Router Company Lazily Blocks Open Source Router Firmware, Still Pretends To Value 'Creativity'

from the unintended-consequences dept

Mon, Mar 28th 2016 2:04pm — Karl Bode

Last fall, you might recall that the hardware tinkering community (and people who just like to fully use the devices they pay for) was up in arms over an FCC plan to lock down third-party custom firmware. After tinkering enthusiasts claimed the FCC was intentionally planning to prevent them from installing third-party router options like DD-WRT and Open-WRT, we asked the FCC about the new rules and were told that because modified routers had been interfering with terrestrial doppler weather radar (TDWR) at airports, the FCC wanted to ensure that just the radio portion of the router couldn't be modified.

The FCC stated at the time that locking down the full, broader use of open source router firmware entirely was absolutely not their intent:

"Our rules do permit radios to be approved as Software Defined Radios (SDRs) where the compliance is ensured based on having secure software which cannot be modified. The (FCC's) position is that versions of this open source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF parameters. It depends on the manufacturer to provide us the information at the time of application on how such controls are implemented.

The FCC also updated the guidance in question (pdf) and penned a blog post that tried to explain all this. But while the FCC may not have intended to block third-party firmware, many worried that because many routers have "system on chip" -- where the CPU and radio exist in a single package -- router vendors would "solve" the problem by just taking the cheapest and easiest path and locking down firmware entirely. And that's precisely what appears to be happening -- at least with one router manufacturer.

Gearmaker TP-Link recently posted a notice to the company's website announcing that as of June of this year, it would be locking down firmware installations on its routers entirely. In a statement, the company blames the FCC for the fact it's taking the lazy route and annoying its more technically-proficient customers:

"The FCC requires all manufacturers to prevent user from having any direct ability to change RF parameters (frequency limits, output power, country codes, etc.) In order to keep our products compliant with these implemented regulations, TP-LINK is distributing devices that feature country-specific firmware. Devices sold in the United States will have firmware and wireless settings that ensure compliance with local laws and regulations related to transmission power."

Again, TP-Link could work with the community and developers to ensure users can mod everything but radio parameters, but it's being cheap and lazy. The company's statement then adds insult to injury by pretending it still values the community's "creativity":

"As a result of these necessary changes, users are not able to flash the current generation of open-source, third-party firmware. We are excited to see the creative ways members of the open-source community update the new firmware to meet their needs. However, TP-LINK does not offer any guarantees or technical support for customers attempting to flash any third-party firmware to their devices."

So, hey kids, we're locking down your ability to be creative starting this June, but go be creative! In one blow, TP-Link is not only alienating a large number of potential customers, but making networks less secure (since custom firmware tends to be more secure and updated more religiously among the tinkering faithful).

I've reached out to the FCC for comment, but wasn't able to glean any more detail from the agency beyond what has already been said. And while the TP-Link lockdown may have not been the FCC's plan or its fault directly, it may very well be a very ugly, unintended consequence. It's a shame that an agency that has been a bit more consumer friendly in terms of opening up other hardware and beefing up broadband competition didn't spend more time thinking this through.

Fortunately, TP-Link isn't exactly a brand favorite for most router buyers anyway, and the company's language leaves some wiggle room to suggest that while "the current generation" of open-source third-party firmware won't work on routers made after June 1, future versions of this same firmware may. TP-Link also appears to be the only vendor doing this (so far at least, please correct me in the comments if this has changed). With any luck, a few competing router vendors will see this as an opportunity to not be lazy and alienate customers -- but to compete by providing gear that still respects a user's freedom to tinker.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: dd-wrt, fcc, firmware, open source, open-wrt, router
Companies: tp-link

40 Comments

If you liked this post, you may also be interested in...

Reader Comments

The First Word

“

"TP-Link Announces New Plan To Dramatically Reduce Router Sales"

—AnonCow

”

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 28 Mar 2016 @ 2:20pm

Why do government departments try to remove the means of people commuting crimes, rather than prosecuting criminals. The first approach always has the greater impact on law abiding citizens by eliminating what used to be a legal activity, without having much effect on criminals,who ignore the law whatever it says.
[ link to this | view in chronology ]
- Anonymous Coward, 28 Mar 2016 @ 2:25pm
  
  Re:
  because it's easier.
  [ link to this | view in chronology ]
- Anonymous Coward, 28 Mar 2016 @ 6:44pm
  
  Re:
  then they would have to stop turning a blind eye to the criminals in their own ranks
  [ link to this | view in chronology ]
That Anonymous Coward (profile), 28 Mar 2016 @ 2:33pm

I actually own a couple TP-Link routers...
I have one flashed as a Library Box and the other I flashed as a Pirate Box. I find them to be useful portable tools, and it makes me sad if they're going to kill off this sort of innovation.
[ link to this | view in chronology ]
AnonCow, 28 Mar 2016 @ 2:35pm

"TP-Link Announces New Plan To Dramatically Reduce Router Sales"
[ link to this | view in chronology ]
Anonymous Coward, 28 Mar 2016 @ 2:39pm

This is unfortunate because I currently use a TP-Link router and think fairly highly of them, however I will no longer be buying any of their hardware or recommending them to anyone ever again. They've just Netgeared themselves.
[ link to this | view in chronology ]
- Mat (profile), 29 Mar 2016 @ 9:45am
  
  Netgear...
  as a owner of two relatively new Netgear routers flashed with DD-WRT ...I just have to shrug.
  [ link to this | view in chronology ]
DCL, 28 Mar 2016 @ 2:45pm

Wait for it... "Market forces!"
Since the hardware is likely system on chip it will take some time and effort to separate them... and I am guessing that unless sales drop dramatically TP-Link won't make the effort.

...in the meanwhile we will see the resale market of the older model have an increased demand and drive up prices... that in turn MAY be used by TP-Link as an indicator that there is demand for a split chip model. Naturally that will be more expensive at first but hopefully drop in price over time.

Another question is if other manufactures get on the cheap and lazy bandwagon or try to differentiate themselves and use it to compete.

Regardless it is likely that in the short term acquiring hardware that supports custom software is going to get more expensive.
[ link to this | view in chronology ]
Anonymous Coward, 28 Mar 2016 @ 2:55pm

I'm not terribly worried
Yeah, it's annoying, but anyone who intends to flash the firmware of a TP-Link router can either:

a) Buy a non-US TP-Link router directly from China.

b) I'm sure their security will live up to the quality standards that Chinese companies who compete for the low-end of the consumer market are known for and it will probably take another 5 minutes to bypass their security.
[ link to this | view in chronology ]
- Anonymous Coward, 29 Mar 2016 @ 6:29am
  
  Re: I'm not terribly worried
  Actually, that's the sad part. I've always found their price/quality ratio to be among the highest, not just among the low-end Chinese manufacturers, but overall. I was planning to buy a new router, and TP-Link was near the top of the list. Not now.
  [ link to this | view in chronology ]
Anonymous Coward, 28 Mar 2016 @ 3:07pm

"TP-Link isn't exactly a brand favorite for most router buyers anyway"

Maybe for average consumers, but for those who use firmware like OpenWrt they're a great value. Obviously that market is too small to make financially sense in catering to though.
[ link to this | view in chronology ]
- BernardoVerda (profile), 28 Mar 2016 @ 11:36pm
  
  Re:
  > "TP-Link isn't exactly a brand favorite for most router buyers anyway"
  
  > Maybe for average consumers, but for those who use firmware like OpenWrt they're a great value. Obviously that market is too small to make financially sense in catering to though.
  
  I have a basic philosophy for buying any computer products:
  *) Decent support for FOSS is a surprisingly good indicator of "under the surface" quality
  *) If it doesn't support FOSS (Linux, DD-WRT, CUPS, or whatever is pertinent, then I'm not buying it for myself, and recommending against it for anyone who asks my opinion.
  
  Before buying (or recommending) any router, I confirm that the model in question has good, full-featured, alternate firmware (and that it can be installed without too much hassle).
  
  (I might not even actually install it -- but not having the option is a deal-breaker. Some people laugh, or think I'm anal-retentive, but I've been burned too many times -- going back to the days of Win-modems and Win-printers.)
  
  I currently have a couple of TP-Link routers in my home. I've been pretty satisfied with them. I've recommended them to others as well. Some people sneer at the brand, but I've found them steady, reliable, and thanks to 3rd-party firmwares, I've been able to place on-going confidence in them.
  
  * * * * * * *
  
  In this era where
  (a) "black hats" are known to hack routers as a "low profile" exploit that easily hides from the usual counter-measures (especially the measures typical for the home or small-business user), and
  (b) manufacturers are notoriously lax about maintaining and distributing security patches on this kind of "sell-and-forget" essential hardware, even though the security implications are significant, I consider this precaution to be simply your basic "smart consumer" knowledge and self-protection.
  
  * * * * * * *
  
  It looks like TP-Link has lost my future business
  -- and that of the friends and acquaintances that seek my advice or help on such matters.
  
  Most people don't know and won't care -- but many of them will be getting advice from people who do.
  [ link to this | view in chronology ]
William C Bonner, 28 Mar 2016 @ 3:18pm

FCC is in an interesting position...
IT's the FCC's job to maintain the spectrum, and part of it is to make sure that people don't broadcast on frequencies that have been licensed or above power limits for the same.

The average programmer with a router and a knob that can be turned that says power is going to turn it up.

TP Link is just doing the short term financial math that locking down the firmware will protect them from governmental fines, while perhaps reducing repeat buyers of their products.
[ link to this | view in chronology ]
- Anonymous Coward, 29 Mar 2016 @ 8:23am
  
  Re: FCC is in an interesting position...
  IT's the FCC's job to maintain the spectrum, and part of it is to make sure that people don't broadcast on frequencies that have been licensed or above power limits for the same.
  It's also part of their job to allow experimentation by licensed amateur radio operators (who do have the legal authority to exceed normal wi-fi restrictions, at least on 2.4 GHz). Locking routers will make this more difficult.
  [ link to this | view in chronology ]
Dale, 28 Mar 2016 @ 3:24pm

No more TP-Link?
Well, my first reaction is to buy no more TP-Link and I have a lot of it and plans for a lot more (as in a couple dozen devices today and plans for a couple dozen more).

I have never installed custom software on one of my routers and I get that TP-Link has no obligation to allow it but if they had not allowed it for technical or marketing reasons, I would not have cared but to surrender to governments in disregard of free peoples, I am offended and assume they're enemies of freedom.

Then, on the other hand, there's a TP link to this TP-Link story. A couple of years ago, Charmin reduced the size of it's toilet paper for the 6th time in 9 years. A big fan (at the time) of Charmin, I was very upset by the change and protested on their Facebook site that I would never buy Charmin again until they reversed themselves. Unfortunately, when I went into the grocery store, I found that all of the toilet paper makers did the same thing and at the same time. No matter which I bought, I had the same size. So what good was my protest when the entire industry did it at the same time? (Proof of price fixing? I think it is.)

So, what's the tp link to this TP-Link story? Well, I could refuse to buy TP-Link but it won't matter because all of the manufacturers will do the same if required by the FCC. In a few months they will all have the same limitation.
[ link to this | view in chronology ]
CharlieBrown, 28 Mar 2016 @ 4:29pm

Interpretation
The way I read their statement, TP Link looks forward to the creativity of users finding ways to unlock their firmware lockdown.
[ link to this | view in chronology ]
- Atkray (profile), 28 Mar 2016 @ 8:15pm
  
  Re: Interpretation
  That was my take.... kind of a wink-wing nudge-nudge bit.
  
  We have created a router with firmware that cannot be modified, and even if it is we don't support it, so don't blame us.
  [ link to this | view in chronology ]
Anonymous Coward, 28 Mar 2016 @ 5:57pm

Again, TP-Link could work with the community and developers to ensure users can mod everything but radio parameters, but it's being cheap and lazy.

Just playing the devil's advocate here, but exactly *how much* time and money are companies expected to spend finding ways around stupid government regulations? Is there some kind of minimum? Does it scale with the size and location of the company? I mean, separating the firmware for two systems on the same chip is not a trivial task. That's half the reason to put all your systems on one chip in the first place
[ link to this | view in chronology ]
- John Fenderson (profile), 29 Mar 2016 @ 7:25am
  
  Re:
  "exactly *how much* time and money are companies expected to spend finding ways around stupid government regulations?"
  
  Exactly as much as is necessary to make the product desirable to their target market. Whether or not this is a good business decision for them remains to be seen.
  
  Personally, I have yet to see a consumer router whose software I both trust and meets my needs, so not being able to provide my own firmware is a showstopper. It's not that I expect TP-Link to put the time and money into making this possible, it's that if they don't then I will simply buy a different router.
  [ link to this | view in chronology ]
- Anonymous Coward, 29 Mar 2016 @ 8:28am
  
  Re:
  This. TP-Link is responding rationally to the FCC's rules rather than completely re-engineering their routers from the ground up.. The FCC knew this was going to happen. We all told them this was going to happen last year when they were talking about this shit, and they did it anyway. This falls squarely on the FCC's shoulders.
  
  You missed the mark here, Bode. By a wide margin.
  [ link to this | view in chronology ]
Andrew (profile), 28 Mar 2016 @ 6:59pm

Guess what I bought last week?
yeah, you guessed it, and so here's my response
https://db.tt/2YX1Qa3F (since an IMG tag doesn't seem to be allowed)
[ link to this | view in chronology ]
Lewis V, 28 Mar 2016 @ 8:42pm

TP-Link Lockdown..
As of now, I will no longer purchase any products associated with TP-Link.
[ link to this | view in chronology ]
annonymouse, 29 Mar 2016 @ 2:27am

Powah to 11
Okay, I get the maximum allowable transmission power limit. That has been a staple for consumer products for decades.

What I don't get is having hardware capable of exceeding those limits through software modification. That is just plain stupid and resource wasteful asfar as I can figure.
[ link to this | view in chronology ]
- Anonymous Coward, 29 Mar 2016 @ 7:01am
  
  Re: Powah to 11
  Do the legal limits vary around the world.
  [ link to this | view in chronology ]
  - John Fenderson (profile), 29 Mar 2016 @ 8:48am
    
    Re: Re: Powah to 11
    They do, and it's more efficient to have a single hardware design that can work everywhere than to set up different designs for different markets.
    
    It's done for the same reason that so many appliances use transformers that let them work on both 110 60Hz mains and 220 50Hz mains, even though that costs a bit more to manufacture. The savings in having a single design more than makes up for it.
    [ link to this | view in chronology ]
anoncao, 29 Mar 2016 @ 3:25am

The FCC work is pretty pointless
I worked on the Linux Madwifi driver ( just tech support, not coding). That is a FOSS-ish wifi driver for Atheros radios. It had the same FCC driven limits as described above, the closed source HAL (Hardware Access Layer). Because one can simply add better antennas (it may take a moment to solder, or not), the FCC EIRP Transmitt Power limit is _pointless_. The madwifi driver was locked down, actually to lower power levels than the commercial products, yet was able to win distance competitions, ranges of tens of miles, using better antennas.

Locking out the FOSS community will not change the fact that any radio can use a high gain directional antenna. The FCC limits the antennas too, but they are trivial to buy or build. Anyone interested enough to re-flash a TP-Link router may well have the interest to modify antennas too.

In closing, locking out FOSS wifi tools is a short trip to inscure networking. Having a uniform, proven, and familiar software toolset beats proprietary, briefly supported commercial softwares in a lot of ways. Further, one can use proven tools, like the linux netfilter firewall, that have a real track record, unlike the inevitably aging code running on commercial routers. The FOSS tools are more secure that way.
[ link to this | view in chronology ]
- Anonymous Coward, 29 Mar 2016 @ 8:16am
  
  Re: The FCC work is pretty pointless
  Because one can simply add better antennas (it may take a moment to solder, or not), the FCC EIRP Transmitt Power limit is _pointless_.
  FCC rules are actually the reason routers have non-removable or non-standard antennas like RP-SMA:
  Because they were not readily available, RP-SMA connectors have been widely used by Wi-Fi equipment manufacturers to comply with specific national regulations, such as those from the FCC, which are designed to prevent consumers from connecting antennas which exhibit gain and therefore breach compliance.
  
  The US FCC considered that the RP-SMA was acceptable in preventing consumers changing the antenna; but by 2000 it regarded them as readily available, though delaying its ruling indefinitely. As of 2013, leading manufacturers are still using RP-SMA connectors on their Wi-Fi equipment.
  
  I hope the FCC allows similarly light protections for firmware, like allowing a third-party firmware to declare (through some binary header) that it will enforce FCC rules.
  [ link to this | view in chronology ]
zub, 29 Mar 2016 @ 5:02am

What exactly do the FCC rules say?

Would a wifi chipset that would not allow a certain setting pass the new rules? If so, this could be a wifi firmware change that would implement this lock-down.
[ link to this | view in chronology ]
Deathspal, 29 Mar 2016 @ 6:27am

The same as my atm pin
And the password for the newly "Locked down" firmware will be 1234....
[ link to this | view in chronology ]
Vladimir G. Ivanovic, 29 Mar 2016 @ 8:37am

TP-Link: Not Recommended
I will never buy a TP-Link again, nor will I recommend them.
[ link to this | view in chronology ]
armagedion, 29 Mar 2016 @ 10:02am

Kill everyone
I have an idea, let's just kill everyone so that no one will be able to violate the laws we have enacted. There will be zero criminals as no one would be left to commit crimes.
[ link to this | view in chronology ]
Donald, 29 Mar 2016 @ 11:53am

"Lazy" and "Easier" are business synonyms for "Cheaper" and "More Cost Effective". Perhaps someone at Techdirt could pay them to write new code or design a new product so they don't have to just lock the entire thing down? Thanks.

Oh, you don't want to pay more either? Then you can buy or design another router on your own. Engineering, for both software and hardware, is not cost-free, even if you'd like to be nice to an enthusiast community.

The way this will really play out is that the market will decide if it wants to invest more money in a redesigned product that will allow the modifiability that you desire while still complying with new regulations.

And this is as it should be.
[ link to this | view in chronology ]
Anonymous Coward, 29 Mar 2016 @ 11:54am

FCC is mandating locked-down firmware NOT because of 'interference' or other bullshit but because they don't want open-source firmware overwriting precious NSA backdoors.

Cisco, Juniper TP-Link ALL have massive open backdoors and security weaknesses put there at the direct request of the NSA.
[ link to this | view in chronology ]
- John Fenderson (profile), 29 Mar 2016 @ 2:20pm
  
  Re:
  The FCC is not mandating locked-down firmware at all. That's pretty much the point this article is making.
  [ link to this | view in chronology ]
  - Anonymous Coward, 30 Mar 2016 @ 9:10am
    
    Re: Re:
    Not all consequences are unintended. The FCC may not have banned FLOSS router firmware directly but it did implement the law in such a way that at least one manufacturer so far believes they need it to be blocked to protect themselves from legal repercussions. Maybe the intention always was to block FLOSS router software but do so indirectly to avoid the backlash from the public.
    [ link to this | view in chronology ]
Anonymous Coward, 29 Mar 2016 @ 11:55am

This is also why Cisco is cancelling support contracts and pulling out of the EU, because they were directly challenged to prove THEY didn't implement the backdoors to spy on EU citizens and officials.

Recently Cisco dropped it's UK support entirely because otherwise it would have turn over some VERY damning evidence.
[ link to this | view in chronology ]
BernardoVerda (profile), 29 Mar 2016 @ 5:59pm

One question: Was there an actual problem in the first place?
I can't help feeling rather sceptical about the whole rational behind the FCC's new regulations on this matter.

It smells like a mostly theoretical problem, and that the new rule is over-kill for something that rarely if ever actually occurs -- and most likely will still be a problem, after this regulation has allegedly dealt with it, because this is essentially a "scapegoating" and/or "band-aid" response, rather than an effective solution).
[ link to this | view in chronology ]
Anonymous Coward, 22 Apr 2016 @ 10:08am

TP-Link isn't the only one doing this
Open-mesh mesh AP's/Repeaters have announced that there won't be any SSH access on their OMP-5AC model because it could be modified to allow power greater than legally allowed.

Big PITA. But still - what's to stop me from breaking out a JTAG and flashing whatever I want?
[ link to this | view in chronology ]
Dlink Technical Support, 4 Jun 2018 @ 5:27am

Thanks
This is a nice steps which taken by router industry.I am A Dlink tech support employee.I am believing in change
[ link to this | view in chronology ]
Cell Beat, 5 Oct 2018 @ 11:04am

Wireless Router
Hi Junior , if you want to increase the security of the files transfer from one device to another through the internet then you must use the wireless mobile router with four antinas because the range of this router is very high and also send a message to the user if someone try to hack your system files .otherwise the files of your system are not secure and every one hack these files easily ,so you must use the wireless mobile router for increasing the security of your system files . Thanks.
[ link to this | view in chronology ]