wow a security post from me what a shocker
so the fcc put out a ban on foreign routers. i've heard the arguments against it and i'm not convinced.
the first was that these router companies are in vietnam laos and taiwan. you'd think that'd be a gotcha but vietnam and laos are basically china's manufacturers. and let's not pretend they're all in-housing all their hardware. we're buying rebadged chinese goods.
you can weasel out of the china bad argument when you have open hardware and/or software like in the case of gl.inet and openwrt, sipeed, etc. but almost none of these routers are open source. and even if they were you would need to perform a deep security audit to ensure there's no jia tans in your supply chain, or just good old fashioned bad opsec.
you're always dependent on a foreign vendor to not be compromised with proprietary hardware and software.
you can regulate your own country's cybersecurity, but you cannot effectively regulate a foreign country's cybersecurity, especially when relations are at an all time low.
the argument about consumer choice is complete bunk as well. if i offered the average consumer 5 dollars a month to run a backdoor on their home internet, and i disclosed the backdoor to them at the time, they would start a reddit thread telling everyone how to min/max their payouts by running 10 different services. you have to save consumers from themselves sometimes.
the argument that the US isn't capable of regulating its own cybersecurity is also a moot point. even if they had horrible security, at that point they would only have themselves to blame for their failures, not a malicious foreign actor.
as such i think the only way forward is to nationalize their routers. it just makes no sense to depend on chinese goods for such critical infra as our internet traffic.
i think people that don't work in the industry also fail to realize we have strict regulations on having third party companies in africa that have chinese internet providers. i'm sure they'd be fine with that knowing it's a security risk. so why let the consumer get screwed by these proprietary black boxes?
Discussion
Replies:
1
@wafflesies I don't buy either argument. The problem is that security really only exists through collaboration and trust, and when you lose that no amount of real building keeps you safe. There are plenty of examples in other spheres right now.
Arguing over routers is a distraction from the state of the world, the breakdown of post world war values and expectations, and that's the place to look for security IMO.
