Router Company Lazily Blocks Open Source Router Firmware, Still Pretends To Value 'Creativity'
from the unintended-consequences dept
Last fall, you might recall that the hardware tinkering community (and people who just like to fully use the devices they pay for) was up in arms over an FCC plan to lock down third-party custom firmware. After tinkering enthusiasts claimed the FCC was intentionally planning to prevent them from installing third-party router options like DD-WRT and Open-WRT, we asked the FCC about the new rules and were told that because modified routers had been interfering with terrestrial doppler weather radar (TDWR) at airports, the FCC wanted to ensure that just the radio portion of the router couldn't be modified.The FCC stated at the time that locking down the full, broader use of open source router firmware entirely was absolutely not their intent:
"Our rules do permit radios to be approved as Software Defined Radios (SDRs) where the compliance is ensured based on having secure software which cannot be modified. The (FCC's) position is that versions of this open source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF parameters. It depends on the manufacturer to provide us the information at the time of application on how such controls are implemented.The FCC also updated the guidance in question (pdf) and penned a blog post that tried to explain all this. But while the FCC may not have intended to block third-party firmware, many worried that because many routers have "system on chip" -- where the CPU and radio exist in a single package -- router vendors would "solve" the problem by just taking the cheapest and easiest path and locking down firmware entirely. And that's precisely what appears to be happening -- at least with one router manufacturer.
Gearmaker TP-Link recently posted a notice to the company's website announcing that as of June of this year, it would be locking down firmware installations on its routers entirely. In a statement, the company blames the FCC for the fact it's taking the lazy route and annoying its more technically-proficient customers:
"The FCC requires all manufacturers to prevent user from having any direct ability to change RF parameters (frequency limits, output power, country codes, etc.) In order to keep our products compliant with these implemented regulations, TP-LINK is distributing devices that feature country-specific firmware. Devices sold in the United States will have firmware and wireless settings that ensure compliance with local laws and regulations related to transmission power."Again, TP-Link could work with the community and developers to ensure users can mod everything but radio parameters, but it's being cheap and lazy. The company's statement then adds insult to injury by pretending it still values the community's "creativity":
"As a result of these necessary changes, users are not able to flash the current generation of open-source, third-party firmware. We are excited to see the creative ways members of the open-source community update the new firmware to meet their needs. However, TP-LINK does not offer any guarantees or technical support for customers attempting to flash any third-party firmware to their devices."So, hey kids, we're locking down your ability to be creative starting this June, but go be creative! In one blow, TP-Link is not only alienating a large number of potential customers, but making networks less secure (since custom firmware tends to be more secure and updated more religiously among the tinkering faithful).
I've reached out to the FCC for comment, but wasn't able to glean any more detail from the agency beyond what has already been said. And while the TP-Link lockdown may have not been the FCC's plan or its fault directly, it may very well be a very ugly, unintended consequence. It's a shame that an agency that has been a bit more consumer friendly in terms of opening up other hardware and beefing up broadband competition didn't spend more time thinking this through.
Fortunately, TP-Link isn't exactly a brand favorite for most router buyers anyway, and the company's language leaves some wiggle room to suggest that while "the current generation" of open-source third-party firmware won't work on routers made after June 1, future versions of this same firmware may. TP-Link also appears to be the only vendor doing this (so far at least, please correct me in the comments if this has changed). With any luck, a few competing router vendors will see this as an opportunity to not be lazy and alienate customers -- but to compete by providing gear that still respects a user's freedom to tinker.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: dd-wrt, fcc, firmware, open source, open-wrt, router
Companies: tp-link
Reader Comments
The First Word
“Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I have one flashed as a Library Box and the other I flashed as a Pirate Box. I find them to be useful portable tools, and it makes me sad if they're going to kill off this sort of innovation.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Netgear...
[ link to this | view in chronology ]
Wait for it... "Market forces!"
...in the meanwhile we will see the resale market of the older model have an increased demand and drive up prices... that in turn MAY be used by TP-Link as an indicator that there is demand for a split chip model. Naturally that will be more expensive at first but hopefully drop in price over time.
Another question is if other manufactures get on the cheap and lazy bandwagon or try to differentiate themselves and use it to compete.
Regardless it is likely that in the short term acquiring hardware that supports custom software is going to get more expensive.
[ link to this | view in chronology ]
I'm not terribly worried
a) Buy a non-US TP-Link router directly from China.
b) I'm sure their security will live up to the quality standards that Chinese companies who compete for the low-end of the consumer market are known for and it will probably take another 5 minutes to bypass their security.
[ link to this | view in chronology ]
Re: I'm not terribly worried
[ link to this | view in chronology ]
Maybe for average consumers, but for those who use firmware like OpenWrt they're a great value. Obviously that market is too small to make financially sense in catering to though.
[ link to this | view in chronology ]
Re:
> Maybe for average consumers, but for those who use firmware like OpenWrt they're a great value. Obviously that market is too small to make financially sense in catering to though.
I have a basic philosophy for buying any computer products:
*) Decent support for FOSS is a surprisingly good indicator of "under the surface" quality
*) If it doesn't support FOSS (Linux, DD-WRT, CUPS, or whatever is pertinent, then I'm not buying it for myself, and recommending against it for anyone who asks my opinion.
Before buying (or recommending) any router, I confirm that the model in question has good, full-featured, alternate firmware (and that it can be installed without too much hassle).
(I might not even actually install it -- but not having the option is a deal-breaker. Some people laugh, or think I'm anal-retentive, but I've been burned too many times -- going back to the days of Win-modems and Win-printers.)
I currently have a couple of TP-Link routers in my home. I've been pretty satisfied with them. I've recommended them to others as well. Some people sneer at the brand, but I've found them steady, reliable, and thanks to 3rd-party firmwares, I've been able to place on-going confidence in them.
* * * * * * *
In this era where
(a) "black hats" are known to hack routers as a "low profile" exploit that easily hides from the usual counter-measures (especially the measures typical for the home or small-business user), and
(b) manufacturers are notoriously lax about maintaining and distributing security patches on this kind of "sell-and-forget" essential hardware, even though the security implications are significant, I consider this precaution to be simply your basic "smart consumer" knowledge and self-protection.
* * * * * * *
It looks like TP-Link has lost my future business
-- and that of the friends and acquaintances that seek my advice or help on such matters.
Most people don't know and won't care -- but many of them will be getting advice from people who do.
[ link to this | view in chronology ]
FCC is in an interesting position...
The average programmer with a router and a knob that can be turned that says power is going to turn it up.
TP Link is just doing the short term financial math that locking down the firmware will protect them from governmental fines, while perhaps reducing repeat buyers of their products.
[ link to this | view in chronology ]
Re: FCC is in an interesting position...
[ link to this | view in chronology ]
No more TP-Link?
I have never installed custom software on one of my routers and I get that TP-Link has no obligation to allow it but if they had not allowed it for technical or marketing reasons, I would not have cared but to surrender to governments in disregard of free peoples, I am offended and assume they're enemies of freedom.
Then, on the other hand, there's a TP link to this TP-Link story. A couple of years ago, Charmin reduced the size of it's toilet paper for the 6th time in 9 years. A big fan (at the time) of Charmin, I was very upset by the change and protested on their Facebook site that I would never buy Charmin again until they reversed themselves. Unfortunately, when I went into the grocery store, I found that all of the toilet paper makers did the same thing and at the same time. No matter which I bought, I had the same size. So what good was my protest when the entire industry did it at the same time? (Proof of price fixing? I think it is.)
So, what's the tp link to this TP-Link story? Well, I could refuse to buy TP-Link but it won't matter because all of the manufacturers will do the same if required by the FCC. In a few months they will all have the same limitation.
[ link to this | view in chronology ]
Interpretation
[ link to this | view in chronology ]
Re: Interpretation
We have created a router with firmware that cannot be modified, and even if it is we don't support it, so don't blame us.
[ link to this | view in chronology ]
Just playing the devil's advocate here, but exactly *how much* time and money are companies expected to spend finding ways around stupid government regulations? Is there some kind of minimum? Does it scale with the size and location of the company? I mean, separating the firmware for two systems on the same chip is not a trivial task. That's half the reason to put all your systems on one chip in the first place
[ link to this | view in chronology ]
Re:
Exactly as much as is necessary to make the product desirable to their target market. Whether or not this is a good business decision for them remains to be seen.
Personally, I have yet to see a consumer router whose software I both trust and meets my needs, so not being able to provide my own firmware is a showstopper. It's not that I expect TP-Link to put the time and money into making this possible, it's that if they don't then I will simply buy a different router.
[ link to this | view in chronology ]
Re:
You missed the mark here, Bode. By a wide margin.
[ link to this | view in chronology ]
Guess what I bought last week?
https://db.tt/2YX1Qa3F (since an IMG tag doesn't seem to be allowed)
[ link to this | view in chronology ]
TP-Link Lockdown..
[ link to this | view in chronology ]
Powah to 11
What I don't get is having hardware capable of exceeding those limits through software modification. That is just plain stupid and resource wasteful asfar as I can figure.
[ link to this | view in chronology ]
Re: Powah to 11
[ link to this | view in chronology ]
Re: Re: Powah to 11
It's done for the same reason that so many appliances use transformers that let them work on both 110 60Hz mains and 220 50Hz mains, even though that costs a bit more to manufacture. The savings in having a single design more than makes up for it.
[ link to this | view in chronology ]
The FCC work is pretty pointless
Locking out the FOSS community will not change the fact that any radio can use a high gain directional antenna. The FCC limits the antennas too, but they are trivial to buy or build. Anyone interested enough to re-flash a TP-Link router may well have the interest to modify antennas too.
In closing, locking out FOSS wifi tools is a short trip to inscure networking. Having a uniform, proven, and familiar software toolset beats proprietary, briefly supported commercial softwares in a lot of ways. Further, one can use proven tools, like the linux netfilter firewall, that have a real track record, unlike the inevitably aging code running on commercial routers. The FOSS tools are more secure that way.
[ link to this | view in chronology ]
Re: The FCC work is pretty pointless
I hope the FCC allows similarly light protections for firmware, like allowing a third-party firmware to declare (through some binary header) that it will enforce FCC rules.
[ link to this | view in chronology ]
Would a wifi chipset that would not allow a certain setting pass the new rules? If so, this could be a wifi firmware change that would implement this lock-down.
[ link to this | view in chronology ]
The same as my atm pin
[ link to this | view in chronology ]
TP-Link: Not Recommended
[ link to this | view in chronology ]
Kill everyone
[ link to this | view in chronology ]
Oh, you don't want to pay more either? Then you can buy or design another router on your own. Engineering, for both software and hardware, is not cost-free, even if you'd like to be nice to an enthusiast community.
The way this will really play out is that the market will decide if it wants to invest more money in a redesigned product that will allow the modifiability that you desire while still complying with new regulations.
And this is as it should be.
[ link to this | view in chronology ]
Cisco, Juniper TP-Link ALL have massive open backdoors and security weaknesses put there at the direct request of the NSA.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Recently Cisco dropped it's UK support entirely because otherwise it would have turn over some VERY damning evidence.
[ link to this | view in chronology ]
One question: Was there an actual problem in the first place?
It smells like a mostly theoretical problem, and that the new rule is over-kill for something that rarely if ever actually occurs -- and most likely will still be a problem, after this regulation has allegedly dealt with it, because this is essentially a "scapegoating" and/or "band-aid" response, rather than an effective solution).
[ link to this | view in chronology ]
TP-Link isn't the only one doing this
Big PITA. But still - what's to stop me from breaking out a JTAG and flashing whatever I want?
[ link to this | view in chronology ]
Thanks
This is a nice steps which taken by router industry.I am A Dlink tech support employee.I am believing in change
[ link to this | view in chronology ]
Wireless Router
Hi Junior , if you want to increase the security of the files transfer from one device to another through the internet then you must use the wireless mobile router with four antinas because the range of this router is very high and also send a message to the user if someone try to hack your system files .otherwise the files of your system are not secure and every one hack these files easily ,so you must use the wireless mobile router for increasing the security of your system files . Thanks.
[ link to this | view in chronology ]