OnHub Router -- Google's Smart Home Trojan Horse?

An anonymous reader writes: A couple weeks ago, Google surprised everybody by announcing a new piece of hardware: the OnHub Wi-Fi router. It packs a ton of processing power and a bunch of wireless radios into a glowy cylinder, and they're going to sell it for $200, which is on the high end for home networking equipment. Google sent out a number of units for testing, and the reviews are starting to come out. The device is truly Wi-Fi-centric, with only a single port for an ethernet cable. It runs on a Qualcomm IPQ8064 dual-core 1.4GHz SoC with 1GB of RAM and 4GB of storage. You can only access the router's admin settings by using the associated app on a mobile device.

OnHub's data transfer speeds couldn't compete with a similarly priced Asus router, but it had no problem blanketing the area with a strong signal. Ron Amadeo puts his conclusion simply: "To us, this looks like Google's smart home Trojan horse." The smartphone app that accompanies OnHub has branding for something called "Google On," which they speculate is Google's new hub for smart home products. "There are tons of competing smart home protocols out there, all of which are incompatible with one another—imagine HD-DVD versus Blu-Ray, but with about five different players. ... Other than Bluetooth and Wi-Fi, everything in OnHub is a Google/Nest/Alphabet protocol. And remember, the "Built for Google On" stamp on the bottom of the OnHub sure sounds like a third-party certification program."

wan port

[sirber]

No place to plug the modem in?

Re:wan port

[dreamchaser]

That is what the lone ethernet port is for. They expect everything else to be Wi-Fi.

Re:wan port

[gstoddart]

That's probably the only ethernet port.

Sorry, but this device is idiotic. It gives Google the ability to entirely remotely control your network from outside, is entirely designed to facilitate their own services, and will become a privacy nightmare ... because if they can access it, someone else can, and law enforcement will be able to go to them and say "OK, we need access to that network, you have to give it to us".

This is the "bend over and take it" device which puts control of your home network in the hands of Google .. primarily to benefit Google.

This is a terrible idea, and it's not something I'd trust even a little. This is all about locking you into Google, and making it easy for them to manage your home remotely.

I would put absolutely zero trust in this device.

Re:wan port

If you plug your modem into the LAN port you're an even bigger idiot than the first guy. The blurb is wrong, RTFA it has two ethernet ports, one for LAN one for WAN. The article specifies it has one LAN port. Which is all a router needs.

Re:wan port

[thedonger]

This is a terrible idea, and it's not something I'd trust even a little. This is all about locking you into Google, and making it easy for them to manage your home remotely.

I would put absolutely zero trust in this device.

People are dumb when it comes to technology. Maybe Google sees that there will be not only a need, but a requirement for a home network design/protocol/whatever that encapsulates the hardware we now get from our ISP of choice. We're entering the "internet access is a fundamental right" era. It's only logical to conclude that means highly regulated internet and, naturally, the need for a standard the government can leverage when they take over.

I'm not refuting that it can lead to Google being able to turn over your home network to the Feds; rather, that it isn't because someday they want to.

Re:wan port

[Guspaz]

The router has two ethernet ports. One for the modem, one to connect to something else (like a switch if you'd like).

Re:wan port

[LiENUS]

It gives Google the ability to entirely remotely control your network from outside

Where does it say google has control of your network remotely?

Re:wan port

If you plug your modem into the LAN port you're an even bigger idiot than the first guy. The blurb is wrong, RTFA it has two ethernet ports, one for LAN one for WAN. The article specifies it has one LAN port. Which is all a router needs.

It's not much of a router if it only has 2 ports. I would expect more for $200 on the consumer side.

Re:wan port

It's not much of a router if it only has 2 ports. I would expect more for $200 on the consumer side.

Throw a switch on it and it has as many ports as you want. It's a router, not a switch.

Re:wan port

[gstoddart]

It's like native encryption without backdoors ... if you build it right, you can't access it.

If they build it so they can remotely administer your network, they are 100% guaranteed to have to hand it over later.

Given the current context, there simply is now way in hell Google can build this device and not 100% know they're creating a device with a massive security backdoor.

Unless they have created magical technology which they can access but which can't be hacked, and they can access to update it but which can't be provided to law enforcement ... what they've done is create a device which will be exploitable, and which is so heavily optimized to push their own services as to be a giant security and privacy hole waiting to happen.

We need to be entering an era where our private home networks don't have remote admin passwords which can be used against us.

If all of our stuff is going to be networked, having us be the gatekeepers for our own security is paramount.

Because you can't design something intended to be remotely accessible and not expect there is a likelihood of someone else being able to access it.

Re:wan port

My Ubiquiti Picostation has a SINGLE port and it's still a router. Deal with it.

Re:wan port

No, it's a bridge.

Re:wan port

[LiENUS]

My Ubiquiti Picostation has a SINGLE port and it's still a router.

No it's not. Your Ubiquiti Picostation is an access point.

Re:wan port

[jonnythan]

The entire point of a router is route between two or more networks. That's what this does. My EdgeRouter has three ports, allowing routing between 3 networks. I only use 2. The LAN port of the router then attaches to a gigabit switch about 30 feet away.

There's no real reason to have a switch built into the router.

Re:wan port

Throw a switch on it and it has as many ports as you want. It's a router, not a switch.

I'm not expecting it to be a switch. For $200 it should route more than 2 physical ports. Especially since they will turn around and sell the information that they gather from the device. Google is asking a premium for a device that would otherwise cost half the price and they will make money on it while you use it for years to come.

Re:wan port

[TWX]

It's not much of a router if it only has 2 ports.

My Cisco 2821 router has only two Ethernet ports. It routes packets just fine.

Re:wan port

[oh_my_080980980]

RTFA: most routers come with 4 LAN ports. So for $200 you get less then what you should get.

Re:wan port

[ZorinLynx]

The ideal location for a wireless base station is up high, centrally located in the home. This is usually not where your desk area is that has a lot of the stuff that plugs into wired ports.

So a single port makes sense. Put the router up high somewhere, then run a single cable back to a switch located in your home office. Plug everything in there.

Still, this is not for me. I prefer using a full-fledged Linux server as a router. There's just so much more you can do, and you fully control everything it does.

Re:wan port

[Rand310]

You can only access 'your' router using the app on your phone. It seems unlikely that they'd push the app's traffic over the local network, rather give you the "feature" of being able to administer your network from anywhere on the internet. If you can change settings from anywhere, so can Google.

Re:wan port

[LiENUS]

I'm not expecting it to be a switch.

Good glad you understand theres no need for more than two ports then.

For $200 it should route more than 2 physical ports.

Why do you need to route more than two networks for a home router? This is consumer grade equipment, it should only route two ports no more no less. Some routers include built in switches so they switch more than two ports, but as you just said you're not expecting to be a switch.

Especially since they will turn around and sell the information that they gather from the device.

Where in the article does it say this? Where in the specs does it say this? That would be prohibitively expensive for google to do, they're either have to vpn all of your traffic to them or be building these guys with some major deep packet inspection going on (making the hardware likely cost them far more than $200)

Re:wan port

[TWX]

In large installations it's common to use layer 3 switches instead of routers at the service entrance simply because they're going to distribute to remote telecom closets, so it's more cost-effective to enter into an L3 switch through a routed port, then leave the switch through the trunked fiber ports for the various remote closets. Otherwise they'd have to leave the L3 router for an L2 fiber distribution switch, to then leave through the trunked fiber ports.

Granted, these are for campuses that have leased lines back to the central office so they're not live on the Internet and they don't have to have the same service entrance security as an Internet-facing router.

Re:wan port

[LiENUS]

RTFA: most routers come with 4 LAN ports.

yeah most routers come with a built in switch, bfd. Most users use at most one port on that switch.

So for $200 you get less then what you should get.

no for $200 you get exactly what you should get, a router with a built in access point. If you want more ports get a switch, for a change someone is building consumer gear that leaves how many ports you need up to you rather than building it in. This is a good thing, it will encourage people to spread out their networks a bit, place this guy in a central point and run a line to their desktop pc with a switch so they can plug in their networked printer or whatever.

Re:wan port

[TWX]

If all of our stuff is going to be networked, having us be the gatekeepers for our own security is paramount.

Because you can't design something intended to be remotely accessible and not expect there is a likelihood of someone else being able to access it.

The problem is there's currently no model of security that works for nontechnical users that doesn't involve an outside party. As long as there's an outside party there's a vector of exploit, even if it's simply the field service consultant jotting-down the passwords and keeping his notes as he leaves.

What we need is a standard that allows for local-control to the exclusion of the original vendor or manufacturer for those of us that are capable of managing our own devices, while allowing nontechnical owner-users to use that vendor-provided support if they're unable or unwilling to do it themselves or to pay someone else to set it up privately. Right now we're not seeing that, and consuming these made-for-marketing brochures won't show us that even if the local-control aspect did exist.

Re:wan port

[TWX]

Google's services are very much about communicating back with Google's servers. I don't think it's unreasonable to assume that this service is any different until we hear otherwise.

Re:wan port

[drinkypoo]

No it's not. Your Ubiquiti Picostation is an access point.

So, it only functions as a bridge? I'm not familiar with the Picostation, so perhaps it is only an AP. But if it has multiple interfaces and they are not bridged, then it is a router.

Re:wan port

[drinkypoo]

This is a good thing, it will encourage people to spread out their networks a bit, place this guy in a central point and run a line to their desktop pc with a switch so they can plug in their networked printer or whatever.

It's not a good thing if the user needs more ports, because now they need more crap and they have more points of failure. It's a good thing for users who don't need more ports, because it's less to go wrong and less to pay for.

Re:wan port

[Somebody+Is+Using+My]

One Ethernet WAN port, one Ethernet LAN port, one USB port, and a jack for the power.

While I understand Google's logic behind this, but that's really a deal-killer for me. Even though many of my devices are wireless, I still rely on wired connections when I want a stable, fast and (comparatively) secure connection. Sure, I could pair this up with a second router or switch, but if I'm paying $200 for the damn thing, I'd expect it to cover those basics.

Of course, I was already wary about this just because it is a privacy-destroying Google device (having said that, I'm using Google's DNS servers in my current router so I probably don't have a leg to stand on in that regard). No web-based interface is a stupid idea too; touch-screen based interfaces are too fiddly for my liking. And despite TFAs claim that OnHub is "something you could put anywhere in your house without much embarrassment", I think the thing is hideously ugly. Anyway, in general I don't want people to see the networking infrastructure and a discreet flat box is much easier to tuck away than this round monstrosity. Not to mention the price is outrageous.

I'm really not sure who this device is aimed at. Sure it is easy to setup, but ordinary users are unlikely to drop $200 on a wireless router when they can get one that works fairly well (and really isn't that hard to configure either) for $50 from Walmart (or included "free" with their modem). Meanwhile, everyone else is going to look at OnHub's dearth of features and configurability and then pick up more capable hardware.

In short: No web-interface. Less Ethernet ports than an ASUS. Lame.

Re:wan port

[Guppy]

The ideal location for a wireless base station is up high, centrally located in the home.

Not necessarily. Some antenna designs will have poor signal above and below the unit (as an example, a simple dipole antenna has dead spots there).

And it's not a bad idea to off-load as many things to physical ports as possible (TV streaming device, SAN) when location is not an issue, and when the airspace is already congested, especially for gadgets that are 2.4 GHz only and non-upgradeable. I recently fixed a friend's smart-TV Netflix stuttering problem by switching to a physical line -- her router was only a few feet away but had intermittent problems due to being in a crowded apartment complex.

Re:wan port

How is this different than any other consumer grade routers/aps? By default most of these allow access to the admin page over WLAN, which is asstarded.

This is an Access Point that also provides a single ethernet port. Is that better?

The simple fact is, any type of traffic analysis on a 200$ consumer grade plastic router is going to not only cripple your connection, it will likely melt the craptacular linksys router that is at the heart of this cisco device. It doesn't make sense at all to datamine that traffic, beyond the privacy implications, the hardware alone is not going to cut it. I suspect this is merely another cog in the wheel of the google home, that's the end goal.

I can't see a business decision behind crippling peoples internet speeds ensuring they will purchase a 100$ router that does just fine.

Re:wan port

A router which isn't also a switch, is also known as "a $70 router." And a router that includes a switch (not 40 ports, but yeah, at least 4) is called "a $150 router."

Re:wan port

[CanHasDIY]

If you plug your modem into the LAN port you're an even bigger idiot than the first guy. The blurb is wrong, RTFA it has two ethernet ports, one for LAN one for WAN. The article specifies it has one LAN port. Which is all a router needs.

So, which LAN port routes to the DMZ, if it only has one?

Re:wan port

[aaarrrgggh]

I agree, but isn't that a better case of why you go with a switch/router plus a wifi access point?

Re:wan port

[bickerdyke]

On my desk, only one device (PC) wants to be plugged into an ethernet.

What's eating up my router ethernet ports are: Hue gateway, NAS, TV and game console. (granted, the last two could share a cable using a switch as you described, but they are not at my desk.)

Re:wan port

It has two wired ethernet ports, WAN and LAN.

Re:wan port

They can auto-update the router remotely.

Are you brain-dead?

Re:wan port

[LiENUS]

Use a switch to put the ports where you need them, this is a good thing. And you still have the same number of points of failure with a switch built into the router, only if the switch is built in when your switch dies so does your router.

Re:wan port

[LiENUS]

It's a bridge, not a router. takes like 30 seconds of googlign to look that up.

Re:wan port

[LiENUS]

So, which LAN port routes to the DMZ, if it only has one?

Depends on what you mean by DMZ, if you mean forwards all ports to, then it doesnt use a specific lan port, you tell it which device you want to be in the DMZ and it does it same as any router.

If however you mean which port gets put in a separate vlan group so it can be on a separate subnet entirely... then none this is a home router if you want that functionality get something else. That's not home router functionality.

Re:wan port

[LiENUS]

So can just about any router out there nowadays. Most implement this by daily polling a remote server for the latest version if remote-ver > installed-ver pull and install. Not exactly remote control.

Re:wan port

It can be configured to route when you go to advanced network settings. Thats not what it is designed to do and the options are very limited, but it can theoretically do it.

Re:wan port

[nehumanuscrede]

"Why do you need to route more than two networks for a home router? This is consumer grade equipment, it should only route two ports no more no less. Some routers include built in switches so they switch more than two ports, but as you just said you're not expecting to be a switch."

Because it's risky ( and foolish ) to mix all of your networked devices under a single network.

For every device that is both wifi and cellular capable ( Eg: Your smartphones and even alarm systems ) you have introduced a potential backdoor into your home network. The cellular capable device can be used as a jump point for either a real time intrusion or automated via malware / virus / trojan.

Isolate your devices into multiple vlans / networks to minimize exposure and risk. Don't let devices in the same vlan talk to each other unless you really need that functionality. Absolutely do not let devices in one vlan talk to devices in another for the same reasons. If you require it, write explicit rules to allow for it. ( X can talk to the printer, Y to the NAS drive, etc )

Because I don't trust Microsoft, the Xbox sits on its own vlan.
Because the alarm system has a cellular connection as a backup, it also sits by itself in its own vlan.
The media center ( TV, BlueRay, etc ) all sit in their own vlan.
Wireless has it's own vlan.
Wired systems reside within their own vlan.

Access to the routers / switches are restricted to specific devices on the wired vlan only.
( Yes, you can try and spoof it. Yes, I verify it. )

Because I absolutely do not trust Google, I most certainly would never utilize one of their pieces of hardware as the front-end for my home network.
Google is in the information gathering business. Period. That is their entire reason for existing. There is no WAY, I would even consider using their
hardware. Ever. Even if it was given to me for free.

Re:wan port

[RicktheBrick]

It should also be a cable modem to so one could connect your coaxial cable to it. It should be a weather prove box so I could put it on the outside of my house. Therefore I should not have to put coaxial or ethernet cables everywhere in my house. My television set should be able to be placed anywhere there is electricity since it should be able to connect wireless to the router. I should be able to connect the tv to cable tv or to my desktop computer. I should be able to buy wireless speaker that have a remote so I can by wireless either connect them to the television or a stereo system or a desktop computer. Almost everything in my house should be connected. For instance my bedroom door should be connected so when I close it after using it in the morning my computer would know to either reduce the heating or cooling in that room until a half an hour before I would use it again. I should be able to attach a ssd drive to it and have several computer be able to boot from it. This is just a small start as there are a lot more things a smart router could accomplish.

Re:wan port

[LiENUS]

So the jist of it is... you're not interest in any home aps right? Your list of features isn't satisfied with any consumer grade home access points.

Re:wan port

[LiENUS]

Where are you supposed to plug in that switch when the only Ethernet port on the device is in use for your WAN connection?

RTFA It has one WAN port and one LAN port, two ethernet ports total. You plug the switch into the LAN port and you plug your WAN connection into the WAN port. Hell the pictures from the article show two ports and two ethernet cables.

Re:wan port

[LiENUS]

I mean so can my laptop....

Re:wan port

[LiENUS]

There's an option in the app to disable any communication back with google. It apparently has crash reporting that you can disable in the privacy settings... Not exactly giving google control over your network.

Re:wan port

[gweilo8888]

It's a good thing for users who don't need more ports, because it's less to go wrong and less to pay for.

You mean it *could* have been a good thing, but it isn't.

Not because there's less to go wrong, because from the non-power user's perspective there is no win there. Either the extra port fails silently (and they don't care because nothing is plugged into it), the port they're using fails (as it could have done on a single-port design like this) and they have a working port or ports that they can switch to, or the underlying hardware dies and all ports stop working simultaneously (which could also have happened on a single-port design.)

From the end user's perspective, there is no greater likelihood of failure with multiple ports, but there's a greater likelihood of being able to work around that failure. There is no net win for the single-port design, and a small net win for the multi-port design.

And so we come to your only other point here: Price. And yes, this single-port design could have saved the end user money. It's doubtful that the extra port hardware and perhaps a switch to a chipset capable of acting as a hub or switch would have saved more than a few dollars off the bill of materials. Most likely it would have saved less.

But the fact of the matter is that from the consumer's perspective, it has saved them nothing at all. This router, as it is right now, is extremely overpriced for the functionality it provides. It's demonstrably slower and has worse Wi-Fi range than its competitors, you can plug less into it, and you can do next to nothing except standard Wi-Fi with it so far -- and Google has shown no inclination yet to reveal its plans. So for the time being, you're paying far more than a typical entry-level, consumer-grade router, but you're not getting anything more than you would have from one with the debatable exception of a slightly prettier box.

Right now, this is a product with no reason for its existence. It's the Google Glass of SOHO routers, and unless Google announces a very compelling reason for its existence soon, I doubt we'll see it last even as long as Google Glass did.

Re: wan port

You can argue for your perceived proper use case all you want. It will never make it right for me.

The reality is that it's an overpriced thingy with less features that will likely end up decreasing my privacy, because I know that Google is a business, and is not really my friend.

Re:wan port

[smithmc]

no for $200 you get exactly what you should get, a router with a built in access point.

Considering I can get a router with a WAP and multiple LAN ports for well under $200, I'd say you're wrong.

Re:wan port

[pla]

I hate getting involved in this rapidly degenerating conversation, but...


You plug the switch into the LAN port and you plug your WAN connection into the WAN port. Hell the pictures from the article show two ports and two ethernet cables.

Assuming your modem has only one LAN port, you would do better to plug the modem into your switch, then you plug the OnHub's WAN side into the switch. This gives you full speed through the switch to your ISP for any wired devices you have, while not bogging down the processor on the OnHub dealing with non-wireless traffic. If your modem has two or more LAN ports, just connect one to your switch and one to your OnHub.

You would only want to use the LAN side of the OnHub in two, maybe three situations - You have only a single wired device in the whole house you need connected; you have a wired device that uses this hypothetical new Google spyOnYou protocol; and maybe you might put a second switch off the OnHub's LAN port if you had a strong need for an additional layer of segment isolation (and that assumes it truly isolates the LAN side, rather than merely acting as a two-port switch).

And before anyone points out that what I just proposed amounts to making your wired network a DMZ - Your modem already acts as a fully-functional SOHO router.

Re:wan port

[pla]

Incorrect. The Picostation has an omni antenna, but otherwise behaves just like all the rest of Ubiquiti's AirOS devices - It will act as any combination of {bridge / router / SOHO router} x {AP / Station / Client / Repeater}... And yes, a few of those combinations don't even make sense, but it will let you do it (never, ever disable the hard reset button on a Ubiquiti unless you know exactly what you want to do).

I absolutely love my Nanostations - Put one at one corner of an area you want covered, and bam, you will have five bars a quarter mile away in any direction (technically only a 60 degree beam, but it takes quite a distance from the antenna before that starts to matter).

Re:wan port

[kqs]

The problem is there's currently no model of security that works for nontechnical users that doesn't involve an outside party.

That's one problem. Another is that most technical users think that they are smart enough to get up security that can outsmart the NSA and hackers. 99.9% of technical users are wrong about that. And even if they're right, http://xkcd.com/538/

I suspect that almost all technical users would be safer if they used gmail or outlook.com rather than whatever home-brew imap/postfix thing they set up on their home or work Linux server (or Windows server or whatever). But we're uber-geeks so we'll pound our chests and insist we can do better.

This access point seems likely to be as safe as any of the best APs, and since it will be updated regularly I bet that in 2 years it will be safer than any other AP you buy now (unless maybe you do regular OpenWRT updates. Maybe.)

Re:wan port

[sexconker]

Uh, a dumb switch on a single IP won't work for shit in that scenario.
What fucking IP will your modem give you?
What fucking IP will things on the switch get?
What fucking IP will things on the router connected to the switch get?
How will traffic to and from these IPs be routed outside of your network?

Re:wan port

[pla]

What fucking IP will your modem give you?

Well, I have mine configured to give out leases from the range 192.168.100.100-199, which more than adequately serves my LAN for now. What sort of piece of crap modem do you have, that can only deal with a single client connection?


What fucking IP will things on the switch get?

I just answered that, but I'll repeat myself - Since switches work by transparently passing L2 traffic, they will get an address issued by the DHCP server on the modem, just like something directly plugged into the modem would. So something between 100 and 199.


What fucking IP will things on the router connected to the switch get?

They would get whatever range I configure the OnHub's own DHCP server to give out, exactly the same way it would work with any crappy $50 DLink/Linksys. Most likely I would pick 192.168.101.100-199, if you want an exact number.


How will traffic to and from these IPs be routed outside of your network?

DHCP leases include a gateway address. These can nest (almost) arbitrarily deep. How do you think your phone, connected to your WAP, in turn connected to your modem, manages to route traffic? Nothing magic here, dude.

Re: wan port

[LiENUS]

, because I know that Google is a business, and is not really my friend.

Don't forget to not buy linksys, neatgear, dlink, asus, buffalo or any of those either. They're all businesses and not your friend.
To negate your paranoia bout google 'decreasing your privacy' for $200 this thing isnt capable of deep packet inspecting your bandwidth, it just doesnt have the hardware for it and I seriously doubt google is vpning all of your traffic into them to inspect it on their own gear.

Re:wan port

> I suspect that almost all technical users would be safer if they used gmail or outlook.com
> rather than whatever home-brew imap/postfix thing they set up on their home

Please tell me how I can use Gmail and be certain that nobody but me can read it.
I'm really curious. Google's business plan isn't to provide secure email. It is to
make sure they can get as much information out of my private email as possible.
I'm sure you would be comfortable with the post office reading all your paper
mail too.

Re:wan port

[TWX]

While you're not going to stop the extralegal beat-the-password-out-of-you vector, if you're not one of the few-hundred people on the planet that have been pushed that direction, right now in the United States there's no requirement to surrender passwords. Currently in the 11th circuit the court has found that the Fifth Amendment prohibits the requirement to produce passwords, and the rest of the circuits are not as yet ruled. Should there be conflicting rulings this would find its way to the Supreme Court. One would hope that they too would not require passwords to be produced as a matter of privacy, but until that time it's simply not settled.

You are correct that it's much more likely that this AP will be up-to-date, but there still isn't exactly good precedent for devices running Google's OSes being updated like they should be, or for features to not become abandoned when their backend cloud-side stuff is written out from underneath. It might be up-to-date, or it might be abandoned and the few owners left to their own devices.

Re:wan port

[sexconker]

You have your modem running DHCP? And NAT? And you expect to be able to move traffic from a client behind a wireless router behind a switch which also has the modem behind it?

Do you know what a route is? (Hint: You do not!)

Re:wan port

most routers come with 4 LAN ports. So for $200 you get less then what you should get.

The Google shills will defend this.

Re:wan port

[pla]

Uh-huh. Post your topology (including model numbers and salient points of your configs) if you have anything even remotely different.

No rush, I won't hold my breath.

Re:wan port

[kqs]

You're correct about passwords of course (though the Supreme Court has sided with law enforcement a lot), but that only matters if the Bad Guys can only get at your server while it is turned off and encrypted. If it is turned on (as most servers are), then they just need a remote exploit or physical access (or a logged-in phone). Or maybe a backup drive since people often forget to encrypt those. (Or they don't have a backup drive, their raid set dies, and we have another kind of failure.) Compare that to a gmail account secured with a U2F key; it doesn't stop all of the attack vectors but it helps.

There is no perfect security, but as I said, most tech folks overestimate their ability. I used to run my own server, and tried to do everything right, though I'm sure I missed a lot. But I've got better things to do with my time then spend weekends running updates and trying to deploy two-factor on my personal box, and trying to recover from encrypted backups after a disk failure. Maybe I'm just old.

You are correct that it's much more likely that this AP will be up-to-date, but there still isn't exactly good precedent for devices running Google's OSes being updated like they should be, or for features to not become abandoned when their backend cloud-side stuff is written out from underneath. It might be up-to-date, or it might be abandoned and the few owners left to their own devices.

Actually, there is very good precedent. Chromebooks and Nexus android devices (both of which get their OSs directly from Google) have been very well updated with timely security patches and new features (as have chromecasts and Wear AFAICT though for a much shorter time). You may be thinking of non-Nexus android devices, where the OS comes from another vendor; those are poorly updated, but you can hardly blame Google for that. But it looks like this OnHub gets its OS directly from Google.

So what other access point has received regular OS updates? Maybe the Apple Airport, but Apple and Google are pretty much the only consumer electronics companies who regularly support their older hardware (and Google, with Chromebooks, Wear, and now OnHub, seems to be supporting other folks' closely-branded hardware). I can't prove that Google will continue doing so, but their track record is pretty good so far.

Re:wan port

Two ports: one LAN and one WAN. Who are the 3+ other idiots that upvoted you?

Re:wan port

[Agripa]

The best place for the access point is not likely to be the best place for the switch so the lack of multiple LAN ports does not bother me. My Nanostation also only has 1 LAN port although it was not really intended for use as a WiFi/WAN/LAN router.

The privacy destroying aspects and lack of local configuration make it a deal-killer for me.

Summary

[ceoyoyo]

So it's a slow, expensive router with no available wired ports and a bunch of Google spyware built in?

Re:Summary

Yup. Change the name from OnHub to iHub, and it could be an Apple device.

Re:Summary

[jonnythan]

It has one available wired port. The blurb is wrong. The OnHub has WAN and LAN ethernet ports, allowing you to plug in one wired device (which can easily be a switch).

Re:Summary

[hughbar]

Thanks, exactly echoes my thoughts. I'm in UK, Google has spying issues, tax issues, market distortion issues, I'll keep on buying Draytek for the moment, thanks.

Re:Summary

[ceoyoyo]

Cool. So a slow, expensive router that needs additional hardware if you want to use more than one wired device, and a bunch of Google spyware built in?

Re:Summary

[ceoyoyo]

Except that Apple's similarly priced Airport Extreme has three times as many ports. Their single-port option costs half as much.

Re:Summary

It's *not* a router. It has 1 port. It's a wireless access point, at best.

Re:Summary

[jonnythan]

No, it's a router. It has two ethernet ports.

Even if it didn't, it would still be a router if it routed between two different networks. An access point does not do that. I'm not sure you understand what "router" means. You could very easily have a router with one, or with zero, physical ports.

Re:Summary

[jonnythan]

Sorta, yeah, but the selling point is the smart home integration side of the equation.

Re:Summary

Yup. Change the name from OnHub to iHub, and it could be an Apple device.

Sorry, no one would fall for it; it's not shiny enough!

Truth in Advertising

[jabberw0k]

Can someone please write a browser plugin that replaces "smart" with "Big Brother" ?

Re:Truth in Advertising

Done and done. https://chrome.google.com/webstore/detail/smart-to-big-brother/pdjmlnacidmdfffnhdpdfbfchdemplmb?utm_source=chrome-app-launcher

Re:Truth in Advertising

Why don't we all just get chipped, they are already up our tails from ever other aspect.
A/C

So basically...

[Maury+Markowitz]

This is the Apple AirPort Extreme. Same basic performance, same feature set, same way to admin it same price.

But because it says Google, we're supposed to believe this is part of some super-duper conspiracy to take over the world.

Right.

Or maybe Google just wants some of the market that Apple currently has, selling the same router you can get for $50 for $200, and being the best selling home router in spite of that?

Re:So basically...

[Gr8Apes]

It is built by Google which has not come out and said anything about securing and protecting your privacy. They have said they use select information to provide better advertisements. I wouldn't buy Google anything, personally.

Re:So basically...

It is built by Google which has not come out and said anything about securing and protecting your privacy.

http://www.computerworld.com/article/2923854/security/apple-google-urge-obama-to-reject-encryption-back-doors.html
oh ok.

Re:So basically...

This device is gonna spy on you right from day 1. The data will be sent back to the Chocolate Factory.
This reminds me of some words that a long dead comedian used to say, 'All in the best possible taste' (Kenny Everett, UK).

Google seem to be in a race to the bottom with Microsoft over how much of your life that can slurp. Rather sad really.

Re:So basically...

[ginoledesma]

At least the Airport Extreme comes with 3 extra GigE LAN ports.

Re:So basically...

Vice one from Apple that's making a shitton spying on you while making you feel clean because it has a polished exterior.

Re:So basically...

[leonbev]

Yeah, I'm not sure why I want to pay $200 for an 802.11ac router with just one wired network port (which is basically twice the going price for most competing routers on Newegg) just for another opportunity to share even more Internet usage data with Google.

It seems like thing should be cheaper than a normal router instead of more if it's advertiser subsidized. Yeah... it might not directly inject the ads itself, but you know that it's going to aid with ad targeting.

Re:So basically...

[jonhorvath]

The article left me with the following impression.

Apple and Google don't want government to require them to put encrypted back doors into their products. Not that they necessarily don't want encrypted back doors in their products.

Re:So basically...

[Actually,+I+do+RTFA]

Well, it's strange it says Google. Didn't they just re-org so that Fiber and Nest are no longer under the Google name?

And Apple is in a super-duper conspiracy to take over (your computing) world. That's their credo. "We will control everything, and it will just work."

Re:So basically...

[Gr8Apes]

That is a different thing - they don't want to seem compromised by the feds. Google does want full access to the data internally, and all your server side data is unencrypted for their easy perusal and tagging.

Re:So basically...

[LiENUS]

Not that they necessarily don't want encrypted back doors in their products.

That kind of contradicts what Vinton Cerf from google said in the article:

"If you have a back door, somebody will find it, and that somebody may be a bad guy," Vinton Cerf, Google's chief Internet evangelist and the co-creator of TCP/IP, said in a speech earlier this month. "Creating this kind of technology is super, super risky."

Re:So basically...

[hackertourist]

Last time I looked, The Airport could at least be configured from an OSX computer instead of just mobile devices.

Re: So basically...

Citations please. I watch all my network traffic, and from what I can tell, anything that is sent back to apple can be turned off.

Re:So basically...

Apple makes money by selling you hardware, 95% plus of their profits come from this.

Google makes money by selling adverts, 95% plus of their profits come from this.

Apple has shown it is able to sell high end equipment with high margins, and do that extremely well.

Google on the other hand has a problem, the profit per ad is falling. They way they can try make up for this is to learn MORE about you and have the adverts more targeted and argue they are worth more. However the $ per ad is still falling.

This device has everything to do with Google digging deeper in your life, they want to know what network connected devices you have, how often they are used, how many are used at the same time, what the usage patterns are , do you have friends and family that come over and use your network, Smart TV ?, IoT ?,Smart appliances ?, Media servers ?, Handhelds (gameboys and the like), IP phones ?, all stuff that Google current has little if any way of getting info on.

This hub is their gateway, their spy to finding out more and more about you, that is its primary purpose.

Google is NOT an advocate of privacy (unless they are the gateway) , they are already offering code to try and get around IOS9s ad blocking feature, and this is NOT the first time Google has behaved this way. ANY ad blocking impacts google severely because it impacts their 95% of profit. MORE people are using Ghostery and other ad blockers and Google is feeling the pinch.

I wonder if it will be sneaky and render pages itself, so if you have an ad blocker, it still looks like the ads get downloaded and google gets its cut.

Don't LOOK a Gift Hose in the MOUTH

Because horses have ugly, ugly mouths.

Nobody

Needs more than 1 ethernet port.

        -- Larry Page

Spy Router

Why would I buy a router that will spy on me?

They know all

[AndyKron]

So it will know when I go to bed, and to send me advertising for blankets if my thermostat is over 70?

Re:They know all

Future wise, your comment isn't too far off.

"app on a mobile device."

.... fuck off.

In other words this is a device they expect you to replace every 6 months, does not expose useful router settings and is intended for rich nubs.

Typo in the headline

[EvilSS]

Should read: "OnHub Router -- Google's Trojan Horse?"

Re:Typo in the headline

"OnHub Router -- Google's Trojan Horse"

FTFY

Amazon Echo

[crow]

They should have built something to compete with Echo. Put in some good speakers and a microphone, then hook it up with the software they already have with Google Now so that you can ask it things with "OK Google," and then they have something. Now it's just a router.

Re:Amazon Echo

They have this. Its called a "phone" or "tablet".

Fail

Google, hardware is like Microsoft hardware.. spyware in a box... and laughably too expensive. Fail ban fail

OnHub's data transfer speeds

[arketh]

I just read through again, and I didn't see a mention of 'OnHub's data transfer speeds couldn't compete with a similarly priced Asus router' in fact it raves about how you don't need a repeater to cover a whole house like you do with the Asus. No mention of it being slower though.. where did that come from?

Re:OnHub's data transfer speeds

http://cdn.arstechnica.net/wp-content/uploads/2015/08/Wi-Fi-transfer-time.001-980x720.jpg

meh

crummy router, slow speeds and limited admin ability. I'll stick with my 1 Gbps capable Ubiquiti Edgerouter and Seperate Wifi AP's thanks . :-)

Re:meh

Using a mikrotik router but ubnt unifi here, love my unifi but i must admit i am quite jealous of this things antennas.

Re:Google Spy Router

They are also compliant with *ANY* request from governments

OH MY are you saying they follow the law? heavens no whatever will we do.

and the N$A and will do whatever they say, no questions asked.

You know... except for that big hubbub earlier this year where they made a big public hubbub about not doing whatever the NSA asks.

Cell phone only configuration?

[quietwalker]

Am I alone here in thinking that's ... idiotic?

Okay, I have a heavy bias here. I don't use my phone much, and when I do, it's largely as a phone. I don't read my email on it unless I absolutely have to, I don't use it for web browsing, and it's not an entertainment platform for me, either games, music, or media. It's ... just a phone. Some of my coworkers see me as some sort of luddite for not hooking my work email into it.

Maybe in the future when we start using it as an ID and credit card replacement, I'd feel like locking in certain functionality wouldn't be a big deal, but ... networking hardware configuration? I can't even come up with a scenario where that's a good idea. Granted, this is a consumer device, but it seems like it's somewhat of a silly restriction.

Awesome

[Gnaythan1]

I like it and want it to succeed. but I'll buy the cheaper knockoff that doesn't require an app and lets me install my own software a year or two later.

So...

Physically it looks good. I don't like the alien look of the new Asus and Netgear routers at all, but does that even matter?

Google deserves a lot of credit for the super simplification of setup. It's very slick and might be idiot proof. Although the Revolv home automation hub already did a similar setup procedure. Rather than a loud speaker, Revolv used a flashing LED to communicate the initial connection between the hub and the phone app. No codes, no communication issues, just tap go and hold the phone next to the hub.

Privacy policy is presently acceptable. I have no issue with it as it stands. But, this is Google and policies change. I have zero faith in Google maintaining an acceptable privacy policy into the future.

This device may or probably will be part of Google's own walled-garden home automation system. Multifunction routers typically create issues for me down the road. I'd rather keep the functions separate. Especially since this is Google and I don't trust them and my privacy nearly enough to tie in my home automation usage. Not even for a ridiculously overpriced cloudy WiFi thermostat.

But, here's the biggest issue of all. The Asus router costs the same, offers better range, higher speeds, more router features, greater control, can be used with third party firmwares(openWRT DD-WRT, Tomato), and has no Google integration! Why waste money on this Google trojan horse? I would have at least expected it to be really cheap since it's TP-LInk.

Thanks Google, I'll pass.

Not really a Trojan Horse

[Foundryman]

The Greeks didn't sell Troy a Trojan Horse, they left it outside for them to have for free.
When you leave for work in the morning and find a Google OnHub on the front porch, and you didn't order it, then maybe it's a Trojan Horse.

Wawa Re:wan port

But can you get one you KNOW FOR SURE will spy on your every packet, looking for clues about which to better serve ads? NO! You cannot. With this, you can be assured you have a backdoor man ready to service you.

Re:Wawa Re:wan port

But can you get one you KNOW FOR SURE will spy on your every packet, looking for clues about which to better serve ads? NO! You cannot. With this, you can be assured you have a backdoor man ready to service you.

Because the hardware to do THAT only costs $200. Face it, your fantasy of google spying on your network is just that, a fantasy.

Re:Wawa Re:wan port

[smithmc]

Well... according to some of the reviews I've skimmed... the Google thing is fairly hefty on the compute side compared to your average router, so maybe that's where the money is going?

Re:Wawa Re:wan port

Hefty on the compute but with only 4gb of storage theres not a lot of room to store data, which it'll need to do any time you start using your connection heavily, either that or it'll have to throttle you and start essentially streaming your connection information to google in real time. Not to mention it wont gain anything more than google analytics already nets them without having to run anything sketchy on your router. Doing DPI on this would be incredibly risky since it'll be torn down and disassembled as soon as it gets into hackers hands.

WTF, people

[Jawnn]

Who, besides the legions of clueless lovers of the shiny, would let Google inside their networking gear?

We need more freedom and control, not this

I'm sick and tired of the "latest and greatest" when it offers seriously little benefit. I want a router that is freedom friendly not some utter bemeamoth thats such an overkill I won't actually be able to take advantage of it for 25 more years.

What I can use *right now* is a freedom, privacy, and security respecting basic router- maybe a dual-band 802.11n with a USB port or similar if there is a killer feature like self-hosted mail, openvpn or similar.

The only thing that even looks remotely promising is LibreCMC and upcoming routers from ThinkPenguin.

What I like about the router I have from them now is it's ultra low latency. The router rocks because I can get the latest and greatest benefits from the free software development that goes on. That's not something I'm seeing with *any* other routers because they are *all* dependent on proprietary pieces.

This Reminds of Demolition Man

In Demolition Man, all the restaurants were Taco Bell. Google seems to have its irons in every fire imaginable. In 30 year's time, everything will be Google (seemingly). It's already apparent they want to catalog everything going. Why not as much personal IP traffic as possible. It helps with their mapping, their accuracy of data collection, so many other ways. No, thank you. I'll keep my Netgear.

Bait

[Areyoukiddingme]

Trojan horse? Seriously? ++Clickbait;

From their own blurb:

In the future, OnHub can support smart devices that you bring into your home, whether they use Bluetooth® Smart Ready, Weave, or 802.15.4. We also plan to design new OnHub devices with other hardware partners in the future. Stay tuned for news from our second partner, ASUS, later this year.

In other words, they told the world up front that it's for home automation. So... Shock! Horror! It's for home automation!

This thread is full from top to bottom of why the Alphabet name was created. The Google guys want to be able to sell neat hardware without the tremendous "Google will spy on meh!" backlash. If the hardware is designed, manufactured, branded, and sold by a company that ISN'T an advertising company, maybe people will be able to believe it.

Maybe.

As for the device itself, I don't understand why all the angst about only two ports. My router is a Linux box. It has only two ports. It only needs two ports. The switch is a nice 24 port gigabit device, $70 on sale at NewEgg. It moves Ethernet packets around. My wifi access point is the dumbest possible no-name in bridge mode. It moves wifi packets around. I don't want either device to be routing anything at the IP level. Not their jobs.

I have to agree, I don't see why it's not a beige box. Infrastructure should not be seen. Isn't that the point of wifi? Invisible packets flying through the air! To this.... vase-looking thing on the kitchen counter? They justify it with "it werks better if it's out in the open!" I think I can live with a little signal degradation, and dispense with the electronic vase that my mother-in-law is going to try to pour water into.

Re:Google Spy Router

"OH MY are you saying they follow the law? heavens no whatever will we do."
Because by default every request for private information from the government is legal???