed their mesh Wi-Fi system for my parents recently and was really impressed how seamless the process was. It did involve making a cloud account which I wasn’t thrilled about, however.
TP-Link let me down twice.
I bought a cellphone from them many years ago and they never really supported it and I couldn't even buy a replacement battery.
Recently I bought a router with the firm intent of installing OpenWRT, but I received a newer revision that had a different CPU, less RAM, and less flash memory.
These events left a bad impression, but they do make affordable stuff with reasonable quality.
> Recently I bought a router with the firm intent of installing OpenWRT, but I received a newer revision that had a different CPU, less RAM, and less flash memory.
This also happened many years ago with Linksys (prior to Cisco). It’s not that uncommon for manufacturers to release new revisions of hardware without necessarily making it clear to the purchaser. If their purpose is to deliver a router and they can shave a few cents off the BOM with less RAM, but it still works with their software, why would they care. And once new revisions have been released into the supply chain, it can be hard to know exactly what version you are buying.
In the Linksys case, IIRC they eventually re-released the first revision WRT54G as the WRT54GL (for Linux), so that people who wanted different firmware could get the exact hardware they wanted.
So much freedom in America lately. TP-Link, DJI, BYD, must be great to never have these options.
I'm so glad there's other American drone manufacturers that cater to the consumer market, like Skydi-oh right, they stopped making consumer drones after the successes in forcing DJI out of the market.
and their mil drones are subpar
https://en.defence-ua.com/news/which_western_drones_have_sho...
https://www.defensenews.com/global/europe/2025/11/07/of-fibe...
>drones from the American company Skydio proved ineffective in Ukraine [notably, a Skydio drone was used by the U.S. Army to drop a combat grenade for the first time], as they were unreliable in front-line interference conditions.
>The problems with Skydio drones in Ukraine were reported last year, and the manufacturer acknowledged the poor quality of its products.
>According to Alex, a key issue with today's low-quality products is the "information gap among many European and American manufacturers about current battlefield conditions and the timing of when they receive this information."
Surprisingly
>Some of the most effective ones have included the German-made Vector drones and Polish-made FlyEye drones.
Can a civilian buy an AR-15 in China?
You're comparing apples to oranges here. The USA is supposed to be capitalistic, free market, yada yada. China doesn't make that claim.
The main point the comment you replied to is trying to make is that the US doesn't put their money where their mouth is.
No. But which nation claims to be all about freedom, and which is known for restricting individual liberties for (whatever the people in charge consider to be) the greater good?
It's really silly to judge nations on their claims rather than their outcomes.
PRC restricts guns ownership, but to make your example less stupid, PRC shooting ranges has access to western pattern arms vs US where civies has more freedom to own guns but you know... not sanctioned Chinese origin guns. So even on muh 2nd amendment grounds, PRC within their right to play with guns (again not own), still less protectionist than US. Which mirrors how you know, almost every major US tech brands operated in PRC with reasonable controls/oversight but not vice versa.
You're from NZ, which perpetuated one of the most brutal COVID lockdowns, including allowing police to enter homes without a warrant to enforce quarantine and restrictions.
The US routinely bans unsafe products. Far east garbage riddled with security holes are unsafe products.
Virtually every home router and a whole lot of small business routers should be considered “national security risks”.
TP-Link may be sore for getting singled out but they are certainly not unique.
I have TP-Link Deco's for our WiFi, sitting behind a Firewalla Gold. This has been by far the nicest, simplest at home setup I've ever deployed. Do I love that I chose TP-Link? No. But price to purpose it was the best product available to me at the time.
If TP-Link gets banned, my concern is what that means for the massive market share in the US. Warranty? Software updates? Or maybe that action is what turns them into an agent of the state. Or do you horde all the hardware until its valuable like DJI parts are today?
My guess is they’ll be forced to sell their US division to whatever company gives the government the most money (sort of like the Oracle-Tiktok deal).
I thought it was the Chinese owner of Tiktok that got paid money.
What is your evidence that the US government was paid any money as part of that deal (over and above any taxes that would have been incurred by any sale of any business).
> The company says it researches, designs, develops and manufactures everything except its chipsets in-house.
So, the plastic bits?
Presumably the software, the boards, connectors, antenna design, etc.
> connectors, antenna design
And also passives like SMD resistors. They are also refining copper and iron from raw ore. /s
They actually make their own iron in the heart of a dying star.
They actually manufacture a synthetic star from which they gather their elements.
As a hardware founder, low quality plastic is not rocket science. On trips to China I’ve heard similar things about other companies, specifically that Foxconn makes everything it uses, including things like coolant or plastic for prototype production.
Does anyone know what their chips are doing? Do you, really?
Until we have desk side silicon fabrication/placement, with accompanying tunnelling microscope features, we simply cannot trust our silicon in any way other than through utterly peaceful means, which is to say, through systems of human trustworthiness.
Technology never allows us humans to advance sufficiently well to do without it .. unless it is evenly distributed.
Right now we are all at the mercy of the masters of silicon. This is no joke!
Absolutely. We'll never be 100% free until we can fabricate computers at home, just like we can write our own software at home.
Even with desk-side silicon fabrication, one would have to hope the hardware/software with the design tools wasn’t already backdoor-ed…
Reflections on trusting trust...
Per company government acquisition "bans" are stupid for PR and security reasons. Brand-specific banlists are whackamole when the same hardware and software will be immediately duplicated with another cat-walks-on-keyboard brand name that will disappear within a year.
Instead, there should be in-depth, enforced audit, compliance, and evaluation standards for gear for particular purposes. If it doesn't meet particular standard(s), then it can't be purchased or used.
I don't get what to make of this. Is it all just security theater? The idea of having consumer networking hardware that isn't riddled with security vulnerabilities seems to be a ship that sailed long ago. I doubt this move will prevent major nation states from hacking into whatever they want.
I'll just leave this little NSA intercepting Cisco products reminder here: https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa...
SSL added and removed here! :)
But Sir! We are talking here between USA <eagle sound> versus rest of the world that’s unsafe and all the time attacking USA people privacy. Cisco is India based, not American!
disclaimer: not connected in any way with Cisco, just disappointed business customer.
If only there were US manufacturers that could produce things at a decent price and didn't actively hate their customers.
The fact that TP-Link products are vastly better and cheaper than all their numerous competitors is indeed a bit strange. You have to either think that all the people at Linksys, Netgear, D-link, etc. are incompetents or that something a bit out of the ordinary is going on at TP-Link...
Eero used to be pretty close. Years ago, I used to stalk the subreddit despite never owning an Eero just because the (US based) devs would often drop knowledge bombs. AFAIK they wrote the entire software stack in house.
I have no idea if that's still the case, especially post AMZ, but worth looking into if so.
I’m sure there’s some way to inject advertising - otherwise it’s just leaving money on the table.
I'm old enough to remember most cable modems and set-top boxes being manufactured in the US.
They were... not great...
There is, but corporate greed doesn't allow it.
"TP-Link Systems told The Post it has sole ownership of some engineering, design and manufacturing capabilities in China that were once part of China-based TP-Link Technologies, and that it operates them without Chinese government supervision."
Is that even possible? Or do you always have to be on good terms with the Chinese government to own engineering, design, and manufacturing capabilities in China?
I've been really happy with the TP-Link smart plugs. I keep upgrading them as The Latest Standard That's Definitely The Real One This Time Trust Us Bro comes out, and the Matter ones are excellent. Getting an instant response from them is really nice. I see no reason to buy others.
I would buy only Hue but that's because I have more money than sense, and they don't actually make smart plugs last time I looked, they make plugs but label them all as lights in the app, which is more annoying than it sounds.
The real problem to solve ditching TP-Link _routers_ is that all routers are uniformly fucking awful, and all you are doing is choosing your particular poison. This is especially true after Apple exited the game so long ago. I use Google Wifi because it mostly works most of the time, but that's not glowing praise. But the world has become trained that rebooting a router once a week and praying that it works when it comes back is a perfectly normal state of affairs and we couldn't possibly do this any better.
I would buy only Hue but that's because I have more money than sense, and they don't actually make smart plugs last time I looked,
Ikea makes Zigbee smart plugs with power monitoring (Inspelning) that are ~10 Euro here (probably $10 in the US). Also Zigbee does not have all the security issues, since it is purely local and will talk with whatever hub/bridge you choose, e.g. Homey, Hubitat, or if you want to go free software Home Assistant or zigbee2mqtt.
It's somewhat insane to me that people use WiFi plugs for actuating things that actuate real-life electrical devices. Even more from companies that have a bad security reputation. Zigbee or Z-Wave all the way or possibly Matter over Thread, but the only Matter device that I had (an upgraded Eve Energy plug) has been a pain.
The real problem to solve ditching TP-Link _routers_ is that all routers are uniformly fucking awful, and all you are doing is choosing your particular poison. This is especially true after Apple exited the game so long ago.
I switched to Unifi gear (Cloud Gateway Max, two of their U7 access points, and a bunch of their managed switches) and they are a dream to set up. Making VLANs, associating VLANs with SSIDs, etc. is so easy. I had a TP Link managed switch and the interface was a huge pile of crap and I saved it several times after misconfiguration by virtue of it having a serial console. I only used it for two months or so because it was so frustrating.
Eve smart plugs are solid and don’t have any unnecessary cloud stuff.
I have some TP-Link smart plugs and was happy with them for a long time because their app could be used without an account. Then I recently got the new version of the app and it forces an account, there's no more guest mode. I'm done with TP-Link now.
I don't have any particular opinion on TP-Link (never used their products), but the idea that a low-cost vendor targeting home and SMB users is somehow a state-level agent trying to compromise those users... needs evidence.
I mean, in the case of actors like Huawei, you can at least credibly make the argument that the continued access of their support staff to internal provider networks is a significant risk, but that vector is entirely absent here.
Sure, embedded firmware has been, is, and will continue to be a tire fire prone to embarrassing compromises, but containing those is mostly about notification and containment by government agencies (which the current US administration is doing their utmost best to kneecap) and/or large ISPs (which in the US have traditionally never cared).
Forcing "foreign" products off the market in favor of "domestic" replacements with the exact same, if not worse, flaws won't fix a thing, unless you put some pretty significant controls into place that nobody is willing to enforce or even outline.
But it does provide ample opportunity to profit personally, and that’s much more of a priority for the current federal administration than fixing anything.
I don’t get the end game here D-link isn’t any better. Are we heading for isp enforced hardware in our homes?
God help us.
I don’t like that TP Link routers regularly force you to accept new terms of service within their app. If you don’t, then you can’t access much of their configuration options. Basically you get locked out of your own device. I feel like these dark patterns should be illegal.