For example, privacy violating linksys or netgear, or devices with components running improper firmware with a 14 year old vulnerability?

The reason that I ask, although I don’t want this to impact the quality of answers, is that I’m shopping for a new router that is secure and private but rather than paying commercial and industrial prices I would rather get a consumer router and overwrite it’s software.

  • owenfromcanada@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    2 months ago

    I’m no expert, but I would think overwriting the firmware would generally make the router “safe”.

    For it to not be safe, there would need to be some aspect of the firmware that is not overwritten, but still executed somehow. Something like a co-processor, or some convoluted flash arrangement.

    But I don’t think that would be the case, because that would almost definitely drive up the price. I can’t say for sure, but that’s my best guess.

    The other potential vulnerability is that some devices have two flash regions, to be able to roll back in case a firmware update is bad (I had a linksys device with this configuration). So you might flash OpenWRT, but if the router gets reset a couple times (like with a power outage, for example), it could load the previous (commercial) firmware. There are ways to deal with it, but if you’re looking to buy a new device, it’ll be easy enough to avoid those cases.

    For what it’s worth, I’ve had great luck with OpenWRT on a number of TP-Link devices.

  • mvirts@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 months ago

    … You can always get a SBC like a raspberry pi and set up your own router using bsd or Linux 😅 definitely a challenge but it’s doable. I have a pi set up to bridge my wifi to an Ethernet LAN and it’s only a few packages and some firewall rules.

    • finitebanjo@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      2 months ago

      Got any cost estimates for building a router? Unless it’s like $40 cheaper then I don’t feel justified in spending a few hours learning a craft.

      • mvirts@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        2 months ago

        It really depends on your requirements, looks like you can maybe get a wifi banana pi board like https://wiki.banana-pi.org/Banana_Pi_BPI-R3 for $130 USD, and you can pay a lot more for more capable hardware.

        Maybe it’ll be worth the hassle of maintenance to know there’s no sketchy firmware on your router?

        Oh maybe 150 USD is more realistic, this comes with antennas and a case https://www.amazon.com/OpenSource-Wireless-Dual-Band-MediaTek-Bundle2-BPI/dp/B0BDG9VNJP/ref=asc_df_B0BDG9VNJP/

        Lol these even run openwrt… Maybe I have one of these in my future 😹

        • finitebanjo@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          2 months ago

          This solution might work great for very small homeservers or subnetworks where unusual configurations are required, but if a person just wants regular home wifi without added paranoia then clearly a $60 TP-Link with OpenWRT is the better budget option. You appear to have accidentally downvoted yourself earlier, please rectify.

          • mvirts@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            2 months ago

            You’re right, and that’s definitely a difficult price to beat. Plus as far as I can tell if a tplink device is still evil after flashing openwrt there’s really no reason the same couldn’t be true of devices like the banana pi or raspberry pi.

            mvirts downvoted itself in its confusion

            • finitebanjo@lemmy.worldOP
              link
              fedilink
              English
              arrow-up
              2
              ·
              2 months ago

              You’re right, though, that Raspberry Pis are much more trustworthy as far as brand optics are concerned.

          • Leif Davisson@ioc.exchange
            cake
            link
            fedilink
            arrow-up
            2
            ·
            2 months ago

            @finitebanjo @mvirts

            I am running a tp link talon on openwrt 23. It runs great.I highly recommend it.It also has some additional ad blocker plugins and some other fantastic features. The only reason to not run openwrt. It’s because you need the absolute latest hardware. I would also not run in an enterprise environment where security is absolutely Paramount, and you need observability. As well as centralized management.