Router Company Lazily Blocks Open Source Router Firmware, Still Pretends To Value 'Creativity'
from the unintended-consequences dept
Last fall, you might recall that the hardware tinkering community (and people who just like to fully use the devices they pay for) was up in arms over an FCC plan to lock down third-party custom firmware. After tinkering enthusiasts claimed the FCC was intentionally planning to prevent them from installing third-party router options like DD-WRT and Open-WRT, we asked the FCC about the new rules and were told that because modified routers had been interfering with terrestrial doppler weather radar (TDWR) at airports, the FCC wanted to ensure that just the radio portion of the router couldn’t be modified.
The FCC stated at the time that locking down the full, broader use of open source router firmware entirely was absolutely not their intent:
“Our rules do permit radios to be approved as Software Defined Radios (SDRs) where the compliance is ensured based on having secure software which cannot be modified. The (FCC’s) position is that versions of this open source software can be used as long as they do not add the functionality to modify the underlying operating characteristics of the RF parameters. It depends on the manufacturer to provide us the information at the time of application on how such controls are implemented.
The FCC also updated the guidance in question (pdf) and penned a blog post that tried to explain all this. But while the FCC may not have intended to block third-party firmware, many worried that because many routers have “system on chip” — where the CPU and radio exist in a single package — router vendors would “solve” the problem by just taking the cheapest and easiest path and locking down firmware entirely. And that’s precisely what appears to be happening — at least with one router manufacturer.
Gearmaker TP-Link recently posted a notice to the company’s website announcing that as of June of this year, it would be locking down firmware installations on its routers entirely. In a statement, the company blames the FCC for the fact it’s taking the lazy route and annoying its more technically-proficient customers:
“The FCC requires all manufacturers to prevent user from having any direct ability to change RF parameters (frequency limits, output power, country codes, etc.) In order to keep our products compliant with these implemented regulations, TP-LINK is distributing devices that feature country-specific firmware. Devices sold in the United States will have firmware and wireless settings that ensure compliance with local laws and regulations related to transmission power.”
Again, TP-Link could work with the community and developers to ensure users can mod everything but radio parameters, but it’s being cheap and lazy. The company’s statement then adds insult to injury by pretending it still values the community’s “creativity”:
“As a result of these necessary changes, users are not able to flash the current generation of open-source, third-party firmware. We are excited to see the creative ways members of the open-source community update the new firmware to meet their needs. However, TP-LINK does not offer any guarantees or technical support for customers attempting to flash any third-party firmware to their devices.”
So, hey kids, we’re locking down your ability to be creative starting this June, but go be creative! In one blow, TP-Link is not only alienating a large number of potential customers, but making networks less secure (since custom firmware tends to be more secure and updated more religiously among the tinkering faithful).
I’ve reached out to the FCC for comment, but wasn’t able to glean any more detail from the agency beyond what has already been said. And while the TP-Link lockdown may have not been the FCC’s plan or its fault directly, it may very well be a very ugly, unintended consequence. It’s a shame that an agency that has been a bit more consumer friendly in terms of opening up other hardware and beefing up broadband competition didn’t spend more time thinking this through.
Fortunately, TP-Link isn’t exactly a brand favorite for most router buyers anyway, and the company’s language leaves some wiggle room to suggest that while “the current generation” of open-source third-party firmware won’t work on routers made after June 1, future versions of this same firmware may. TP-Link also appears to be the only vendor doing this (so far at least, please correct me in the comments if this has changed). With any luck, a few competing router vendors will see this as an opportunity to not be lazy and alienate customers — but to compete by providing gear that still respects a user’s freedom to tinker.
Filed Under: dd-wrt, fcc, firmware, open source, open-wrt, router
Companies: tp-link
Comments on “Router Company Lazily Blocks Open Source Router Firmware, Still Pretends To Value 'Creativity'”
Why do government departments try to remove the means of people commuting crimes, rather than prosecuting criminals. The first approach always has the greater impact on law abiding citizens by eliminating what used to be a legal activity, without having much effect on criminals,who ignore the law whatever it says.
Re: Re:
because it’s easier.
Re: Re:
then they would have to stop turning a blind eye to the criminals in their own ranks
I actually own a couple TP-Link routers…
I have one flashed as a Library Box and the other I flashed as a Pirate Box. I find them to be useful portable tools, and it makes me sad if they’re going to kill off this sort of innovation.
“TP-Link Announces New Plan To Dramatically Reduce Router Sales”
This is unfortunate because I currently use a TP-Link router and think fairly highly of them, however I will no longer be buying any of their hardware or recommending them to anyone ever again. They’ve just Netgeared themselves.
Re: Netgear...
as a owner of two relatively new Netgear routers flashed with DD-WRT …I just have to shrug.
Wait for it... "Market forces!"
Since the hardware is likely system on chip it will take some time and effort to separate them… and I am guessing that unless sales drop dramatically TP-Link won’t make the effort.
…in the meanwhile we will see the resale market of the older model have an increased demand and drive up prices… that in turn MAY be used by TP-Link as an indicator that there is demand for a split chip model. Naturally that will be more expensive at first but hopefully drop in price over time.
Another question is if other manufactures get on the cheap and lazy bandwagon or try to differentiate themselves and use it to compete.
Regardless it is likely that in the short term acquiring hardware that supports custom software is going to get more expensive.
I'm not terribly worried
Yeah, it’s annoying, but anyone who intends to flash the firmware of a TP-Link router can either:
a) Buy a non-US TP-Link router directly from China.
b) I’m sure their security will live up to the quality standards that Chinese companies who compete for the low-end of the consumer market are known for and it will probably take another 5 minutes to bypass their security.
Re: I'm not terribly worried
Actually, that’s the sad part. I’ve always found their price/quality ratio to be among the highest, not just among the low-end Chinese manufacturers, but overall. I was planning to buy a new router, and TP-Link was near the top of the list. Not now.
“TP-Link isn’t exactly a brand favorite for most router buyers anyway”
Maybe for average consumers, but for those who use firmware like OpenWrt they’re a great value. Obviously that market is too small to make financially sense in catering to though.
Re: Re:
FCC is in an interesting position...
IT’s the FCC’s job to maintain the spectrum, and part of it is to make sure that people don’t broadcast on frequencies that have been licensed or above power limits for the same.
The average programmer with a router and a knob that can be turned that says power is going to turn it up.
TP Link is just doing the short term financial math that locking down the firmware will protect them from governmental fines, while perhaps reducing repeat buyers of their products.
Re: FCC is in an interesting position...
It’s also part of their job to allow experimentation by licensed amateur radio operators (who do have the legal authority to exceed normal wi-fi restrictions, at least on 2.4 GHz). Locking routers will make this more difficult.
No more TP-Link?
Well, my first reaction is to buy no more TP-Link and I have a lot of it and plans for a lot more (as in a couple dozen devices today and plans for a couple dozen more).
I have never installed custom software on one of my routers and I get that TP-Link has no obligation to allow it but if they had not allowed it for technical or marketing reasons, I would not have cared but to surrender to governments in disregard of free peoples, I am offended and assume they’re enemies of freedom.
Then, on the other hand, there’s a TP link to this TP-Link story. A couple of years ago, Charmin reduced the size of it’s toilet paper for the 6th time in 9 years. A big fan (at the time) of Charmin, I was very upset by the change and protested on their Facebook site that I would never buy Charmin again until they reversed themselves. Unfortunately, when I went into the grocery store, I found that all of the toilet paper makers did the same thing and at the same time. No matter which I bought, I had the same size. So what good was my protest when the entire industry did it at the same time? (Proof of price fixing? I think it is.)
So, what’s the tp link to this TP-Link story? Well, I could refuse to buy TP-Link but it won’t matter because all of the manufacturers will do the same if required by the FCC. In a few months they will all have the same limitation.
Interpretation
The way I read their statement, TP Link looks forward to the creativity of users finding ways to unlock their firmware lockdown.
Re: Interpretation
That was my take…. kind of a wink-wing nudge-nudge bit.
We have created a router with firmware that cannot be modified, and even if it is we don’t support it, so don’t blame us.
Again, TP-Link could work with the community and developers to ensure users can mod everything but radio parameters, but it’s being cheap and lazy.
Just playing the devil’s advocate here, but exactly *how much* time and money are companies expected to spend finding ways around stupid government regulations? Is there some kind of minimum? Does it scale with the size and location of the company? I mean, separating the firmware for two systems on the same chip is not a trivial task. That’s half the reason to put all your systems on one chip in the first place
Re: Re:
“exactly how much time and money are companies expected to spend finding ways around stupid government regulations?”
Exactly as much as is necessary to make the product desirable to their target market. Whether or not this is a good business decision for them remains to be seen.
Personally, I have yet to see a consumer router whose software I both trust and meets my needs, so not being able to provide my own firmware is a showstopper. It’s not that I expect TP-Link to put the time and money into making this possible, it’s that if they don’t then I will simply buy a different router.
Re: Re:
This. TP-Link is responding rationally to the FCC’s rules rather than completely re-engineering their routers from the ground up.. The FCC knew this was going to happen. We all told them this was going to happen last year when they were talking about this shit, and they did it anyway. This falls squarely on the FCC’s shoulders.
You missed the mark here, Bode. By a wide margin.
Guess what I bought last week?
yeah, you guessed it, and so here’s my response
https://db.tt/2YX1Qa3F (since an IMG tag doesn’t seem to be allowed)
TP-Link Lockdown..
As of now, I will no longer purchase any products associated with TP-Link.
Powah to 11
Okay, I get the maximum allowable transmission power limit. That has been a staple for consumer products for decades.
What I don’t get is having hardware capable of exceeding those limits through software modification. That is just plain stupid and resource wasteful asfar as I can figure.
Re: Powah to 11
Do the legal limits vary around the world.
Re: Re: Powah to 11
They do, and it’s more efficient to have a single hardware design that can work everywhere than to set up different designs for different markets.
It’s done for the same reason that so many appliances use transformers that let them work on both 110 60Hz mains and 220 50Hz mains, even though that costs a bit more to manufacture. The savings in having a single design more than makes up for it.
The FCC work is pretty pointless
I worked on the Linux Madwifi driver ( just tech support, not coding). That is a FOSS-ish wifi driver for Atheros radios. It had the same FCC driven limits as described above, the closed source HAL (Hardware Access Layer). Because one can simply add better antennas (it may take a moment to solder, or not), the FCC EIRP Transmitt Power limit is _pointless_. The madwifi driver was locked down, actually to lower power levels than the commercial products, yet was able to win distance competitions, ranges of tens of miles, using better antennas.
Locking out the FOSS community will not change the fact that any radio can use a high gain directional antenna. The FCC limits the antennas too, but they are trivial to buy or build. Anyone interested enough to re-flash a TP-Link router may well have the interest to modify antennas too.
In closing, locking out FOSS wifi tools is a short trip to inscure networking. Having a uniform, proven, and familiar software toolset beats proprietary, briefly supported commercial softwares in a lot of ways. Further, one can use proven tools, like the linux netfilter firewall, that have a real track record, unlike the inevitably aging code running on commercial routers. The FOSS tools are more secure that way.
Re: The FCC work is pretty pointless
FCC rules are actually the reason routers have non-removable or non-standard antennas like RP-SMA:
I hope the FCC allows similarly light protections for firmware, like allowing a third-party firmware to declare (through some binary header) that it will enforce FCC rules.
What exactly do the FCC rules say?
Would a wifi chipset that would not allow a certain setting pass the new rules? If so, this could be a wifi firmware change that would implement this lock-down.
The same as my atm pin
And the password for the newly “Locked down” firmware will be 1234….
TP-Link: Not Recommended
I will never buy a TP-Link again, nor will I recommend them.
Kill everyone
I have an idea, let’s just kill everyone so that no one will be able to violate the laws we have enacted. There will be zero criminals as no one would be left to commit crimes.
“Lazy” and “Easier” are business synonyms for “Cheaper” and “More Cost Effective”. Perhaps someone at Techdirt could pay them to write new code or design a new product so they don’t have to just lock the entire thing down? Thanks.
Oh, you don’t want to pay more either? Then you can buy or design another router on your own. Engineering, for both software and hardware, is not cost-free, even if you’d like to be nice to an enthusiast community.
The way this will really play out is that the market will decide if it wants to invest more money in a redesigned product that will allow the modifiability that you desire while still complying with new regulations.
And this is as it should be.
FCC is mandating locked-down firmware NOT because of ‘interference’ or other bullshit but because they don’t want open-source firmware overwriting precious NSA backdoors.
Cisco, Juniper TP-Link ALL have massive open backdoors and security weaknesses put there at the direct request of the NSA.
Re: Re:
The FCC is not mandating locked-down firmware at all. That’s pretty much the point this article is making.
Re: Re: Re:
Not all consequences are unintended. The FCC may not have banned FLOSS router firmware directly but it did implement the law in such a way that at least one manufacturer so far believes they need it to be blocked to protect themselves from legal repercussions. Maybe the intention always was to block FLOSS router software but do so indirectly to avoid the backlash from the public.
This is also why Cisco is cancelling support contracts and pulling out of the EU, because they were directly challenged to prove THEY didn’t implement the backdoors to spy on EU citizens and officials.
Recently Cisco dropped it’s UK support entirely because otherwise it would have turn over some VERY damning evidence.
One question: Was there an actual problem in the first place?
I can’t help feeling rather sceptical about the whole rational behind the FCC’s new regulations on this matter.
It smells like a mostly theoretical problem, and that the new rule is over-kill for something that rarely if ever actually occurs — and most likely will still be a problem, after this regulation has allegedly dealt with it, because this is essentially a “scapegoating” and/or “band-aid” response, rather than an effective solution).
TP-Link isn't the only one doing this
Open-mesh mesh AP’s/Repeaters have announced that there won’t be any SSH access on their OMP-5AC model because it could be modified to allow power greater than legally allowed.
Big PITA. But still – what’s to stop me from breaking out a JTAG and flashing whatever I want?
Thanks
This is a nice steps which taken by router industry.I am A Dlink tech support employee.I am believing in change
Wireless Router
Hi Junior ,
if you want to increase the security of the files transfer from one device to another through the internet then you must use the wireless mobile router with four antinas because the range of this router is very high and also send a message to the user if someone try to hack your system files .otherwise the files of your system are not secure and every one hack these files easily ,so you must use the wireless mobile router for increasing the security of your system files .
Thanks.