US could ban TP-Link routers over hacking fears: report

Original Article ↗ Hacker News Discussion ↗

Security concerns vs. geopolitics

  • Many see the move as partly justified: routers are critical choke points, TP-Link has a long vulnerability history, and Chinese state leverage over companies is viewed as a serious risk (botnets, infrastructure attacks, backdoors, coerced updates).
  • Others argue the focus is selective and political: all major router vendors have poor security track records, US/Western agencies also tamper with networking gear, and the US is not applying the same standard to domestic or allied companies.
  • Some say if the US were serious, it would enforce uniform security/privacy rules (including data-broker bans and anti‑“cloud lock‑in”) rather than targeting specific Chinese brands.
  • There’s debate over whether this is legitimate security hardening or protectionism to preserve US tech dominance and raise prices.

Router firmware, updates, and responsibility

  • Widespread consensus that consumer router firmware is generally bad: slow or nonexistent updates, many CVEs, insecure defaults, cloud dependence, and short support lifetimes.
  • TP-Link is called out for especially poor patching and update discipline; some suggest bans or tariffs should target insecure products regardless of country.
  • Proposals: regulators scan ISP address space for vulnerable routers, require ISPs to pressure/suspend customers until patched, and force vendors to allow third‑party firmware (OpenWRT/DD‑WRT) and not sell near‑EOL devices as “new”.
  • Some highlight that even “open” router stacks still rely on closed Wi‑Fi firmware blobs from chipset vendors.

Alternatives, brands, and architectures

  • Popular alternatives mentioned: Ubiquiti/UniFi, Mikrotik, Aruba Instant On, Ruckus (often off‑lease), GL.iNet, Protectli + pfSense/OPNsense, OpenWRT One, generic mini‑PCs as routers, and separate APs.
  • Experiences with TP-Link are mixed: some praise price/performance and reliability; others report instability, poor mesh behavior, forced registration, and dark patterns.
  • Several recommend a “router-as-PC + APs” approach for better control and longevity, but acknowledge complexity for non‑experts.

Home networking & IoT design debates

  • Strong thread arguing for:
    • Client isolation via VLANs or AP‑level mechanisms.
    • Default denial of Internet access for IoT, with local brokers (e.g., MQTT) mediating behavior.
    • APs evolving into trusted, frequently updated “edge platforms”.
  • Counterpoints: whitelisting Internet domains is hard at scale; vendors want cloud lock‑in; most users can’t manage VLANs; and “client isolation vs. easy casting/streaming” is a real usability trade‑off.