What a mess this is going to be.
A great exception would be allowing blanked BYO firmware devices ready to become routers and then flashing them in the US. There are several vendors selling openwrt based routers and that is a 25 year old very stable project starting on the old wrt54g router.
I am very satisfied with my openwrt based router, which I reflashed to standard OpenWRT just to be sure, though wish I had a better CPU for VPN’ing all of my data through to my VPS. I probably should look at something like the openwrt-ready Banana Pi BPI R3 Router Board with case kit, two A53 CPUs onboard and good memory too, I cheaped out and got a little pocket size hotel router.
If you already use linux, if you browse this tech forum, I cant see a good reason, including price, for anyone here to not use an openwrt capable router.
There sitll could be sketchy chips on some imprtted stuff with evil hidden firmware but I am not sure that scales well.
1 Like
After all, they’d already gone through the FCC’s authorization process
This is an illogical comment though. The FCC does not vet the software (or hardware) for whether the device has a backdoor. Or at least I assume that is the case since it would be basically impossible to vet for that unless the source is available.
manufacturers can continue providing software and firmware updates “at least until March 1, 2027.” That means if you own a foreign-made router – if you own any router, in other words – it won’t be able to get security patches after that deadline.
Possibly getting alarmist?
“At least until” admits the possibility that updates will be allowed after that date - and the FCC Notice specifically canvases the possibility that the deadline will be extended.
What would a decision by the FCC to extend the deadline be based on? They don’t say. But I would guess that it ought to be based on the availability of a thriving market of US-made devices.
If it is true today that there are 0 routers that are fully US-made and if it is still true in the lead-up to March 1, 2027 then not extending the deadline could be a case of cutting off their nose to spite their face.
Or indeed what is a router?
To me, a router is any device that can access two different networks (and pass traffic between those two networks). As such, any device that has two ethernet ports can be router - if it is running the right software?
So what happens if (hypothetically) I buy an x86 computer that has two ethernet ports, which computer is not sold as a router, install Linux, and configure it up to treat the two ports as being different networks, and configure it to route between those networks?
I believe there may even be distros around that are specifically set up for that purpose.
True. That’s a fairly difficult problem to solve.
If they’re banned completely, no need to vet them!
So OLD foreign-made routers are not included the subject line. Hooray for the aftermarket! Expect a flood of old routers on eBay!
Other than some Chinese re-chipped backbone Cisco routers back in the 2000s what else is actually a problem at a hardware level. What is leading this new US-made only rule, are we seeing home routers phone-home to China, Iran, Quatar, DPRK?
- Projection. The US is remembering how easy it was for the NSA to plant backdoors into our CISCO routers. [Snowden revealed this in 2014.]
- Protectionism. Stimulate US router production by banning anything new so we only need to compete with outdated stuff. [Edit: Similar to why we don’t see BYD in the US.]
1 Like
Logic is not a consideration in the current USG.
And your point is?
Valid reasoning not required.
1 Like
The Turris Omnia NG is essentially an ARM minipc with openwrt based firmware and a decent amount of RAM and flash memory, but it doesn’t yet have FCC approval because they they got around to applying. I think their customer base is primarily EU based and they are a small operation so they might not bother to market a bare version. They aren’t able to push their openwrt mods upstream because they require more RAM than many (almost all?) openwrt capable routers have, e.g. btrfs. Turris OS is open source, but does anyone really believe the FCC would actually audit it at all, much less in good faith?
FOr the DIY board routers I would be surprised if it needed approval at all, the wifi module is already certified. Like I said it is really worth the money to get a good CPU and memory so you can run a fast VPN to elsewhere where you have a privacy VPS as well as running stuff like blacklists or whitelists and maybe even an internal bind server to self-resolve addresses. The DNS is more of a deal than you might think; I had quad9 suspecting my privacy cloud storage when rclone attached to a privacy VPS and redirecting data flow to something in Canada(all of my infrastructure is in Europe) and nearly stopping data flow(~100s KB/S), and that is supposed to be a privacy friendly service(changing DNS resolv fixed the Canada diversion issue). IDK maybe there really was some sort of abuse involved by users of one of the services(I let my cloud storage work directly with quad9 and resulting policy changes looked like abuse of multiplexed free tier service accounts) or it was the NSA mass snooping. I guess there is a realistic attitude that privacy related stuff will suffer abuse and it is best to host as much infrastructure and service yourself or complete independent nodes inside one or more datacenters and not try to patch server and storage together over hundreds of km and then also relying on out-of-house DNS.
So, uh, Librem wifi router?
…yeah, I doubt this is actually going to last for long enough that it’ll even make sense to design one. It’s so uncommon that anything good comes out of anything.
All electronics that deal with frequencies in any radio band (including harmonics and sub-harmonics) need FCC approval whether or not they have a radio transmitter or receiver.
Perhaps someone should ask the US government that.
I would say: a growing awareness of how utterly dependent society is becoming on tech, and a clear understanding of how brittle it all is in the face of widespread backdooring and/or vulnerabilities.
I would add to that: an understanding that quite a few countries have now passed laws that give the government the power to force manufacturers to insert backdoors. China is the obvious one but China is not the only one.