Router Company Lazily Blocks Open Source Router Firmware, Still Pretends To Value 'Creativity'

from the unintended-consequences dept

Last fall, you might recall that the hardware tinkering community (and people who just like to fully use the devices they pay for) was up in arms over an FCC plan to lock down third-party custom firmware. After tinkering enthusiasts claimed the FCC was intentionally planning to prevent them from installing third-party router options like DD-WRT and Open-WRT, we asked the FCC about the new rules and were told that because modified routers had been interfering with terrestrial doppler weather radar (TDWR) at airports, the FCC wanted to ensure that just the radio portion of the router couldn’t be modified.

The FCC stated at the time that locking down the full, broader use of open source router firmware entirely was absolutely not their intent:

“Our rules do permit radios to be approved as Software Defined Radios (SDRs) where the compliance is ensured based on having secure software which cannot be modified. The (FCC’s) position is that versions of this open source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF parameters. It depends on the manufacturer to provide us the information at the time of application on how such controls are implemented.

The FCC also updated the guidance in question (pdf) and penned a blog post that tried to explain all this. But while the FCC may not have intended to block third-party firmware, many worried that because many routers have “system on chip” — where the CPU and radio exist in a single package — router vendors would “solve” the problem by just taking the cheapest and easiest path and locking down firmware entirely. And that’s precisely what appears to be happening — at least with one router manufacturer.

Gearmaker TP-Link recently posted a notice to the company’s website announcing that as of June of this year, it would be locking down firmware installations on its routers entirely. In a statement, the company blames the FCC for the fact it’s taking the lazy route and annoying its more technically-proficient customers:

“The FCC requires all manufacturers to prevent user from having any direct ability to change RF parameters (frequency limits, output power, country codes, etc.) In order to keep our products compliant with these implemented regulations, TP-LINK is distributing devices that feature country-specific firmware. Devices sold in the United States will have firmware and wireless settings that ensure compliance with local laws and regulations related to transmission power.”

Again, TP-Link could work with the community and developers to ensure users can mod everything but radio parameters, but it’s being cheap and lazy. The company’s statement then adds insult to injury by pretending it still values the community’s “creativity”:

“As a result of these necessary changes, users are not able to flash the current generation of open-source, third-party firmware. We are excited to see the creative ways members of the open-source community update the new firmware to meet their needs. However, TP-LINK does not offer any guarantees or technical support for customers attempting to flash any third-party firmware to their devices.”

So, hey kids, we’re locking down your ability to be creative starting this June, but go be creative! In one blow, TP-Link is not only alienating a large number of potential customers, but making networks less secure (since custom firmware tends to be more secure and updated more religiously among the tinkering faithful).

I’ve reached out to the FCC for comment, but wasn’t able to glean any more detail from the agency beyond what has already been said. And while the TP-Link lockdown may have not been the FCC’s plan or its fault directly, it may very well be a very ugly, unintended consequence. It’s a shame that an agency that has been a bit more consumer friendly in terms of opening up other hardware and beefing up broadband competition didn’t spend more time thinking this through.

Fortunately, TP-Link isn’t exactly a brand favorite for most router buyers anyway, and the company’s language leaves some wiggle room to suggest that while “the current generation” of open-source third-party firmware won’t work on routers made after June 1, future versions of this same firmware may. TP-Link also appears to be the only vendor doing this (so far at least, please correct me in the comments if this has changed). With any luck, a few competing router vendors will see this as an opportunity to not be lazy and alienate customers — but to compete by providing gear that still respects a user’s freedom to tinker.

Filed Under: , , , , ,
Companies: tp-link

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Router Company Lazily Blocks Open Source Router Firmware, Still Pretends To Value 'Creativity'”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Why do government departments try to remove the means of people commuting crimes, rather than prosecuting criminals. The first approach always has the greater impact on law abiding citizens by eliminating what used to be a legal activity, without having much effect on criminals,who ignore the law whatever it says.

DCL says:

Wait for it... "Market forces!"

Since the hardware is likely system on chip it will take some time and effort to separate them… and I am guessing that unless sales drop dramatically TP-Link won’t make the effort.

…in the meanwhile we will see the resale market of the older model have an increased demand and drive up prices… that in turn MAY be used by TP-Link as an indicator that there is demand for a split chip model. Naturally that will be more expensive at first but hopefully drop in price over time.

Another question is if other manufactures get on the cheap and lazy bandwagon or try to differentiate themselves and use it to compete.

Regardless it is likely that in the short term acquiring hardware that supports custom software is going to get more expensive.

Anonymous Coward says:

I'm not terribly worried

Yeah, it’s annoying, but anyone who intends to flash the firmware of a TP-Link router can either:

a) Buy a non-US TP-Link router directly from China.

b) I’m sure their security will live up to the quality standards that Chinese companies who compete for the low-end of the consumer market are known for and it will probably take another 5 minutes to bypass their security.

BernardoVerda says:

Re: Re:

“TP-Link isn’t exactly a brand favorite for most router buyers anyway”

> Maybe for average consumers, but for those who use firmware like OpenWrt they’re a great value. Obviously that market is too small to make financially sense in catering to though.

I have a basic philosophy for buying any computer products:
) Decent support for FOSS is a surprisingly good indicator of “under the surface” quality
) If it doesn’t support FOSS (Linux, DD-WRT, CUPS, or whatever is pertinent, then I’m not buying it for myself, and recommending against it for anyone who asks my opinion.

Before buying (or recommending) any router, I confirm that the model in question has good, full-featured, alternate firmware (and that it can be installed without too much hassle).

(I might not even actually install it — but not having the option is a deal-breaker. Some people laugh, or think I’m anal-retentive, but I’ve been burned too many times — going back to the days of Win-modems and Win-printers.)

I currently have a couple of TP-Link routers in my home. I’ve been pretty satisfied with them. I’ve recommended them to others as well. Some people sneer at the brand, but I’ve found them steady, reliable, and thanks to 3rd-party firmwares, I’ve been able to place on-going confidence in them.

* * * * * * *

In this era where
(a) “black hats” are known to hack routers as a “low profile” exploit that easily hides from the usual counter-measures (especially the measures typical for the home or small-business user), and
(b) manufacturers are notoriously lax about maintaining and distributing security patches on this kind of “sell-and-forget” essential hardware, even though the security implications are significant, I consider this precaution to be simply your basic “smart consumer” knowledge and self-protection.

* * * * * * *

It looks like TP-Link has lost my future business
— and that of the friends and acquaintances that seek my advice or help on such matters.

Most people don’t know and won’t care — but many of them will be getting advice from people who do.

William C Bonner (profile) says:

FCC is in an interesting position...

IT’s the FCC’s job to maintain the spectrum, and part of it is to make sure that people don’t broadcast on frequencies that have been licensed or above power limits for the same.

The average programmer with a router and a knob that can be turned that says power is going to turn it up.

TP Link is just doing the short term financial math that locking down the firmware will protect them from governmental fines, while perhaps reducing repeat buyers of their products.

Anonymous Coward says:

Re: FCC is in an interesting position...

IT’s the FCC’s job to maintain the spectrum, and part of it is to make sure that people don’t broadcast on frequencies that have been licensed or above power limits for the same.

It’s also part of their job to allow experimentation by licensed amateur radio operators (who do have the legal authority to exceed normal wi-fi restrictions, at least on 2.4 GHz). Locking routers will make this more difficult.

Dale (profile) says:

No more TP-Link?

Well, my first reaction is to buy no more TP-Link and I have a lot of it and plans for a lot more (as in a couple dozen devices today and plans for a couple dozen more).

I have never installed custom software on one of my routers and I get that TP-Link has no obligation to allow it but if they had not allowed it for technical or marketing reasons, I would not have cared but to surrender to governments in disregard of free peoples, I am offended and assume they’re enemies of freedom.

Then, on the other hand, there’s a TP link to this TP-Link story. A couple of years ago, Charmin reduced the size of it’s toilet paper for the 6th time in 9 years. A big fan (at the time) of Charmin, I was very upset by the change and protested on their Facebook site that I would never buy Charmin again until they reversed themselves. Unfortunately, when I went into the grocery store, I found that all of the toilet paper makers did the same thing and at the same time. No matter which I bought, I had the same size. So what good was my protest when the entire industry did it at the same time? (Proof of price fixing? I think it is.)

So, what’s the tp link to this TP-Link story? Well, I could refuse to buy TP-Link but it won’t matter because all of the manufacturers will do the same if required by the FCC. In a few months they will all have the same limitation.

Anonymous Coward says:

Again, TP-Link could work with the community and developers to ensure users can mod everything but radio parameters, but it’s being cheap and lazy.

Just playing the devil’s advocate here, but exactly *how much* time and money are companies expected to spend finding ways around stupid government regulations? Is there some kind of minimum? Does it scale with the size and location of the company? I mean, separating the firmware for two systems on the same chip is not a trivial task. That’s half the reason to put all your systems on one chip in the first place

John Fenderson (profile) says:

Re: Re:

“exactly how much time and money are companies expected to spend finding ways around stupid government regulations?”

Exactly as much as is necessary to make the product desirable to their target market. Whether or not this is a good business decision for them remains to be seen.

Personally, I have yet to see a consumer router whose software I both trust and meets my needs, so not being able to provide my own firmware is a showstopper. It’s not that I expect TP-Link to put the time and money into making this possible, it’s that if they don’t then I will simply buy a different router.

Anonymous Coward says:

Re: Re:

This. TP-Link is responding rationally to the FCC’s rules rather than completely re-engineering their routers from the ground up.. The FCC knew this was going to happen. We all told them this was going to happen last year when they were talking about this shit, and they did it anyway. This falls squarely on the FCC’s shoulders.

You missed the mark here, Bode. By a wide margin.

John Fenderson (profile) says:

Re: Re: Powah to 11

They do, and it’s more efficient to have a single hardware design that can work everywhere than to set up different designs for different markets.

It’s done for the same reason that so many appliances use transformers that let them work on both 110 60Hz mains and 220 50Hz mains, even though that costs a bit more to manufacture. The savings in having a single design more than makes up for it.

anoncao says:

The FCC work is pretty pointless

I worked on the Linux Madwifi driver ( just tech support, not coding). That is a FOSS-ish wifi driver for Atheros radios. It had the same FCC driven limits as described above, the closed source HAL (Hardware Access Layer). Because one can simply add better antennas (it may take a moment to solder, or not), the FCC EIRP Transmitt Power limit is _pointless_. The madwifi driver was locked down, actually to lower power levels than the commercial products, yet was able to win distance competitions, ranges of tens of miles, using better antennas.

Locking out the FOSS community will not change the fact that any radio can use a high gain directional antenna. The FCC limits the antennas too, but they are trivial to buy or build. Anyone interested enough to re-flash a TP-Link router may well have the interest to modify antennas too.

In closing, locking out FOSS wifi tools is a short trip to inscure networking. Having a uniform, proven, and familiar software toolset beats proprietary, briefly supported commercial softwares in a lot of ways. Further, one can use proven tools, like the linux netfilter firewall, that have a real track record, unlike the inevitably aging code running on commercial routers. The FOSS tools are more secure that way.

Anonymous Coward says:

Re: The FCC work is pretty pointless

Because one can simply add better antennas (it may take a moment to solder, or not), the FCC EIRP Transmitt Power limit is _pointless_.

FCC rules are actually the reason routers have non-removable or non-standard antennas like RP-SMA:

Because they were not readily available, RP-SMA connectors have been widely used by Wi-Fi equipment manufacturers to comply with specific national regulations, such as those from the FCC, which are designed to prevent consumers from connecting antennas which exhibit gain and therefore breach compliance.

The US FCC considered that the RP-SMA was acceptable in preventing consumers changing the antenna; but by 2000 it regarded them as readily available, though delaying its ruling indefinitely. As of 2013, leading manufacturers are still using RP-SMA connectors on their Wi-Fi equipment.

I hope the FCC allows similarly light protections for firmware, like allowing a third-party firmware to declare (through some binary header) that it will enforce FCC rules.

Donald says:

“Lazy” and “Easier” are business synonyms for “Cheaper” and “More Cost Effective”. Perhaps someone at Techdirt could pay them to write new code or design a new product so they don’t have to just lock the entire thing down? Thanks.

Oh, you don’t want to pay more either? Then you can buy or design another router on your own. Engineering, for both software and hardware, is not cost-free, even if you’d like to be nice to an enthusiast community.

The way this will really play out is that the market will decide if it wants to invest more money in a redesigned product that will allow the modifiability that you desire while still complying with new regulations.

And this is as it should be.

Anonymous Coward says:

Re: Re: Re:

Not all consequences are unintended. The FCC may not have banned FLOSS router firmware directly but it did implement the law in such a way that at least one manufacturer so far believes they need it to be blocked to protect themselves from legal repercussions. Maybe the intention always was to block FLOSS router software but do so indirectly to avoid the backlash from the public.

BernardoVerda says:

One question: Was there an actual problem in the first place?

I can’t help feeling rather sceptical about the whole rational behind the FCC’s new regulations on this matter.

It smells like a mostly theoretical problem, and that the new rule is over-kill for something that rarely if ever actually occurs — and most likely will still be a problem, after this regulation has allegedly dealt with it, because this is essentially a “scapegoating” and/or “band-aid” response, rather than an effective solution).

Cell Beat (user link) says:

Wireless Router

Hi Junior ,
if you want to increase the security of the files transfer from one device to another through the internet then you must use the wireless mobile router with four antinas because the range of this router is very high and also send a message to the user if someone try to hack your system files .otherwise the files of your system are not secure and every one hack these files easily ,so you must use the wireless mobile router for increasing the security of your system files .

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...