Gl inet can we trust them becaus china is the boss

said · 2021-03-15T06:32:46.635Z

hello hello i wonder about the chineese government wont use that gl inet or force them to put back door in their products
I assume that it is not the case, but how can you know for sure
gl inet i don’t blame you guys it’s just a thought i have
because let’s face it china is really changing hong-kong and you guys need to get involved in their practices i understand
but hope you don’t
but am curious who also thinks that way

alzhao · 2021-03-15T07:21:18.213Z

Thanks for bring this question publicly.

If there is a backdoor it should be easy to be discovered because our firmware is quite open. You can also just try changing firmware to openwrt vanilla firmware.

Who know the future.

Maybe you should be more worried about those closed device, e.g. router without opening root access, or smarthome devices which connect your data to the cloud by default and by force.

makino16 · 2021-03-15T09:24:59.682Z

Encouraging and supporting open source communities as much as possible is one of the most effective countermeasures.
Moreover, it does not take a hostile attitude toward anyone!

modumb · 2021-03-15T10:36:28.864Z

The best option is to use open source openwrt firmwares… Unfortunately, while as alzhao says, the gl-inet firmware is mostly opensource, the fact that there are closed source drivers and packages at all means that it should be considered still as non-verifiable.

You really should not trust any router devices and each individual client device should be secured with at least encrypted DNS, if not on-device VPN.

The most worrying aspect though is probably not the hardware - gl-inet is probably better than tp-link and others since the firmware is much less opaque.

However, what might now be considered much less trustworthy would be any of the online services - such as the new astro-relay or any remote management tools they offer. It might not be a case of gl-inet themselves, but the changing infrastructure they now depend upon.

If you want cheap, open source, verifiable router devices there are still not many options that I would consider much safer … perhaps a homemade raspberry pi based device?

alzhao · 2021-03-15T11:30:08.826Z

Cloud based services are always considered less trustworthy than local services.

But sometimes you have to rely on cloud-based services to make it work for you. You cannot build everything by yourself.

In our firmware we do not have the cloud service enabled by default. So your choice.

BTW: Astrorelay is hosted in the US and Europe, operated by a US company. So it is regulated by the US low other than Hong Kong or China. Of course a lot of people do not trust US things.

said · 2021-03-15T15:46:51.705Z

modumb:

closed source drivers and packages

sorry was not the intention to say that gl inet cannot be trusted it was just a thought because now in many countries there are also tried to do backdoor in encryption through legislation and hope that we all will revolt here
through open source firmware encryption only
and that there will be open source drivers and packages in the future

said · 2021-03-15T15:53:57.437Z

sorry was not the intention to say that gl inet cannot be trusted it was just a thought because now in many countries there are also tried to do backdoor in encryption through legislation and hope that we all will revolt here
through open source firmware encryption only
and that there will be open source drivers and packages in the future

spamatiki · 2021-04-05T05:24:28.413Z

alzhao:

operated by a US company. So it is regulated by the US law

why not operate it via a company located in Europe?

Germany, Sweden, Switzerland,(…) … all have much better laws preventing the deliberate disclosure of personal data.

Putting the regulation (not only the servers) under european jurisdiction would improve the trustlevel towards astrorelay a lot.

please think of this option @alzhao

alzhao · 2021-04-05T05:41:26.441Z

Thanks for the suggestions. This would be a choice.

Still small company cannot handle too much cost of operating everywhere. But definitely a way to go.

spamatiki · 2021-04-05T12:56:09.698Z

Companies like Proton (Mail, VPN, Drive) even make this into a business-model
# Why Switzerland? An Analysis of Swiss Privacy Laws
I guess gl.iNet could profit from this very much too
… especially since your products are all about providing hardware and services aiming to improve or secure personal privacy …

pauldeng · 2021-08-05T23:57:03.439Z

Hi everyone,

some more discussions regarding this issue over openwrt forum:

OpenWrt Forum – 29 Jul 21

Was GL-iNet firmware compromised by the chinese national security law?

Hi, after breaches into my systems it was soon clear it is one of my network devices. Since I expected this (somewhat) all network hardware based and manufactured in China Mainland will sooner or later be compromised, it seems like GL-iNet is now....

Reading time: 14 mins 🕑 Likes: 83 ❤

Duncan · 2021-08-06T02:10:46.534Z

I value having the choice to use your cloud service. Thank you for giving me the option.