Yet, there’s no indication of the anticipated official statement. It seems they might be assessing the traction this topic is getting and are possibly hoping it will just fade away, given that those expressing concerns might not represent the majority.
Previously, some users use wireshark to do packet capturing for days to confirm that there is no suspicious data traffic. So you can do it now. I don’t see anything change in this part.
1 Like
Although I would like the software to be fully open source and a clear statement from Gl iNet, it really does not guarantee your router is free from back doors or malware.
In documents Edward Snowden released shows US intelligence agencies intercepted and implanted back-doors into routers being shipped outside the US. Going the other direction, there are reports of Supermicro servers being manufactured in China having been shipped with hardware back doors installed that can be activated remotely even if running an open source Linux distribution. I expect all countries and companies are capable of doing this to products, so GI iNet products are at risk, along with every other vendor and product.
If you don’t trust the vendor, or the country where the products are built, don’t buy their products. Even if you load generic OpenWrt on the router, there could be something in the boot-loader or hardware that could compromise the router. It comes down to what is your level of trust.
2 Likes
I think there has been some misinformation.
You can still build using GitHub - gl-inet/imagebuilder: Warning!Please look at 'GL.iNET Imagebuilder Introduction' section.
GL.iNet packages like the UI were never fully open source in the first place unless I’ve missed it, I never saw the claim, anyone have references?
GitHub - gl-inet/wlan-ap (for qualcomm) and other repos are still up for non-Mediatek kernel building…
^ Which are also not fully open source due to binary blobs & licensing with Qualcomm etc.
The gl-infra-builder facilitates building the packages while compiling the kernel, that tool has gone private, which doesn’t translate to going closed sourced.
We still have an imagebuilder to build GL.iNet images and modify it. The kernel is pre-compiled as well as the packages.
You can still compile your own packages with the official OpenWrt builder (for most packages) and modify the repository in the image builder.
You can still compile your own kernel separately.
Remember that some models use Qualcomm SoCs, these are not officially supported by OpenWrt and the ports are somewhat reverse-engineered, yet we can still build a fully functional custom firmware for a Qualcomm router which is not possible with any other vendor (yet) as far as I know.
No restrictions on flashing custom firmware is part of open source ethos.
My guess is that limiting to an image-builder only setup may be used to restrict others from running GL.iNet software and firmware on other hardware by having a dependency on the kernel. You’ll still be able to build the kernel by using the external repos, while the infra-builder now contains the already closed source Gl.inet packages + new kernel coupling for hardware lock. This makes the builds non-reproducible, and having the repo up without the lock code will have non-reproducible builds.
As far as I’m aware (unless I’m mistaken), the only thing we lost is one-click kernel + package compilation before building the image, which can still be done individually including hardware specific tuning like BDF is still there.
I’m having no issues building my custom firmware project so far after the repo has gone private by simply moving to imagebuilder.
*What's the difference between open source software and free software? | Opensource.com
Edit: To clarify, there is no point of having reproducible builds with binary blobs from other areas like Qualcomm, GL.iNet packages, so nothing have changed so far.
1 Like
i don’t even see how this could be done.
wireguard packets are encrypted
gl.inet could have certain data only get sent to another server for analysis when there is a lot of other data going back and forth and connected to a public VPN address. If the traffic is all encrypted, how would anyone be able to know if a small amount of traffic went from a gli.net router to a VPN server and then another server? For instance, sending the private Wireguard key in a large amount of other encrypted data?
I don’t think your company specifically would want to do this, but it doesn’t seem impossible for someone to do something like that. If you are doing things to make it less easy to confirm what is in the firmware updates, can you also provide longer and more detailed guides for installing OpenWrt for the routers?
First, we don’t provide wireguard service.
Second, you can actually dump data in the router. So even you have wireguard, you can dump data before it goes to wireguard.
You can just download firmware from openwrt official website and install on the router, cannot you?
There are several models that there is no firmware from official openwrt, but you can choose others.
2 Likes
Agreed. Meta data is still available in the packet.
Correct. I did “official” openwrt images, customized, for various GLiNet Devices. However, the fact, that not all GLiNet devices can run “official” openwrt, is a loss of business.
2 Likes
Then buy the model that can use stock wrt.
1 Like