Most people never think about what runs on their router, treating it like an appliance that just works. OpenWrt shows your network hardware can be something entirely different from the ISP surveillance node they shipped you. Running open firmware on a router puts you in control of your local network in a way proprietary OS updates on phones or laptops never will. That autonomy matters because the router sits at the choke point of your entire digital life. If we actually cared about privacy we’d be having very different conversations about the firmware running on billions of devices. When did you last think about what your router actually runs? #privacy #FOSS #techliberation #router #opennet
We on Lemmy are not most people, I assure you!
I use an OpenWRT One at home and recently flashed a Tp-link router I found at a thrift store for $7 with it for my cousins’ place.
It’s good stuff, and I’m not just paid to say so.
Here here! I flashed my first wrt-54g with dd-wrt something like 20 years ago.
I got away from it for a bit, the siren song of Google Wi-Fi was too strong. And I didn’t know about openwrt.
But now I’m back and openwrt is my jam.
Honestly, though, I do think of my router as an extension of my ISP … which means I don’t trust it with anything. Everything that goes through that router is already wrapped in a VPN.
Why would my ISP want to spy on me with my router, anyway? Everything that goes through it goes straight to the ISP’s servers, so they can spy on it all they want once it gets there. And they can have a lot of fun watching all my internet traffic go straight to and from a VPN server.
They also have the opportunity to inspect all of your VPN negotiation packets …
Okay, and that tells them what, exactly? They could figure out which VPN I’m using, but they already knew that – all they’d need to do is look up the owner of the VPN server’s IP address.
I’d surely like to hope that my VPN isn’t so ass at security that username/password information would be passed unencrypted during connection negotiation. So the ISP isn’t getting that.
Maybe they could use that to determine what OS my computer is running and a few other technical details, if those details are part of the negotiation? That’s the closest I think they could come to any private information to harvest.
And, of course, they can tell how often I connect, how long I’m connected, and how much raw data gets uploaded or downloaded. But that’s absolutely unavoidable.
… But the biggest thing here is – having a compromised router doesn’t make any of this worse. They can try to spy on my data all they want once it’s sent to their servers. I don’t see how trying to spy on me through my router improves anything. The router already only sees things that are headed to their servers anyway. So what do I care if the ISP’s spyware is on the router or on their servers (or, more likely, both)?
I suppose the only slight difference is that running their spyware locally might very slightly increase the power draw of my router. So it would be slightly preferable to make them run the spyware on their own server in their own server farm, where they’re paying the power bill.
Yeah, they would never bother sniffing packets client side. But given most people tend to use their home router as their main network device rather than having it manage a DMZ and provide a gateway for a firewall protected network, compromising your router would be a good way to gain access to your devices. An ISP is probably unlikely to have any interest in doing that, 3rd parties on the other hand might be more interested (law enforcement, criminal groups, law enforcement connected hate groups …). Given law enforcement might want compromised routers then they might be interested in forcing ISPs to comply.
